Re: tcpdump, netacct & SOCK_PACKE

Herbert Rosmanith (
Sat, 6 Apr 1996 16:52:50 +0200 (MET DST)

> I'm having problems with tcpdump - it doesnt print out a single packet.
> so I looked into the source and came until "recvfrom(...,&saddr,...)"
ok, so this is the fix:
obviously, I made the same mistake that tcpdump does (not surprising,
since I have just copied the code).

recvfrom requeires that *fromlen holds the size of of struct sockaddr *from,
allthough passed as a pointer, which was the reason for my confusion.

so, one should fix "pcap-linux.c" in the tcpdump source tree to read
as follows:

int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
register int datalen;
register int caplen;
struct sockaddr from;
int from_len;
char *buf;
int bufsize;

if (p->linktype == DLT_SLIP) {
buf = (char *)p->buffer+16;
bufsize = p->bufsize - 16;
} else {
buf = (char *)p->buffer;
bufsize = p->bufsize;

do {
+ from_len=sizeof(from);
datalen = recvfrom(p->fd,buf,bufsize,0,&from,&from_len);

it surprises me that it worked at all! I guess your luck only did
depend on what was put into from_len from the stack.

herbert rosmanith

checked in prior kernel version.