investigate dumpcap problems/replacement
Problem: dumpcap
on my Arch machine sometimes truncates PCAP file and I do not see how it could happen.
tcpdump --immediate-mode
on my machine works well so I wrote branch https://gitlab.nic.cz/knot/deckard/-/tree/dumpcap_replacement to replace dumpcap with tcpdump ... but somehow magically broke inside Docker only on CI machines.
On Ubuntu CI machines the tcpdump gets stuck and does not create the output file. On my Arch machine it works even with the same Docker image.
WTF?
dumpcap versions which cause problem on my Arch machine:
- wireshark-cli 3.2.5-1
- linux 5.7.12.arch1-1
- libpcap 1.9.1-2
tcpdump versions which work on my Arch machine:
- linux 5.7.12.arch1-1
- docker 1:19.03.12-2
- tcpdump inside docker:
- tcpdump 4.9.3-1~deb10u1
- libpcap0.8:amd64 1.8.1-6
tcpdump versions which do not work on my Debian CI machines:
- linux 5.4.0-42-generic #46~18.04.1-Ubuntu SMP
- docker-ce 5:19.03.12
3-0u - tcpdump inside docker: same as in the case where it works