Re: libpcap: patches required for OpenSolaris/SXCE

[Darren Reed <Darren.Reed () Sun COM>]

Sebastien Roy wrote:
> On Tue, 2009-12-01 at 00:47 -0800, Guy Harris wrote:
>   
> > On Nov 30, 2009, at 5:30 AM, Darren Reed wrote:
> >     
> > > # dladm show-link
> > > LINK        CLASS     MTU    STATE    BRIDGE     OVER
> > > igb0        phys      1500   up       --         --
> > > e1000g0     phys      1500   up       --         --
> > > e1000g1     phys      1500   up       --         --
> > > igb1        phys      1500   up       --         --
> > > vnic0       vnic      1500   up       --         e1000g0
> > > tun0        iptun     65515  down     --         --
> > >       
> > unless dladm's notion of "down" is different from ifconfig's notion of  
> > "down", the latter probably being what libpcap sees when it decides  
> > whether to report devices as available or not.
> >     
>
> Yes, it is different.  On Solaris, ifconfig reports IP interface status
> (where down and up are administrative settings of the IP interface), and
> dladm reports the running state of the datalink, which is a dynamic
> state that depends on external factors (akin to the RUNNING flag at the
> IP layer).
>
> I would argue that it's a bug on Solaris that libpcap depends on
> IP-layer information to choose a capture interface (if that is in fact
> what it does), as capturing at the link-layer is orthogonal to whether
> IP is used at all over the datalink.  On Solaris, datalinks can exist
> without IP interfaces at all, so the interface selection logic should
> not use IP-layer APIs, but link-layer APIs.
>   

Use of libdladm is going to be required.


> The WARNING there seems spurious, and the use of SIOCGIFADDR
> questionable.  Why should tcpdump care about the IP addresses assigned
> to bge0 when observing at the link-layer?  FWIW, it appears to select a
> default interface just fine, so it would appear to not use the SIOCG*
> socket ioctls for interface selection:
>
> bash-3.2# ./tcpdump
> tcpdump: WARNING: SIOCGIFADDR: bge0: No such device or address
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> ...
> Maybe Darren has fixed these uses of SIOCGIFADDR and fixed the WARNING,
> but if not, I'd argue that it's a bug.
>   

Not yet.

libpcap uses SIOCGLIFCONF to get the list of interfaces. As you've 
mentioned,
for Splaris, this only returns interface names on which IP has been plumb'd.

Looking at tcpdump, pcap_lookupnet() should only be called from tcpdump.c
if fflag is true because the returned values of localnet and netmask are 
ignored
by init_addrtoname if fflag is not true. Patch below.

This should prevent the warning message above from being displayed except
when someone does "tcpdump -f -i bge0" and bge0 has not been plumb'd.
In that case, I'd regard the failure of pcap_lookupnet() as a fatal 
error, rather
than just a warning message to print out because the "-f" command line 
feature
will not be able to work.

Darren

diff --git a/tcpdump.c b/tcpdump.c
index 25feb7a..82183a3 100644
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -525,6 +525,8 @@ main(int argc, char **argv)
       gndo->ndo_warning=ndo_warning;
       gndo->ndo_snaplen = DEFAULT_SNAPLEN;

+       localnet = 0;
+       netmask = 0;
       cnt = -1;
       device = NULL;
       infile = NULL;
@@ -949,8 +951,6 @@ main(int argc, char **argv)
                           RFileName, dlt_name,
                           pcap_datalink_val_to_description(dlt));
               }
-               localnet = 0;
-               netmask = 0;
               if (fflag != 0)
                       error("-f and -r options are incompatible");
       } else {
@@ -1078,10 +1078,8 @@ main(int argc, char **argv)
                       warning("snaplen raised from %d to %d", snaplen, i);
                       snaplen = i;
               }
-               if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0) {
-                       localnet = 0;
-                       netmask = 0;
-                       warning("%s", ebuf);
+               if (fflag && pcap_lookupnet(device, &localnet, &netmask, 
ebuf) <
+                       error("%s", ebuf);
               }
       }
       if (infile)

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.