I'm running into the corrupted mmapped ring buffer problem, but only with my very simple code - not with the packaged tcpdump or wireshark.
I don't have the problem with a local build of libpcap from git. Does anybody here know what causes this? Am I calling libpcap incorrectly? Is it a pure ubuntu problem I should report up to them? Here's the output of tstpcap.sh, which builds and runs tstpcap.c twice, against the system libpcap and my own build: % sh tstpcap.sh + gcc -Wall -o tstpcap-git tstpcap.c -L/usr/local/lib -lpcap + gcc -Wall -o tstpcap-ubuntu tstpcap.c -lpcap + ldd tstpcap-git tstpcap-ubuntu tstpcap-git: linux-gate.so.1 => (0xb78b9000) libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0xb7869000) libc.so.6 => /lib/libc.so.6 (0xb770c000) /lib/ld-linux.so.2 (0xb78ba000) tstpcap-ubuntu: linux-gate.so.1 => (0xb76fb000) libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0xb76ad000) libc.so.6 => /lib/libc.so.6 (0xb7550000) /lib/ld-linux.so.2 (0xb76fc000) + uname -a Linux samtu 2.6.38-020638-generic #201103151303 SMP Tue Mar 15 14:33:40 UTC 2011 i686 GNU/Linux + sudo ./tstpcap-ubuntu eth0 version libpcap version 1.1.1 return -1 error? corrupted frame on kernel ring mac offset 70 + caplen 0 > frame len 64 + sudo ./tstpcap-git eth0 version libpcap version 1.3.0-PRE-GIT_2011_04_18 return 1 error? % cat tstpcap.sh set -x gcc -Wall -o tstpcap-git tstpcap.c -L/usr/local/lib -lpcap gcc -Wall -o tstpcap-ubuntu tstpcap.c -lpcap ldd tstpcap-git tstpcap-ubuntu uname -a sudo ./tstpcap-ubuntu eth0 sudo ./tstpcap-git eth0 % cat tstpcap.c #include <assert.h> #include <errno.h> #include <math.h> #include <pcap.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/time.h> #include <time.h> int main(int argc, char* argv[]) { char* source = argv[1]; int snaplen = 0; int promisc = 0; int to_ms = 0; char errbuf[PCAP_ERRBUF_SIZE]; printf("version %s\n", pcap_lib_version()); pcap_t* cap = pcap_open_live(source, snaplen, promisc, to_ms, errbuf); if(!cap) { printf("error %s\n", errbuf); return 1; } struct pcap_pkthdr* pkt_header = NULL; const u_char* pkt_data = NULL; int e = pcap_next_ex(cap, &pkt_header, &pkt_data); printf("return %d error? %s\n", e, pcap_geterr(cap)); return 0; }
tstpcap.sh
Description: Bourne shell script
#include <assert.h> #include <errno.h> #include <math.h> #include <pcap.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/time.h> #include <time.h> int main(int argc, char* argv[]) { char* source = argv[1]; int snaplen = 0; int promisc = 0; int to_ms = 0; char errbuf[PCAP_ERRBUF_SIZE]; printf("version %s\n", pcap_lib_version()); pcap_t* cap = pcap_open_live(source, snaplen, promisc, to_ms, errbuf); if(!cap) { printf("error %s\n", errbuf); return 1; } struct pcap_pkthdr* pkt_header = NULL; const u_char* pkt_data = NULL; int e = pcap_next_ex(cap, &pkt_header, &pkt_data); printf("return %d error? %s\n", e, pcap_geterr(cap)); return 0; }
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.