Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 14 Apr 1995 09:20:02 -0700
From:      jc@irbs.com
To:        freebsd-bugs
Subject:   kern/343: tcpdump with filter fails on tun and lo devices
Message-ID:  <199504141620.JAA23291@freefall.cdrom.com>
In-Reply-To: Your message of Fri, 14 Apr 1995 12:12:21 -0400 <199504141612.MAA01541@irbs.com>

next in thread | previous in thread | raw e-mail | index | archive | help

>Number:         343
>Category:       kern
>Synopsis:       tcpdump with filter fails on tun and lo devices
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 14 09:20:01 1995
>Originator:     John Capo
>Organization:
IRBS Engineering
>Release:        FreeBSD 2.1.0-Development i386
>Environment:

FreeBSD-current

>Description:

The packet filter fails to capture any packets when tcpdump is used
with a filter expression on the tunnel or loopback device.

>How-To-Repeat:

tcpdump -i lo0 icmp      on one terminal
ping localhost           on another terminal

>Fix:

I am not sure if the problem is in the drivers, the kernel packet
filter, or in tcpdump.  The loopback and tunnel devices attach to
the bpf with a device type of DLT_NULL and dummy up a link level
header that contains the adddress family for the packet, always
AF_INET.  Using a dummy PPP header in the drivers and attaching to
the bpf with DLT_PPP works.

This patch is probably not the correct fix but it will provide the
missing functionality.  A bpf guru needs to fix this the right way.


*** sys/net/if_tun.c.orig	Mon Apr 10 22:48:34 1995
--- sys/net/if_tun.c	Fri Apr 14 09:44:20 1995
***************
*** 117,123 ****
  		ifp->if_opackets = 0;
  		if_attach(ifp);
  #if NBPFILTER > 0
! 		bpfattach(&tunctl[i].tun_bpf, ifp, DLT_NULL, sizeof(u_int));
  #endif
  	}
  }
--- 117,123 ----
  		ifp->if_opackets = 0;
  		if_attach(ifp);
  #if NBPFILTER > 0
! 		bpfattach(&tunctl[i].tun_bpf, ifp, DLT_PPP, sizeof(u_int));
  #endif
  	}
  }
***************
*** 286,299 ****
  #if NBPFILTER > 0
  	if (tp->tun_bpf) {
  		/*
! 		 * We need to prepend the address family as
! 		 * a four byte field.  Cons up a dummy header
! 		 * to pacify bpf.  This is safe because bpf
! 		 * will only read from the mbuf (i.e., it won't
! 		 * try to free it or keep a pointer to it).
! 		 */
  		struct mbuf m;
! 		u_int af = dst->sa_family;
  
  		m.m_next = m0;
  		m.m_len = 4;
--- 286,298 ----
  #if NBPFILTER > 0
  	if (tp->tun_bpf) {
  		/*
! 		 * Dummy up a PPP link level header.
! 		 * This is safe because bpf will only read from the
! 		 * mbuf (i.e., it won't try to free it or keep a
! 		 * pointer to it).
! 		*/
  		struct mbuf m;
! 		u_int af = htonl(0x0021);
  
  		m.m_next = m0;
  		m.m_len = 4;
***************
*** 510,523 ****
  #if NBPFILTER > 0
  	if (tunctl[unit].tun_bpf) {
  		/*
! 		 * We need to prepend the address family as
! 		 * a four byte field.  Cons up a dummy header
! 		 * to pacify bpf.  This is safe because bpf
! 		 * will only read from the mbuf (i.e., it won't
! 		 * try to free it or keep a pointer to it).
! 		 */
  		struct mbuf m;
! 		u_int af = AF_INET;
  
  		m.m_next = top;
  		m.m_len = 4;
--- 509,521 ----
  #if NBPFILTER > 0
  	if (tunctl[unit].tun_bpf) {
  		/*
! 		 * Dummy up a PPP link level header.
! 		 * This is safe because bpf will only read from the
! 		 * mbuf (i.e., it won't try to free it or keep a
! 		 * pointer to it).
! 		*/
  		struct mbuf m;
! 		u_int af = (0x0021);
  
  		m.m_next = top;
  		m.m_len = 4;
*** sys/net/if_loop.c.orig	Mon Mar 20 16:26:39 1995
--- sys/net/if_loop.c	Fri Apr 14 09:44:31 1995
***************
*** 97,103 ****
  	ifp->if_addrlen = 0;
  	if_attach(ifp);
  #if NBPFILTER > 0
! 	bpfattach(&ifp->if_bpf, ifp, DLT_NULL, sizeof(u_int));
  #endif
  }
  
--- 97,103 ----
  	ifp->if_addrlen = 0;
  	if_attach(ifp);
  #if NBPFILTER > 0
! 	bpfattach(&ifp->if_bpf, ifp, DLT_PPP, sizeof(u_int));
  #endif
  }
  
***************
*** 119,132 ****
  #if NBPFILTER > 0
  	if (loif.if_bpf) {
  		/*
! 		 * We need to prepend the address family as
! 		 * a four byte field.  Cons up a dummy header
! 		 * to pacify bpf.  This is safe because bpf
! 		 * will only read from the mbuf (i.e., it won't
! 		 * try to free it or keep a pointer a to it).
! 		 */
  		struct mbuf m0;
! 		u_int af = dst->sa_family;
  
  		m0.m_next = m;
  		m0.m_len = 4;
--- 119,131 ----
  #if NBPFILTER > 0
  	if (loif.if_bpf) {
  		/*
! 		 * Dummy up a PPP link level header.
! 		 * This is safe because bpf will only read from the
! 		 * mbuf (i.e., it won't try to free it or keep a
! 		 * pointer to it).
! 		*/
  		struct mbuf m0;
! 		u_int af = htonl(0x0021);
  
  		m0.m_next = m;
  		m0.m_len = 4;
>Audit-Trail:
>Unformatted:





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504141620.JAA23291>