Re: Reliability issues with BPF

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: Reliability issues with BPF
From: Michael Richardson <mcr%sandelman.ca@localhost>
Date: Fri, 20 Jul 2012 11:44:30 -0400

>>>>> "Greg" == Greg Troxel <gdt%ir.bbn.com@localhost> writes:
    >> For example, if I start tcpdump in the background
    >> and then run an ipv6 ping generating 2000 byte
    >> packets with a command like "ping6 -nc3 -s2000 fec0::1",
    >> the ping ends successfully but terminating the
    >> tcpdump may show as few as 8 packets rather than
    >> 12. 3 packets going in each direction (echo plus
    >> echo reply) makes 6, doubled for fragments gives
    >> 12. I can't for the life of me think why this
    >> should be.

    Greg> Are you waiting long enough?  IIRC there are two buffers, and read
    Greg> returns when they get full or timeout, and I don't know that ^C causes
    Greg> the final read.

This sounds reasonable to me.
ktruss it and see.

Perhaps libpcap needs some changes, or perhaps the kernel needs some.
Send patches to tcpdump.org via github please.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr%sandelman.ottawa.on.ca@localhost http://www.sandelman.ottawa.on.ca/ 
|device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition.

Follow-Ups:
- Re: Reliability issues with BPF
  - From: Darren Reed

References:
- Reliability issues with BPF
  - From: Darren Reed
- Re: Reliability issues with BPF
  - From: Greg Troxel

Prev by Date: Re: Reliability issues with BPF
Next by Date: Re: Reliability issues with BPF
Previous by Thread: Re: Reliability issues with BPF
Next by Thread: Re: Reliability issues with BPF
Indexes:

Home | Main Index | Thread Index | Old Index