Jurjen Oskam wrote: > Hi there, > > I'm using OpenBSD 4.1-stable/amd64 (dmesg below). I'm setting up ipsec to > secure my wireless network, and that seems to work great. (Great job on the > new way to configure ipsec, by the way!) > > When using tcpdump on the enc0 interface, I noticed that it segfaults after > a few seconds of continuous traffic on enc0. The weird thing is, I can't > get it to produce a coredump to post a bugreport (unfortunately, I'm no > programmer so I don't think I can diagnose and fix it myself).
The enc0 handling code in tcpdump looks fine, so the problem is most probably related to some particular traffic in your network. The inability to get a coredump is normal. Tcpdump uses privilege separation and the part that drops its privileges segfaults. Since it was a privileged program, and is no longer root, it is not allowed to coredump even with kern.nosuidcoredump=0 > I'm probably > missing something here, so a nudge in the right direction would be much > appreciated. ulimit -c is unlimited, I have the default login.conf, I set > kern.nosuidcoredump=0, and executed tcpdump from /tmp. Still no corefile. As Stuart Henderson also pointed out, your best bet is to use gdb. If you could get us a backtrace, that would be nice. An other alternative is to run a simultaneous tcpdump, writing to a file: tcpdump -p -w crash.dmp -i enc0 since is does not parse the packets, it should not crash. Once the other tcpdump crashes, stop it, and test the dump: tcpdump -n -r crash.dmp If the problem is with the input stream it should crash. You can then send the dump to an intrested developer ie. me ([EMAIL PROTECTED]). I do not recommend posting it to a public list/website since the binary dump might contain sensitive information (although, since the default snap length is low, it will mostly be packet headers only) If the input file does not crash tcpdump, you might have a problem with your setup possibly a kernel/userland mismatch. I would suggest trying to reproduce with a GENERIC kernel from a recent snapshot. Let me know how it turns out. Can
