From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-132941-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RgCwx-0007WQ-0c
	for garchives@archives.gentoo.org; Thu, 29 Dec 2011 10:11:03 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1297921C05F;
	Thu, 29 Dec 2011 10:10:52 +0000 (UTC)
Received: from mail-lpp01m010-f53.google.com (mail-lpp01m010-f53.google.com [209.85.215.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id E88C321C05F
	for <gentoo-user@lists.gentoo.org>; Thu, 29 Dec 2011 10:09:46 +0000 (UTC)
Received: by lagr15 with SMTP id r15so5551336lag.40
        for <gentoo-user@lists.gentoo.org>; Thu, 29 Dec 2011 02:09:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=g4HV8Bxr8xI6EFVonygnGdROlAQ3o+f6wcvNkv5eBsU=;
        b=WuHKeuOGV/OhnThEu1ROAanaQjE4SdkGZQfk8nzhgDQgIFc+r5tg+EZzTr0tsTTZ3Q
         y4Mx8164jZpdtlG7fRq53Rb8OR+XBKk5gl/apIYPgZDPXFLkI907KmIryM7IJogNJY2V
         q+hMFtC2OJU3V+yGfQN7YKR3bAup3aAYpvJ+0=
Received: by 10.152.128.103 with SMTP id nn7mr28300025lab.48.1325153385959;
        Thu, 29 Dec 2011 02:09:45 -0800 (PST)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPS id mi5sm27355622lab.14.2011.12.29.02.09.44
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 29 Dec 2011 02:09:44 -0800 (PST)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Packet sniffing broken recently?
Date: Thu, 29 Dec 2011 10:09:37 +0000
User-Agent: KMail/1.13.7 (Linux/3.0.6-gentoo; KDE/4.7.3; x86_64; ; )
References: <jdge68$12q$1@dough.gmane.org> <jdh3or$erv$1@dough.gmane.org>
In-Reply-To: <jdh3or$erv$1@dough.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart2308570.BLUyYpF4Mc";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201112291009.47532.michaelkintzios@gmail.com>
X-Archives-Salt: 59a882d4-bc30-486b-9376-d617a4043adc
X-Archives-Hash: 037ef90735ecb77219a20c8e9556e071

--nextPart2308570.BLUyYpF4Mc
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote:
> walt, Wed, 28 Dec 2011 17:01:59 -0800:
> > Sometime in the last month or so (when I wasn't looking) my ~x86 and
> > ~amd64 machines quit working when I try to run wireshark or tcpdump,
> > etc, but I don't know exactly when or why.  (My amd64 machine still
> > sniffs packets normally.)
> >=20
> > I get this same error from any packet sniffing app:
> >=20
> > Can't open netlink socket 93:Protocol not supported
> >=20
> > Strace shows that this is the failing system call:
> >=20
> > socket(PF_NETLINK, SOCK_RAW, 12) =3D -1 EPROTONOSUPPORT (Protocol not
> > supported)
> >=20
> > That makes me think of some missing kernel config that may have been
> > added or modified in recent kernels, so I tried gentoo-sources-3.0.6
> > (same as my working amd64 machine) with no joy.  Same error message.
> >=20
> > Have I missed some important gentoo bulletin about networking recently?
> > Anyone have working packet sniffing on ~arch?
>=20
> Hi,
>=20
> If I remember correctly, I needed to set
> Networking support -> Networking options -> Network packet filtering
> framework (Netfilter) -> Core Netfilter Configuration -> Netfilter
> connection tracking support
>=20
> It has been a while though, so it may be another option in the
> netfilter config - just try it :)
>=20
> Lubos

tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors.

$ cat /usr/src/linux/.config | grep CONNTRACK
CONFIG_NF_CONNTRACK=3Dy
CONFIG_NF_CONNTRACK_MARK=3Dy
# CONFIG_NF_CONNTRACK_EVENTS is not set
CONFIG_NF_CONNTRACK_TIMESTAMP=3Dy
# CONFIG_NF_CONNTRACK_AMANDA is not set
CONFIG_NF_CONNTRACK_FTP=3Dy
# CONFIG_NF_CONNTRACK_H323 is not set
CONFIG_NF_CONNTRACK_IRC=3Dy
CONFIG_NF_CONNTRACK_BROADCAST=3Dy
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
CONFIG_NF_CONNTRACK_SNMP=3Dy
# CONFIG_NF_CONNTRACK_PPTP is not set
# CONFIG_NF_CONNTRACK_SANE is not set
CONFIG_NF_CONNTRACK_SIP=3Dy
# CONFIG_NF_CONNTRACK_TFTP is not set
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=3Dy
CONFIG_NF_CONNTRACK_IPV4=3Dy
CONFIG_NF_CONNTRACK_PROC_COMPAT=3Dy
CONFIG_NF_CONNTRACK_IPV6=3Dy

HTH.
=2D-=20
Regards,
Mick

--nextPart2308570.BLUyYpF4Mc
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk78PGsACgkQVTDTR3kpaLbNXACbBPyYKgaBSqeOUh7DJ0wW6cBv
FcMAoLhU/u/t7JTImq9SDAPSkDI7owTq
=T37B
-----END PGP SIGNATURE-----

--nextPart2308570.BLUyYpF4Mc--