tcpdump - tun/tap virtual interfaces

Robert Watson rwatson at freebsd.org
Sun Sep 28 10:59:57 PDT 2003 

On Sun, 28 Sep 2003, Dambielle Yannick wrote:

> When I try to ping the broadcast address I have the following results:
> # ping 10.0.0.255
>     ping: sendto: Permission denied
>     ...

This is not the broadcast address for the network you've configured.  It
should be 10.0.10.255.

> Bellow is how I do for setting up a virtual interface :
> # echo 1 > /dev/tap1

This is the origin of your spurious console message: needless to say, '1'
is not a valid ethernet frame.  However, it should be sufficient to cause
the tap interface to clone, etc.

You might try instead "dd if=/dev/tap0 of=/dev/null bs=1500" which
provides a sink for the packet data.  Otherwise, you risk the tap
interface being pulled out from under you.  Note that if the device is not
open, it could well be that tap quietly eats the packets, since they have
nowhere to go.  In this event, they might well not show up on the BPF
device. 

> # ifconfig tap1 up
> # ifconfig tap1 inet 10.0.10.1/24 add
> # ifconfig <-- show me that tap1 has 10.0.10.1 attached and is also running
> 
> On the first shell, I ping 10.0.10.1
> # ping 10.0.10.1
>    64 butes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.137ms
>    64 butes from 10.0.10.1: icmp_seq=0 ttl=64 time=0.137ms
>     ...

This is fine -- you're ping the localhost, which the routing system knows
does not need to go on the wire.

> On a second shell, I try to dump
> # tcpdump -i tap1
> That wait... that wait... Nothing comes :/

This will only show packets on the wire, the 10.0.10.1 packets won't go on
the wire, so that's fine too.

> Let's try to ping the broadcast address
> # ping 10.0.10.255
>     ping: sendto: Permission denied, same as before
>     ...
> Well, any ideas are welcome.

On my 5.x-CURRENT box:

test1# ping 10.0.10.255
PING 10.0.10.255 (10.0.10.255): 56 data bytes
13:48:24.915656 0:bd:5b:fb:f:1 ff:ff:ff:ff:ff:ff 0800 98: 10.0.10.1 >
10.0.10.255: icmp: echo request

RELENG_4:

test2# ping 10.0.10.4
PING 10.0.10.4 (10.0.10.4): 56 data bytes
09:54:27.506679 0:bd:81:ae:10:0 ff:ff:ff:ff:ff:ff 0806 42: arp who-has
10.0.10.4 (0:0:0:0:0:2) tell 10.0.10.1

First, I notice that your example above uses 10.0.0.255 not 10.0.10.255. 
Check to make sure you're using the correct IP address.  10.0.10.4 causes
an ARP lookup, which also appears fine in my configuration.

Second, make sure any firewall rules don't prohibit traffic to the address
range in question.  This might explain the permission denied message. 
This might also be a result of the interface evaporating, see the next
thing to try. 

Third, use dd or cat to keep the tap device open -- don't let it close, or
it can be reclaimed and the packets will go out another interface trying
to find the address range.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories

More information about the freebsd-net mailing list