From owner-freebsd-questions@freebsd.org  Wed Mar 29 19:57:14 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DB64D24CEF
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 29 Mar 2017 19:57:14 +0000 (UTC)
 (envelope-from dch@skunkwerks.at)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
 [66.111.4.29])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5E0CA20F
 for <freebsd-questions@freebsd.org>; Wed, 29 Mar 2017 19:57:14 +0000 (UTC)
 (envelope-from dch@skunkwerks.at)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 3EAF32236B
 for <freebsd-questions@freebsd.org>; Wed, 29 Mar 2017 15:57:13 -0400 (EDT)
Received: from web6 ([10.202.2.216])
 by compute7.internal (MEProxy); Wed, 29 Mar 2017 15:57:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
 h=content-transfer-encoding:content-type:date:from:message-id
 :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 mesmtp; bh=HljVzgZikvvq3UYvVUrWR14ODrVKeGdIMxs+Tda3Lg8=; b=Jz7Zm
 Bf/zqVG1n9YROt2gDDU0FL6IivY/QuxQITK0drgtu+sBNUnl3WaIodW0Bym+4pYo
 wBuvsFtjTX4xNhHKJfKblM3b+qs07ZfqxBX4W+s/eSAh3j00i4c6LJkwdwTfq6bp
 qdsKkfNSrFqf+Uv7HdPTQE1H1Turl7wDHxCSmM=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:message-id:mime-version:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm1; bh=HljVzgZikvvq3UYvVUrWR14ODrVKe
 GdIMxs+Tda3Lg8=; b=ofvYI4SBcK8gy1nj4EFIs840e10yT3bPV2gdvykYbA0Id
 km75yFILzgOCv7klXH6J+iBjZNN/deYl+g/L5G5qcjKb4ZzYF/VsSrbVuqJTMERb
 XH6hOWq3WSv/RafuIvDKOkM4YBZyfArXMYOvwTwIesW5tNYC7JmfgPPiFhb23/X9
 zEDzKjMkEKyc++PA5vloaU3borKQ+ILWGh1ekSFUnHI2k3HeJ6HdWUXxGTbatPob
 A+brjNozebz0fVi69VeLTvPz7H2Z8MBfwNMQ+4Ux6BFccOm4Xt9bGDT+ozVxsPGm
 LszWFWnWvx6zdQgNhyi5A4TBdoCxVZB79M4ARqb3Q==
X-ME-Sender: <xms:mRHcWHy5tohkPmouf31G8cadFKuXxzTVSUUhte6nGXM-YSg-emkglg>
Received: by mailuser.nyi.internal (Postfix, from userid 99)
 id 1BF3F48007; Wed, 29 Mar 2017 15:57:13 -0400 (EDT)
Message-Id: <1490817433.194426.927793672.2F3F2045@webmail.messagingengine.com>
From: Dave Cottlehuber <dch@skunkwerks.at>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-96d0475f
Date: Wed, 29 Mar 2017 21:57:13 +0200
Subject: ngrep/tcpdump and cloned interfaces
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 19:57:14 -0000

hi,

Today I wanted to observe traffic that is proxied via haproxy between IP
addresses both bound to a lo1 cloned interface.

To my surprise ngrep & tcpdump showed no activity on lo1, but it did
show the expected traffic on lo0.  Now I'm not even sure I understand
what a cloned interface is anymore..... 

Most importantly, does a jail with a lo1-bound IP address have any
ability outside firewall rules to receive or view traffic using a
lo0-bound IP in a different subnet? 

# ngrep -texd lo0 port 1978

T 2017/03/29 19:45:17.838356 10.241.0.3:48176 -> 10.241.0.3:1978 [AP]

  50 4f 53 54 20 2f 72 70    63 2f 73 65 74 20 48 54    POST /rpc/set HT
  54 50 2f 31 2e 31 0d 0a    55 73 65 72 2d 41 67 65    TP/1.1..User-Age
  6e 74 3a 20 46 75 72 6c    3a 3a 48 54 54 50 2f 33    nt: Furl::HTTP/3
  2e 30 39 0d 0a 43 6f 6e    74 65 6e 74 2d 54 79 70    .09..Content-Typ
  65 3a 20 74 65 78 74 2f    74 61 62 2d 73 65 70 61    e: text/tab-sepa

# sockstat -46l
# sockstat -46l |grep 1978
www      haproxy    36440 8  tcp4   10.241.0.0:1978       *:*
kyototycoon ktserver73187 6  tcp4   10.241.0.3:1978       *:*

# ifconfig snippets

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 

lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.241.0.0 netmask 0xffff0000 
        inet 10.241.0.3 netmask 0xffffffff 
        inet 10.241.0.2 netmask 0xffffffff 
        inet 10.241.0.1 netmask 0xffffffff 
        inet 10.241.0.5 netmask 0xffffffff 
        inet 10.241.0.4 netmask 0xffffffff 
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo 

# /etc/pf.conf snippet

protocols = "{ tcp, udp, icmp }"
extl_if="lagg0"
jail_if="lo1"
jail_net = $jail_if:network
nat on $extl_if proto $protocols from $jail_net to any -> ($extl_if)

A+
Dave