Re: Capturing in 32 bit guests

[Guy Harris <guy () alum mit edu>]

On Feb 1, 2012, at 5:32 AM, Michael Richardson wrote:

> No, openvz is a container, not a virtualization.

As I suspected.

> So the kernel is 64-bit, the userland in a chroot/jail+++ is 32-bit.
> The kernel would be doing 32-bit emulation of many calls, but I'll bet
> things like the mmap() interface are 64-bit.

Actually:

        the first version of that interface, TPACKET_V1, doesn't work very well if userland isn't the same size as the 
kernel, because the data structure shared between the kernel and userland has an "unsigned long" member (if there were 
a way for userland to reliably determine the bit-width of the kernel, it could compensate for that);

        the second version of that interface, TPACKET_V2, fixes that part by making all members of the structure either 
_u16 or _u32, so the structure is laid out the same way in 32-bit and 64-bit mode;

so the mmap interface should work between a 64-bit kernel and 32-bit userland *if* the kernel supports TPACKET_V2, as 
libpcap should choose TPACKET_V2 rather than TPACKET_V1 if TPACKET_V2 is supported.  I'd need to know what version of 
the kernel is running on the system to determine whether TPACKET_V2 is supported or not (I don't know which kernel 
version first introduced it).

> (talking about "guest" wrt openvz is probably a bad thing)

Yes, as it makes it sound like a virtualization scheme rather than a containerization scheme.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.