tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reliability issues with BPF



>>>>> "Greg" == Greg Troxel <gdt%ir.bbn.com@localhost> writes:
    >> For example, if I start tcpdump in the background
    >> and then run an ipv6 ping generating 2000 byte
    >> packets with a command like "ping6 -nc3 -s2000 fec0::1",
    >> the ping ends successfully but terminating the
    >> tcpdump may show as few as 8 packets rather than
    >> 12. 3 packets going in each direction (echo plus
    >> echo reply) makes 6, doubled for fragments gives
    >> 12. I can't for the life of me think why this
    >> should be.

    Greg> Are you waiting long enough?  IIRC there are two buffers, and read
    Greg> returns when they get full or timeout, and I don't know that ^C causes
    Greg> the final read.

This sounds reasonable to me.
ktruss it and see.

Perhaps libpcap needs some changes, or perhaps the kernel needs some.
Send patches to tcpdump.org via github please.

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr%sandelman.ottawa.on.ca@localhost http://www.sandelman.ottawa.on.ca/ 
|device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
                       then sign the petition. 


Home | Main Index | Thread Index | Old Index