From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RgHxe-0000Z5-PH for garchives@archives.gentoo.org; Thu, 29 Dec 2011 15:32:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1AED221C198; Thu, 29 Dec 2011 15:31:58 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id CBF4121C186 for ; Thu, 29 Dec 2011 15:30:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 2D0601B407D for ; Thu, 29 Dec 2011 15:30:23 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -4.042 X-Spam-Level: X-Spam-Status: No, score=-4.042 tagged_above=-999 required=5.5 tests=[AWL=0.546, BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.288, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GfhWjs7gEqeL for ; Thu, 29 Dec 2011 15:30:14 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 6B3F71B40A2 for ; Thu, 29 Dec 2011 15:30:12 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RgHvi-0004O0-FX for gentoo-user@gentoo.org; Thu, 29 Dec 2011 16:30:06 +0100 Received: from adsl-69-234-176-215.dsl.irvnca.pacbell.net ([69.234.176.215]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Dec 2011 16:30:06 +0100 Received: from w41ter by adsl-69-234-176-215.dsl.irvnca.pacbell.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 29 Dec 2011 16:30:06 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: walt Subject: [gentoo-user] Re: Packet sniffing broken recently? Date: Thu, 29 Dec 2011 07:29:51 -0800 Message-ID: References: <201112291009.47532.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: adsl-69-234-176-215.dsl.irvnca.pacbell.net User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111117 Thunderbird/8.0 In-Reply-To: <201112291009.47532.michaelkintzios@gmail.com> X-Archives-Salt: 00f50677-524d-427a-b02e-f8af439ce90a X-Archives-Hash: 1894f4198383f334e4e51ef93f663fce On 12/29/2011 02:09 AM, Mick wrote: > On Thursday 29 Dec 2011 07:10:19 Lubos Kolouch wrote: >> walt, Wed, 28 Dec 2011 17:01:59 -0800: >>> Sometime in the last month or so (when I wasn't looking) my ~x86 and >>> ~amd64 machines quit working when I try to run wireshark or tcpdump, >>> etc, but I don't know exactly when or why. (My amd64 machine still >>> sniffs packets normally.) >>> >>> I get this same error from any packet sniffing app: >>> >>> Can't open netlink socket 93:Protocol not supported >>> >>> Strace shows that this is the failing system call: >>> >>> socket(PF_NETLINK, SOCK_RAW, 12) = -1 EPROTONOSUPPORT (Protocol not >>> supported) >>> >>> That makes me think of some missing kernel config that may have been >>> added or modified in recent kernels, so I tried gentoo-sources-3.0.6 >>> (same as my working amd64 machine) with no joy. Same error message. >>> >>> Have I missed some important gentoo bulletin about networking recently? >>> Anyone have working packet sniffing on ~arch? >> >> Hi, >> >> If I remember correctly, I needed to set >> Networking support -> Networking options -> Network packet filtering >> framework (Netfilter) -> Core Netfilter Configuration -> Netfilter >> connection tracking support >> >> It has been a while though, so it may be another option in the >> netfilter config - just try it :) >> >> Lubos > > tcpdump-3.9.8-r1 and kernel-3.0.6-gentoo works fine here with no errors. Thanks guys. I enabled all of the netfilter stuff as modules, then ran tcpdump. Turns out that tcpdump loaded only the 'nfnetlink' module, which makes good sense given my original 'NETLINK' error message. This change appears to be somewhere in userland, though, not in the kernel per se. I copied the kernel .config file from my working amd64 machine to the 'broken' ~amd64 machine and recompiled the kernel. No improvement. I had to enable the nfnetlink module to make packet sniffing work again. I suppose one of the networking packages changed in a recent ~arch update.