Hi,
On Tue, Jul 26, 2005 at 05:45:15PM +0200, Hannes Gredler wrote:
> | (this is because using libpcap-3.9-PRE-CVS makes tcpdump core dump, for
> | whatever reason??!)
> can i have the core file for inspection, pls ?
I've already removed the core file, but it has something to do with actual
BPF sniffing. Dump file reading works, sniffing fails:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ ./tcpdump -V
tcpdump version 3.9-PRE-CVS
libpcap version 0.9-PRE-CVS
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ ./tcpdump -r /tmp/bla
reading from file /tmp/bla, link-type NULL (BSD loopback)
16:40:29.845410 IP6 zeta-v6.medat.de > kirk.greenie.muc.de: ICMP6, echo
request, seq 0, length 16
16:40:29.947464 IP6 , wrong link-layer encapsulationbad-hlen 0
16:40:30.845353 IP6 zeta-v6.medat.de > kirk.greenie.muc.de: ICMP6, echo
request, seq 1, length 16
16:40:30.944974 IP6 , wrong link-layer encapsulationbad-hlen 0
The effect is quite weird - with "-i", it will not dump, but exit
immediately, printing an empty message:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n -i gre0
tcpdump: WARNING: gre0: no IPv4 address assigned
tcpdump:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n -i hme0
tcpdump:
without "-i", it will dump:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n
Bus error (core dumped)
GDB says:
(gdb) run -n
Starting program: /home/gert/cdp/tcpdump/tcpdump -n
Program received signal SIGBUS, Bus error.
0x00000000001b6c24 in pcap_stats_bpf (p=0x4a2000, ps=0x20bb11)
at pcap-bpf.c:135
135 ps->ps_recv = s.bs_recv;
(gdb) where
#0 0x00000000001b6c24 in pcap_stats_bpf (p=0x4a2000, ps=0x20bb11)
at pcap-bpf.c:135
#1 0x00000000001b981c in pcap_close (p=0x4a2000) at pcap.c:784
#2 0x00000000001b9a84 in add_or_find_if (curdev_ret=0xffffffffffffc148,
alldevs=0xffffffffffffc2a8, name=0x49ee3d "hme0", flags=4294935139,
description=0x0, errbuf=0xffffffffffffc4e0 "") at inet.c:157
#3 0x00000000001b9dd4 in add_addr_to_iflist (alldevs=0xffffffffffffc2a8,
name=0x49ee3d "hme0", flags=4294935139, addr=0x49ea68, addr_size=24,
netmask=0x0, netmask_size=24, broadaddr=0x0, broadaddr_size=0,
dstaddr=0x0, dstaddr_size=0, errbuf=0xffffffffffffc4e0 "") at inet.c:316
#4 0x00000000001b8518 in pcap_findalldevs (alldevsp=0xffffffffffffc388,
errbuf=0xffffffffffffc4e0 "") at fad-getad.c:252
#5 0x00000000001ba330 in pcap_lookupdev (errbuf=0xffffffffffffc4e0 "")
at inet.c:493
#6 0x000000000019d9ec in main (argc=2, argv=0xffffffffffffc7a8)
at tcpdump.c:854
#7 0x00000000001024d8 in ___start ()
(gdb) list pcap-bpf.c:135
130 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s",
131 pcap_strerror(errno));
132 return (-1);
133 }
134
135 ps->ps_recv = s.bs_recv;
136 ps->ps_drop = s.bs_drop;
137 return (0);
138 }
139
[..]
> | [EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n -s0 -i gre0
> | tcpdump: WARNING: gre0: no IPv4 address assigned
> | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> | listening on gre0, link-type NULL (BSD loopback), capture size 65535 bytes
> | 16:16:28.835438 IP6 2001:608:8003::1 > 2001:608:4::3: ICMP6, echo request,
> seq 0, length 16
> | 16:16:28.937041 IP6 , wrong link-layer encapsulationbad-hlen 0
[..]
> can you send me the .pcap of the gre tunnel and i have a look;
I've sent this directly to Hannes (assuming the list will drop attachments).
> i am anticipating a kernel issue -
> typically we get this error message when the kernel tells us
> that the payload is IPv4 [and in reality is IPv6] - that makes
> the IPv4 printer bark;
Might be an explanation, especially given the fact that the "capture
related" part of the NetBSD GRE implementation wasn't changed at all
when I added IPv6-over-GRE.
Sending and receiving packets on the tunnel take a completely different
route, so this might also explain the different behaviour seen.
In that case I take all the blaim and go fix it :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [EMAIL PROTECTED]
fax: +49-89-35655025 [EMAIL PROTECTED]
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
