Looks like the call to pcap_dump_ftell() is always returning -1 and setting errno to 93 (ENOTCAPABLE). This makes sense since I can only trigger it on FreeBSD, and if I disable capsicum support in config.h and rebuild then -C works as expected.
I'll take a look at this and send a PR, but you may be better off building it yourself and disabling capsicum for now. -- WXS > On Feb 18, 2015, at 12:38 AM, SJP Lists <sjp.li...@flashbsd.net> wrote: > > Hello all, > > Firstly, apologies if I missed info about this from a FAQ, documentation, > source README and CHANGES and Google or if I am just doing something > silly. I looked at the man page and performed a Google and case sensitive > searches via casesensitivesearch.com (to avoid all the -c results) but did > not find any info about this issue I am having. > > I have built a host for circular recording of WAN traffic onto 2TB worth of > storage, in order to hopefully catch pcaps after an event of intermittent > issues we are not able to replicate. Hoping that when a user complains and > gives us the time of the issue, I can just grab a copy of the pre-recorded > pcap which should contain the traffic associated with their issue. > > I've used FreeBSD 10.1 for this. With the following tcpdump syntax as an > example, run as root: > > tcpdump -C 1 -W 10 -w filename -i em0 > > and I am finding that filename0 is created and captured to, but the capture > does not roll over to the next file and instead continues to capture to the > first file beyond the limit I thought would be imposed with "-C 1", until I > kill the process. > > I have tried the -Z option with "-Z root", in case the issue was that a new > file cannot be created once privs are dropped, but I get the same result. > > Thank you for reading and any help that you can give! > > > Shane > _______________________________________________ > tcpdump-workers mailing list > tcpdump-workers@lists.tcpdump.org > https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
