tcpdump mailing list archives
Re: bpf read() returns with EINVAL on AIX 5.2
From: Ury Segal <ury_segal () yahoo com>
Date: Wed, 29 Mar 2006 15:46:14 -0800 (PST)
Update on the problem below: The thing that triggers the problem is running the tcpdump that comes with AIX at the same time. Once I run tcpdump, my program (that uses libpcap) stops receiving any packets - at least, select() on the pbf socket times out. Once I kill tcpdump, the pcap program receives EINVAL from every read on the bpf socket. However, this does NOT happen if I use libpcap 0.8.1 . I suspect that something has changed between 0.8.1 and the version that is now in cvs. This happens both on Uni-processor and SMP. Thanks! --- Ury Segal <ury_segal () yahoo com> wrote:
Hi! I'm having a weird problem on AIX 5.2. I have a program that opens en0 and installs the following filter : ((tcp[0:2] > 49999 and tcp[0:2] < 50001) or (tcp[2:2] > 49999 and tcp[2:2] < 50001)) and ( net 0.0.0.0 mask 0.0.0.0 ) It runs well for a while. If I truss it I see a lot of lines like this ones: select(6, 0x2FF1CBA8, 0x2FF1EBA8, 0x2FF20BA8, 0x2FF22BA8) = 1 kread(0, " D ( K ¹ î14 f\0\00507".., 16384) = 13 0 is the fd of /dev/bpf0. But after about 20 minutes or so, with low traffic (few packets per second) it "stops working" - i.e. this is what I get with truss- just an endless loop of this: _select(6, 0x2FF1CBA8, 0x2FF1EBA8, 0x2FF20BA8, 0x2FF22BA8) = 1 kread(0, " D ( K ¹ î14 f\0\00507".., 16384) Err#22 EINVAL access("/usr/lib/nls/msg/en_US/libc.cat", 0) = 0 _getpid() = 3153924 open("/usr/lib/nls/msg/en_US/libc.cat", O_RDONLY) = 7 kioctl(7, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY kfcntl(7, F_SETFD, 0x00000001) = 0 kioctl(7, 22528, 0x00000000, 0x00000000) Err#25 ENOTTY kread(7, "\0\001 ù\007\007 I S O 8".., 4096) = 4096 lseek(7, 0, 1) = 4096 lseek(7, 0, 1) = 4096 lseek(7, 0, 1) = 4096 _getpid() = 3153924 lseek(7, 0, 1) = 4096 lseek(7, 4365, 0) = 4365 kread(7, " A s y s t e m c a l".., 4096) = 4096 close(7) = 0 Just repeats again and again until I kill the program. As far as I understand it, the select() returns since there are packets to read (there is traffic) but when I call read() there is an error from BPF. The read man page says that read returns EINVAL if the file descriptor is invalid, but select() doesn't complain about fd 0 and "lsof" says that fd 0 is indeed open (and opened /dev/bpf). In the version.o file in libpcap.a that I link with I see adb pcap_version/s pcap_version: current-cvs.tcpdump.org.2005.06.06 Any idea? Should I revert to the IBM-supplied libpcap ? Thanks --ury - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
--ury - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- bpf read() returns with EINVAL on AIX 5.2 Ury Segal (Mar 27)
- Re: bpf read() returns with EINVAL on AIX 5.2 Ury Segal (Mar 29)