> Date: Mon, 4 Feb 2002 13:25:18 -0800 (PST) > From: Guy Harris <[EMAIL PROTECTED]> > Subject: Re: [tcpdump-workers] libpcap 0.7.1 & Linux 2.0.39 little tweak ;)
> > :) Well, the first problem with libpcap 0.7 versus 0.6 has surfaced > > for me, on Linux 2.0.39 sniffing ppp0 will make tcpdump crash (+core > > sometimes), giving a notice that it couldn't set SIOC*-flags back to > > their original value... > Do you have a stack trace from the crash? Here it comes: root@jp-gp: /usr/src/tcpdump-3.7.1 # gdb -c core ./tcpdump GNU gdb 4.17 [ ... ] Core was generated by `./tcpdump -f -n -l -i ppp0'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/local/openssl/lib/libcrypto.so.0...done. Reading symbols from /lib/libc.so.5...done. Reading symbols from /lib/libdl.so.1...done. Reading symbols from /lib/ld-linux.so.1...done. #0 0x4013c044 in free () (gdb) bt #0 0x4013c044 in free () #1 0x4014c8e8 in __shtab () As far as I can tell, if ppp0 is already in promisc: tcpdump: interface type of ppp0 not supported If it has to be set in promisc mode: tcpdump: interface type of ppp0 not supported Can't restore interface flags (SIOCGIFFLAGS failed: Bad file number). Please adjust manually. Hint: This can't happen with Linux >= 2.2.0. Segmentation fault (core dumped) Tcpdump 3.7.1 is called with: -f -n -l -i ppp0 root@jp-gp: /usr/src/tcpdump-3.7.1 # ls -al core tcpdump -rw------- 1 root root 1028096 Feb 5 12:13 core -rwxr-xr-x 1 root root 1249127 Feb 5 12:12 tcpdump* Available at: http://www.cwi.nl/~jpv/tmp/core http://www.cwi.nl/~jpv/tmp/tcpdump If you need other info, just mail me... > [ ... ] > > Libpcap 0.6 works without a hitch, in combination with tcpdump 3.6 ... > > Although I still see some weirdness when sniffing 'ippp'-devices > > (syncppp devices created by ISDN4Linux), especially with fragments... > SOCK_PACKET sockets, and PF_PACKET/SOCK_RAW sockets, don't work very > well with PPP devices in any version of Linux; the ways in which they > don't work very well differ between PPP devices. :) > PF_PACKET/SOCK_DGRAM sockets hide those problems; unfortunately, > PF_PACKET sockets require 2.2 or later kernels. Well, I was thinking about upgradeing in the coming 3 months, but on the other hand, the machine is working and doing what it's supposed to do, so upgrading just for the sake of upgrading is a bit awkward... > I'm not sure there's much libpcap can do about the problem; if *ALL* PPP > drivers on Linux, *and* the drivers on top of which they run (serial > port, synchronous device, ISDN, etc.) were to arrange that, for incoming > *and* outgoing packets, the "mac.raw" pointer in the socket buffer > pointed to the beginning of the PPP header, things could be made to > work, but I suspect that might be difficult, especially for ISDN. Hm... Well, I could always try ;) Regards, JP Velders - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
