Mark,
Getting the following exception with the code below, jnetpcap 1.3.0, and the input file at:
ftp://ftp.ll.mit.edu/pub/ideval/2000/LLS_DDOS_1.0/data_and_labeling/tcpd...
but not this file:
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/200...
Am I doing something wrong, or is this a bug in JNetPcap?
Exception in thread "main" java.nio.BufferUnderflowException at org.jnetpcap.nio.JBuffer.check(Unknown Source) at org.jnetpcap.nio.JBuffer.getUByte(Unknown Source) at org.jnetpcap.protocol.tcpip.Tcp.hlen(Unknown Source) at org.jnetpcap.protocol.tcpip.Tcp.decodeHeader(Unknown Source) at org.jnetpcap.packet.JHeader.decode(Unknown Source) at org.jnetpcap.packet.JPacket.getHeaderByIndex(Unknown Source) at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source) at org.jnetpcap.packet.JPacket.hasHeader(Unknown Source) at edu.iastate.ece.cyberprint.JNetPcapTest.main(JNetPcapTest.java:54)
package edu.iastate.ece.cyberprint;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.jnetpcap.JBufferHandler;
import org.jnetpcap.Pcap;
import org.jnetpcap.PcapBpfProgram;
import org.jnetpcap.PcapHeader;
import org.jnetpcap.nio.JBuffer;
import org.jnetpcap.packet.JMemoryPacket;
import org.jnetpcap.protocol.lan.Ethernet;
import org.jnetpcap.protocol.network.Ip4;
import org.jnetpcap.protocol.tcpip.Tcp;
public class JNetPcapTest {
static Ip4 ip4_identifier;
static Tcp tcp_identifier;
static Ethernet eth_identifier;
public static void main(String[] args) throws Exception {
StringBuilder error = new StringBuilder();
PcapBpfProgram bpf = new PcapBpfProgram();
ip4_identifier = new Ip4();
tcp_identifier = new Tcp();
eth_identifier = new Ethernet();
ArrayList ip4s_al = new ArrayList();
final List ip4s = Collections.synchronizedList(ip4s_al);
ArrayList ip4tcps = new ArrayList();
Pcap pc = Pcap.openOffline(args[0], error);
pc.compile(bpf, "tcp", 0, 0);
pc.setFilter(bpf);
JBufferHandler handler = new JBufferHandler() {
public void nextPacket(PcapHeader header, JBuffer buffer, String user){
// Read all packets from capture file into array
JMemoryPacket packet = new JMemoryPacket(Ethernet.ID, buffer);
if (packet.hasHeader(ip4_identifier)){
ip4s.add(packet.getByteArray(0,packet.size()));
}
}
};
pc.loop(-1,handler,"");
pc.close();
for (byte[] p : ip4s) {
JMemoryPacket packet = new JMemoryPacket(Ethernet.ID,p);
if (packet.hasHeader(tcp_identifier)) {
ip4tcps.add(packet.getByteArray(0,packet.size()));
}
}
}
}
This has been fixed. It will be available as part of 1.3.1 update. I plan on releasing the update this weekend. If you need it sooner, you can download the jar file which works with the existing 1.3.0 native library.
Here is the link where you can download the latest jar file before the official update is released:
Fantastic - thanks for your prompt attention, as always!
Hi Mark,
Any updates on the release of 1.3.1? The JAR you linked above seems to hang when initializing a new JMemoryPacket (and I can't get the SVN source to build -- bunch of 'does not name a type' errors).
-Ben
Mark,
Looks like the latest 1.3.1 branch in SVN hangs on:
gc.memorySemaphore.acquire(DisposableGC.calculatePermits((int) size));
which is line 57 of JMemoryReference.java. Here's the stack paused in Eclipse during the hangup:
Thread [main] (Suspended) Unsafe.park(boolean, long) line: not available [native method] LockSupport.park(Object) line: 158 Semaphore$NonfairSync(AbstractQueuedSynchronizer).parkAndCheckInterrupt() line: 811 Semaphore$NonfairSync(AbstractQueuedSynchronizer).doAcquireSharedInterruptibly(int) line: 969 Semaphore$NonfairSync(AbstractQueuedSynchronizer).acquireSharedInterruptibly(int) line: 1281 Semaphore.acquire(int) line: 441 JMemoryReference.(Object, long, long) line: 57 JMemoryPool$Block(JMemory).createReference(long, long) line: 651 JMemoryPool$Block(JMemory).allocate(int) line: 562 JMemoryPool$Block(JMemory). (int) line: 519 JMemoryPool$Block. (int) line: 74 JMemoryPool.newBlock(int) line: 410 JMemoryPool.getBlock(int) line: 395 JMemoryPool.allocate(int, JMemory) line: 229 JMemoryPacket(JPacket).allocate(int) line: 745 JMemoryPacket(JPacket).getMemoryBuffer(int) line: 940 JMemoryPacket. (JBuffer) line: 460 JMemoryPacket. (int, JBuffer) line: 423 Net$1.nextPacket(PcapHeader, JBuffer, String) line: 74 Net$1.nextPacket(PcapHeader, JBuffer, Object) line: 1 Pcap.loop(int, JBufferHandler , T, PcapHeader, JBuffer) line: not available [native method] Pcap.loop(int, JBufferHandler , T) line: 2167 Net.pcap_process(String, String) line: 99 Cyberprint.main(String[]) line: 44
Digging one level deeper, it's in DisposableGC line 355:
Daemon Thread [DisposableGC] (Suspended) Object.wait(long) line: not available [native method] ReferenceQueue.remove(long) line: 118 DisposableGC.drainRefQueueLoop() line: 355 DisposableGC$2.run() line: 902 Thread.run() line: 662
Mark,
I undid your changes to DisposableGC.java and JMemoryReference.java, and things seems happy now. Possibly your semaphores and synchronization are not working as you intended?
-Ben