On Tue, 7 Apr 2026 16:06:02 -0700 Marc Harvey wrote: > Thank you very much to [email protected], who figured out how to > recreate the issue on Fedora. Fedora's /etc/services maps TCP port > 1234 to the "search-agent" service (normal), which tcpdump then uses > to text-replace port numbers in its output. So the tests were looking > for ${ip_address}.1234, but tcpdump was spitting out > ${ip_address}.search_agent. What is strange is that the test already > uses tcpdump's "-n" option: "Don't convert addresses (i.e., host > addresses, port numbers, etc.) to names." > > It turns out that Fedora has a patched version of tcpdump that > separates the normal "-n" option into two options! "-n" handles host > addresses, and "-nn" handles port and protocol numbers. The tcpdump > invocation used by the selftests only uses "-n". What's stranger is > that passing "-nn" to tcpdump is actually portable, because under the > hood it is treated as a counter, with or without the Fedora patch: > https://github.com/the-tcpdump-group/tcpdump/blob/master/tcpdump.c#L1915 > (thanks again to Kuniyuki for discovering this).
Oh wow! Thanks to both of you for not giving up and getting to the bottom of this :)
