[Yeti DNS Discuss] dnscap losing packets?

Shane Kerr shane at biigroup.cn
Mon Jul 13 08:06:38 UTC 2015 

Kevin,

This continues to be worrying! Thanks again to Stephane for spotting it
and to you for digging further into the issue.

I think we should do two things:

1. Create a bug report on the GitHub source, including whatever scripts
   and/or data were used to detect the problem.

2. Send a mail to the dns-operations list so that dnscap users are
   aware of possible issues (I think this is especially important since
   I think that the DITL effort uses dnscap).

Cheers,

--
Shane "back from vacation but still booting his brain" Kerr

On Mon, 13 Jul 2015 15:17:42 +0800
"龚道彪" <dbgong at biigroup.cn> wrote:

> we have do some tests on dnscap.
> dnscap:
>     https://github.com/verisign/dnscap
> 
> 
> test cases:send with different slow QPS, different Linux kernel, compare with tcpdump.
> 1. centos 2.6.32:  libpcap 1.4.0   
>     tcpdump is ok,  dnscap is ok
> 	
> 2. ubuntu 3.13.0-46-generic libpcap 1.5.3 
>     tcpdump is ok, dnscap lost packets
> 	
> 3. ubuntu 3.16.0-30-generic libpcap 1.5.3 
>     tcpdump is ok, dnscap lost packets
> 	
> 4. ubuntu 4.0.7-040007-generic #201507031036 SMP libpcap 1.5.3  
>      tcpdump is ok, dnscap is ok
> 	 
> related bug report:
>     https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1457472
> 
> 
> Summary:
>     on ubuntu 14.04.2(kernel 4.0.7), dnscap works well.
>     on Centos 6(kernel 2.6.32.*), dnscap works well.
>     on FreeBSD 10.0, dnscap works well.
> 	
>     linux kernel blow 3.19 do impact dnscap.
>    on ubuntu 14.04.2(kernel 3.13.0, 3.16.0): the result is weird, tcpdump didn't lost packets, 
>    but dnscap lost packets, they both depends on libpcap-dev 1.5.3, maybe some bugs in dnscap code.
> 
> 
> 
> ---Kevin
>  
> ------------------ Original ------------------
> From:  "Stephane Bortzmeyer"<bortzmeyer at nic.fr>;
> Date:  Thu, Jun 18, 2015 03:37 PM
> To:  "龚道彪"<dbgong at biigroup.cn>; 
> Cc:  "Paul Vixie"<paul at redbarn.org>; "Stephane Bortzmeyer"<bortzmeyer at nic.fr>; "discuss"<discuss at lists.yeti-dns.org>; 
> Subject:  Re: [Yeti DNS Discuss] dnscap losing packets?
> 
>  
> On Thu, Jun 18, 2015 at 11:39:00AM +0800,
>  龚道彪 <dbgong at biigroup.cn> wrote 
>  a message of 164 lines which said:
> 
> > maybe I found the reason.  when your host is multihomed, dnscap will
> > only capture on one NIC
> 
> I don't think this is the reason, see later.
> 
> > result on pcap file:
> > eth0: get the query only
> > eth1: get the response only
> 
> This may be because, by default, the reply is sent on eth1 (test with
> tcpdump to be sure). In my case, the result is not reproducible
> (sometimes, I get the query, sometimes not).
> 
> > Stephane, is your host multihomed?
> 
> Yes, a Linux VPS with two virtual interfaces, eth0 is used for
> management (dahu1-mnt.yeti.eu.org, SSH, SMTP and so on) and eth1 for
> the DNS service (dahu1.yeti.eu.org). Default route goes through eth0,
> source routing is used to be sure that the DNS replies go through eth1
> (checked with tcpdump and pcapdump).

More information about the discuss mailing list