Hi Jim it seems bpf filters generated by libpcap cause strange behaviours with your kernel, the same code you are testing works just fine on kernel 3.13.0-58, while you have 3.10 right?
Alfredo > On 23 Jul 2015, at 20:53, Jim Hranicky <[email protected]> wrote: > > That seems to be working. Unfortunately, specifying a > BPF filter is now causing a kernel panic. > > Command: > > /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 not port 22 > > vmcore-dmesg attached. > > Jim > > On 07/22/2015 04:31 AM, Alfredo Cardigliano wrote: >> Hi Jim >> there is a fix for this, please pull latest code from git, >> the problem is that tcpdump is setting “empty" filters when no filter is >> specified. >> >> Alfredo >> >>> On 21 Jul 2015, at 16:07, Jim Hranicky <[email protected] <mailto:[email protected]> >>> <mailto:[email protected] <mailto:[email protected]>>> wrote: >>> >>> Signed PGP part >>> Was the latest trace helpful? >>> >>> Jim >>> >>> On 07/15/2015 04:55 PM, Jim Hranicky wrote: >>>> Patch applied. >>>> >>>> Command: >>>> >>>> /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 >>>> >>>> dmesg attached (everything after PF_RING load). >>>> >>>> Jim >>>> >>>> On 07/15/2015 09:15 AM, Alfredo Cardigliano wrote: >>>>> Hi Jim this requires a bit of debugging because bpf_filter_skb() >>>>> is not supposed to be called with the command you provided, but >>>>> this does not seem to be the case from the trace. Could you apply >>>>> this patch and provide the dmesg output after running the >>>>> application? >>>>> >>>>> Thank you Alfredo >>>>> >>>>> diff --git a/kernel/pf_ring.c b/kernel/pf_ring.c index >>>>> 5433e89..0d52c26 100644 --- a/kernel/pf_ring.c +++ >>>>> b/kernel/pf_ring.c @@ -4030,7 +4030,8 @@ static int >>>>> add_skb_to_ring(struct sk_buff *skb, >>>>> atomic_inc(&pfr->num_ring_users); >>>>> >>>>> /* [1] BPF Filtering */ - if(pfr->bpfFilter) { + if (0) { + >>>>> //if(pfr->bpfFilter) { if(bpf_filter_skb(skb, pfr, displ) == 0) >>>>> { atomic_dec(&pfr->num_ring_users); return(-1); @@ -7491,7 >>>>> +7492,7 @@ static int ring_setsockopt(struct socket *sock, case >>>>> SO_ATTACH_FILTER: ret = -EINVAL; >>>>> >>>>> - if(unlikely(enable_debug)) + >>>>> //if(unlikely(enable_debug)) printk("[PF_RING] BPF filter >>>>> (%d)\n", 0); >>>>> >>>>> if(optlen == sizeof(struct sock_fprog)) { >>>>> >>>>> >>>>> >>>>> _______________________________________________ Ntop-misc mailing >>>>> list [email protected] >>> <mailto:[email protected] >>> <mailto:[email protected]>> >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] <mailto:[email protected]> >>> <mailto:[email protected] >>> <mailto:[email protected]>> >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >> > <vmcore-dmesg.txt>_______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
