tcpdump mailing list archives
Re: Snaplen (git-latest) not working properly on linux
From: Guy Harris <guy () alum mit edu>
Date: Sun, 15 Jan 2012 18:50:18 -0800
On Jan 15, 2012, at 6:44 PM, Gianluca Varenni wrote:
Hi all. It looks like there is a bug in handling a snaplen of 1500 on linux (with mmap on). If I set a snaplen of 1500 and receive packets > 1500 (e.g. 1514), libpcap returns only 1498 as caplen, and not 1500. Libpcap latest on git (1.3.0-PRE-GIT_2012_01_15) Linux RHEL6, kernel 2.6.32-131.21.1.el6.x86_64 I tested with tcpdump but I see the same issue with a custom pcap-based tool. Any ideas?
Add support for TPACKET_V3, and then nuke TPACKET_V1 and TPACKET_V2 until they glow? :-) Probably more hell in the code that tries to figure out the buffer slot size. Dealing with the Linux memory-mapping code is beginning to feel like a game of Whack-a-Mole: http://en.wikipedia.org/wiki/Whack-A-Mole I'll get out my mallet and try to see if I can find that particular mole and whack it.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Snaplen (git-latest) not working properly on linux Gianluca Varenni (Jan 15)
- Re: Snaplen (git-latest) not working properly on linux Guy Harris (Jan 15)
- Re: Snaplen (git-latest) not working properly on Gianluca Varenni (Feb 08)
- Re: Snaplen (git-latest) not working properly on Guy Harris (Feb 08)
- Re: Snaplen (git-latest) not working properly on Gianluca Varenni (Feb 08)
- Re: Snaplen (git-latest) not working properly on linux Guy Harris (Jan 15)