We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?
How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
Hi John,
I just tried this on my 6.3 system and I see an “en_en0” entry under
/dev/io-net after starting tcpdump. You should also see nfm-bpf.so loaded
when you do a “pidin -p io-net mem”. Unmounting /dev/io-net/en_en0 also
worked to unload nfm-bpf.so.
Thanks,
Barry
“John A. Murphy” <murf@perftech.com> wrote in message
news:ct9356$n7t$1@inn.qnx.com…
We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
OS Support wrote:
Hi John,
I just tried this on my 6.3 system and I see an “en_en0” entry under
/dev/io-net after starting tcpdump. You should also see nfm-bpf.so loaded
when you do a “pidin -p io-net mem”. Unmounting /dev/io-net/en_en0 also
worked to unload nfm-bpf.so.Thanks,
Barry“John A. Murphy” <> murf@perftech.com> > wrote in message
news:ct9356$n7t$> 1@inn.qnx.com> …We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
Wow! We thought there was ALWAYS an “en_en0” entry under /dev/io-net in
6.3.0 (which is NOT the case in 6.2)! Maybe all of our machines are,
for some unknown reason, loading the BPF filter when they power up.
I’ll check it out.
Thanks!
Murf
I checked a couple of 6.30 machines, and there is an “en_en0” entry
under /dev/io-net BEFORE starting tcpdump (but no bpf entry under
/dev/socket). After starting tcpdump, there is a bpf entry under
/dev/socket, but no additional entries under /dev/io-net, and so
apparently nothing that could be umounted.
Murf
OS Support wrote:
Hi John,
I just tried this on my 6.3 system and I see an “en_en0” entry under
/dev/io-net after starting tcpdump. You should also see nfm-bpf.so loaded
when you do a “pidin -p io-net mem”. Unmounting /dev/io-net/en_en0 also
worked to unload nfm-bpf.so.Thanks,
Barry“John A. Murphy” <> murf@perftech.com> > wrote in message
news:ct9356$n7t$> 1@inn.qnx.com> …We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
Could you do a “pidin -p io-net mem” so we know what’s in it?
-xtang
John A. Murphy <murf@perftech.com> wrote in message
news:ctblb0$o6a$1@inn.qnx.com…
I checked a couple of 6.30 machines, and there is an “en_en0” entry
under /dev/io-net BEFORE starting tcpdump (but no bpf entry under
/dev/socket). After starting tcpdump, there is a bpf entry under
/dev/socket, but no additional entries under /dev/io-net, and so
apparently nothing that could be umounted.Murf
OS Support wrote:
Hi John,
I just tried this on my 6.3 system and I see an “en_en0” entry under
/dev/io-net after starting tcpdump. You should also see nfm-bpf.so
loaded
when you do a “pidin -p io-net mem”. Unmounting /dev/io-net/en_en0 also
worked to unload nfm-bpf.so.Thanks,
Barry“John A. Murphy” <> murf@perftech.com> > wrote in message
news:ct9356$n7t$> 1@inn.qnx.com> …We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
Sure! One probably significant point that I failed to mention: we always start io-net with the external_arp option;
with 6.2 that was necessary if we ever wanted to load our own filters, and we assume it still is.
#pidin -o io-net mem
pid tid name prio STATE code data stack
110604 1 sbin/io-net 10o SIGWAITINFO 64K 2648K 8192(516K)*
110604 2 sbin/io-net 10o RECEIVE 64K 2648K 4096(68K)
110604 3 sbin/io-net 10o RECEIVE 64K 2648K 8192(68K)
110604 4 sbin/io-net 10o RECEIVE 64K 2648K 4096(68K)
110604 5 sbin/io-net 20o RECEIVE 64K 2648K 4096(132K)
110604 6 sbin/io-net 21r INTR 64K 2648K 8192(132K)
110604 7 sbin/io-net 21r RECEIVE 64K 2648K 4096(132K)
110604 8 sbin/io-net 10o RECEIVE 64K 2648K 4096(132K)
110604 9 sbin/io-net 10o CONDVAR 64K 2648K 4096(132K)
110604 10 sbin/io-net 10o CONDVAR 64K 2648K 4096(132K)
ldqnx.so.2 @b0300000 344K 20K
npm-tcpip.so @b8200000 672K 104K
devn-igig.so @b82c2000 56K 4096
libsocket.so.2 @b82d1000 116K 28K
devn-speedo.so @b82f5000 48K 8192
npm-qnet.so @b8303000 136K 36K
lsm-ipfilter-v6.so @b832e000 80K 16K
/dev/mem @40100000 (fc9e0000) 128K
/dev/mem @40120000 (feafe000) 4096
#ls /dev/io-net
en0
en1
en_en0
ip0
ip_en
ipv6_en
qnet0
#ls /dev/socket
1
17
2
24
29
autoconnect
config
netmanager
Murf
Xiaodan Tang wrote:
Could you do a “pidin -p io-net mem” so we know what’s in it?
-xtang
John A. Murphy <> murf@perftech.com> > wrote in message
news:ctblb0$o6a$> 1@inn.qnx.com> …I checked a couple of 6.30 machines, and there is an “en_en0” entry
under /dev/io-net BEFORE starting tcpdump (but no bpf entry under
/dev/socket). After starting tcpdump, there is a bpf entry under
/dev/socket, but no additional entries under /dev/io-net, and so
apparently nothing that could be umounted.Murf
OS Support wrote:
Hi John,I just tried this on my 6.3 system and I see an “en_en0” entry under
/dev/io-net after starting tcpdump. You should also see nfm-bpf.soloaded
when you do a “pidin -p io-net mem”. Unmounting /dev/io-net/en_en0 also
worked to unload nfm-bpf.so.Thanks,
Barry“John A. Murphy” <> murf@perftech.com> > wrote in message
news:ct9356$n7t$> 1@inn.qnx.com> …
We’ve discovered that tcpdump can “automatically” load the BPF filter in
QNX 6.3.0, which is very cool. However, two questions:
Since the BPF filter doesn’t show up in /dev/io-net when it is loaded
by tcpdump, how can it be unloaded?How did tcpdump manage to load it without it showing up in
/dev/io-net in the first place?!
Murf
\