Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
By default, limit filter length to an arbitrary value of 8192 bytes. Using very large filters with pcap 1.7.4 can result in a segmentation fault: epcap_compile:compile(string:copies("ip and ", 50000) ++ "ip"). The most likely cause is a stack overflow. pcap_compile() in pcap 1.8.1 is thread-safe. Presumably this means memory is allocated on the heap so as a consequence, the stack overflow may be fixed. I haven't debugged this further yet. The limit can be disabled by using a value of -1 as the limit option. Some notes: % {ok, _} epcap_compile:compile(string:copies("ip or ", 50000) ++ "ip"). % segfault epcap_compile:compile(string:copies("ip or ", 60000) ++ "ip"). % {error, "out of memory"} epcap_compile:compile(string:copies("tcp and ", 50000) ++ "ip"). # shell ulimit -s 8192 (seq 1 50000 | while read l; do printf "ip and "; done; echo "ip") > filter # works sudo tcpdump -d -F filter ulimit -s 1024 sudo tcpdump -d -F filter Segmentation fault (core dumped)
- Loading branch information