[tcpdump-workers] Legacy Linux kernel support

Mario Rugiero mrugiero at gmail.com
Wed Apr 1 19:14:57 EDT 2020

OK, follow up.
I haven't yet been able to test it, which is why I've been delaying
writing about this,
but these two commits[0][1], which according to these threads[2][3]
are the ones fixing
the timeout issue, have been applied to CentOS 7 default kernel,
It can also be seen by comparing vanilla 3.10[4] with the CentOS
sources[5], diffing
the files located at net/packet/af_packet.c.
This *should* mean it works without the workaround. I'd like to try
it, but I'm currently
fighting with VirtualBox guest additions and in a metered connection
(I have no home
connection and my country is in quarantine), so I'm being rather
careful on my data

Now, if this is deemed insufficient, I have a test in mind that I may
as well have
early feedback on, with the following setup:
- libpcap with the workaround removed;
- vanilla and CentOS' kernels alternated;
- a 2MiB packet ring;
- a 64kiB block size and snaplen;
- timeout of 8ms;
- injection to a virtual interface at 1 packet every 20ms;
- a simple application that reads and do nothing on its peer.

I think that should give as a buffer small enough and a frequency low enough to
fill the buffer and result in observable packet loss.

Does it make sense? Any suggestions or criticisms to the setup? Is it necessary?

[0]: https://github.com/torvalds/linux/commit/da413eec729dae5dcb150e2eb34c5e7e5e4e1b49
[1]: https://github.com/torvalds/linux/commit/41a50d621a321b4c15273cc1b5ed41437f4acdfb
[2]: https://www.mail-archive.com/netdev@vger.kernel.org/msg163532.html
[3]: https://www.mail-archive.com/search?l=netdev@vger.kernel.org&q=subject:%22TPACKET_V3+timeout+bug%5C%3F%22&o=newest&f=1
[4]: https://cdn.kernel.org/pub/linux/kernel/v3.x/linux-3.10.tar.xz
[5]: http://vault.centos.org/7.7.1908/os/Source/SPackages/kernel-3.10.0-1062.el7.src.rpm

More information about the tcpdump-workers mailing list