On 02/ 4/10 01:26 PM, Darren Reed wrote:
Antoon Huiskens wrote:
On 02/ 3/10 04:54 PM, Darren Reed wrote:
Antoon Huiskens wrote:
On 02/ 3/10 04:05 PM, Darren Reed wrote:
In the mean time, if ethernet headers are unimportant, you should
be able to do this:
pfexec tcpdump -y IPNET -i iwk0
Darren
That works indeed.
Any thoughts on how we can diagnose the ethernet headers issue (I
like to work my way up the stack..)
I think the first thing to do is confirm what is being passed into
bpf is correct with the dtrace script below.
Run the script and then do "tcpdump -y EN10MB -i iwk0 -c 1".
Darren
#!/usr/sbin/dtrace -Fs
mblk_t *m;
size_t len;
fbt:bpf:bpf_mtap:entry {
m = (mblk_t *)arg2;
len = m->b_wptr - m->b_rptr;
printf("%d:msg %p sz %d len %d", arg3, m, msgdsize(m), len);
tracemem(m->b_rptr, 20);
}
fbt:bpf:bpf_mtap:return {}
named the script bpftrace.d:
$ pfexec dtrace -s bpftrace.d
...
$ pfexec tcpdump -y EN10MB -i iwk0 -c 1
Can you try this again, but this time make two changes:
change "tracemem(m->b_rptr, 20);" to "tracemem(m->b_rptr,40);" and
run tcpdump like this: "pfexec tcpdump -vXe -y EN10MB -i iwk0 -c 1".
Darren
No problems:
$ pfexec dtrace -s bpftrace.d
dtrace: script 'bpftrace.d' matched 2 probes
CPU ID FUNCTION:NAME
0 63656 bpf_mtap:entry 0:msg ffffff01c8eb02e0 sz
121 len 121
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
0 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01cda37740 sz
115 len 115
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 02 2c 00 00 1d e0 19 e9 25 00 23 69 ae 0c 8c
..,......%.#i...
10: 00 23 69 ae 0c 8a 10 96 aa aa 03 00 00 00 08 00
.#i.............
20: 45 00 00 53 e0 90 00 00 E..S....
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01c708dd40 sz
123 len 123
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01d6066ac0 sz
115 len 115
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 02 2c 00 00 1d e0 19 e9 25 00 23 69 ae 0c 8c
..,......%.#i...
10: 00 23 69 ae 0c 8a 30 96 aa aa 03 00 00 00 08 00
.#i...0.........
20: 45 00 00 53 e0 91 00 00 E..S....
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01c708dd40 sz
123 len 123
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
1 63657 bpf_mtap:return
0 63656 bpf_mtap:entry 0:msg ffffff01ccde3180 sz
123 len 123
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
0 63657 bpf_mtap:return
0 63656 bpf_mtap:entry 0:msg ffffff01ccde3180 sz
122 len 122
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
0 63657 bpf_mtap:return
0 63656 bpf_mtap:entry 0:msg ffffff01c708dd40 sz
152 len 40
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 33 33 00 01 00 02 00 00 00 00 00 00 00 00 00 00
33..............
20: aa aa 03 00 00 00 86 dd ........
0 63657 bpf_mtap:return
0 63656 bpf_mtap:entry 0:msg ffffff01d6c2f040 sz
121 len 121
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
0 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01cda37740 sz
120 len 120
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 02 2c 00 00 1d e0 19 e9 25 00 23 69 ae 0c 8c
..,......%.#i...
10: 00 23 69 ae 0c 8a 40 96 aa aa 03 00 00 00 08 00
.#i...@.........
20: 45 00 00 58 e0 92 00 00 E..X....
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01def39740 sz
127 len 127
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 02 2c 00 00 1d e0 19 e9 25 00 23 69 ae 0c 8c
..,......%.#i...
10: 00 23 69 ae 0c 8a 60 96 aa aa 03 00 00 00 08 00
.#i...`.........
20: 45 00 00 5f e0 93 00 00 E.._....
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01d735e560 sz
113 len 113
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 02 2c 00 00 1d e0 19 e9 25 00 23 69 ae 0c 8c
..,......%.#i...
10: 00 23 69 ae 0c 8a 80 96 aa aa 03 00 00 00 08 00
.#i.............
20: 45 00 00 51 e0 94 00 00 E..Q....
1 63657 bpf_mtap:return
1 63656 bpf_mtap:entry 0:msg ffffff01d735e560 sz
92 len 40
0 1 2 3 4 5 6 7 8 9 a b c d e f
0123456789abcdef
0: 08 41 00 00 00 23 69 ae 0c 8c 00 1d e0 19 e9 25
.A...#i........%
10: 00 23 69 ae 0c 8a 00 00 00 00 00 00 00 00 00 00
.#i.............
20: aa aa 03 00 00 00 08 00 ........
1 63657 bpf_mtap:return
$ pfexec tcpdump -vXe -y EN10MB -i iwk0 -c 1
tcpdump: data link type EN10MB
tcpdump: listening on iwk0, link-type EN10MB (Ethernet), capture size 96
bytes
13:27:01.049888 69:ae:0c:8c:00:1d (oui Unknown) > 08:41:00:00:00:23 (oui
Unknown), ethertype Unknown (0xe019), length 121:
0x0000: e925 0023 69ae 0c8a 0000 0000 0000 0000 .%.#i...........
0x0010: 0000 aaaa 0300 0000 0800 4500 0051 1111 ..........E..Q..
0x0020: 4000 4006 f19e c0a8 0165 4a7d 2b6d 9beb @[email protected]}+m..
0x0030: 03e1 129c 50eb 2160 3fcb 8018 fc07 d671 ....P.!`?......q
0x0040: 0000 0101 080a 001b be6d 3313 c3e6 1703 .........m3.....
0x0050: 0100 ..
1 packets captured
13 packets received by filter
0 packets dropped by kernel
Antoon
_______________________________________________
networking-discuss mailing list
[email protected]
