Reliability issues with BPF

To: NetBSD Networking Technical Discussion List <tech-net%NetBSD.org@localhost>
Subject: Reliability issues with BPF
From: Darren Reed <darrenr%netbsd.org@localhost>
Date: Fri, 20 Jul 2012 02:27:46 +1000

In doing some testing on NetBSD, I'm discovering
that BPF and tcpdump is not 100% reliable when it
comes to capturing packets. What do I mean by that?
When ^C (or SIGINT) is sent to tcpdump, packets
that it ought to have captured simply aren't.

For example, if I start tcpdump in the background
and then run an ipv6 ping generating 2000 byte
packets with a command like "ping6 -nc3 -s2000 fec0::1",
the ping ends successfully but terminating the
tcpdump may show as few as 8 packets rather than
12. 3 packets going in each direction (echo plus
echo reply) makes 6, doubled for fragments gives
12. I can't for the life of me think why this
should be.

Clues anyone?

Darren

Follow-Ups:
- Re: Reliability issues with BPF
  - From: Greg Troxel

Prev by Date: Re: expanding netinet/icmp6.h with strings (et al)
Next by Date: Re: Reliability issues with BPF
Previous by Thread: expanding netinet/icmp6.h with strings (et al)
Next by Thread: Re: Reliability issues with BPF
Indexes:

Home | Main Index | Thread Index | Old Index