Bug #5257
closedtcpdump is not working with zerocopy enabled (net.bpf.zerocopy_enable=1)
100%
Description
tcpdump is failing when zerocopy is enabled (net.bpf.zerocopy_enable=1) which is the default.
Sample failure message:
: tcpdump -i em0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes tcpdump: pcap_loop: BIOCROTZBUF: Capabilities insufficient
I had seen this a few weeks back but only on a vtnet interface. At the time, gnn found the bug in FreeBSD, but the fix does not seem to have made its way into pfSense 2.3 yet.
I've tried with multiple types of NICs (vmx, vtnet, em --real and virtualized, and re) -- same behavior on all. All on current snapshots.
Updated by Chris Buechler about 9 years ago
- Status changed from New to Confirmed
- Priority changed from Normal to High
seems to affect all interface types, physical hardware, VMs, virtual interfaces (PPPoE, GRE, gif)
Updated by Luiz Souza about 9 years ago
The recent fixes I did in bpf (that fixed the zerocopy buffers in bpf) caused this issue (now that tcpdump is really trying to use the zero copy buffers).
There is a disallowed ioctl in capsicum.
I'll submit the fix to upstream.
Updated by Luiz Souza about 9 years ago
Fix submitted to upstream: https://github.com/the-tcpdump-group/tcpdump/pull/486
Updated by Luiz Souza about 9 years ago
I am disabling the zero copy buffers in pfSense until all the raised issues are fixed in FreeBSD.
Updated by Luiz Souza almost 9 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Workaround committed to 2.3.
Awaiting the next tcpdump release (and the hostapd fix) to enable the zero copy buffers again.