Re: OS X 10.6 diagnosis: pcap timeout and bpf device access

[David Fifield <david () bamsoftware com>]

On Sat, Nov 07, 2009 at 02:57:29PM -0500, Walt Scrivens wrote:
> David,
> Thanks for sticking with this.  You've done an impressive bit of  
> analysis work.  Your explanation is so good that even I begin to  
> understand what's going wrong, although I suppose the chances of apple  
> ever doing anything about it are slim to none.
>
> Since the problem doesn't happen in the released version 5, the problems 
> you've uncovered are specific to 5.05BETA-1.  Do we know why those 
> changes were made, and what the impact of reversing them would be?

I think it's because the release I made on 10.5 was compiled as a 32-bit
executable, and the default compiler target on 10.6 is 64-bit, but I
haven't tested that yet. We could, of course, build the next release as
32-bit, but that doesn't help the people who build from source unless we
make it automatic in the build system.

For what it's worth, I ran a copy of Nmap that I had built on 10.5 and
still had installed after upgrading to 10.6. It didn't have the blocking
forever problem, but it still couldn't read incoming packets unless I
had a concurrent tcpdump running.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/