Fix handling of packet count in the TPACKET_V3 inner loop.

If we were told to process no more than N packets, and we've already
processed M packets so far, we should process no more than N-M packets
in a buffer; if we stop at N rather than N-M, we could end up processing
more than N packets in a pcap_dispatch() call.

Fixes GitHub issue #493.

diff --git a/pcap-linux.c b/pcap-linux.c
index f1ce0c618a373336503bffeca183c3877597ea05..b51f5e50c911f6d66f8804d755828094720aa221 100644 (file)
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -5082,11 +5082,18 @@ again:
                }
                packets_to_read = handlep->packets_left;
 
-               if (!PACKET_COUNT_IS_UNLIMITED(max_packets) && packets_to_read > max_packets) {
-                       packets_to_read = max_packets;
+               if (!PACKET_COUNT_IS_UNLIMITED(max_packets) &&
+                   packets_to_read > (max_packets - pkts)) {
+                       /*
+                        * We've been given a maximum number of packets
+                        * to process, and there are more packets in
+                        * this buffer than that.  Only process enough
+                        * of them to get us up to that maximum.
+                        */
+                       packets_to_read = max_packets - pkts;
                }
 
-               while(packets_to_read--) {
+               while (packets_to_read--) {
                        struct tpacket3_hdr* tp3_hdr = (struct tpacket3_hdr*) handlep->current_packet;
                        ret = pcap_handle_packet_mmap(
                                        handle,