Re: bpf read() returns with EINVAL on AIX 5.2

[Ury Segal <ury_segal () yahoo com>]

Update on the problem below:

The thing that triggers the problem is 
running the tcpdump that comes with AIX
at the same time. Once I run tcpdump,
my program (that uses libpcap) stops receiving 
any packets - at least, select() on the
pbf socket times out. Once I kill tcpdump, the
pcap program receives EINVAL from every read on
the bpf socket.

However, this does NOT happen if I use libpcap
0.8.1 . I suspect that something has changed
between 0.8.1 and the version that is now
in cvs.

This happens both on Uni-processor and SMP.

Thanks!

--- Ury Segal <ury_segal () yahoo com> wrote:

> Hi!
>
> I'm having a weird problem on AIX 5.2. I have
> a program that opens en0 and installs the
> following filter :
>
> ((tcp[0:2] > 49999 and tcp[0:2] < 50001) or
> (tcp[2:2] > 49999 and tcp[2:2] < 50001)) and (
> net 0.0.0.0 mask 0.0.0.0 )  
>
> It runs well for a while. If I truss it I see a
> lot of lines like this ones:
>
> select(6, 0x2FF1CBA8, 0x2FF1EBA8, 0x2FF20BA8,
> 0x2FF22BA8) = 1
> kread(0, " D ( K ¹   î14 f\0\00507".., 16384)
> =
> 13
>
> 0 is the fd of /dev/bpf0. 
>
> But after about 20 minutes or so,
> with low traffic (few packets per second) it
> "stops working" - i.e. this is what I get with
> truss- just an endless loop of this:
>
> _select(6, 0x2FF1CBA8, 0x2FF1EBA8, 0x2FF20BA8,
> 0x2FF22BA8) = 1
> kread(0, " D ( K ¹   î14 f\0\00507".., 16384)
> Err#22 EINVAL
> access("/usr/lib/nls/msg/en_US/libc.cat", 0)  =
> 0
> _getpid()         = 3153924
> open("/usr/lib/nls/msg/en_US/libc.cat",
> O_RDONLY)
> = 7
> kioctl(7, 22528, 0x00000000, 0x00000000) 
> Err#25
> ENOTTY
> kfcntl(7, F_SETFD, 0x00000001)      = 0
> kioctl(7, 22528, 0x00000000, 0x00000000) 
> Err#25
> ENOTTY
> kread(7, "\0\001 ù\007\007 I S O 8".., 4096) 
> =
> 4096
> lseek(7, 0, 1)          = 4096
> lseek(7, 0, 1)          = 4096
> lseek(7, 0, 1)          = 4096
> _getpid()         = 3153924
> lseek(7, 0, 1)          = 4096
> lseek(7, 4365, 0)       = 4365
> kread(7, " A   s y s t e m   c a l".., 4096)  =
> 4096
> close(7)          = 0
>
>
> Just repeats again and again until I kill
> the program.
>
> As far as I understand it, the select() returns
> since there are packets to read (there is
> traffic) but when I call read() there is an
> error
> from BPF. The read man page says that read
> returns EINVAL if the file descriptor is
> invalid,
> but select() doesn't complain about fd 0 and
> "lsof" says that fd 0 is indeed open (and
> opened
> /dev/bpf).
>
> In the version.o file in libpcap.a that I link
> with I see 
>
> adb
> pcap_version/s
> pcap_version:  
> current-cvs.tcpdump.org.2005.06.06
>
>
> Any idea? Should I revert to the IBM-supplied
> libpcap ?
>
> Thanks
>
>
>
> --ury
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to
> unsubscribe.


--ury
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.