If a iface rebuild occurs, it will result in a large amount of CPU resource usage.

[akkuman]

In real-world testing, if the container containing naabu has network_mode=host, or if it's executed directly on the host machine, and if other Docker stacks exist on the machine and a Docker network rm operation has occurred (e.g., docker compose down && docker compose up -d), then the following two points will cause CPU high usage, and the error will always return pcap.NextErrorReadError.

naabu/pkg/scan/scan_unix.go

Lines 786 to 819 in 25ce63b

	for {
	data, _, err := handler.ReadPacketData()
	if err == io.EOF {
	break
	} else if err != nil {
	continue
	}
	for _, parser := range parsers {
	err := parser.DecodeLayers(data, &decoded)
	if err != nil {
	continue
	}
	for _, layerType := range decoded {
	if layerType == layers.LayerTypeARP {
	// check if the packet was sent out
	isReply := arp.Operation == layers.ARPReply
	var sourceMacIsInterfaceMac bool
	if networkInterface != nil {
	sourceMacIsInterfaceMac = bytes.Equal([]byte(networkInterface.HardwareAddr), arp.SourceHwAddress)
	}
	isOutgoingPacket := !isReply || sourceMacIsInterfaceMac
	if isOutgoingPacket {
	continue
	}
	srcIP4 := net.IP(arp.SourceProtAddress)
	for _, listenHandler := range ListenHandlers {
	listenHandler.HostDiscoveryChan <- &PkgResult{ipv4: ToString(srcIP4)}
	}
	}
	}
	}
	}

naabu/pkg/scan/scan_unix.go

Lines 743 to 764 in 25ce63b

	for {
	data, _, err := handler.ReadPacketData()
	if err == io.EOF {
	break
	} else if err != nil {
	continue
	}
	for _, parser := range parsers {
	err := parser.DecodeLayers(data, &decoded)
	if err != nil {
	continue
	}
	for _, layerType := range decoded {
	if layerType == layers.LayerTypeTCP || layerType == layers.LayerTypeUDP {
	srcIP4 := ToString(ip4.SrcIP)
	srcIP6 := ToString(ip6.SrcIP)
	transportReaderCallback(tcp, udp, srcIP4, srcIP6)
	}
	}
	}
	}