| 1 |
On 12/29/2011 02:09 AM, Mick wrote: |
| 2 |
> On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote: |
| 3 |
>> walt, Wed, 28 Dec 2011 17:01:59 -0800: |
| 4 |
>>> Sometime in the last month or so (when I wasn't looking) my ~x86 and |
| 5 |
>>> ~amd64 machines quit working when I try to run wireshark or tcpdump, |
| 6 |
>>> etc, but I don't know exactly when or why. (My amd64 machine still |
| 7 |
>>> sniffs packets normally.) |
| 8 |
>>> |
| 9 |
>>> I get this same error from any packet sniffing app: |
| 10 |
>>> |
| 11 |
>>> Can't open netlink socket 93:Protocol not supported |
| 12 |
>>> |
| 13 |
>>> Strace shows that this is the failing system call: |
| 14 |
>>> |
| 15 |
>>> socket(PF_NETLINK, SOCK_RAW, 12) = -1 EPROTONOSUPPORT (Protocol not |
| 16 |
>>> supported) |
| 17 |
>>> |
| 18 |
>>> That makes me think of some missing kernel config that may have been |
| 19 |
>>> added or modified in recent kernels, so I tried gentoo-sources-3.0.6 |
| 20 |
>>> (same as my working amd64 machine) with no joy. Same error message. |
| 21 |
>>> |
| 22 |
>>> Have I missed some important gentoo bulletin about networking recently? |
| 23 |
>>> Anyone have working packet sniffing on ~arch? |
| 24 |
>> |
| 25 |
>> Hi, |
| 26 |
>> |
| 27 |
>> If I remember correctly, I needed to set |
| 28 |
>> Networking support -> Networking options -> Network packet filtering |
| 29 |
>> framework (Netfilter) -> Core Netfilter Configuration -> Netfilter |
| 30 |
>> connection tracking support |
| 31 |
>> |
| 32 |
>> It has been a while though, so it may be another option in the |
| 33 |
>> netfilter config - just try it :) |
| 34 |
>> |
| 35 |
>> Lubos |
| 36 |
> |
| 37 |
> tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors. |
| 38 |
|
| 39 |
Thanks guys. I enabled all of the netfilter stuff as modules, then ran |
| 40 |
tcpdump. Turns out that tcpdump loaded only the 'nfnetlink' module, which |
| 41 |
makes good sense given my original 'NETLINK' error message. |
| 42 |
|
| 43 |
This change appears to be somewhere in userland, though, not in the kernel |
| 44 |
per se. I copied the kernel .config file from my working amd64 machine |
| 45 |
to the 'broken' ~amd64 machine and recompiled the kernel. |
| 46 |
|
| 47 |
No improvement. I had to enable the nfnetlink module to make packet sniffing |
| 48 |
work again. I suppose one of the networking packages changed in a recent ~arch |
| 49 |
update. |
Archives