On Sat, Dec 08, 2001 at 10:22:15PM -0800, Guy Harris wrote:
> A patch to change "gen_arth()" is attached; Ken, could you try applying
> that patch (after removing the "reset_regs()" stuff), and see if it
>
> 1) plugs the leak caused by repeated compilation;
It works for your expression
ip[6:2] & 0x1fff = 0
(which used to run out of registers on the 15th compile)
and the expression I'd been testing with
tcp[0]!=0 and tcp[1] * tcp[2] + tcp[3] * tcp[4] != 0
(which used to run out of registers on the 5th compile).
I tested both expressions with up to 16 compiles.
> 2) plugs any leaks discovered by compilation of a sufficiently
> complex expression (if you've found any of those);
It worked for this artificially complex expression:
tcp[0]!=0 and (tcp[1] * tcp[2] + tcp[3] * tcp[4]) / (tcp[5] * tcp[6] + tcp[7] *
tcp[8]) + (tcp[9] * tcp[10] + tcp[11] * tcp[12]) / (tcp[13] * tcp[14] + tcp[15] *
tcp[16]) != 42
> 3) breaks anything you notice?
Not that I've seen yet.
I haven't looked very closely at the interpreter code, but I assumed
that no registers were kept across calls of bpf_filter(), so my
reset_regs() in bpf_compile() paralleled this. If the assumption is
true, reset_regs() would guarantee only that no more state is
(incorrectly) kept between calls to bpf_compile() than is kept between
calls to bpf_filter(). (This suggests that, in development at least,
you could check for register leaks at the end of bpf_compile() and
bpf_filter()).
--
Ken Keys
[EMAIL PROTECTED]
CoralReef: http://www.caida.org/tools/measurement/coralreef/
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
