-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I can use tcpdump now with or without BPF filters :-)
Thanks!! Jim On 08/05/2015 10:20 AM, Alfredo Cardigliano wrote: > Hi Jim I probably fixed this, please update to latest code from the > dev branch in github. > > Best Regards Alfredo > >> On 27 Jul 2015, at 16:06, Jim Hranicky <[email protected] >> <mailto:[email protected]>> wrote: >> >> Signed PGP part Yes, 3.10.0-229.7.2.el7.x86_64 currently. >> >> Jim >> >> On 07/27/2015 06:56 AM, Alfredo Cardigliano wrote: >>> Hi Jim it seems bpf filters generated by libpcap cause strange >>> behaviours with your kernel, the same code you are testing >>> works just fine on kernel 3.13.0-58, while you have 3.10 >>> right? >>> >>> Alfredo >>> >>>> On 23 Jul 2015, at 20:53, Jim Hranicky <[email protected] >> <mailto:[email protected]> >>>> <mailto:[email protected]>> wrote: >>>> >>>> That seems to be working. Unfortunately, specifying a BPF >>>> filter is now causing a kernel panic. >>>> >>>> Command: >>>> >>>> /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 not port 22 >>>> >>>> vmcore-dmesg attached. >>>> >>>> Jim >>>> >>>> On 07/22/2015 04:31 AM, Alfredo Cardigliano wrote: >>>>> Hi Jim there is a fix for this, please pull latest code >>>>> from git, the problem is that tcpdump is setting “empty" >>>>> filters when no filter is specified. >>>>> >>>>> Alfredo >>>>> >>>>>> On 21 Jul 2015, at 16:07, Jim Hranicky <[email protected] >> <mailto:[email protected]> >>>>>> <mailto:[email protected]> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Signed PGP part Was the latest trace helpful? >>>>>> >>>>>> Jim >>>>>> >>>>>> On 07/15/2015 04:55 PM, Jim Hranicky wrote: >>>>>>> Patch applied. >>>>>>> >>>>>>> Command: >>>>>>> >>>>>>> /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 >>>>>>> >>>>>>> dmesg attached (everything after PF_RING load). >>>>>>> >>>>>>> Jim >>>>>>> >>>>>>> On 07/15/2015 09:15 AM, Alfredo Cardigliano wrote: >>>>>>>> Hi Jim this requires a bit of debugging because >>>>>>>> bpf_filter_skb() is not supposed to be called with >>>>>>>> the command you provided, but this does not seem to >>>>>>>> be the case from the trace. Could you apply this >>>>>>>> patch and provide the dmesg output after running the >>>>>>>> application? >>>>>>>> >>>>>>>> Thank you Alfredo >>>>>>>> >>>>>>>> diff --git a/kernel/pf_ring.c b/kernel/pf_ring.c >>>>>>>> index 5433e89..0d52c26 100644 --- a/kernel/pf_ring.c >>>>>>>> +++ b/kernel/pf_ring.c @@ -4030,7 +4030,8 @@ static >>>>>>>> int add_skb_to_ring(struct sk_buff *skb, >>>>>>>> atomic_inc(&pfr->num_ring_users); >>>>>>>> >>>>>>>> /* [1] BPF Filtering */ - if(pfr->bpfFilter) { + if >>>>>>>> (0) { + //if(pfr->bpfFilter) { if(bpf_filter_skb(skb, >>>>>>>> pfr, displ) == 0) { >>>>>>>> atomic_dec(&pfr->num_ring_users); return(-1); @@ >>>>>>>> -7491,7 +7492,7 @@ static int ring_setsockopt(struct >>>>>>>> socket *sock, case SO_ATTACH_FILTER: ret = -EINVAL; >>>>>>>> >>>>>>>> - if(unlikely(enable_debug)) + >>>>>>>> //if(unlikely(enable_debug)) printk("[PF_RING] BPF >>>>>>>> filter (%d)\n", 0); >>>>>>>> >>>>>>>> if(optlen == sizeof(struct sock_fprog)) { >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Ntop-misc mailing list >>>>>>>> [email protected] >> <mailto:[email protected]> >>>>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >>>>>>>> >>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list [email protected] >> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected]> >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> >>>>> >>>>> >>>>> _______________________________________________ Ntop-misc >>>>> mailing list [email protected] >> <mailto:[email protected]> >>>>> <mailto:[email protected]> >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> >>>> <vmcore-dmesg.txt>_______________________________________________ >> >>>> >> >>>> >> Ntop-misc mailing list >>>> [email protected] >>>> <mailto:[email protected]> >>>> <mailto:[email protected]> >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> _______________________________________________ Ntop-misc >>> mailing list [email protected] >> <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >> >> >> _______________________________________________ Ntop-misc mailing >> list [email protected] >> <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ Ntop-misc mailing > list [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlXDyfsACgkQCGX2wHRYUXRCgwD/YR5nQBHOymJ7BTZU/ymj4NHb VawnWY61oluosaRUQ8IA/0tkdz8WkVPpHmuZZrULUO6WvB0qEyhQRpp/2zNTWm9e =0D4D -----END PGP SIGNATURE----- _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
