Skip to content

1sec delay before captured packets are received by pcap #354

Closed
Closed
1sec delay before captured packets are received by pcap#354
Assignees
guyharris
Labels
TPACKET_V3
@joernheissler

Description

@joernheissler
joernheissler
opened on May 4, 2014

Hi,
I'm running debian/unstable with:

  • linux 3.13-1-amd64
  • pcap 1.5.3-2
  • tcpdump 4.5.1-2

When I run tcpdump, e.g. "tcpdump -n -i ppp0 port 80", captured packets are only displayed once per second, so there's a delay between the packet passing through my network interface and captured packet showing on my screen.
It looks like there's a poll() system call on the capture socket which times out once/second, because the data is not passed through the socket but through shared memory somehow (new linux feature?).
I'd like to get the "old" behaviour back where captured packets are displayed as soon as possible. Thanks in advance :)

Here's the strace:

23:14:14.015753 socket(PF_PACKET, SOCK_DGRAM, 768) = 3
23:14:14.015897 ioctl(3, SIOCGIFINDEX, {ifr_name="ppp0", ifr_index=42}) = 0
23:14:14.015988 bind(3, {sa_family=AF_PACKET, proto=0x03, if42, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
23:14:14.037814 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
23:14:14.037964 setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP, "*\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
23:14:14.038111 setsockopt(3, SOL_PACKET, PACKET_AUXDATA, [1], 4) = 0
23:14:14.038162 getsockopt(3, SOL_PACKET, PACKET_HDRLEN, [36], [4]) = 0
23:14:14.038197 setsockopt(3, SOL_PACKET, PACKET_VERSION, [2], 4) = 0
23:14:14.038233 setsockopt(3, SOL_PACKET, PACKET_RESERVE, [4], 4) = 0
23:14:14.038264 setsockopt(3, SOL_PACKET, PACKET_RX_RING, "\0\0\2\0\20\0\0\0\0\0\2\0\20\0\0\0\350\3\0\0\0\0\0\0\0\0\0\0", 28) = 0
23:14:14.052575 mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7f8c6ed65000
23:14:14.052890 getgid()                = 0
23:14:14.052965 setgid(0)               = 0
23:14:14.053023 getuid()                = 0
23:14:14.053063 setuid(0)               = 0
23:14:14.053104 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
23:14:14.053167 ioctl(4, SIOCGIFADDR, {ifr_name="ppp0", ifr_addr={AF_INET, inet_addr("172.16.88.1")}}) = 0
23:14:14.053250 ioctl(4, SIOCGIFNETMASK, {ifr_name="ppp0", ifr_netmask={AF_INET, inet_addr("255.255.255.255")}}) = 0
23:14:14.053289 close(4)                = 0
23:14:14.053542 rt_sigaction(SIGPIPE, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053717 rt_sigaction(SIGTERM, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053764 rt_sigaction(SIGINT, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053855 rt_sigaction(SIGCHLD, {0x7f8c6fdebd80, [], SA_RESTORER|SA_RESTART, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053915 rt_sigaction(SIGHUP, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053957 getuid()                = 0
23:14:14.054008 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, "\1\0\0\0\0\0\0\0\350\343to\214\177\0\0", 16) = 0
23:14:14.054064 fcntl(3, F_GETFL)       = 0x2 (flags O_RDWR)
23:14:14.054098 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
23:14:14.054130 recvfrom(3, 0x7fff6d29584f, 1, 32, 0, 0) = -1 EAGAIN (Resource temporarily unavailable)
23:14:14.054170 fcntl(3, F_SETFL, O_RDWR) = 0
23:14:14.054199 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, "\30\0\0\0\0\0\0\0PL(q\214\177\0\0", 16) = 0
23:14:14.054244 rt_sigaction(SIGUSR1, {0x7f8c6fdec760, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.054312 write(2, "tcpdump: verbose output suppressed, use -v or -vv for full protocol decode\n", 75tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
) = 75
23:14:14.054368 write(2, "listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes\n", 80listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
) = 80
23:14:14.054418 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:15.055737 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:16.057086 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:123:14:14.015753 socket(PF_PACKET, SOCK_DGRAM, 768) = 3
23:14:14.015897 ioctl(3, SIOCGIFINDEX, {ifr_name="ppp0", ifr_index=42}) = 0
23:14:14.015988 bind(3, {sa_family=AF_PACKET, proto=0x03, if42, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
23:14:14.037814 getsockopt(3, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
23:14:14.037964 setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP, "*\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
23:14:14.038111 setsockopt(3, SOL_PACKET, PACKET_AUXDATA, [1], 4) = 0
23:14:14.038162 getsockopt(3, SOL_PACKET, PACKET_HDRLEN, [36], [4]) = 0
23:14:14.038197 setsockopt(3, SOL_PACKET, PACKET_VERSION, [2], 4) = 0
23:14:14.038233 setsockopt(3, SOL_PACKET, PACKET_RESERVE, [4], 4) = 0
23:14:14.038264 setsockopt(3, SOL_PACKET, PACKET_RX_RING, "\0\0\2\0\20\0\0\0\0\0\2\0\20\0\0\0\350\3\0\0\0\0\0\0\0\0\0\0", 28) = 0
23:14:14.052575 mmap(NULL, 2097152, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x7f8c6ed65000
23:14:14.052890 getgid()                = 0
23:14:14.052965 setgid(0)               = 0
23:14:14.053023 getuid()                = 0
23:14:14.053063 setuid(0)               = 0
23:14:14.053104 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
23:14:14.053167 ioctl(4, SIOCGIFADDR, {ifr_name="ppp0", ifr_addr={AF_INET, inet_addr("172.16.88.1")}}) = 0
23:14:14.053250 ioctl(4, SIOCGIFNETMASK, {ifr_name="ppp0", ifr_netmask={AF_INET, inet_addr("255.255.255.255")}}) = 0
23:14:14.053289 close(4)                = 0
23:14:14.053542 rt_sigaction(SIGPIPE, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053717 rt_sigaction(SIGTERM, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053764 rt_sigaction(SIGINT, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053855 rt_sigaction(SIGCHLD, {0x7f8c6fdebd80, [], SA_RESTORER|SA_RESTART, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053915 rt_sigaction(SIGHUP, {0x7f8c6fdebd90, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.053957 getuid()                = 0
23:14:14.054008 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, "\1\0\0\0\0\0\0\0\350\343to\214\177\0\0", 16) = 0
23:14:14.054064 fcntl(3, F_GETFL)       = 0x2 (flags O_RDWR)
23:14:14.054098 fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
23:14:14.054130 recvfrom(3, 0x7fff6d29584f, 1, 32, 0, 0) = -1 EAGAIN (Resource temporarily unavailable)
23:14:14.054170 fcntl(3, F_SETFL, O_RDWR) = 0
23:14:14.054199 setsockopt(3, SOL_SOCKET, SO_ATTACH_FILTER, "\30\0\0\0\0\0\0\0PL(q\214\177\0\0", 16) = 0
23:14:14.054244 rt_sigaction(SIGUSR1, {0x7f8c6fdec760, [], SA_RESTORER, 0x7f8c6f19e420}, {SIG_DFL, [], 0}, 8) = 0
23:14:14.054312 write(2, "tcpdump: verbose output suppressed, use -v or -vv for full protocol decode\n", 75tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
) = 75
23:14:14.054368 write(2, "listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes\n", 80listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
) = 80
23:14:14.054418 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:15.055737 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:16.057086 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:17.058389 fstat(1, {st_dev=makedev(0, 11), st_ino=19, st_mode=S_IFCHR|0620, st_nlink=1, st_uid=1000, st_gid=5, st_blksize=1024, st_blocks=0, st_rdev=makedev(136, 16), st_atime=2014/05/04-23:14:08, st_mtime=2014/05/04-23:14:16, st_ctime=2014/05/04-23:09:16}) = 0
23:14:17.058535 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c6fd5e000
23:14:17.058685 write(1, "23:14:16.830357 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [S], seq 1072733366, win 14600, options [mss 1410,sackOK,TS val 1390877 ecr 0,nop,wscale 3], length 0\n", 16623:14:16.830357 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [S], seq 1072733366, win 14600, options [mss 1410,sackOK,TS val 1390877 ecr 0,nop,wscale 3], length 0
) = 166
23:14:17.058843 write(1, "23:14:16.927516 IP 199.204.44.194.80 > 172.16.89.1.41345: Flags [S.], seq 1272891015, ack 1072733367, win 14480, options [mss 1452,sackOK,TS val 455785362 ecr 1390877,nop,wscale 7], length 0\n", 19123:14:16.927516 IP 199.204.44.194.80 > 172.16.89.1.41345: Flags [S.], seq 1272891015, ack 1072733367, win 14480, options [mss 1452,sackOK,TS val 455785362 ecr 1390877,nop,wscale 7], length 0
) = 191
23:14:17.059002 write(1, "23:14:16.928791 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 1390887 ecr 455785362], length 0\n", 14323:14:16.928791 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 1390887 ecr 455785362], length 0
) = 143
23:14:17.059144 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:18.060434 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
7.058389 fstat(1, {st_dev=makedev(0, 11), st_ino=19, st_mode=S_IFCHR|0620, st_nlink=1, st_uid=1000, st_gid=5, st_blksize=1024, st_blocks=0, st_rdev=makedev(136, 16), st_atime=2014/05/04-23:14:08, st_mtime=2014/05/04-23:14:16, st_ctime=2014/05/04-23:09:16}) = 0
23:14:17.058535 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c6fd5e000
23:14:17.058685 write(1, "23:14:16.830357 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [S], seq 1072733366, win 14600, options [mss 1410,sackOK,TS val 1390877 ecr 0,nop,wscale 3], length 0\n", 16623:14:16.830357 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [S], seq 1072733366, win 14600, options [mss 1410,sackOK,TS val 1390877 ecr 0,nop,wscale 3], length 0
) = 166
23:14:17.058843 write(1, "23:14:16.927516 IP 199.204.44.194.80 > 172.16.89.1.41345: Flags [S.], seq 1272891015, ack 1072733367, win 14480, options [mss 1452,sackOK,TS val 455785362 ecr 1390877,nop,wscale 7], length 0\n", 19123:14:16.927516 IP 199.204.44.194.80 > 172.16.89.1.41345: Flags [S.], seq 1272891015, ack 1072733367, win 14480, options [mss 1452,sackOK,TS val 455785362 ecr 1390877,nop,wscale 7], length 0
) = 191
23:14:17.059002 write(1, "23:14:16.928791 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 1390887 ecr 455785362], length 0\n", 14323:14:16.928791 IP 172.16.89.1.41345 > 199.204.44.194.80: Flags [.], ack 1, win 1825, options [nop,nop,TS val 1390887 ecr 455785362], length 0
) = 143
23:14:17.059144 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])
23:14:18.060434 poll([{fd=3, events=POLLIN}], 1, 1000) = 1 ([{fd=3, revents=POLLIN}])

Metadata

Metadata

Assignees

Labels

TPACKET_V3

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions