loopback bpf tcpdump curruption

Thu, 20 Jul 2023 12:16:27 -0700 

Hi,

When running tcpdump on loopback, I see a currupted packet for each
valid packet.

root@v74:.../~# tcpdump -ni lo0 -X -vvv
tcpdump: listening on lo0, link-type LOOP
21:01:07.645880
  0000: e161 0000 ff01 0000 7f00 0001 7f00 0001  .a..............
  0010: 0800 00df 3a4f 0000 d257 38fa 0236 0129  ....:O...W8..6.)
  0020: b9ec 7ecc 329a e881 4e36 e269 9fe4 1744  ..~.2...N6.i...D
  0030: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627  ........ !"#$%&'
  0040: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637  ()*+,-./01234567

21:01:07.645886 127.0.0.1 > 127.0.0.1: icmp: echo request (id:3a4f seq:0) [icmp 
cksum ok] (ttl 255, id 57697, len 84, bad ip cksum 0! -> dc44)
  0000: 4500 0054 e161 0000 ff01 0000 7f00 0001  E..T.a..........
  0010: 7f00 0001 0800 00df 3a4f 0000 d257 38fa  ........:O...W8.
  0020: 0236 0129 b9ec 7ecc 329a e881 4e36 e269  .6.)..~.2...N6.i
  0030: 9fe4 1744 1819 1a1b 1c1d 1e1f 2021 2223  ...D........ !"#
  0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
  0050: 3435 3637                                4567

lo(4) used to dump to bpf only for output.  It seems that when
if_bpf_mtap() was introduced, this changed and lo(4) dumps an
additional truncated packet.  The default bpf_mtap_ether() is not
suitable for lo(4).

Solution is to install a dummy lo_bpf_mtap() to suppress bpf on
input.

ok?

bluhm

Index: net/if_loop.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v
retrieving revision 1.96
diff -u -p -r1.96 if_loop.c
--- net/if_loop.c       18 Jul 2023 16:01:20 -0000      1.96
+++ net/if_loop.c       20 Jul 2023 19:06:39 -0000
@@ -146,6 +146,7 @@ void        lortrequest(struct ifnet *, int, st
 void   loinput(struct ifnet *, struct mbuf *);
 int    looutput(struct ifnet *,
            struct mbuf *, struct sockaddr *, struct rtentry *);
+int    lo_bpf_mtap(caddr_t, const struct mbuf *, u_int);
 
 int    loop_clone_create(struct if_clone *, int);
 int    loop_clone_destroy(struct ifnet *);
@@ -177,6 +178,7 @@ loop_clone_create(struct if_clone *ifc, 
            IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 |
            IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 |
            IFCAP_LRO | IFCAP_TSOv4 | IFCAP_TSOv6;
+       ifp->if_bpf_mtap = lo_bpf_mtap;
        ifp->if_rtrequest = lortrequest;
        ifp->if_ioctl = loioctl;
        ifp->if_input = loinput;
@@ -228,6 +230,13 @@ loop_clone_destroy(struct ifnet *ifp)
 
        if (rdomain)
                rtable_l2set(rdomain, 0, 0);
+       return (0);
+}
+
+int
+lo_bpf_mtap(caddr_t if_bpf, const struct mbuf *m, u_int dir)
+{
+       /* loopback dumps on output, disable input bpf */
        return (0);
 }

Reply via email to