tcpdump mailing list archives
Re: Capturing in 32 bit guests
From: Guy Harris <guy () alum mit edu>
Date: Wed, 1 Feb 2012 00:45:32 -0800
On Feb 1, 2012, at 12:26 AM, Guy Harris wrote:
On Jan 31, 2012, at 11:31 PM, Graeme Sheppard wrote:I have a problem capturing in a 32 bit guest on a 64 bit VZ/OpenVZ host. It worked in a 64 bit guest but I had to change to 32 (another story.)So the host on which you're capturing is running a 32-bit Linux kernel and a 32-bit version of tcpdump?
Or is the host running its own kernel *at all*? The slides at
http://www.socallinuxexpo.org/sites/default/files/presentations/ct_in_a_file_0.pdf
(slide 3 in particular) seem to suggest that what VZ offers are *NOT* virtual machines but "containers" atop a shared
OS kernel, in the sense of (as the slide says) Solaris zones or FreeBSD jails.
If so, then what you have could be a 32-bit tcpdump atop a 64-bit kernel, in which case, if the kernel supports
TPACKET_V1 (which has been the case for a while), but doesn't support TPACKET_V2 (which the kernel has only done since
some time in 2008 or 2009), 32-bit programs using libpcap, such as tcpdump, will not work. What kernel version are you
running?
(Sometimes I think calling TPACKET prior to TPACKET_V3 a cluster**** is an insult to cluster****s everywhere. I'm only
leaving TPACKET_V3 out because
1) it doesn't have the "gee, maybe we need to deal with userlands that don't have the same pointer/long size as
the kernel" botch that TPACKET_V1 had
and
2) it looks as if it doesn't have the "hey, even though it's difficult if not impossible to determine the
maximum possible packet size, let's use fixed-length slots in the capture ring and require each slot to be big enough
to hold the biggest possible packet, which might have to be massively oversized to handle radiotap headers and
segmentation/desegmentation offloading and..." botch that TPACKET_v2 has
but, hey, if I can find the time to implement code to use TPACKET_V3, I might find that it still suffers from problem
2) or has introduced some shiny *new* problem. I sincerely *hope* not, but the people responsible for AF_PACKET have
shown ample possibility to disappoint in the past....)-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Capturing in 32 bit guests Graeme Sheppard (Jan 31)
- Re: Capturing in 32 bit guests Guy Harris (Feb 01)
- Re: Capturing in 32 bit guests Guy Harris (Feb 01)
- Re: Capturing in 32 bit guests Michael Richardson (Feb 01)
- Re: Capturing in 32 bit guests Guy Harris (Feb 01)
- Re: Capturing in 32 bit guests Guy Harris (Feb 01)
- Re: Capturing in 32 bit guests Romain Francoise (Feb 02)
- Re: Capturing in 32 bit guests Guy Harris (Feb 01)