IBM Support

Why tcpdump fails with error "bpf_load: could not configure driver: Do not specify an existing file" on AIX and VIOS?

Question & Answer


Question

Why tcpdump fails with error "tcpdump: bpf_load: could not configure driver: Do not specify an existing file" on AIX and VIOS?
For example:
# tcpdump -i en3 port 22
tcpdump: bpf_load: could not configure driver: Do not specify an existing file. 

Answer

The tcpdump uses bpf to capture the network packets. The error "bpf_load: could not configure driver: Do not specify an existing file" indicates that another application or driver is holding a lock on bpf that is reserved for tcpdump. To determine who is holding a lock on bpf, run the following steps as root.
# odmget CuDvDr | grep -p ddins | grep -p bpf                    
CuDvDr:                                                                 
        resource = "ddins"                                              
        value1 = "bpf"                                                  
        value2 = "37"                                      
        value3 = ""                                                    
The value2 is the major number (in hex) of the bpf. Use value2 in the next step.
# kdb                                                                   
(0)> dcal 37                                                            
Value decimal: 37          Value hexa: 00000025
Use Value hexa in the next step.
(0)> devsw 00000025                                                           
Slot address F1000A14203D1280                                           
MAJOR: 025                                                              
   open:      F1000000C066F260                                          
   close:     F1000000C066F220                                          
   read:      F1000000C066EEA0                                          
   write:     F1000000C066BC00                                          
   ioctl:     F1000000C066E2A0                              
   strategy:  .nodev (002CDDA0)                                         
   ttys:      00000000                                                  
   select:    F1000000C066C200                                          
   config:    .nodev (002CDDA0)                                         
   print:     .nodev (002CDDA0)                                         
   dump:      .nodev (002CDDA0)                                          
   mpx:       .nodev (002CDDA0)                                         
   revoke:    .nodev (002CDDA0)                                         
   dsdptr:    00000000                                                  
   selptr:    00000000                                                  
   opts:      0000002A          DEV_DEFINED  DEV_MPSAFE                 
                                                                   
Use ioctl value in the next step.                                 
                                                                   
(0)> lke -s F1000000C066E2A0                                            
                                                                   
              ADDRESS                            FILE                       FILESIZE         FLAGS                         MODULE NAME     
1 F1000000905DAF00    F1000000C012C000    0008A000     02090242    hitachipcmke64/usr/lib/drivers/hitachipcmke                             
                                                                       
le_flags....... TEXT DATA DATAEXISTS NOTKEYSAFE 64 PRIVATELOAD        
le_eyec.................................. 4C4B      (LK)                               
le_next......... F1000000905DAE00      le_lex.............  0000000000000000   
le_fp............ 0000000000000000        le_fh..............  0000000000000000   
le_file........... F1000000C012C000       le_filesize......  000000000008A000   
le_data......... F1000000C01B3000       le_datasize.....  0000000000002CEE   
le_ldr.............F1000000A0253000       le_ldr_size...... 0x1A75 (6773)      
le_exports..... 0000000000000000      le_entrypoint.. F1000000C01B5228  
le_usecount....                         2                 le_loadcount...                           2   
le_ndepend.....                         1                le_maxdepend...                        1   
le_filename....F1000000905DAFA8     le_depend.... @ F1000000905DAF98   
le_timdat......       1378188309                                      
                                                                                                           
The lke output shows that Hitachi driver "hitachipcmke" uses major number "37", which is allocated to the bpf device used by tcpdump, and this causes tcpdump
to fail. hitachipcmke driver needs to be unloaded to free major number to allow tcpdump to use it. The Hitachi needs to be contacted to resolve this problem. In this case, the bpf major number is used by the "hitachipcmke" driver, but it can be any other driver. If so, an appropriate driver vendor needs to be contacted.
Author: Darshan Patel
Platform: AIX/VIOS on Power
Feedback:
aix_feedback@wwpdl.vnet.ibm.com

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzIAAQ","label":"Networking"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
26 August 2024

UID

ibm17166347