ngrep/tcpdump and cloned interfaces

Dave Cottlehuber dch at skunkwerks.at
Wed Mar 29 19:57:14 UTC 2017 

hi,

Today I wanted to observe traffic that is proxied via haproxy between IP
addresses both bound to a lo1 cloned interface.

To my surprise ngrep & tcpdump showed no activity on lo1, but it did
show the expected traffic on lo0.  Now I'm not even sure I understand
what a cloned interface is anymore..... 

Most importantly, does a jail with a lo1-bound IP address have any
ability outside firewall rules to receive or view traffic using a
lo0-bound IP in a different subnet? 

# ngrep -texd lo0 port 1978

T 2017/03/29 19:45:17.838356 10.241.0.3:48176 -> 10.241.0.3:1978 [AP]

  50 4f 53 54 20 2f 72 70    63 2f 73 65 74 20 48 54    POST /rpc/set HT
  54 50 2f 31 2e 31 0d 0a    55 73 65 72 2d 41 67 65    TP/1.1..User-Age
  6e 74 3a 20 46 75 72 6c    3a 3a 48 54 54 50 2f 33    nt: Furl::HTTP/3
  2e 30 39 0d 0a 43 6f 6e    74 65 6e 74 2d 54 79 70    .09..Content-Typ
  65 3a 20 74 65 78 74 2f    74 61 62 2d 73 65 70 61    e: text/tab-sepa

# sockstat -46l
# sockstat -46l |grep 1978
www      haproxy    36440 8  tcp4   10.241.0.0:1978       *:*
kyototycoon ktserver73187 6  tcp4   10.241.0.3:1978       *:*

# ifconfig snippets

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 

lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 10.241.0.0 netmask 0xffff0000 
        inet 10.241.0.3 netmask 0xffffffff 
        inet 10.241.0.2 netmask 0xffffffff 
        inet 10.241.0.1 netmask 0xffffffff 
        inet 10.241.0.5 netmask 0xffffffff 
        inet 10.241.0.4 netmask 0xffffffff 
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        groups: lo 

# /etc/pf.conf snippet

protocols = "{ tcp, udp, icmp }"
extl_if="lagg0"
jail_if="lo1"
jail_net = $jail_if:network
nat on $extl_if proto $protocols from $jail_net to any -> ($extl_if)

A+
Dave

More information about the freebsd-questions mailing list