Subject: Re: bpf breakage
To: David Young <>
From: None <>
List: tech-net
Date: 07/03/2004 13:08:15
>On Sat, Jul 03, 2004 at 12:43:49PM +0900, wrote:
>> >On Sat, Jul 03, 2004 at 10:40:54AM +0900, wrote:
>> >> 	due to this change in sys/net/bpf.c (bpf_measure -> m_length),
>> >> 	bpf on many interfaces (which prepends address family by integer)
>> >> 	is broken.  the length will become off by 4, and you'll see
>> >> 	"truncated-ip" message from tcpdump.  please back it out.
>> >> 
>> >> 	my guess is the culprit is "optimize m_length" (2nd paragraph from the
>> >> 	bottom).
>> >
>> >On which interfaces is it broken, Itojun?  Why do those interfaces
>> >assemble packets with incorrect m_pkthdr.len?
>> 	i got a breakage report on ppp interface (but the originator mentioned
>> 	that he would like to remain anonymous, so i don't cc: him).
>> #	i've forwarded those to you privately.
>> 	some of the interfaces (like loopback) prepends 4byte mbuf (address
>> 	family is set inside) on bpf_mtap.  in such case, m_pkthdr.len
>> 	will not be useful.
>Are other interfaces affected?
>This looks to me like a latent ppp bug.  At sys/net/if_ppp.c:874,
>M_PREPEND functionality is incompletely duplicated.  Compare this
>The difference is that M_PREPEND updates m_pkthdr.len, but ppp does not.

	hmm, i guess you right...  are there any secret reason why ppp does
	not update m_pkthdr.len? >ppp guru