Sometimes when I run this program, I will be prompted with Segmentation fault
start sniffing
Fatal Python error: Segmentation fault
Thread 0x00007f5e3bfff700 (most recent call first):
File "/usr/local/lib/python3.8/dist-packages/iptc/ip4tc.py", line 1610 in commit
File "/usr/local/lib/python3.8/bin/python-sudo.sh: line 2: 3087 Segmentation fault sudo /usr/bin/python3 "$@"
Process finished with exit code 139 (interrupted by signal 11: SIGSEGV)
my code:
table = iptc.Table(iptc.Table.FILTER)
chain = iptc.Chain(table, "INPUT")
def Callback(packet):
if packet[IP].proto == 17:
if packet[UDP].dport == 62201:
sp = packet[IP].src
thread_add = threading.Thread(target=add_rules, args=(sp, ))
thread_add.start()
def add_rules(sp):
global chain, table
rule = iptc.Rule()
rule.src = sp
target = iptc.Target(rule, "ACCEPT")
rule.target = target
chain.insert_rule(rule)
print('rule ' + sp + ' insert! {}'.format(time.time()))
time.sleep(30)
chain.delete_rule(rule)
print('time out delete ' + sp + ' this rule! {}'.format(time.time()))
while 1:
# 使用sniff抓包
print('start sniffing')
msg = sniff(filter='dst port 62201', prn=Callback)
time.sleep(0.03)
server.close()
print('Sever closed')
The likely reason is with the library you are using or the way you use it. There is one obvious hazard: You use multiple threads to work on the same chain and table but you do not use a mutex to protect access to them.
Try something like this:
table = iptc.Table(iptc.Table.FILTER)
chain = iptc.Chain(table, "INPUT")
mutex = threading.Lock()
def add_rules(sp):
with mutex:
rule = iptc.Rule()
rule.src = sp
target = iptc.Target(rule, "ACCEPT")
rule.target = target
chain.insert_rule(rule)
print('rule ' + sp + ' insert! {}'.format(time.time()))
time.sleep(30)
with mutex:
chain.delete_rule(rule)
print('time out delete ' + sp + ' this rule! {}'.format(time.time()))