On Mon, May 28, 2007 at 09:12:58AM +0100, Stuart Henderson wrote: > the bug is probably in a protocol decoder, in which case you'd still > be able to write the network data to disk; a copy of this may help > someone locate the problem (tcpdump -ienc0 -w file)
Thanks for your suggestions (also the one about "-s 1500")! This is what I found: - When adding "-s 1500" to the parameters, no segfault occurs. (Output at http://www.stupendous.org/enc0-s1500.log) - When running under gdb, I get the following: [snip (using args "-npienc0")] 19:19:07.584092 (authentic,confidential): SPI 0x66436c81: 194.109.21.66.52091 > 192.168.2.12.8381: . 419725:420249(524) ack 1 win 46 <nop,nop,timestamp 3760582140 454451604> (DF) [tos 0x8] (encap) 19:19:07.585631 (authentic,confidential): SPI 0x66436c81: 194.109.21.66.52091 > 192.168.2.12.8381: . 419201:419725(524) ack 1 win 46 <nop,nop,timestamp 3760582140 454451604> (DF) [tos 0x8] (encap) 19:19:07.585825 (authentic,confidential): SPI 0x5d5feb70: 192.168.2.12.8381 > 194.109.21.66.52091: . ack 413437 win 15860 <nop,nop,timestamp 454451604 3760582120> (DF) [tos 0x8] (encap) 19:19:07.587079 (authentic,confidential): SPI 0x66436c81: 194.109.21.66.52091 > 192.168.2.12.8381: . 420249:420773(524) ack 1 win 46 <nop,nop,timestamp 3760582140 454451604> (DF) [tos 0x8] (encap) Program received signal SIGSEGV, Segmentation fault. 0x000000004227e809 in memcpy (dst0=0x4f052080, src0=0x42aaf003, length=0) at /usr/src/lib/libc/string/bcopy.c:115 115 TLOOP1(*--dst = *--src); (gdb) bt #0 0x000000004227e809 in memcpy (dst0=0x4f052080, src0=0x42aaf003, length=0) at /usr/src/lib/libc/string/bcopy.c:115 #1 0x0000000000408259 in ip_print (bp=0x42aaefa4 "[EMAIL PROTECTED]@", length=576) at /usr/src/usr.sbin/tcpdump/print-ip.c:382 #2 0x0000000000408722 in ip_print (bp=0x14 <Address 0x14 out of bounds>, length=16384) at /usr/src/usr.sbin/tcpdump/print-ip.c:471 #3 0x000000000041d49c in enc_if_print (user=0x4f052080 "[EMAIL PROTECTED]'@", h=0x4f052080, p=0x42aaef90 "E\b\002T<\030@") at /usr/src/usr.sbin/tcpdump/print-enc.c:99 #4 0x000000004c191d64 in pcap_read (p=0x49817200, cnt=-1, callback=0x41d3c0 <enc_if_print>, user=0x0) at /usr/src/lib/libpcap/pcap-bpf.c:154 #5 0x000000004c19257b in pcap_loop (p=0x49817200, cnt=-1, callback=0x41d3c0 <enc_if_print>, user=0x0) at /usr/src/lib/libpcap/pcap.c:76 #6 0x0000000000403276 in main (argc=2, argv=0x41d3c0) at /usr/src/usr.sbin/tcpdump/tcpdump.c:485 (gdb) I made the resulting file of "tcpdump -p -ienc0 -w enc0.dump" available at http://www.stupendous.org/enc0.dump. Should I file a bugreport? -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.
