From owner-freebsd-amd64@FreeBSD.ORG Tue Dec 14 19:28:13 2004 Return-Path: Delivered-To: freebsd-amd64@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 807D216A4CE for ; Tue, 14 Dec 2004 19:28:13 +0000 (GMT) Received: from mail1.speakeasy.net (mail1.speakeasy.net [216.254.0.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 352A243D55 for ; Tue, 14 Dec 2004 19:28:13 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 21543 invoked from network); 14 Dec 2004 19:28:13 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail1.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 14 Dec 2004 19:28:12 -0000 Received: from hydrogen.funkthat.com (cxinax@localhost.funkthat.com [127.0.0.1])iBEJSCGH045245; Tue, 14 Dec 2004 11:28:12 -0800 (PST) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id iBEJSCQG045244; Tue, 14 Dec 2004 11:28:12 -0800 (PST) Date: Tue, 14 Dec 2004 11:28:11 -0800 From: John-Mark Gurney To: Axel Gonzalez Message-ID: <20041214192811.GW19624@funkthat.com> Mail-Followup-To: Axel Gonzalez , "Conrad J. Sabatier" , freebsd-amd64@freebsd.org References: <200412132302.50539.loox@e-shell.net> <20041214000810.1472b6a5@dolphin.local.net> <200412140148.43099.loox@e-shell.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200412140148.43099.loox@e-shell.net> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-amd64@freebsd.org Subject: Re: tcpdump port xx bug ? - only happens on interface connected to pppoe X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 19:28:13 -0000 Axel Gonzalez wrote this message on Tue, Dec 14, 2004 at 01:48 -0600: > Ok, found the 'bug'.. maybe it helps someone ;) > > It only happens on the interface connected to DSL modem > > note the: > tcpdump: WARNING: rl0: no IPv4 address assigned > > when accessing the interface rl0 and specify a port, it can't capture packets, > but it can capture packets with no problems on tun0 (tun0 is the interface > that actually has the ip) > > still is weird how it can capture packages when no port is specified, but then > maybe its the way its suposed to be :) > > On Tuesday 14 December 2004 00:08, Conrad J. Sabatier wrote: > > On Mon, 13 Dec 2004 23:02:50 -0600, Axel Gonzalez wrote: > > > is anyone able to confirm or deny this (before a PR is filled)? > > > > > > # tcpdump port xx > > > > > > doesnt seem to work: > > > > > > su-2.05b# tcpdump port http > > > tcpdump: WARNING: rl0: no IPv4 address assigned > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode listening on rl0, link-type EN10MB (Ethernet), capture size 68 > > > bytes ^C > > > 0 packets captured > > > 503 packets received by filter > > > 0 packets dropped by kernel > > > > > > > > > if no port is specified, it works fine: > > > > > > su-2.05b# tcpdump | grep freeb > > > tcpdump: WARNING: rl0: no IPv4 address assigned > > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > > decode listening on rl0, link-type EN10MB (Ethernet), capture size 68 > > > bytes 22:57:30.768184 PPPoE [ses 0xc744] IP ^^^^^^^^^^^^^^^^^^^ > > > xxxx.prod-infinitum.com.mx.55842 > www.freebsd.org.http: S > > > 564552288:564552288(0) win 65535 > > > 22:57:30.843127 PPPoE [ses 0xc744] IP www.freebsd.org.http > ^^^^^^^^^^^^^^^^^^^ > > > xxx.prod-infinitum.com.mx.55842: S 3276387435:3276387435(0) ack 564552289 > > > win 57344 You'd need to ping the tcpdump developers about the exact meaning of port... I believe the port command only looks at unecapsulated frames, which is what is happening here... The compiler is probably just checking for the rules when the tcp/udp packet is unencapsulated, probably because it'd be very difficult to auto handle packets inside encapsulation.. So, this is probably a design decision... :) -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."