Package: libpcap0.8 Version: 1.1.1-2 Severity: grave Tags: squeeze sid Justification: causes data loss
see: http://thread.gmane.org/gmane.network.tcpdump.devel/5018 this can be trivially reproduced on squeeze or sid: edmonds@zappa{0}:~$ tcpdump --version tcpdump version 4.1.1 libpcap version 1.1.1 Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ] edmonds@zappa{1}:~$ sudo tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap 1>/dev/null 2>&1 & [1] 22573 edmonds@zappa{1}:~$ ping -c 1 -s 512 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 512(540) bytes of data. 520 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.034 ms --- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.034/0.034/0.034/0.000 ms edmonds@zappa{0}:~$ [1] + done sudo tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap > /dev/null 2>&1 edmonds@zappa{0}:~$ tshark -r /tmp/lo.pcap -V -T text -n | grep '^Frame ' Frame 1 (554 bytes on wire, 122 bytes captured) Frame 2 (554 bytes on wire, 122 bytes captured) edmonds@zappa{0}:~$ with the latest git tip of libpcap: sql1rd2:~# tcpdump --version tcpdump version 4.3.0-PRE-GIT_2011_04_23 libpcap version 1.3.0-PRE-GIT_2011_04_23 Usage: tcpdump [-aAbdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -j tstamptype ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ] sql1rd2:~# tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap & [1] 15377 sql1rd2:~# tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 128 bytes sql1rd2:~# ping -c 1 -s 512 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 512(540) bytes of data. 2 packets captured 4 packets received by filter 0 packets dropped by kernel 520 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.023 ms --- 127.0.0.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.023/0.023/0.023/0.000 ms sql1rd2:~# tshark -r /tmp/lo.pcap -V -T text -n | grep '^Frame ' Running as user "root" and group "root". This could be dangerous. Frame 1 (554 bytes on wire, 128 bytes captured) Frame 2 (554 bytes on wire, 128 bytes captured) [1]+ Done tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap sql1rd2:~# note "122 bytes captured" in the first listing versus "128 bytes captured" in the second. this is fixed in upstream commit ea9432fabdf4b33cbc76d9437200e028f1c47c93, "Fix the calculation of the frame size in memory-mapped captures." there has not yet been a release on the 1.1 branch (or, well, any release) since 1.1.1 that contains this fix. but the fix should most likely be backported to the version in squeeze anyway. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'testing'), (700, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpcap0.8 depends on: ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib libpcap0.8 recommends no packages. libpcap0.8 suggests no packages. -- no debconf information
signature.asc
Description: Digital signature
