tcpdump mailing list archives
RE: AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem
From: "Ebright, Don" <Don.Ebright () compuware com>
Date: Tue, 8 Oct 2002 09:45:49 -0400
Guy, I ran a program that generated capture statistics every couple of seconds using a version of libpcap that had been modified to issue an error message whenever it ignored an EFAULT. I could cause the EFAULT to occur sporadically by generating bursts of network traffic, and the dropped packet counter increased every time the error message appeared. This pattern was consistent through a few trials on a couple of different machines, so I was convinced that the EFAULT was being set by the BPF driver whenever packets were dropped. I haven't seen any documentation on the AIX BPF driver. There is a chapter about libpcap in the AIX 5.1 "Communications Programming Concepts" manual. The documentation doesn't appear to mention this issue, presumably because the AIX 5.1 libpcap ignores EFAULT internally. With some AIX BPF driver documentation we could better understand the intent of the EFAULT or perhaps even avoid it in some cases if the 64K driver buffer size limit could be increased. Regards Don -----Original Message----- From: Guy Harris [mailto:gharris () sonic net] Sent: Monday, October 07, 2002 7:19 PM To: Ebright, Don Cc: 'jonl () yubyub net'; tcpdump-workers () tcpdump org Subject: Re: [tcpdump-workers] AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem On Fri, Sep 27, 2002 at 09:04:58AM -0400, Ebright, Don wrote:
As far as I can determine, EFAULT is raised by the AIX BPF driver whenever packets have been dropped since the last successful read.
Just out of curiosity, how did you determine that? By reading documentation (if so, where do they document it?), or by experimenting?
I suspect that the best approach would be to add another case to the switch after the
read
in pcap_read() to ignore EFAULT just as EINTR is already ignored.
Or, at least, doing so on AIX - we might want to treat EFAULT as a real error on the BSDs. The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- RE: AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem Ebright, Don (Oct 08)
- RE: AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem jonl (Oct 08)