RE: AIX 5.1, tcpdump 3.6.2 and libpcap 0.7.1 pr oblem

[jonl () yubyub net]

Ebright, Don said:
> Guy,
>
> I ran a program that generated capture statistics every couple of
> seconds using a version of libpcap that had been modified to issue an
> error message whenever it ignored an EFAULT.  I could cause the EFAULT
> to occur
> sporadically by generating bursts of network traffic, and the dropped
> packet counter increased every time the error message appeared.  This
> pattern was consistent through a few trials on a couple of different
> machines, so I was convinced that the EFAULT was being set by the BPF
> driver whenever packets were dropped.

As a followup:

AIX's tcpdump (as supplied with 5.1, unless our admin's messed with it)
dropped many packets when sniffing a 0.5-1MB/s UDP stream.  The recompiled
version sans the libpcap patch wouldn't report any dropped packets, but
did fail after about 100 to 1000 packets.  tcpdump with the patched
libpcap doesn't report any dropped packets and seems to work well.
I'm not sure why AIX's supplied tcpdump doesn't work well, where as a
fresh copy of tcpdump seems to work very well.
-- 
-Jon
 "As three unwavering bands of light, we were simple and separate and
 beautiful.  As machines, we were flabby bags of ancient plumbing and
 wiring, of rusty hinges and feeble springs.  And our
 interrelationships were Byzantine."
 - Kurt Vonnegut, Breakfast of Champions


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe