Question & Answer
Question
Why tcpdump fails with error "tcpdump: bpf_load: could not configure driver: Do not specify an existing file" on AIX and VIOS?
For example:
# tcpdump -i en3 port 22
tcpdump: bpf_load: could not configure driver: Do not specify an existing file.
Answer
The tcpdump uses bpf to capture the network packets. The error "bpf_load: could not configure driver: Do not specify an existing file" indicates that another application or driver is holding a lock on bpf that is reserved for tcpdump. To determine who is holding a lock on bpf, run the following steps as root.
# odmget CuDvDr | grep -p ddins | grep -p bpf
CuDvDr:
resource = "ddins"
value1 = "bpf"
value2 = "37"
value3 = ""
CuDvDr:
resource = "ddins"
value1 = "bpf"
value2 = "37"
value3 = ""
The value2 is the major number (in hex) of the bpf. Use value2 in the next step.
# kdb
(0)> dcal 37
Value decimal: 37 Value hexa: 00000025
(0)> dcal 37
Value decimal: 37 Value hexa: 00000025
Use Value hexa in the next step.
(0)> devsw 00000025
Slot address F1000A14203D1280
MAJOR: 025
open: F1000000C066F260
close: F1000000C066F220
read: F1000000C066EEA0
write: F1000000C066BC00
ioctl: F1000000C066E2A0
strategy: .nodev (002CDDA0)
ttys: 00000000
select: F1000000C066C200
config: .nodev (002CDDA0)
print: .nodev (002CDDA0)
dump: .nodev (002CDDA0)
mpx: .nodev (002CDDA0)
revoke: .nodev (002CDDA0)
dsdptr: 00000000
selptr: 00000000
opts: 0000002A DEV_DEFINED DEV_MPSAFE
Use ioctl value in the next step.
(0)> lke -s F1000000C066E2A0
Slot address F1000A14203D1280
MAJOR: 025
open: F1000000C066F260
close: F1000000C066F220
read: F1000000C066EEA0
write: F1000000C066BC00
ioctl: F1000000C066E2A0
strategy: .nodev (002CDDA0)
ttys: 00000000
select: F1000000C066C200
config: .nodev (002CDDA0)
print: .nodev (002CDDA0)
dump: .nodev (002CDDA0)
mpx: .nodev (002CDDA0)
revoke: .nodev (002CDDA0)
dsdptr: 00000000
selptr: 00000000
opts: 0000002A DEV_DEFINED DEV_MPSAFE
Use ioctl value in the next step.
(0)> lke -s F1000000C066E2A0
ADDRESS FILE FILESIZE FLAGS MODULE NAME
1 F1000000905DAF00 F1000000C012C000 0008A000 02090242 hitachipcmke64/usr/lib/drivers/hitachipcmke
1 F1000000905DAF00 F1000000C012C000 0008A000 02090242 hitachipcmke64/usr/lib/drivers/hitachipcmke
le_flags....... TEXT DATA DATAEXISTS NOTKEYSAFE 64 PRIVATELOAD
le_eyec.................................. 4C4B (LK)
le_next......... F1000000905DAE00 le_lex............. 0000000000000000
le_fp............ 0000000000000000 le_fh.............. 0000000000000000
le_file........... F1000000C012C000 le_filesize...... 000000000008A000
le_data......... F1000000C01B3000 le_datasize..... 0000000000002CEE
le_ldr.............F1000000A0253000 le_ldr_size...... 0x1A75 (6773)
le_exports..... 0000000000000000 le_entrypoint.. F1000000C01B5228
le_eyec.................................. 4C4B (LK)
le_next......... F1000000905DAE00 le_lex............. 0000000000000000
le_fp............ 0000000000000000 le_fh.............. 0000000000000000
le_file........... F1000000C012C000 le_filesize...... 000000000008A000
le_data......... F1000000C01B3000 le_datasize..... 0000000000002CEE
le_ldr.............F1000000A0253000 le_ldr_size...... 0x1A75 (6773)
le_exports..... 0000000000000000 le_entrypoint.. F1000000C01B5228
le_usecount.... 2 le_loadcount... 2
le_ndepend..... 1 le_maxdepend... 1
le_filename....F1000000905DAFA8 le_depend.... @ F1000000905DAF98
le_timdat...... 1378188309
The lke output shows that Hitachi driver "hitachipcmke" uses major number "37", which is allocated to the bpf device used by tcpdump, and this causes tcpdump to fail. hitachipcmke driver needs to be unloaded to free major number to allow tcpdump to use it. The Hitachi needs to be contacted to resolve this problem. In this case, the bpf major number is used by the "hitachipcmke" driver, but it can be any other driver. If so, an appropriate driver vendor needs to be contacted.
le_ndepend..... 1 le_maxdepend... 1
le_filename....F1000000905DAFA8 le_depend.... @ F1000000905DAF98
le_timdat...... 1378188309
The lke output shows that Hitachi driver "hitachipcmke" uses major number "37", which is allocated to the bpf device used by tcpdump, and this causes tcpdump to fail. hitachipcmke driver needs to be unloaded to free major number to allow tcpdump to use it. The Hitachi needs to be contacted to resolve this problem. In this case, the bpf major number is used by the "hitachipcmke" driver, but it can be any other driver. If so, an appropriate driver vendor needs to be contacted.
Author: Darshan Patel
Platform: AIX/VIOS on Power
Feedback: aix_feedback@wwpdl.vnet.ibm.com
Platform: AIX/VIOS on Power
Feedback: aix_feedback@wwpdl.vnet.ibm.com
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzIAAQ","label":"Networking"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 August 2024
UID
ibm17166347