Line 78 in PktSrc.cc is consistently related to issues
backtraces I'm getting from bro core dumps. I really haven't written
much code with libpcap, so there's probably a good reason to use
pcap_next() there. I'm just wondering, why not use pcap_next_ex()
there and do a bit of error checking before passing packet data along?
The way it is right now, it looks like the code just trusts that
pcap_next() read a packet successfully and then hands it off.
pcap_next() returns NULL if an error occurs or no packets are read from a live capture.
The call to it in PktSrc::ExtractNextPacket() that you mention does look like it checks
the validity of the return value in several places and its own return value is based on it
(which is also checked whenever it's called).
But I don't know why pcap_next_ex() isn't used to get information about errors
so some text can be relayed to the user, maybe that function didn't exist at the time
the code was written.
I think that in my case, something is going wrong with the call to
pcap_next() -- it's returning a pointer that doesn't make any sense.
If there was a little error checking around pcap_next() by using
pcap_next_ex() instead, maybe that would prevent the crash I'm seeing.
Do you have a stack trace you can send? If pcap_next() were returning a bogus pointer, I
don't think you'd see the call to it in the stack, you'd be at a later
point in the code where it attempted to access it and crashes. That is, if pcap_next() is
in your stack trace, something bad is probably happening within the pcap library and the
caller would never have the opportunity to check the return value.