[NETFRAME] Net::Packet::Dump / Net::Frame::Dump::Online - Concurrent Simultaneous Capture Limit?
Darien Kindlund
darien at kindlund.com
Thu Jun 11 19:21:57 CEST 2009
Hi GomoR,
Looks like I spoke too soon. After running the script below for about
30 minutes, the parent perl process unexpectedly exits with the error
of:
Can't locate Carp/Heavy.pm in @INC (@INC contains: /etc/perl
/usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5
/usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8
/usr/local/lib/site_perl .) at /usr/share/perl/5.8/Carp.pm line 89.
... and all 50 child processes are left stale. Carp::Heavy is
installed on the system, so I think there may be a more fundamental
issue here -- perhaps resource starvation. Anyway, I tried reducing
the number of simultaneous dump objects to 35 and I get the same
result. I'll try to figure out the maximum. I also try running the
code in debug mode; however, debug doesn't like fork() at all.
-- Darien
On Thu, Jun 11, 2009 at 11:53 AM, Darien Kindlund<darien at kindlund.com> wrote:
> Hi GomoR,
>
> It looks like the Net::Frame::Dump::Online package is keeping up with
> the requirements I mentioned earlier. I've enclosed a stripped down
> version of perl code which describes how I'm using it. I'm hoping you
> can take a look at it and let me know if you see any particular
> problems. Basically, the code creates 50 dump objects and then cycles
> through each dump object, printing the first 10 packets, and then
> resetting the dump session. I realize that creating 50 dump objects
> using the same filter is not very useful; however, assume the real
> code would set each dump object with a unique filter.
>
> Please let me know if this is the correct way to use your library,
> specifically in terms of flushing data as much as possible in order to
> avoid obvious memory overflow conditions. Also, it's safe to assume
> that the real code would do something with the generated .pcap between
> the ->stop() call and the ->flush() call.
>
> Here's the code:
>
> #!/usr/bin/perl -w
>
> use strict;
> use warnings;
>
> use Data::Dumper;
> use Net::Frame::Dump::Online;
> use Net::Frame::Simple;
> use Data::UUID;
>
> our $sessions = {};
>
> my $session_counter = 0;
>
> while ($session_counter < 51) {
> my $uuid = Data::UUID->new()->create_str();
> $sessions->{$uuid} = Net::Frame::Dump::Online->new(
> dev => 'eth0',
> file => 'pcaps/' . $uuid . '.pcap',
> filter => 'tcp port 22',
> promisc => 1,
> snaplen => 65535,
> keepTimestamp => 1,
> unlinkOnStop => 0,
> overwrite => 1,
> );
>
> # Start capture
> #print Dumper($sessions->{$uuid}) . "\n";
> print "Starting...\n";
> $sessions->{$uuid}->start;
> $session_counter++;
> }
>
> while (1) {
> foreach my $key (keys %{$sessions}) {
> print "Handling UUID: " . $key . "\n";
> #print Dumper($sessions->{$key}) . "\n";
>
> my $counter = 0;
> while (1) {
> if (my $frame = $sessions->{$key}->next) {
> $frame = Net::Frame::Simple->newFromDump($frame);
> print $frame->print . "\n";
> #print Dumper($frame) . "\n";
> $counter++;
> if ($counter > 10) {
> last;
> }
> }
> }
>
> # Cleanup
> print "Stopping...\n";
> $sessions->{$key}->stop;
> #print Dumper($sessions->{$key}) . "\n";
>
> #print "Sleeping...\n";
> #sleep(5);
>
> print "Flushing...\n";
> $sessions->{$key}->flush;
> #print Dumper($sessions->{$key}) . "\n";
>
> #print "Sleeping...\n";
> #sleep(10);
>
> print "Starting...\n";
> $sessions->{$key}->start;
> }
> }
>
> ---
>
> Lastly, when running this code, I occasionally run into this message:
> Argument "" isn't numeric in numeric le (<=) at
> /usr/local/share/perl/5.8.8/Net/Frame/Layer/ETH.pm line 193.
> Unable to unpack next layer, not yet implemented in layer: 0:ETH
> ETH: dst:49:09:90:01:ef:b7 src: length:0
>
> Does this message appear strictly because I have 'use warnings;' in
> the parent code? In other words, what's the correct way to suppress
> or handle this error message?
>
> Thanks,
> -- Darien
>
More information about the netframe
mailing list