Bug 9134
Summary: | link-level headers screwed up in tcpdump-3.4-16 | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Hao Li <hli> |
Component: | tcpdump | Assignee: | Harald Hoyer <harald> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1 | CC: | hli |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-11-02 12:51:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Hao Li
2000-02-05 00:41:50 UTC
This seems to be caused by ANK patches. I didn't manage to trace this outright, but the workaround is to use raw sockets with -R switch; that seems to be te only way in the new tcpdump 3.5 (www.tcpdump.org) anyway. This seems to be a "feature" of packet dumping code. This is in libpcap's pcap-linux.c, in pcap_read(): ----- /* Emulate Ethernet-like MAC header */ if (p->md.use_bpf == 2) { if (from.sll_pkttype != PACKET_OUTGOING) { memset(bp-14, 0, 6); if (from.sll_pkttype == PACKET_BROADCAST) memset(bp-14, 0xFF, 6); else if (from.sll_pkttype == PACKET_MULTICAST) { *(bp-14) = 1; } else { *(bp-14+5) = 1; } memcpy(bp-14+6, from.sll_addr, 6); } else { memcpy(bp-14, from.sll_addr, 6); memset(bp-14+6, 0, 6); } *(unsigned short*)(bp-2) = from.sll_protocol; } ----- from struct (sockaddr_ll) doesn't contain destination MAC address, only the source. Therefore, printing it is going to pose a serious problem.. The code even specifically sets the addresses to zero with memset. Anyway, tcpdump -R works so.. *** Bug 17800 has been marked as a duplicate of this bug. *** This problem appears to be resolved. Please reopen if I'm wrong. |