Tcpdump does not work (i386)
Version 2.3-ALPHA (i386)
built on Fri Oct 02 06:16:37 CDT 2015
[2.3-ALPHA][root@pfsense]/root: tcpdump -i em1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes tcpdump: pcap_loop: BIOCROTZBUF: Capabilities insufficient 0 packets captured 6 packets received by filter 0 packets dropped by kernel [2.3-ALPHA][root@pfsense]/root:
no output from webgui
might be something upstream but can't find anything more then https://lists.freebsd.org/pipermail/freebsd-stable/2015-September/083312.html
don't have an amd64 testvm setup at this time.
Is that a real hardware system or a virtual machine? If it's a virtual machine, are you using emulated NICs or paravirtualized NICs? What type (either)?
its my router at home, its baremetal (old P4). i'm pretty confident it worked on 2.2.x
Try toggling net.bpf.zerocopy_enable. If it's 0, set to 1, if it's 1, set to 0.
it was at 1 , i set it to 0 ==> tcpdump started working
What type of NICs are in that box? I saw that happen once with vtnet NICs in virtualbox and it was a FreeBSD bug that one of our other developers put in a fix for upstream. I'm not sure if it was a driver-specific fix though.
well it didn't matter what nic i specified when doing tcpdump -i $interface (see first post= em1)
below is the list of nics. em0,em1,dc0 are assigned. rl0 is unassigned.
dc0@pci0:2:1:0: class=0x020000 card=0x100c1734 chip=0x09851317 rev=0x11 hdr=0x00 vendor = 'ADMtek' device = 'NC100 Network Everywhere Fast Ethernet 10/100' class = network subclass = ethernet rl0@pci0:2:5:0: class=0x020000 card=0x813910ec chip=0x813910ec rev=0x10 hdr=0x00 vendor = 'Realtek Semiconductor Co., Ltd.' device = 'RTL-8100/8101L/8139 PCI Fast Ethernet Adapter' class = network subclass = ethernet em0@pci0:2:7:0: class=0x020000 card=0x13768086 chip=0x107c8086 rev=0x05 hdr=0x00 vendor = 'Intel Corporation' device = '82541PI Gigabit Ethernet Controller' class = network subclass = ethernet em1@pci0:2:9:0: class=0x020000 card=0x13768086 chip=0x107c8086 rev=0x05 hdr=0x00 vendor = 'Intel Corporation' device = '82541PI Gigabit Ethernet Controller' class = network subclass = ethernet
I went ahead and opened a ticket – it seems to be broken for all NICs currently: https://redmine.pfsense.org/issues/5257
It's also broken on AMD64. I have a bare metal box with 1 Realtec 8111 and a 4 port Broadcom.