[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reliability issues with BPF
>>>>> "Greg" == Greg Troxel <gdt%ir.bbn.com@localhost> writes:
>> For example, if I start tcpdump in the background
>> and then run an ipv6 ping generating 2000 byte
>> packets with a command like "ping6 -nc3 -s2000 fec0::1",
>> the ping ends successfully but terminating the
>> tcpdump may show as few as 8 packets rather than
>> 12. 3 packets going in each direction (echo plus
>> echo reply) makes 6, doubled for fragments gives
>> 12. I can't for the life of me think why this
>> should be.
Greg> Are you waiting long enough? IIRC there are two buffers, and read
Greg> returns when they get full or timeout, and I don't know that ^C causes
Greg> the final read.
This sounds reasonable to me.
ktruss it and see.
Perhaps libpcap needs some changes, or perhaps the kernel needs some.
Send patches to tcpdump.org via github please.
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr%sandelman.ottawa.on.ca@localhost http://www.sandelman.ottawa.on.ca/
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
Main Index |
Thread Index |