[tcpdump-workers] -C option not working? FreeBSD 10.1
wxs at FreeBSD.org
Wed Feb 18 11:00:28 EST 2015
Looks like the call to pcap_dump_ftell() is always returning -1 and setting errno to 93 (ENOTCAPABLE). This makes sense since I can only trigger it on FreeBSD, and if I disable capsicum support in config.h and rebuild then -C works as expected.
I'll take a look at this and send a PR, but you may be better off building it yourself and disabling capsicum for now.
> On Feb 18, 2015, at 12:38 AM, SJP Lists <sjp.lists at flashbsd.net> wrote:
> Hello all,
> Firstly, apologies if I missed info about this from a FAQ, documentation,
> source README and CHANGES and Google or if I am just doing something
> silly. I looked at the man page and performed a Google and case sensitive
> searches via casesensitivesearch.com (to avoid all the -c results) but did
> not find any info about this issue I am having.
> I have built a host for circular recording of WAN traffic onto 2TB worth of
> storage, in order to hopefully catch pcaps after an event of intermittent
> issues we are not able to replicate. Hoping that when a user complains and
> gives us the time of the issue, I can just grab a copy of the pre-recorded
> pcap which should contain the traffic associated with their issue.
> I've used FreeBSD 10.1 for this. With the following tcpdump syntax as an
> example, run as root:
> tcpdump -C 1 -W 10 -w filename -i em0
> and I am finding that filename0 is created and captured to, but the capture
> does not roll over to the next file and instead continues to capture to the
> first file beyond the limit I thought would be imposed with "-C 1", until I
> kill the process.
> I have tried the -Z option with "-Z root", in case the issue was that a new
> file cannot be created once privs are dropped, but I get the same result.
> Thank you for reading and any help that you can give!
> tcpdump-workers mailing list
> tcpdump-workers at lists.tcpdump.org
More information about the tcpdump-workers