Date: Fri, 14 Apr 1995 09:20:02 -0700 From: jc@irbs.com To: freebsd-bugs Subject: kern/343: tcpdump with filter fails on tun and lo devices Message-ID: <199504141620.JAA23291@freefall.cdrom.com> In-Reply-To: Your message of Fri, 14 Apr 1995 12:12:21 -0400 <199504141612.MAA01541@irbs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Number: 343
>Category: kern
>Synopsis: tcpdump with filter fails on tun and lo devices
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs (FreeBSD bugs mailing list)
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 14 09:20:01 1995
>Originator: John Capo
>Organization:
IRBS Engineering
>Release: FreeBSD 2.1.0-Development i386
>Environment:
FreeBSD-current
>Description:
The packet filter fails to capture any packets when tcpdump is used
with a filter expression on the tunnel or loopback device.
>How-To-Repeat:
tcpdump -i lo0 icmp on one terminal
ping localhost on another terminal
>Fix:
I am not sure if the problem is in the drivers, the kernel packet
filter, or in tcpdump. The loopback and tunnel devices attach to
the bpf with a device type of DLT_NULL and dummy up a link level
header that contains the adddress family for the packet, always
AF_INET. Using a dummy PPP header in the drivers and attaching to
the bpf with DLT_PPP works.
This patch is probably not the correct fix but it will provide the
missing functionality. A bpf guru needs to fix this the right way.
*** sys/net/if_tun.c.orig Mon Apr 10 22:48:34 1995
--- sys/net/if_tun.c Fri Apr 14 09:44:20 1995
***************
*** 117,123 ****
ifp->if_opackets = 0;
if_attach(ifp);
#if NBPFILTER > 0
! bpfattach(&tunctl[i].tun_bpf, ifp, DLT_NULL, sizeof(u_int));
#endif
}
}
--- 117,123 ----
ifp->if_opackets = 0;
if_attach(ifp);
#if NBPFILTER > 0
! bpfattach(&tunctl[i].tun_bpf, ifp, DLT_PPP, sizeof(u_int));
#endif
}
}
***************
*** 286,299 ****
#if NBPFILTER > 0
if (tp->tun_bpf) {
/*
! * We need to prepend the address family as
! * a four byte field. Cons up a dummy header
! * to pacify bpf. This is safe because bpf
! * will only read from the mbuf (i.e., it won't
! * try to free it or keep a pointer to it).
! */
struct mbuf m;
! u_int af = dst->sa_family;
m.m_next = m0;
m.m_len = 4;
--- 286,298 ----
#if NBPFILTER > 0
if (tp->tun_bpf) {
/*
! * Dummy up a PPP link level header.
! * This is safe because bpf will only read from the
! * mbuf (i.e., it won't try to free it or keep a
! * pointer to it).
! */
struct mbuf m;
! u_int af = htonl(0x0021);
m.m_next = m0;
m.m_len = 4;
***************
*** 510,523 ****
#if NBPFILTER > 0
if (tunctl[unit].tun_bpf) {
/*
! * We need to prepend the address family as
! * a four byte field. Cons up a dummy header
! * to pacify bpf. This is safe because bpf
! * will only read from the mbuf (i.e., it won't
! * try to free it or keep a pointer to it).
! */
struct mbuf m;
! u_int af = AF_INET;
m.m_next = top;
m.m_len = 4;
--- 509,521 ----
#if NBPFILTER > 0
if (tunctl[unit].tun_bpf) {
/*
! * Dummy up a PPP link level header.
! * This is safe because bpf will only read from the
! * mbuf (i.e., it won't try to free it or keep a
! * pointer to it).
! */
struct mbuf m;
! u_int af = (0x0021);
m.m_next = top;
m.m_len = 4;
*** sys/net/if_loop.c.orig Mon Mar 20 16:26:39 1995
--- sys/net/if_loop.c Fri Apr 14 09:44:31 1995
***************
*** 97,103 ****
ifp->if_addrlen = 0;
if_attach(ifp);
#if NBPFILTER > 0
! bpfattach(&ifp->if_bpf, ifp, DLT_NULL, sizeof(u_int));
#endif
}
--- 97,103 ----
ifp->if_addrlen = 0;
if_attach(ifp);
#if NBPFILTER > 0
! bpfattach(&ifp->if_bpf, ifp, DLT_PPP, sizeof(u_int));
#endif
}
***************
*** 119,132 ****
#if NBPFILTER > 0
if (loif.if_bpf) {
/*
! * We need to prepend the address family as
! * a four byte field. Cons up a dummy header
! * to pacify bpf. This is safe because bpf
! * will only read from the mbuf (i.e., it won't
! * try to free it or keep a pointer a to it).
! */
struct mbuf m0;
! u_int af = dst->sa_family;
m0.m_next = m;
m0.m_len = 4;
--- 119,131 ----
#if NBPFILTER > 0
if (loif.if_bpf) {
/*
! * Dummy up a PPP link level header.
! * This is safe because bpf will only read from the
! * mbuf (i.e., it won't try to free it or keep a
! * pointer to it).
! */
struct mbuf m0;
! u_int af = htonl(0x0021);
m0.m_next = m;
m0.m_len = 4;
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504141620.JAA23291>