From owner-freebsd-hackers Sun Apr 13 22:42:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA16803 for hackers-outgoing; Sun, 13 Apr 1997 22:42:41 -0700 (PDT) Received: from widefw.csl.sony.co.jp (widefw.csl.sony.co.jp [133.138.1.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA16798 for ; Sun, 13 Apr 1997 22:42:35 -0700 (PDT) Received: from hotaka.csl.sony.co.jp (hotaka.csl.sony.co.jp [43.27.98.57]) by widefw.csl.sony.co.jp (8.8.3/3.5Wbeta) with ESMTP id FAA12560; Mon, 14 Apr 1997 05:42:17 GMT Received: from localhost (localhost [127.0.0.1]) by hotaka.csl.sony.co.jp (8.8.4/3.3W3) with ESMTP id OAA28378; Mon, 14 Apr 1997 14:41:59 +0859 (JST) Message-Id: <199704140542.OAA28378@hotaka.csl.sony.co.jp> To: Robert Withrow cc: hackers@freebsd.org Subject: Re: Bogus bpf af from tun driver? In-reply-to: Your message of "Fri, 11 Apr 1997 22:13:21 -0400." <199704120213.WAA11662@spooky.rwwa.com> Date: Mon, 14 Apr 1997 14:41:59 +0900 From: Kenjiro Cho Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >>>>> On Fri, 11 Apr 1997 22:13:21 -0400, Robert Withrow said: >> The tun driver prepends what it calls the address family to the packet it >> passes to bpf. I get it as 0x02.00.00.00 which looks like AF_INET in some >> weird byte-swapped state... >> This is wrong, right? >> Should it HTONL or something? This problem seems common to all drivers using DLT_NULL type (e.g. lo, tun) in all BSD Unix systems. Historically, a DLT_NULL header is added in host-byte-order in drivers but bpf filter assumes all data is in network-byte-order. The problem doesn't appear unless you use bpf filters so that tcpdump without specifying filters works just fine. I'm not sure if fixing all the existing DLT_NULL drivers is a way to go or not... --kj Kenjiro Cho Sony Computer Science Laboratory Inc.