--- Begin Message ---
On 24/02/2020 17:19, Michael Richardson wrote:
>
> Ray Bellis via tcpdump-workers <tcpdump-workers@lists.tcpdump.org> wrote:
> > I've got a daemon that listens on a virtual IP address, that is itself
> > attached to a cloned loopback interface on FreeBSD.
>
> What do you mean by cloned?
> ifconfig lo create
Yes, indeed. "cloned" is the FreeBSD parlance for that.
> Is the address a public address via BGP/OSPF? (because I know where this
> comes from I guess)
I figured you might guess :) Yes, the address is _announced_ via BGP
to upstream routers, but there could be multiple routers with packets
arriving on multiple interfaces.
> Linux has "any" which captures on "all" interfaces, and with the right stuff
> in the libpcap layer can tell you which interface it came from.
> It's not clear to me if adequately reveal this through the pcap API.
> (I'm just ignorant right now here)
I never considered "any" ! But you appear to be suggesting it's not
available in FreeBSD ?
> My guess is that the packets never actually "arrive" on the loopback
> interface. They arrive on all the other interfaces, and since the system is
> using a weak-host model, the destination address will match any incoming
> interface to get to the "loopback".
Hmm...
> I know diddly squat about FreeBSD packet capture since SunOS 4.0 BPF
> days. Okay, maybe NetBSD 1.0 era.
>
> So I think you are SOL, and have to do thread-per-interface for now :-)
I'll keep digging :)
cheers,
Ray
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
