This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I'm running the latest 1.99 OSX version of Wireshark on OSX 10.10 Yosemite than ran fine until yesterday. All of a sudden I get the following error:

Error from waitpid(): Interrupted system call.

I completely uninstalled and reinstalled. Exactly 1 time I found an interface; second time:none!

Can you help Kind regards, Loe

asked 23 Jun '14, 01:24

Loe%20Walter's gravatar image

Loe Walter
41336
accept rate: 0%

Same thing here... that error means the interfaces can't be found. I checked and ChmodBPF is not installed. I am not sure, but it looks like a permissions thing is preventing proper install of Wireshark 1.99 (earlier versions don't even load to the main screen).

marc

(25 Jun '14, 18:30) Marc Abrams

"ChmodBPF is not installed". I.e., if you do

sudo launchctl list | egrep ChmodBPF

it doesn't print

-       0       org.wireshark.ChmodBPF

?

(25 Jun '14, 18:56) Guy Harris ♦♦

Hi, Gary:

It DOES show it:

Last login: Wed Jun 25 18:25:12 on ttys000
Marcs-MacBook-Pro:~ marc$ sudo launchctl list | egrep ChmodBPF
Password:
-   0   org.wireshark.ChmodBPF
Marcs-MacBook-Pro:~ marc$

But the interfaces still don't show up in the app.

Thanks.

marc

(25 Jun '14, 19:07) Marc Abrams

So what does ls -l /dev/bpf* print?

(25 Jun '14, 19:12) Guy Harris ♦♦

Hi, Gary:

See:

Marcs-MacBook-Pro:~ marc$ ls -l /dev/bpf* 
crw-rw----  1 root  access_bpf   23,   0 Jun 25 20:02 /dev/bpf0
crw-rw----  1 root  access_bpf   23,   1 Jun 25 20:02 /dev/bpf1
crw-rw----  1 root  access_bpf   23,  10 Jun 25 20:02 /dev/bpf10

(other lines with the same permissions, owner, and group omitted)

crw-rw----  1 root  access_bpf   23,  99 Jun 25 20:02 /dev/bpf99
Marcs-MacBook-Pro:~ marc$

Thanks.

marc.

(25 Jun '14, 20:08) Marc Abrams

So ChmodBPF is installed and it is doing what it's supposed to do (you have a ton of BPF devices, all with rw-rw---- permissions, and all owned by the access_bpf group).

What does the command id print?

(25 Jun '14, 20:23) Guy Harris ♦♦

Hi, Gary:

I made myself root and launched Wireshark from the terminal and I see that it cannot capture the interfaces:

16:37:18.211 Capture Msg Capture Interface List failed!

Not sure what to do from here.

marc.

(26 Jun '14, 16:46) Marc Abrams

Hi Gary,

Can you come to some kind of conclusion when reading this:

sh-3.2# ./Wireshark
 2014-06-27 09:43:52.577 Wireshark[1841:907457] TSplicedFont failed creating descriptor for:
(
        {
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7ff2d35e5620>";
        name = ".STHeitiUISC-Thin";
    }
)
 2014-06-27 09:43:52.580 Wireshark[1841:907457] TSplicedFont failed creating descriptor for:
(
        {
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7ff2d35e5620>";
        name = ".STHeitiUITC-Thin";
    }
)
 2014-06-27 09:43:52.580 Wireshark[1841:907457] TSplicedFont failed creating descriptor for:
(
        {
        NSCTFontFeatureSettingsAttribute =         (
                        {
                CTFeatureSelectorIdentifier = 8;
                CTFeatureTypeIdentifier = 22;
            }
        );
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7ff2d5a19c20>";
        name = ".HiraKakuInterface-W2";
    }
)
 FIX: packet list heading menu sensitivity 
 09:43:56.777  Dbg  plugin_dir: /Applications/Wireshark.app/Contents/PlugIns/wireshark
 09:43:56.837 Main Dbg  Translator nl_NL
 09:43:56.837  Dbg  FIX: timestamp types should be set elsewhere
 09:43:56.837 Main Info fill_in_local_interfaces() starts
 09:43:56.837 Capture Msg  Capture Interface List ...
 09:43:56.837 Capture Dbg  sync_interface_list_open
 09:43:56.837 Capture Dbg  sync_pipe_open_command
 09:43:57.009 Capture Dbg  read 17 indicator: S empty value
 09:43:57.010 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.010 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,001s
 09:43:57.010 Capture Msg  Capture Interface Capabilities ...
 09:43:57.010 Capture Dbg  sync_if_capabilities_open
 09:43:57.010 Capture Dbg  sync_pipe_open_command
 09:43:57.019 Capture Dbg  read 17 indicator: S empty value
 09:43:57.019 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.019 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.019 Capture Msg  Capture Interface Capabilities failed!
 09:43:57.020 Capture Msg  Capture Interface Capabilities ...
 09:43:57.020 Capture Dbg  sync_if_capabilities_open
 09:43:57.020 Capture Dbg  sync_pipe_open_command
 09:43:57.028 Capture Dbg  read 17 indicator: S empty value
 09:43:57.028 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.028 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.028 Capture Msg  Capture Interface Capabilities ...
 09:43:57.028 Capture Dbg  sync_if_capabilities_open
 09:43:57.029 Capture Dbg  sync_pipe_open_command
 09:43:57.037 Capture Dbg  read 17 indicator: S empty value
 09:43:57.038 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.038 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.038 Capture Msg  Capture Interface Capabilities ...
 09:43:57.038 Capture Dbg  sync_if_capabilities_open
 09:43:57.038 Capture Dbg  sync_pipe_open_command
 09:43:57.046 Capture Dbg  read 17 indicator: S empty value
 09:43:57.047 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.047 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.047 Capture Msg  Capture Interface Capabilities ...
 09:43:57.047 Capture Dbg  sync_if_capabilities_open
 09:43:57.047 Capture Dbg  sync_pipe_open_command
 09:43:57.056 Capture Dbg  read 17 indicator: S empty value
 09:43:57.056 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.057 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.057 Capture Msg  Capture Interface Capabilities ...
 09:43:57.057 Capture Dbg  sync_if_capabilities_open
 09:43:57.057 Capture Dbg  sync_pipe_open_command
 09:43:57.065 Capture Dbg  read 17 indicator: S empty value
 09:43:57.066 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.066 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.066 Capture Msg  Capture Interface Capabilities ...
 09:43:57.066 Capture Dbg  sync_if_capabilities_open
 09:43:57.066 Capture Dbg  sync_pipe_open_command
 09:43:57.074 Capture Dbg  read 17 indicator: S empty value
 09:43:57.075 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.075 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.075 Capture Msg  Capture Interface Capabilities ...
 09:43:57.075 Capture Dbg  sync_if_capabilities_open
 09:43:57.075 Capture Dbg  sync_pipe_open_command
 09:43:57.083 Capture Dbg  read 17 indicator: S empty value
 09:43:57.083 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.084 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,000s
 09:43:57.084 Main Info fill_in_local_interfaces() ends, taking 0,246s
 09:43:57.085  Dbg  FIX: fetch recent color settings
 09:43:57.086 Capture Msg  Capture Interface List ...
 09:43:57.086 Capture Dbg  sync_interface_list_open
 09:43:57.086 Capture Dbg  sync_pipe_open_command
 09:43:57.151 Capture Dbg  read 17 indicator: S empty value
 09:43:57.151 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
 09:43:57.152 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0,001s
 09:43:57.152 Capture Msg  Capture Interface List failed!
 09:43:57.164 Main Info Wireshark is up and ready to go

Thanks again

(27 Jun '14, 00:46) Loe Walter

Even stranger Gary... When opening Menu-> Capture -> Interfaces

I can see ALL interfaces and can even start en1 (Wireless)

Strange isn't it?

Loe

(27 Jun '14, 00:49) Loe Walter

And now for something completely different.... I close Wireshark and start it again from the console. Same errors as earlier, but NO interfaces anymore....????

Loe

(27 Jun '14, 00:54) Loe Walter

The only conclusion I can come to is that Wireshark isn't logging enough information to come to any more detailed conclusion. Try downloading the latest build from the OS X automated build directory and see what that does and what that logs; I changed the code to log more details on "Capture Interface Capabilities failed!" failures.

(27 Jun '14, 14:55) Guy Harris ♦♦

Using the latest build in the automated build directory (g4ac9895) I am having the same issue, my logs also look almost identical:

$ wireshark
2014-07-07 09:45:49.988 Wireshark[16052:543970] TSplicedFont failed creating descriptor for:
(
        {
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7fb9d9e95620>";
        name = ".STHeitiUISC-Thin";
    }
)
2014-07-07 09:45:49.991 Wireshark[16052:543970] TSplicedFont failed creating descriptor for:
(
        {
        NSCTFontFeatureSettingsAttribute =         (
                        {
                CTFeatureSelectorIdentifier = 8;
                CTFeatureTypeIdentifier = 22;
            }
        );
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7fb9d9df43a0>";
        name = ".HiraKakuInterface-W2";
    }
)
2014-07-07 09:45:49.992 Wireshark[16052:543970] TSplicedFont failed creating descriptor for:
(
        {
        UnicodeCharSetTrim = "<__NSCFCharacterSet: 0x7fb9d9e95620>";
        name = ".STHeitiUITC-Thin";
    }
)
FIX: packet list heading menu sensitivity 
09:45:50.906  Dbg  plugin_dir: /Applications/Wireshark.app/Contents/PlugIns/wireshark
09:45:50.931 Main Dbg  Translator en_CA
09:45:50.932  Dbg  FIX: timestamp types should be set elsewhere
09:45:50.932 Main Info fill_in_local_interfaces() starts
09:45:50.932 Capture Msg  Capture Interface List ...
09:45:50.932 Capture Dbg  sync_interface_list_open
09:45:50.932 Capture Dbg  sync_pipe_open_command
09:45:51.010 Capture Dbg  read 19 indicator: S empty value
09:45:51.011 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
09:45:51.012 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0.001s
09:45:51.012 Capture Msg  Capture Interface List failed, error 32767, Error from waitpid(): Interrupted system call (no secondary message)!
09:45:51.012 Main Info fill_in_local_interfaces() ends, taking 0.080s
09:45:51.015  Dbg  FIX: fetch recent color settings
09:45:51.016 Capture Msg  Capture Interface List ...
09:45:51.016 Capture Dbg  sync_interface_list_open
09:45:51.016 Capture Dbg  sync_pipe_open_command
09:45:51.092 Capture Dbg  read 19 indicator: S empty value
09:45:51.093 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
09:45:51.093 Capture Dbg  sync_pipe_wait_for_child: capture child closed after 0.001s
09:45:51.094 Capture Msg  Capture Interface List failed, error 0, Error from waitpid(): Interrupted system call (no secondary message)!
09:45:51.105 Main Info Wireshark is up and ready to go

Rolling back to 1.10.8 (32Bit) does not exhibit the issue.

(07 Jul '14, 08:59) ericyanush
showing 5 of 12 show 7 more comments

I was able to get around this by adding myself to the access_bpf group.

sudo dseditgroup -o edit -a myusername -t user access_bpf
permanent link

answered 22 Oct '14, 08:32

Amoeba's gravatar image

Amoeba
4113
accept rate: 0%

Confirmed to fix the same issue in my environment.

(22 Oct '14, 20:10) MagnusMortensen

I believe you can check for EINTR and try again for waitpid(). A waitpid with WNOHANG can return for any number of reasons causing interrupted syscall.

permanent link

answered 20 Feb '15, 08:17

ws_fan_2014's gravatar image

ws_fan_2014
62
accept rate: 0%

Here is a diff that I verified works on my MacBook Pro running Yosemite.

diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c
index 55be896..54ec8c1 100644
--- a/capchild/capture_sync.c
+++ b/capchild/capture_sync.c
@@ -1865,7 +1865,8 @@ static int
 sync_pipe_wait_for_child(int fork_child, gchar msgp)
 {
     int fork_child_status;
-    int ret;
+    int retry_waitpid = 3;
+    int ret = -1;
     GTimeVal start_time;
     GTimeVal end_time;
     float elapsed;
@@ -1898,6 +1899,7 @@ sync_pipe_wait_for_child(int fork_child, gchar msgp)
         }
     }
 #else
+    while (--retry_waitpid >= 0) {
         if (waitpid(fork_child, &fork_child_status, 0) != -1) {
             if (WIFEXITED(fork_child_status)) {
                 /
@@ -1923,6 +1925,10 @@ sync_pipe_wait_for_child(int fork_child, gchar msgp)
                                         fork_child_status);
                 ret = -1;
             }
+
+        } else if (errno == EINTR) {
+            g_log(LOG_DOMAIN_CAPTURE, G_LOG_LEVEL_WARNING, "sync_pipe_wait_for_child: waitpid returned EINTR. retrying.");
+            continue;
         } else if (errno != ECHILD) {
             *msgp = g_strdup_printf("Error from waitpid(): %s", g_strerror(errno));
             ret = -1;
@@ -1930,6 +1936,8 @@ sync_pipe_wait_for_child(int fork_child, gchar msgp)
             / errno == ECHILD ; echld might have already reaped the child */
             ret = fetch_dumpcap_pid ? 0 : -1;
         }
+        break;
+    }
 #endif

 g_get_current_time(&end_time);
(20 Feb '15, 16:11) ws_fan_2014

While it can be difficult to determine if an issue is user-based, environment-based or a bug so all are fair game for Ask Wireshark, actual bugs should go to the Wireshark Bugzilla, and patches should follow the Submission Guide and go into the Wireshark Gerrit system for review.

(21 Feb '15, 01:08) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620

question asked: 23 Jun '14, 01:24

question was seen: 5,077 times

last updated: 21 Feb '15, 01:08

p​o​w​e​r​e​d by O​S​Q​A