On Fri, 21 Mar 2003, Renaud Deraison wrote: > - libpcap 0.7.1 : I did some testing of libpcap 0.6.x (the "post lbl > libpcap") on Linux, and when you have a great number of processes each > having a different filter on their own pcap filter, in some cases the > wrong packets will go through. I did not test it with libpcap 0.7, so > it might have been fixed, but that was pretty ugly. For the record, > Nessus 1.3.x _had_ libpcap 0.6.x in CVS for a while, and I switched > back to 0.4.x (the True One) because of its instability. I may give > a shot to 0.7.1, but I don't have high hopes.
0.6.2 had a kind of subtle race condition on Linux: 1. pcap_open_live() creates raw socket S 2. packet P arrives and the kernel puts it into S's queue 3. pcap_setfilter() sets filter F on S using SO_ATTACH_FILTER... but any packets already queued are left alone 4. pcap_next() returns P even if it does not match F tcpdump host <dns name> was an extremely easy method to reproduce that problem it has already been fixed --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
