Hi, Guy:
My libpcap version is libpcap_1.2.0. xcrp is a network device with
special link layer header. I guess the problem is libpcap can't
figure out what it is.
I will look into libpcap for solution.
Thanks!
shawn
On Thu, Nov 4, 2010 at 11:27 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
>
> On Nov 4, 2010, at 11:04 AM, Xiaochun Lu wrote:
>
>> When I try to capture packet using tshark, the shark aborted with core dumped.
>> I was able to get back trace . However, I am not able to to locate
>> file gencode.c.
>>
>> Can anyone tell me where can I find this file?
>
> http://www.tcpdump.org/
>
> Asking from that stack trace where to find gencode.c is like asking from that stack trace where to find the source code for abort() or raise() (as you're on Linux, the answer for those two routines is "in GNU libc"); dumpcap is using a system library, libpcap, to do packet capture - gencode.c is part of libpcap, not Wireshark.
>
> The crash is occurring because gen_linktype() is explicitly calling abort(). This is on Debian (or Ubuntu), so the version number on the libpcap shared library:
>
>> Reading symbols from /usr/lib/libpcap.so.0.8...done.
>> Loaded symbols for /usr/lib/libpcap.so.0.8
>
> has nothing to do with the actual version of libpcap, so I don't know what version of libpcap this is, and thus can't find the appropriate version of gencode.c yet to see why it's calling abort(), I can only guess.
>
>> Core was generated by `/usr/bin/dumpcap -i xcrp -f port 123 -w pcap'.
>> Program terminated with signal 6, Aborted.
>> [New process 16575]
>> #0 0x00007f0d49f9bfb5 in raise () from /lib/libc.so.6
>> (gdb) bt
>> #0 0x00007f0d49f9bfb5 in raise () from /lib/libc.so.6
>> #1 0x00007f0d49f9dbc3 in abort () from /lib/libc.so.6
>> #2 0x00007f0d4b04c3ea in gen_linktype (proto=2048) at ./gencode.c:3549
>> #3 0x00007f0d4b04cc2f in gen_port (port=123, ip_proto=16575, dir=6)
>> at ./gencode.c:5236
>> #4 0x00007f0d4b050027 in gen_ncode (s=0x0, v=123, q=<value optimized
>> out>) at ./gencode.c:6586
>> #5 0x00007f0d4b059036 in pcap_parse () at grammar.y:334
>> #6 0x00007f0d4b047c0f in pcap_compile (p=0x1b3f360,
>> program=0x7fff4364b590, buf=<value optimized out>, optimize=1,
>> mask=4278190080) at ./gencode.c:451
>> #7 0x00000000004070d1 in capture_loop_start (capture_opts=0x60e4e0,
>> stats_known=0x7fff4365d948, stats=0x7fff4365d910) at dumpcap.c:1428
>> #8 0x00000000004088ca in main (argc=<value optimized out>,
>> argv=<value optimized out>) at dumpcap.c:2761
>
> The current top-of-tree version of libpcap will call abort() from gen_linktype() if the link-layer type of the device on which you're capturing doesn't support a link-layer type field of the type libpcap understands. I don't know what type of device the "xcrp" device is; what type is it?
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
