Tcpdump does not work (i386)

heper

Version 2.3-ALPHA (i386)
built on Fri Oct 02 06:16:37 CDT 2015
FreeBSD 10.2-STABLE

[2.3-ALPHA][root@pfsense]/root: tcpdump -i em1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
tcpdump: pcap_loop: BIOCROTZBUF: Capabilities insufficient
0 packets captured
6 packets received by filter
0 packets dropped by kernel
[2.3-ALPHA][root@pfsense]/root: 

no output from webgui

might be something upstream but can't find anything more then https://lists.freebsd.org/pipermail/freebsd-stable/2015-September/083312.html

don't have an amd64 testvm setup at this time.

jimp

Is that a real hardware system or a virtual machine? If it's a virtual machine, are you using emulated NICs or paravirtualized NICs? What type (either)?

heper

its my router at home, its baremetal (old P4). i'm pretty confident it worked on 2.2.x

jimp

Try toggling net.bpf.zerocopy_enable. If it's 0, set to 1, if it's 1, set to 0.

heper

it was at 1 , i set it to 0  ==> tcpdump started working

jimp

What type of NICs are in that box? I saw that happen once with vtnet NICs in virtualbox and it was a FreeBSD bug that one of our other developers put in a fix for upstream. I'm not sure if it was a driver-specific fix though.

heper

well it didn't matter what nic i specified when doing tcpdump -i $interface (see first post= em1)

below is the list of nics. em0,em1,dc0 are assigned. rl0 is unassigned.

dc0@pci0:2:1:0: class=0x020000 card=0x100c1734 chip=0x09851317 rev=0x11 hdr=0x00
    vendor     = 'ADMtek'
    device     = 'NC100 Network Everywhere Fast Ethernet 10/100'
    class      = network
    subclass   = ethernet
rl0@pci0:2:5:0: class=0x020000 card=0x813910ec chip=0x813910ec rev=0x10 hdr=0x00
    vendor     = 'Realtek Semiconductor Co., Ltd.'
    device     = 'RTL-8100/8101L/8139 PCI Fast Ethernet Adapter'
    class      = network
    subclass   = ethernet
em0@pci0:2:7:0: class=0x020000 card=0x13768086 chip=0x107c8086 rev=0x05 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82541PI Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet
em1@pci0:2:9:0: class=0x020000 card=0x13768086 chip=0x107c8086 rev=0x05 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = '82541PI Gigabit Ethernet Controller'
    class      = network
    subclass   = ethernet

jimp

I went ahead and opened a ticket – it seems to be broken for all NICs currently: https://redmine.pfsense.org/issues/5257

va176thunderbolt

It's also broken on AMD64. I have a bare metal box with 1 Realtec 8111 and a 4 port Broadcom.