Compiled successfull, but after start ipband i got an ipband error. No packets captured anymore. Reproducible: Always Steps to Reproduce: 1. Install latest stable ipband & libpcap 2. Run ipband Actual Results: compile: illegal token: 'setfilter: BPF program is not validInterface (vlan2) DataLinkType = DLT_EN10MB Expected Results: No errors and reports are created.
Portage 2.1.6.13 (default/linux/x86/2008.0, gcc-4.3.2, glibc-2.9_p20081201-r2, 2.6.30-gentoo-r5 i686) ================================================================= System uname: Linux-2.6.30-gentoo-r5-i686-Intel-R-_Celeron-R-_CPU_2.00GHz-with-gentoo-1.12.11.1 Timestamp of tree: Wed, 30 Sep 2009 14:00:01 +0000 app-shells/bash: 3.2_p39 dev-lang/python: 2.5.4-r3, 2.6.2-r1 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.5, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.udc.es/gentoo/ ftp://ftp.udc.es/gentoo/ " LANG="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="7zip acl berkdb bzip2 cli cracklib crypt dri fortran gdbm gpm iconv isdnlog modules mudflap mysql ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl ssl sysfs tcpd unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY(In reply to comment #0) > Compiled successfull, but after start ipband i got an ipband error. No packets > captured anymore. > > Reproducible: Always > > Steps to Reproduce: > 1. Install latest stable ipband & libpcap > 2. Run ipband > Actual Results: > compile: illegal token: 'setfilter: BPF program is not validInterface (vlan2) > DataLinkType = DLT_EN10MB > > Expected Results: > No errors and reports are created. > (In reply to comment #0) > Compiled successfull, but after start ipband i got an ipband error. No packets > captured anymore. > > Reproducible: Always > > Steps to Reproduce: > 1. Install latest stable ipband & libpcap > 2. Run ipband > Actual Results: > compile: illegal token: 'setfilter: BPF program is not validInterface (vlan2) > DataLinkType = DLT_EN10MB > > Expected Results: > No errors and reports are created. >
Seems like libpcap bpf now doesnt recognize any filter expressions at all. I.e. tcpdump without filter expression (i.e. 'port 80') work great, with - silence (no packets captured). jnettop, ipband work similar :(
Strange, i got something results, maybe this help. Output from "working" gentoo (where tcpdump works) of 'tcpdump -d port 9750 -i vlan2' command: (000) ldh [12] (001) jeq #0x86dd jt 2 jf 10 (002) ldb [20] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 23 (006) ldh [54] (007) jeq #0x2616 jt 22 jf 8 (008) ldh [56] (009) jeq #0x2616 jt 22 jf 23 (010) jeq #0x800 jt 11 jf 23 (011) ldb [23] (012) jeq #0x84 jt 15 jf 13 (013) jeq #0x6 jt 15 jf 14 (014) jeq #0x11 jt 15 jf 23 (015) ldh [20] (016) jset #0x1fff jt 23 jf 17 (017) ldxb 4*([14]&0xf) (018) ldh [x + 14] (019) jeq #0x2616 jt 22 jf 20 (020) ldh [x + 16] (021) jeq #0x2616 jt 22 jf 23 (022) ret #96 (023) ret #0 From "non-working" gentoo with same 'tcpdump -d port 9750 -i vlan2' command: (000) ldh [12] (001) jeq #0x800 jt 2 jf 14 (002) ldb [23] (003) jeq #0x84 jt 6 jf 4 (004) jeq #0x6 jt 6 jf 5 (005) jeq #0x11 jt 6 jf 14 (006) ldh [20] (007) jset #0x1fff jt 14 jf 8 (008) ldxb 4*([14]&0xf) (009) ldh [x + 14] (010) jeq #0x2616 jt 13 jf 11 (011) ldh [x + 16] (012) jeq #0x2616 jt 13 jf 14 (013) ret #96 (014) ret #0 Hope this help to discover bug.
Well, I'm adding confirmation that tcpdump specifying interface works correctly, but using 'any' returns tcpdump: SIOCGIFHWADDR: No such device After update libpcap to 1.0.0-r2 version, revdep-rebuild fix packages depending on libpcap.so.0. But it does not solve the problem. The way to put things working again is to downgrade libpcap to 0.9.8-r2 and use revdep-rebuild to correct packages depending on libpcap.so.1 this time :o) And, then, wait for a new release of libpcap package.
(In reply to comment #4) > The way to put things working again is to downgrade libpcap to 0.9.8-r2 and use > revdep-rebuild to correct packages depending on libpcap.so.1 this time :o) > Sorry, this doesnt help. I've already tried downgrade with revdep-rebuild (also with downgrade of tcpdump). Very strange problem.
Hm, i think i found problem. Look at this dump from command "tcpdump -q -t -i vlan2 -n -p -c 1 -vvv -e -XX" at "non-working" linux: 00:1b:24:5b:3d:f3 > 00:0d:87:84:e3:f5, 802.1Q, length 64: vlan 2, p 0, ethertype IPv4, (tos 0x0, ttl 128, id 27664, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.46.55367 > 192.168.0.45.7000: tcp 0 0x0000: 000d 8784 e3f5 001b 245b 3df3 8100 0002 ........$[=..... 0x0010: 0800 4500 0028 6c10 4000 8006 0d14 c0a8 ..E..(l.@....... 0x0020: 002e c0a8 002d d847 1b58 245a dbfb 322d .....-.G.X$Z..2- 0x0030: 15c7 5010 f9e0 f85d 0000 0000 0000 ..P....]...... This is very strange, that VLAN tags not stripped at vlan2 interface (this is 'ok' on physical interface, like eth0, but wrong on vlan interfaces). Finally, i found what cause problem - parameter "REORDER_HDR: 0" in vconfig set_flag. When it's set to 0, vlan tags not stripped -> all filters obfuscated by this :( So, i've executed "vconfig set_flag vlan2 1 1" and everything ok now. Sorry folks for all that blam. Problem solved.
