[tcpdump-workers] libpcap bug on Compaq Ipaq (ARM)

[Antonio]

Hi, i'm using libpcap 0.6.2 on Compaq Ipaq but i found a few of bugs...   Mac Address     when i type "tcpdump ether dst <mac_address>" it doesn't capture anything...but if i type "tcpdump" it         capture all packets.       when i type "tcpdump ether src <mac_address>" it works.     IP Address here's the beavior with ip address..     bash-2.03# tcpdump     device eth0 entered promiscuous mode     tcpdump: listening on eth0     tcpdump: WARNING: compensating for unaligned libpcap packets     13:14:28.380000 192.168.3.1 > 192.168.3.100: icmp: echo request (DF)     13:14:28.380000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:14:29.380000 192.168.3.1 > 192.168.3.100: icmp: echo request (DF)     13:14:29.380000 192.168.3.100 > 192.168.3.1: icmp: echo reply   If i apply a filter to the same traffic...     bash-2.03# tcpdump dst host 192.168.3.100     device eth0 entered promiscuous mode     tcpdump: listening on eth0     tcpdump: WARNING: compensating for unaligned libpcap packets     13:18:09.370000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:18:10.370000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:18:11.370000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:18:12.370000 192.168.3.100 > 192.168.3.1: icmp: echo reply   Another filter     bash-2.03# tcpdump src host 192.168.3.100     device eth0 entered promiscuous mode     tcpdump: listening on eth0     ...     ...     nothing...   Another filter     bash-2.03# tcpdump src host 192.168.3.100 or dst host 192.168.3.100     device eth0 entered promiscuous mode     tcpdump: listening on eth0     tcpdump: WARNING: compensating for unaligned libpcap packets     13:21:04.360000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:21:05.360000 192.168.3.100 > 192.168.3.1: icmp: echo reply     13:21:06.360000 192.168.3.100 > 192.168.3.1: icmp: echo reply   A little strange...don't yout think?   Anyway that's what i'm using...     zImage-2.4.6-rmk1-np2-fam4_hh3 (Ipaq)     task-bootstrap-2.4.6-rmk1-np2-fam4-hh3.jffs2 (Ipaq)     libpcap-dev_0.6.2-1_arm.ipk (Ipaq)     tcpdump_3.6.2-1_arm.ipk    (Ipaq)     arm-linux-toolchain-post-2.2.13.tar.gz (Cross-Compiler for ARM found at ftp://ftp.handhelds.org/pub/linux/arm/toolchain/)     libpcap-0.6.2.tar.gz     I tried to recompile it instead of using libpcap-dev_0.6.2-1_arm.ipk , but the problem remains. I also tried to use libpcap-0.4: filters works, but there are other problems. Infact i can't write to a pcap's descriptor.         result = write(pfd, full_pkt, len);   It return result=0 only on the Ipaq but on PC works....     Can you give me any clue to solve the problem? Thanks in advance.   Antonio Pappalardo