[2511] in linux-net channel archive
Re: tcpdump
daemon@ATHENA.MIT.EDU (Avery Pennarun)
Mon Apr 15 16:55:17 1996
Date: Mon, 15 Apr 1996 14:31:23 -0400 (EDT)
From: Avery Pennarun <apenwarr@foxnet.net>
To: naderr@topaz.cqu.edu.au
cc: linux-net@vger.rutgers.edu
In-Reply-To: <199604142214.IAA01389@linuxbox.nse.com.au>
On Mon, 15 Apr 1996, root wrote:
> prior to 1.3.88 I had an tcpdump ELF binary someone let me
> ftp from their site; I had tried compiling several tcpdump
> sources and they all screwed up for one reason or another.
>
> Now, with 1.3.88 this tcpdump seg faults :(
>
> [7][ root@linuxbox: ~/
> # tcpdump -i sl0
> tcpdump: listening on sl0
> 08:08:56.430003 138.77.65.5.1040 > vger.rutgers.edu.smtp: . 2626695638:2626696174(536) ack 1101248426 win 29696 (DF)
> Segmentation fault
>
> Could someone please tell me where I can get sources that _will_
> compile and/or binaries for tcpdump?
The Debian R6 sources contain a tcpdump which almost compiles on recent
kernels. The problem is that linux/if_arp.h still requires
linux/netdevice.h. The cleanest way around this that I could find was to
modify net/if_arp.h (which the tcpdump sources use) to look like this:
#include <linux/netdevice.h>
#include <linux/if_arp.h>
Again, is there any real reason why linux/if_arp.h can't include
linux/netdevice.h by itself? It is, as far as I can tell, strictly
necessary to include netdevice.h first if you use if_arp.h, so you gain
absolutely nothing by not doing it automatically.
Or was this fixed recently while I was sleeping?
You can get the Debian sources I used from any Debian mirror, or from my
ARCnet WWW page:
http://www.foxnet.net/~apenwarr/arcnet
There is a preliminary patch there that adds ARCnet support also; it's ugly,
so don't use it if you don't have ARCnet. Also a binary of the ugly version
that works on both my PPP link and my ARCnet network (though I suspect the
packet filter isn't perfect).
Have fun!
Avery
