Subject: Re: bpf breakage
To: David Young <email@example.com>
From: None <firstname.lastname@example.org>
Date: 07/03/2004 13:08:15
>On Sat, Jul 03, 2004 at 12:43:49PM +0900, email@example.com wrote:
>> >On Sat, Jul 03, 2004 at 10:40:54AM +0900, firstname.lastname@example.org wrote:
>> >> due to this change in sys/net/bpf.c (bpf_measure -> m_length),
>> >> bpf on many interfaces (which prepends address family by integer)
>> >> is broken. the length will become off by 4, and you'll see
>> >> "truncated-ip" message from tcpdump. please back it out.
>> >> my guess is the culprit is "optimize m_length" (2nd paragraph from the
>> >> bottom).
>> >On which interfaces is it broken, Itojun? Why do those interfaces
>> >assemble packets with incorrect m_pkthdr.len?
>> i got a breakage report on ppp interface (but the originator mentioned
>> that he would like to remain anonymous, so i don't cc: him).
>> # i've forwarded those to you privately.
>> some of the interfaces (like loopback) prepends 4byte mbuf (address
>> family is set inside) on bpf_mtap. in such case, m_pkthdr.len
>> will not be useful.
>Are other interfaces affected?
>This looks to me like a latent ppp bug. At sys/net/if_ppp.c:874,
>M_PREPEND functionality is incompletely duplicated. Compare this
>The difference is that M_PREPEND updates m_pkthdr.len, but ppp does not.
hmm, i guess you right... are there any secret reason why ppp does
not update m_pkthdr.len? >ppp guru