Hi, When running tcpdump on loopback, I see a currupted packet for each valid packet.
root@v74:.../~# tcpdump -ni lo0 -X -vvv tcpdump: listening on lo0, link-type LOOP 21:01:07.645880 0000: e161 0000 ff01 0000 7f00 0001 7f00 0001 .a.............. 0010: 0800 00df 3a4f 0000 d257 38fa 0236 0129 ....:O...W8..6.) 0020: b9ec 7ecc 329a e881 4e36 e269 9fe4 1744 ..~.2...N6.i...D 0030: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 ........ !"#$%&' 0040: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./01234567 21:01:07.645886 127.0.0.1 > 127.0.0.1: icmp: echo request (id:3a4f seq:0) [icmp cksum ok] (ttl 255, id 57697, len 84, bad ip cksum 0! -> dc44) 0000: 4500 0054 e161 0000 ff01 0000 7f00 0001 E..T.a.......... 0010: 7f00 0001 0800 00df 3a4f 0000 d257 38fa ........:O...W8. 0020: 0236 0129 b9ec 7ecc 329a e881 4e36 e269 .6.)..~.2...N6.i 0030: 9fe4 1744 1819 1a1b 1c1d 1e1f 2021 2223 ...D........ !"# 0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123 0050: 3435 3637 4567 lo(4) used to dump to bpf only for output. It seems that when if_bpf_mtap() was introduced, this changed and lo(4) dumps an additional truncated packet. The default bpf_mtap_ether() is not suitable for lo(4). Solution is to install a dummy lo_bpf_mtap() to suppress bpf on input. ok? bluhm Index: net/if_loop.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/net/if_loop.c,v retrieving revision 1.96 diff -u -p -r1.96 if_loop.c --- net/if_loop.c 18 Jul 2023 16:01:20 -0000 1.96 +++ net/if_loop.c 20 Jul 2023 19:06:39 -0000 @@ -146,6 +146,7 @@ void lortrequest(struct ifnet *, int, st void loinput(struct ifnet *, struct mbuf *); int looutput(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); +int lo_bpf_mtap(caddr_t, const struct mbuf *, u_int); int loop_clone_create(struct if_clone *, int); int loop_clone_destroy(struct ifnet *); @@ -177,6 +178,7 @@ loop_clone_create(struct if_clone *ifc, IFCAP_CSUM_TCPv4 | IFCAP_CSUM_UDPv4 | IFCAP_CSUM_TCPv6 | IFCAP_CSUM_UDPv6 | IFCAP_LRO | IFCAP_TSOv4 | IFCAP_TSOv6; + ifp->if_bpf_mtap = lo_bpf_mtap; ifp->if_rtrequest = lortrequest; ifp->if_ioctl = loioctl; ifp->if_input = loinput; @@ -228,6 +230,13 @@ loop_clone_destroy(struct ifnet *ifp) if (rdomain) rtable_l2set(rdomain, 0, 0); + return (0); +} + +int +lo_bpf_mtap(caddr_t if_bpf, const struct mbuf *m, u_int dir) +{ + /* loopback dumps on output, disable input bpf */ return (0); }