> :) Well, the first problem with libpcap 0.7 versus 0.6 has surfaced > for me, on Linux 2.0.39 sniffing ppp0 will make tcpdump crash (+core > sometimes), giving a notice that it couldn't set SIOC*-flags back to > their original value...
Do you have a stack trace from the crash? > After it has crashed once (note: it sets promisc *and* multicast on a > ppp device !), If you ask for promiscuous mode on a network interface, libpcap will set promiscuous mode regardless of the type of the device. > libpcap will fail telling that it doesn't support the ppp-device... What message does it print? > Libpcap 0.6 works without a hitch, in combination with tcpdump 3.6 ... > Although I still see some weirdness when sniffing 'ippp'-devices > (syncppp devices created by ISDN4Linux), especially with fragments... SOCK_PACKET sockets, and PF_PACKET/SOCK_RAW sockets, don't work very well with PPP devices in any version of Linux; the ways in which they don't work very well differ between PPP devices. PF_PACKET/SOCK_DGRAM sockets hide those problems; unfortunately, PF_PACKET sockets require 2.2 or later kernels. I'm not sure there's much libpcap can do about the problem; if *ALL* PPP drivers on Linux, *and* the drivers on top of which they run (serial port, synchronous device, ISDN, etc.) were to arrange that, for incoming *and* outgoing packets, the "mac.raw" pointer in the socket buffer pointed to the beginning of the PPP header, things could be made to work, but I suspect that might be difficult, especially for ISDN. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
