tcpdump mailing list archives
Re: tcpdump problem with DAG card
From: "Carter Bullard" <carter () qosient com>
Date: Thu, 10 Jan 2008 11:49:41 +0000
Hey Stephen, Thanks, I'll take a look tonight, and make the changes. Carter Carter Bullard QoSient LLC 150 E. 57th Street Suite 12D New York, New York 10022 +1 212 588-9133 Phone +1 212 588-9134 Fax -----Original Message----- From: Stephen Donnelly <stephen () endace com> Date: Thu, 10 Jan 2008 16:09:36 To:tcpdump-workers () lists tcpdump org Cc:argus-info () lists andrew cmu edu Subject: Re: [tcpdump-workers] tcpdump problem with DAG card On Thu, 2008-01-10 at 14:53 +1300, Stephen Donnelly wrote:
On Wed, 2008-01-09 at 17:25 -0800, Guy Harris wrote:On Jan 9, 2008, at 3:37 PM, lei wei wrote:I'm actually trying to get Argus working with DAG but argus still can't read anything from it.From a quick look at the source to Argus 2.0.6, it appears to be assuming that you can do a select() on the result of pcap_fileno(), which, as far as I know, is *NOT* the case for DAG devices; I don't think the DAG driver supports select() or poll(). That might cause it (and other applications using select() or poll() on pcap streams) never to see any incoming packets, or to fail in other ways. Newer versions of libpcap (including 0.9.x) have pcap_get_selectable_fd(), which returns a file descriptor on which you can do select(), if such a descriptor exists, or -1, if no such file descriptor exists.I agree. From ArgusGetPackets() in ArgusOutput.c it appears that Argus is intended to operate over multiple pcap interfaces, but incorrectly assumes that pcap descriptors are always selectable. Because Argus does not check for selectable descriptors and work around any non-selectable descriptors it is not possible to use Argus with DAG cards without further modification. Curiously under CYGWIN it does not assume selectable descriptors, but apparently works with only one interface in this case. It may be possible to use this as the basis for non-selectable descriptors in general.
As a workaround, pretending to be CYGWIN gets Argus running. Changing #if defined(CYGWIN) to #if 1 at line 1797 in argus-3.0.0/argus/ArgusSource.c in order to use the non-select version of the code seems to work okay, although Argus will only be able to read from one interface. Cross-posting to the Argus list in case someone wants to have a better go at fixing this upstream. Stephen. -- ----------------------------------------------------------------------- Stephen Donnelly BCMS PhD email: sfd () endace com Endace Technology Ltd phone: +64 7 839 0540 Hamilton, New Zealand cell: +64 21 1104378 ----------------------------------------------------------------------- - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump problem with DAG card lei wei (Jan 09)
- Re: tcpdump problem with DAG card Guy Harris (Jan 09)
- Re: tcpdump problem with DAG card lei wei (Jan 09)
- Re: tcpdump problem with DAG card lei wei (Jan 09)
- Re: tcpdump problem with DAG card Guy Harris (Jan 09)
- Re: tcpdump problem with DAG card Stephen Donnelly (Jan 09)
- Re: tcpdump problem with DAG card lei wei (Jan 09)
- Re: tcpdump problem with DAG card Stephen Donnelly (Jan 09)
- Re: tcpdump problem with DAG card Carter Bullard (Jan 10)
- Re: tcpdump problem with DAG card lei wei (Jan 09)
- Re: tcpdump problem with DAG card Guy Harris (Jan 09)