Howdy y'all,
Hope y'all had a nice weekend. This morning I was playing with my
4.5-release machine and I attempted the following:
tcpdump -r /usr/home/trial1 -w /dev/bpf0
on a machine that has three NICs, with fxp0 being set to DHCP. But the
machine responded that the "device was busy". I am also running ipfw on it
so that may explain why I got the error message. I then tried to do it on
bpf1 and it just returned me to the shell with no error messages.
Now, according to the man page for bpf, when a particular system call is
made to the bpf device and then if I try to dump data to the interface
(which is what I am doing in the example above), I would get the error
message. So the phenomenon I witnessed may be due to that. However, at the
end of the man page, it also said something about a bug in bpf such that the
raw data dumped to a bpf* associated with one interface may also end up with
other bpf* device and possibly other interfaces. So the questions I have
are:
1) By dumping the raw data from that file into bpf1 instead of bpf0, did
the data get written to (and egress) the fxp0 interface? Keep in mind that
that is the ONLY interface configured as DHCP.
2) What else would I have to see to rule out that this"bug" was acting up
instead of a normal system function? In other words, was the error "device
was busy" caused by ipfw locking the device or was it caused by something
else?
TIA,
Simon Chang