Date: Sun, 28 Sep 2003 13:59:25 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Dambielle Yannick <yannick.dambielle@free.fr> Cc: freebsd-net@freebsd.org Subject: Re: tcpdump - tun/tap virtual interfaces Message-ID: <Pine.NEB.3.96L.1030928132013.20493F-100000@fledge.watson.org> In-Reply-To: <001401c385e4$0cfde770$3fc64352@shibuya>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 28 Sep 2003, Dambielle Yannick wrote: > When I try to ping the broadcast address I have the following results: > # ping 10.0.0.255 > ping: sendto: Permission denied > ... This is not the broadcast address for the network you've configured. It should be 10.0.10.255. > Bellow is how I do for setting up a virtual interface : > # echo 1 > /dev/tap1 This is the origin of your spurious console message: needless to say, '1' is not a valid ethernet frame. However, it should be sufficient to cause the tap interface to clone, etc. You might try instead "dd if=/dev/tap0 of=/dev/null bs=1500" which provides a sink for the packet data. Otherwise, you risk the tap interface being pulled out from under you. Note that if the device is not open, it could well be that tap quietly eats the packets, since they have nowhere to go. In this event, they might well not show up on the BPF device. > # ifconfig tap1 up > # ifconfig tap1 inet 10.0.10.1/24 add > # ifconfig <-- show me that tap1 has 10.0.10.1 attached and is also running > > On the first shell, I ping 10.0.10.1 > # ping 10.0.10.1 > 64 butes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.137ms > 64 butes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.137ms > ... This is fine -- you're ping the localhost, which the routing system knows does not need to go on the wire. > On a second shell, I try to dump > # tcpdump -i tap1 > That wait... that wait... Nothing comes :/ This will only show packets on the wire, the 10.0.10.1 packets won't go on the wire, so that's fine too. > Let's try to ping the broadcast address > # ping 10.0.10.255 > ping: sendto: Permission denied, same as before > ... > Well, any ideas are welcome. On my 5.x-CURRENT box: test1# ping 10.0.10.255 PING 10.0.10.255 (10.0.10.255): 56 data bytes 13:48:24.915656 0:bd:5b:fb:f:1 ff:ff:ff:ff:ff:ff 0800 98: 10.0.10.1 > 10.0.10.255: icmp: echo request RELENG_4: test2# ping 10.0.10.4 PING 10.0.10.4 (10.0.10.4): 56 data bytes 09:54:27.506679 0:bd:81:ae:10:0 ff:ff:ff:ff:ff:ff 0806 42: arp who-has 10.0.10.4 (0:0:0:0:0:2) tell 10.0.10.1 First, I notice that your example above uses 10.0.0.255 not 10.0.10.255. Check to make sure you're using the correct IP address. 10.0.10.4 causes an ARP lookup, which also appears fine in my configuration. Second, make sure any firewall rules don't prohibit traffic to the address range in question. This might explain the permission denied message. This might also be a result of the interface evaporating, see the next thing to try. Third, use dd or cat to keep the tap device open -- don't let it close, or it can be reclaimed and the packets will go out another interface trying to find the address range. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1030928132013.20493F-100000>