bin/105334: Error in output of tcpdump

Ricardo Nabinger Sanchez rnsanchez at wait4.org
Thu Nov 9 18:10:26 UTC 2006 

The following reply was made to PR bin/105334; it has been noted by GNATS.

From: Ricardo Nabinger Sanchez <rnsanchez at wait4.org>
To: Oliver Fromme <olli at lurza.secnetix.de>
Cc: FreeBSD-gnats-submit at FreeBSD.org
Subject: Re: bin/105334: Error in output of tcpdump
Date: Thu, 9 Nov 2006 16:07:55 -0200

 On Thu, 9 Nov 2006 18:35:44 +0100 (CET)
 Oliver Fromme <olli at lurza.secnetix.de> wrote:
 
 > Ricardo Nabinger Sanchez wrote:
 >  > Oliver Fromme wrote:
 >  > 
 >  > > 	While trying to debug a problem with NFS mounts via TCP,
 >  > > 	I used the following tcpdump(1) command to watch traffic
 >  > > 	on lo0.  Note that some (but not all) of the port numbers
 >  > > 	are wrong:
 >  > > 
 >  > > 		127.0.0.1.2714894848 > 127.0.0.1.2049
 >  > > 		127.0.0.1.2049       > 127.0.0.1.3251765760
 >  > 
 >  > Not sure if it makes sense, but 2714894848 & 65535 == 1024.  Any
 >  > chances that this port was indeed used during your capture (perhaps
 >  > cross-checking with netstat)?
 > 
 > No, the actual port was 982, which seems to be completely
 > unrelated to the numbers printed by tcpdump.  I converted
 > the "suspicios" numbers to hex:
 > 
 > 2714894848 == 0xa1d20200
 > 3251765760 == 0xc1d20200
 > 652476928  == 0x26e40200
 > 1054278144 == 0x3ed70200
 > 98828800   == 0x05e40200
 > 
 > The only common patter is 0x0200 (decimal 1024) in the
 > lower 16 bits.
 > 
 > Could this be a subtle compiler bug?  I've compiled the
 > system without any special compiler settings.  make.conf
 > is empty.
 
 It's possible, but I think this is the least expected cause.
 
 > 
 >  > In contrib/tcpdump/addrtoname.c:621:638 (-CURRENT):
 >  > [...]
 > 
 > The source you quoted looks OK to me.  I can't see anything
 > that could explain the symptom.
 
 The printed number was a 16 bit integer cast to a 32 bit one, and it got
 mangled somehow.
 
 > 
 >  > Are you running i386 binary on an AMD64/EMT64 (or another
 >  > 64 bits variant)?
 > 
 > It's all i386 32bit (both kernel + userland).  I don't even
 > know if the machine supports 64bit, it's a Xeon 3.2 GHz.
 > The dmesg says "AMD Features=0x20000000<LM>", does that
 > mean "long mode", i.e. 64bit?  Anyway, I'm running 32bit,
 > and going to 64bit is not an option.
 
 I'd recommend you to capture a tcpdump trace, if possible, with -w option.
 Something like:
 
 	# tcpdump -c 100 -s 1600 -w oddport.dump
 
 To save 100 packets and probably some that triggers this issue.  With this
 (small) dump we can debug tcpdump and see what's going wrong.
 
 Regards. :)
 
 ps: my previous message was classified as spam (and discarded), but I'm
 subscribed to the list.  Odd, too.
 
 -- 
 Ricardo Nabinger Sanchez     <rnsanchez@{gmail.com,wait4.org}>
 Powered by FreeBSD
 
   "Left to themselves, things tend to go from bad to worse."

More information about the freebsd-bugs mailing list