From owner-freebsd-net@FreeBSD.ORG Wed Jul 5 17:13:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A47516A4DF for ; Wed, 5 Jul 2006 17:13:41 +0000 (UTC) (envelope-from vladgalu@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61A5543D45 for ; Wed, 5 Jul 2006 17:13:39 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by nf-out-0910.google.com with SMTP id x37so1638405nfc for ; Wed, 05 Jul 2006 10:13:39 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=onaIOCHVfnc9FDX6nVF/fOPwhbIPlcBiwe15BOtmVHo2aZEa4nzwlaD8xL8KrrjJuaOwB3uSOlVOg8bHniPoTWK12JNz0vLduAIAgkn5t5zHdMRMsMI65qQHBQhvM+cxNv27tbL3ej23pTw0tFOZrtkXyXrowkv2VX5yCw0pZpc= Received: by 10.48.47.3 with SMTP id u3mr4079190nfu; Wed, 05 Jul 2006 10:13:39 -0700 (PDT) Received: by 10.48.250.2 with HTTP; Wed, 5 Jul 2006 10:13:39 -0700 (PDT) Message-ID: <79722fad0607051013w38f03fcrd0f9b439dcca2de0@mail.gmail.com> Date: Wed, 5 Jul 2006 20:13:39 +0300 From: "Vlad GALU" To: freebsd-net@freebsd.org In-Reply-To: <79722fad0607051009r4cd6a23bh8923b4aa844c6e40@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <79722fad0607051009r4cd6a23bh8923b4aa844c6e40@mail.gmail.com> Subject: Re: bpf seeing non-local traffic on lo0 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2006 17:13:41 -0000 On 7/5/06, Vlad GALU wrote: > I was debugging a dspam->clamav connection and I saw two packets > which didn't belong to the loopback interface. The destination IP was > assigned to one of the physical interfaces, and the source IP was > somewhere on the internet. I've no idea how to reproduce it. It looks like a BPF miscompilation, since the filter I set said "tcp port 3310" and the captured packets have, indeed, a source port of 3310. It's perhaps worth saying that the machine is an EM64T running amd64. > > -- > If it's there, and you can see it, it's real. > If it's not there, and you can see it, it's virtual. > If it's there, and you can't see it, it's transparent. > If it's not there, and you can't see it, you erased it. > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.