tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

RE: AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem

From: "Ebright, Don" <Don.Ebright () compuware com>
Date: Tue, 8 Oct 2002 09:45:49 -0400 
Guy,

I ran a program that generated capture statistics every couple of seconds
using a version of libpcap that had been modified to issue an error message
whenever it ignored an EFAULT.  I could cause the EFAULT to occur
sporadically by generating bursts of network traffic, and the dropped packet
counter increased every time the error message appeared.  This pattern was
consistent through a few trials on a couple of different machines, so I was
convinced that the EFAULT was being set by the BPF driver whenever packets
were dropped.

I haven't seen any documentation on the AIX BPF driver.  There is a chapter
about libpcap in the AIX 5.1 "Communications Programming Concepts" manual.
The documentation doesn't appear to mention this issue, presumably because
the AIX 5.1 libpcap ignores EFAULT internally.

With some AIX BPF driver documentation we could better understand the intent
of the EFAULT or perhaps even avoid it in some cases if the 64K driver
buffer size limit could be increased.

Regards

Don

-----Original Message-----
From: Guy Harris [mailto:gharris () sonic net]
Sent: Monday, October 07, 2002 7:19 PM
To: Ebright, Don
Cc: 'jonl () yubyub net'; tcpdump-workers () tcpdump org
Subject: Re: [tcpdump-workers] AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1
pr oblem


On Fri, Sep 27, 2002 at 09:04:58AM -0400, Ebright, Don wrote:

As far as I can determine, EFAULT is raised by the AIX BPF driver whenever
packets have been dropped since the last successful read.


Just out of curiosity, how did you determine that?  By reading
documentation (if so, where do they document it?), or by experimenting?


I suspect that
the best approach would be to add another case to the switch after the

read

in pcap_read() to ignore EFAULT just as EINTR is already ignored.  


Or, at least, doing so on AIX - we might want to treat EFAULT as a real
error on the BSDs.



The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it. 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: