Bug 485670 - tcpslice doesn't work on x86_64 on RHEL5
tcpslice doesn't work on x86_64 on RHEL5
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: tcpdump (Show other bugs)
x86_64 Linux
low Severity low
: rc
: ---
Assigned To: Miroslav Lichvar
Depends On:
  Show dependency treegraph
Reported: 2009-02-16 00:30 EST by masanari iida
Modified: 2014-01-27 03:26 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-11-26 02:51:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description masanari iida 2009-02-16 00:30:14 EST
Description of problem:
tcpslice on RHEL5 doesn't work.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a tcpdump capture file.
   # tcpdump -w abc123.bin

2. See the file
# tcpslice -R ./abc1234.bin
tcpslice: couldn't find final packet in file ./abc1234.bin

3. Split the file
# tcpslice -w abc1234_slice.bin 1234761182.634226 +1 ./abc1234.bin
tcpslice: problems finding end packet of file ./abc1234.bin

Expected results:
2. First and last packets need to be listed.
3. The original tcpdump capture file need to be sliced.

Additional info:
Same symptom reproduced on RHEL4.7. (BZ#484851)
This symptom does not reproduced on RHEL5.3 (x86) system.
Only x86_64 system are affected.
Comment 1 Miroslav Lichvar 2009-03-31 09:48:28 EDT
This is caused by timeval structure which is 16 bytes on x86_64, but stored only in 8 bytes in the pcap file.

Fedora tcpdump package includes a patch fixing this bug.
Comment 2 masanari iida 2009-04-01 22:22:37 EDT
Download tcpdump-3.9.8-6.fc10.src.rpm from Fedora10 repo,
and confirm following in Changelog.

* Wed Jul 25 2007 Miroslav Lichvar <mlichvar@redhat.com> - 14:3.9.7-1
- update to 3.9.7
- with -C option, drop root privileges before opening first savefile (#244860)
- update tcpslice to 1.2a3
- include time patch from Debian to fix tcpslice on 64-bit architectures

Compile this src.rpm on RHEL5.3(x86_64) and confirm it works as expected.

# ./tcpslice -R ./aaa.bin
./aaa.bin       1238638663.236078       1238638673.534904

Good one (from Fedora 10)
# ./tcpslice -V
Version 1.2a3
Usage: tcpslice [-DdlRrt] [-w file] [start-time [end-time]] file ...

Bad one (from RHEL5)

# tcpslice -V
Version 1.1a3
Usage: tcpslice [-dRrt] [-w file] [start-time [end-time]] file ...

Thanks for your support.
Comment 3 RHEL Product and Program Management 2009-11-06 13:45:05 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 11 errata-xmlrpc 2009-11-26 02:51:27 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 12 Rich Graves 2010-02-03 10:34:49 EST
For anyone else confused:

This bugzilla was CLOSED ERRATA, but the referenced errata is only available to the FasTrack channel. Fully patched RHEL 5.4 (default and supplemental channels) still has the problem. You can either download the specific package from RHN, or join the system to the FasTrack channel, which will likely pull in other non-critical package updates.

Note You need to log in before you can comment on or make changes to this bug.