tcpdump mailing list archives

Re: libpcap on Mac Os X 10.6 Snow Leopard

From: Marco De Angelis <thorar () yahoo com>
Date: Mon, 1 Feb 2010 15:28:36 +0000 (UTC)

Guy Harris <guy <at> alum.mit.edu> writes:

The issue described in that message is fixed in 10.6.2.


Thanks so much for replying (Sorry if this reply arrives twice, I had problems
in subscribing). That is good to know. I have 10.6.2, but I still experience
problems (packets not dispatched).

These are both BPF issues; libpcap 1.0.0 didn't *introduce* them -


I was just looking at my depedencies, without being sure if I should investigate
more for a Snow Leopard bug or on the libpcap side.

So what is the exact problem you're seeing?  What is the difference you see

between Leopard and Snow Leopard?

(PF_PACKET sockets work differently from BPF, so differences between Linux and

{Leopard,Snow

Leopard,*BSD} are less interesting here.)-


The problem is that the packets are not delivered to the application. More
specifically, it seems that libpcap captures them, but the pcap_dispatch (and
pcap_loop as well) does not deliver packets to the pcap_handler. Packets seems
to remain in the buffer and they get delivered only when the buffer is full.

With a buffer of 128 bytes (which can hold only one packet), the packets are
delivered to the application immediately.
With a buffer of 1280 bytes, I get the packets delivered at burst of ten, only
when the next ten are collected. Of course, that means also that the last group
of packets would remain in the buffer and are never delivered.

The problem is, the same code is working perfectly on all other OSes. Can you
suggest something to try out?

I recompiled tcpdump 4.0.0 on my machine, and it works!


On which machine?  The Snow Leopard machine?  If so, does the tcpdump 4.0.0

that comes with Snow Leopard *not* work?

The original Tcpdump on Snow Leopard (the one that comes with the O.S.) worked
fine, and also the one I downloaded and recompiled. I recompiled it just to be
sure that they didn't do some "trick" to make it work.
Maybe I just don't trust the Authority :)

Regards,
Marco

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Jan 31)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Jan 31)
  - Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 01)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Carter Bullard (Feb 01)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 01)
- Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Jan 31)
- <Possible follow-ups>
- Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 01)
  - Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 01)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 03)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Guy Harris (Feb 03)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 03)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Marco De Angelis (Feb 09)
    - Re: libpcap on Mac Os X 10.6 Snow Leopard Carter Bullard (Feb 09)

(Thread continues...)