Ethereal-dev: [Ethereal-dev] Too many pcap_open_live calls during capture loop

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Jacques, Olivier (OCBU-Test Infra)" <olivier.jacques@xxxxxx>
Date: Mon, 20 Feb 2006 11:35:02 +0100
Hello,

On the latest SVN build (I don't know when it appeared...), on my win XP
SP2 laptop/winpcap 3.1, there are many pcap_open_live calls during
capture.
This causes many issues (including slow capture and high cpu usage) when
I capture from a pist (SS7 E1/T1) board. But I think that the issue is
probably similar on many other systems as it creates a resource leakage.

I added some traces in winpcap to try to track this down (in the traces,
pist_ is a trace in wpcap which corresponds to pcap_... But for the pist
interface. A pist_open_live will be called every time a pcap_open_live
is called):

When I open the "Show Capture Options Dialog" in Ethereal:
pist_open_live
pist_create_trace_device
pist_platform_close
pist_platform_close: p = '2181b30'
pist_delete_trace_device
delete_pcap_pist
delete_pcap_pist: p = '2181b30'
pist_open_live
pist_open_live: p='2181b30'
new_pcap_pist: p='2181b30'
pist_create_trace_device
pist_platform_close
pist_platform_close: p = '2181b30'
pist_delete_trace_device
delete_pcap_pist
delete_pcap_pist: p = '2181b30'

-> 2 open/close. This looks correct.

Selecting the pist interface in the "show capture options" dialog:
pist_open_live
pist_open_live: p='2181b30'
new_pcap_pist: p='2181b30'
pist_create_trace_device
pist_platform_close
pist_platform_close: p = '2181b30'
pist_delete_trace_device
delete_pcap_pist
delete_pcap_pist: p = '2181b30'
pist_open_live
pist_open_live: p='2181b30'
new_pcap_pist: p='2181b30'
pist_create_trace_device
pist_platform_close
pist_platform_close: p = '2181b30'
pist_delete_trace_device
delete_pcap_pist
delete_pcap_pist: p = '2181b30'

-> 2 open/close. This looks correct too.

Starting the capture:
pist_open_live
pist_open_live: p='2181c50'
new_pcap_pist: p='2181c50'
pist_create_trace_device
pist_open_live
pist_open_live: p='21814d0'
new_pcap_pist: p='21814d0'
pist_create_trace_device
pist_open_live
pist_open_live: p='21810c0'
new_pcap_pist: p='21810c0'
pist_create_trace_device
pist_open_live
pist_open_live: p='2182c80'
new_pcap_pist: p='2182c80'
pist_create_trace_device
pist_open_live
pist_open_live: p='2182900'
new_pcap_pist: p='2182900'
pist_create_trace_device
...

And the trace goes on until I stop the capture.
Why is there so many pcap_open_live when capturing? Should we only have
one and use the handler created at this occasion?
Also, when stopping the capture, the close_op (which points in my case
to "pist_platform_close") is not called at the end of the capture. I
think this is another resource leakage.

I tried to look at the capture loop code in Ethereal, but this goes
beyond my knowledge, so I was unable to propose a patch :)

Olivier.