Antoon Huiskens wrote:
On 02/ 3/10 04:54 PM, Darren Reed wrote:
Antoon Huiskens wrote:
On 02/ 3/10 04:05 PM, Darren Reed wrote:
In the mean time, if ethernet headers are unimportant, you should
be able to do this:
pfexec tcpdump -y IPNET -i iwk0
Darren
That works indeed.
Any thoughts on how we can diagnose the ethernet headers issue (I
like to work my way up the stack..)
I think the first thing to do is confirm what is being passed into
bpf is correct with the dtrace script below.
Run the script and then do "tcpdump -y EN10MB -i iwk0 -c 1".
Darren
#!/usr/sbin/dtrace -Fs
mblk_t *m;
size_t len;
fbt:bpf:bpf_mtap:entry {
m = (mblk_t *)arg2;
len = m->b_wptr - m->b_rptr;
printf("%d:msg %p sz %d len %d", arg3, m, msgdsize(m), len);
tracemem(m->b_rptr, 20);
}
fbt:bpf:bpf_mtap:return {}
named the script bpftrace.d:
$ pfexec dtrace -s bpftrace.d
...
$ pfexec tcpdump -y EN10MB -i iwk0 -c 1
Can you try this again, but this time make two changes:
change "tracemem(m->b_rptr, 20);" to "tracemem(m->b_rptr,40);" and
run tcpdump like this: "pfexec tcpdump -vXe -y EN10MB -i iwk0 -c 1".
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
