I observed a few interesting things running tcpdump 3.7.1 compiled with IBM
Visual Age 5.02 on AIX 4.3.3 at the latest maintenance level (09).
1. The DLPI support (bos.rte.tty 4.3.3.75) on my test system must be
broken, because I get these error messages attempting to enter promiscuous
mode:
WARNING: DL_PROMISC_MULTI failed (recv_ack: promisc_multi: Primitive issued
in improper state)
WARNING: DL_PROMISC_SAP failed (recv_ack: promisc_sap: Primitive issued in
improper state)
tcpdump: WARNING: recv_ack: promisc_sap: Primitive issued in improper state
tcpdump: listening on en0
Running tcpdump 3.6.2 on this system gives me warning messages similar to
the first two, but without the text decode of the 0x03 response code. There
seems to be no problem capturing the packets, but I can only see incoming
packets without the ability to enable promiscuous mode. As expected, I
don't see these warning messages if I use the -p switch. I know virtually
nothing about DLPI, but I would be glad to try to pin this down if anyone
has any ideas for techniques to isolate the problem.
2. There is a lot of good news regarding the libpcap BPF support for AIX.
It compiles, the timestamps appear to be OK, the IP address filtering works
OK, so I presume that the ethernet linktype is being recognized correctly,
and it runs for a while. The bad news is that it fails after a few packets
with the message:
tcpdump: pcap_loop: read: Bad address
I presume that this message is generated at line 129 of pcap-bpf.c when the
read returns errno 14 (EFAULT). This would seem to indicate a buffer
handling problem somewhere.
3.
I haven't looked very far into either of the previous problems, but I did
track down an issue which prevented the libpcap BPF support from ever
starting in a multithreaded environment. On my system, at least, the
largest bpf device buffer size that succeeds is 16K, and the BIOCSETIF ioctl
on line 253 of pcap-bpf.c consistently fails with errno zero instead of
ENOBUFS when called by my threaded program. It properly returns ENOBUFS
when called by a non-theaded program such as tcpdump. This appears to be an
AIX bug, but I worked around it by changing line 256 from:
if (errno != ENOBUFS) {
to
if (errno && (errno != ENOBUFS)) {
I don't know that this situation warrants a "fix" since it is clearly an AIX
problem, but someone else who wants to use libpcap in a threaded environment
on AIX may benefit from this workaround if the problem is widespread.
4.
If anyone is interested in token-ring, I intend to try that next week if
time permits. That should be interesting.
Don Ebright
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
