Date: Fri, 14 Apr 1995 09:20:02 -0700 From: jc@irbs.com To: freebsd-bugs Subject: kern/343: tcpdump with filter fails on tun and lo devices Message-ID: <199504141620.JAA23291@freefall.cdrom.com> In-Reply-To: Your message of Fri, 14 Apr 1995 12:12:21 -0400 <199504141612.MAA01541@irbs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>Number: 343 >Category: kern >Synopsis: tcpdump with filter fails on tun and lo devices >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs (FreeBSD bugs mailing list) >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Apr 14 09:20:01 1995 >Originator: John Capo >Organization: IRBS Engineering >Release: FreeBSD 2.1.0-Development i386 >Environment: FreeBSD-current >Description: The packet filter fails to capture any packets when tcpdump is used with a filter expression on the tunnel or loopback device. >How-To-Repeat: tcpdump -i lo0 icmp on one terminal ping localhost on another terminal >Fix: I am not sure if the problem is in the drivers, the kernel packet filter, or in tcpdump. The loopback and tunnel devices attach to the bpf with a device type of DLT_NULL and dummy up a link level header that contains the adddress family for the packet, always AF_INET. Using a dummy PPP header in the drivers and attaching to the bpf with DLT_PPP works. This patch is probably not the correct fix but it will provide the missing functionality. A bpf guru needs to fix this the right way. *** sys/net/if_tun.c.orig Mon Apr 10 22:48:34 1995 --- sys/net/if_tun.c Fri Apr 14 09:44:20 1995 *************** *** 117,123 **** ifp->if_opackets = 0; if_attach(ifp); #if NBPFILTER > 0 ! bpfattach(&tunctl[i].tun_bpf, ifp, DLT_NULL, sizeof(u_int)); #endif } } --- 117,123 ---- ifp->if_opackets = 0; if_attach(ifp); #if NBPFILTER > 0 ! bpfattach(&tunctl[i].tun_bpf, ifp, DLT_PPP, sizeof(u_int)); #endif } } *************** *** 286,299 **** #if NBPFILTER > 0 if (tp->tun_bpf) { /* ! * We need to prepend the address family as ! * a four byte field. Cons up a dummy header ! * to pacify bpf. This is safe because bpf ! * will only read from the mbuf (i.e., it won't ! * try to free it or keep a pointer to it). ! */ struct mbuf m; ! u_int af = dst->sa_family; m.m_next = m0; m.m_len = 4; --- 286,298 ---- #if NBPFILTER > 0 if (tp->tun_bpf) { /* ! * Dummy up a PPP link level header. ! * This is safe because bpf will only read from the ! * mbuf (i.e., it won't try to free it or keep a ! * pointer to it). ! */ struct mbuf m; ! u_int af = htonl(0x0021); m.m_next = m0; m.m_len = 4; *************** *** 510,523 **** #if NBPFILTER > 0 if (tunctl[unit].tun_bpf) { /* ! * We need to prepend the address family as ! * a four byte field. Cons up a dummy header ! * to pacify bpf. This is safe because bpf ! * will only read from the mbuf (i.e., it won't ! * try to free it or keep a pointer to it). ! */ struct mbuf m; ! u_int af = AF_INET; m.m_next = top; m.m_len = 4; --- 509,521 ---- #if NBPFILTER > 0 if (tunctl[unit].tun_bpf) { /* ! * Dummy up a PPP link level header. ! * This is safe because bpf will only read from the ! * mbuf (i.e., it won't try to free it or keep a ! * pointer to it). ! */ struct mbuf m; ! u_int af = (0x0021); m.m_next = top; m.m_len = 4; *** sys/net/if_loop.c.orig Mon Mar 20 16:26:39 1995 --- sys/net/if_loop.c Fri Apr 14 09:44:31 1995 *************** *** 97,103 **** ifp->if_addrlen = 0; if_attach(ifp); #if NBPFILTER > 0 ! bpfattach(&ifp->if_bpf, ifp, DLT_NULL, sizeof(u_int)); #endif } --- 97,103 ---- ifp->if_addrlen = 0; if_attach(ifp); #if NBPFILTER > 0 ! bpfattach(&ifp->if_bpf, ifp, DLT_PPP, sizeof(u_int)); #endif } *************** *** 119,132 **** #if NBPFILTER > 0 if (loif.if_bpf) { /* ! * We need to prepend the address family as ! * a four byte field. Cons up a dummy header ! * to pacify bpf. This is safe because bpf ! * will only read from the mbuf (i.e., it won't ! * try to free it or keep a pointer a to it). ! */ struct mbuf m0; ! u_int af = dst->sa_family; m0.m_next = m; m0.m_len = 4; --- 119,131 ---- #if NBPFILTER > 0 if (loif.if_bpf) { /* ! * Dummy up a PPP link level header. ! * This is safe because bpf will only read from the ! * mbuf (i.e., it won't try to free it or keep a ! * pointer to it). ! */ struct mbuf m0; ! u_int af = htonl(0x0021); m0.m_next = m; m0.m_len = 4; >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504141620.JAA23291>