Why ruby's(ver 1.9) pcap gem, hanging after accessing it?

Question

Hello.

Using ruby 1.9 and latest gem install pcap + fix for compiling (convert ->ptr/->len to _PTR/_LEN), i found that after doing simple code:

require 'pcap'
cap = Pcap::Capture.open_offline('1.dmp')
cap.each { |pkt| p pkt.src; }

exit

Pcap gem not leaving block cap.each, i.e. output:

...
213.248.106.202
192.168.1.50
213.248.106.202
192.168.1.50

^C
^C
^C
^C
^C

And process can be killed only by kill -s KILL <process_id>.
Is there any way to fix this?

P.S. 1.dmp file generated using tcpdump -w 1.dmp.

Answer 1

Pcap::Capture#each or Pcap::Capture#each_packet takes an optional count argument. If it is -1, it loops until EOF.

You could try passing a number to each and see what happens.

cap.each_packet(4) {|pkt|p pkt.src}

If that hangs, there might be an issue in the extension code.