Gert Doering wrote:
The effect is quite weird - with "-i", it will not dump, but exit
immediately, printing an empty message:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n -i gre0
tcpdump: WARNING: gre0: no IPv4 address assigned
tcpdump:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n -i hme0
tcpdump:
without "-i", it will dump:
[EMAIL PROTECTED]:/home/gert/cdp/tcpdump$ SU ./tcpdump -n
Bus error (core dumped)
In the grand BSD tradition, SIGBUS is delivered for unmapped addresses
and alignment faults (unlike other OSes, which use SIGSEGV for unmapped
addresses).
So this could either be a bad pointer or an alignment problem; at this
point, I think the other most popular 64-bit processors don't trap on
misaligned data, so this might not have showed up on other 64-bit
processors.
However, the compiler *should* be aligning the structures correctly. I
don't know whether:
GDB says:
(gdb) run -n
Starting program: /home/gert/cdp/tcpdump/tcpdump -n
Program received signal SIGBUS, Bus error.
0x00000000001b6c24 in pcap_stats_bpf (p=0x4a2000, ps=0x20bb11)
at pcap-bpf.c:135
135 ps->ps_recv = s.bs_recv;
(gdb) where
#0 0x00000000001b6c24 in pcap_stats_bpf (p=0x4a2000, ps=0x20bb11)
at pcap-bpf.c:135
#1 0x00000000001b981c in pcap_close (p=0x4a2000) at pcap.c:784
#2 0x00000000001b9a84 in add_or_find_if (curdev_ret=0xffffffffffffc148,
alldevs=0xffffffffffffc2a8, name=0x49ee3d "hme0", flags=4294935139,
description=0x0, errbuf=0xffffffffffffc4e0 "") at inet.c:157
#3 0x00000000001b9dd4 in add_addr_to_iflist (alldevs=0xffffffffffffc2a8,
name=0x49ee3d "hme0", flags=4294935139, addr=0x49ea68, addr_size=24,
netmask=0x0, netmask_size=24, broadaddr=0x0, broadaddr_size=0,
dstaddr=0x0, dstaddr_size=0, errbuf=0xffffffffffffc4e0 "") at inet.c:316
#4 0x00000000001b8518 in pcap_findalldevs (alldevsp=0xffffffffffffc388,
errbuf=0xffffffffffffc4e0 "") at fad-getad.c:252
#5 0x00000000001ba330 in pcap_lookupdev (errbuf=0xffffffffffffc4e0 "")
at inet.c:493
Most of that stack looks correct - except for the topmost item;
pcap_close() shouldn't be calling pcap_stats_bpf().
Perhaps the layout of a pcap_t is different in pcap-bpf.c and pcap.c,
due to pcap-bpf.c defining a special flag to force pcap.h not to include
pcap-bpf.h. That might cause the wrong function pointer values to be
set in the structure.
You might want to check whether sizeof(pcap_t) - and the offset of the
"close_op" member of a pcap_t - is the same in both files. If it's not,
we need to figure out why, and fix that.
The pcap_lookupdev() code path isn't used if "-i" is specified, so that
particular crash won't occur.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
