Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tcpdump aborts with "WARNING: SIOCGIFADDR: nflog: No such device" #350

Closed
SjonHortensius opened this issue Dec 10, 2013 · 4 comments
Closed

tcpdump aborts with "WARNING: SIOCGIFADDR: nflog: No such device" #350

SjonHortensius opened this issue Dec 10, 2013 · 4 comments
Assignees
@infrastation
Labels
found in 4.5

Comments

@SjonHortensius
Copy link

When I start tcpdump without specifying an interface, tcpdump segfaults because it has problems with a non-existing interface called nflog. I'm not sure where that iface comes from; wireshark reports seeing it too. Gdb trace:

(gdb) run
Starting program: /usr/bin/tcpdump
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff5e0f700 (LWP 4544)]
[Thread 0x7ffff5e0f700 (LWP 4544) exited]
tcpdump: WARNING: SIOCGIFADDR: nflog: No such device

Program received signal SIGABRT, Aborted.
0x00007ffff741c3d9 in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff741c3d9 in raise () from /usr/lib/libc.so.6
#1  0x00007ffff741d7d8 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff77abdb5 in ?? () from /usr/lib/libpcap.so.1
#3  0x00007ffff77ad5f9 in ?? () from /usr/lib/libpcap.so.1
#4  0x00007ffff77ae25d in gen_ncode () from /usr/lib/libpcap.so.1
#5  0x00007ffff77b8b11 in pcap_parse () from /usr/lib/libpcap.so.1
#6  0x00007ffff77a7445 in pcap_compile () from /usr/lib/libpcap.so.1
#7  0x000000000040427f in ?? ()
#8  0x00007ffff7408bc5 in __libc_start_main () from /usr/lib/libc.so.6
#9  0x00000000004051bd in ?? ()

Did I post this in the correct tracker or does it belong in libpcap?
@infrastation
Copy link
Member

This may be the libpcap bug addressed in the-tcpdump-group/libpcap@676cf8a (not yet in a release). How exactly do you run tcpdump to trigger the crash?

@SjonHortensius
Copy link
Author

As (I hoped) indicated by the "(gdb) run"; tcpdump was invoked without any parameters. This seems to vary though, it currently works without parameters; but still segfaults when I pass a filter, eg. tcpdump port 80

When I explicitly pass that interface tcpdump -i nflog port 80 it also segfaults

When I pass a different interface, it works fine

@infrastation
Copy link
Member

The aforementioned libpcap bug is triggered when both the current interface is nflog (implicitly or through -i) and there is a filter expression given. That's why it is necessary to confirm it crashes without any arguments. Could you rebuild tcpdump against the latest libpcap master branch and update if it still possible to crash it in any way? Thank you.

@SjonHortensius
Copy link
Author

Thanks for the explanation. I can confirm it doesn't crash without any filter arguments (and never did either; when using 'run' in gdb, first with arguments and then without, gdb runs the app with arguments both times).

Closing as fixed by the-tcpdump-group/libpcap@676cf8a

@ghost ghost assigned infrastation Dec 10, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@infrastation infrastation

Labels
found in 4.5
Milestone
No milestone
Development

No branches or pull requests
2 participants
@infrastation @SjonHortensius