Date: Mon, 14 Apr 1997 14:41:59 +0900 From: Kenjiro Cho <kjc@csl.sony.co.jp> To: Robert Withrow <witr@rwwa.com> Cc: hackers@freebsd.org Subject: Re: Bogus bpf af from tun driver? Message-ID: <199704140542.OAA28378@hotaka.csl.sony.co.jp> In-Reply-To: Your message of "Fri, 11 Apr 1997 22:13:21 -0400." <199704120213.WAA11662@spooky.rwwa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Fri, 11 Apr 1997 22:13:21 -0400, Robert Withrow <witr@rwwa.com> said: >> The tun driver prepends what it calls the address family to the packet it >> passes to bpf. I get it as 0x02.00.00.00 which looks like AF_INET in some >> weird byte-swapped state... >> This is wrong, right? >> Should it HTONL or something? This problem seems common to all drivers using DLT_NULL type (e.g. lo, tun) in all BSD Unix systems. Historically, a DLT_NULL header is added in host-byte-order in drivers but bpf filter assumes all data is in network-byte-order. The problem doesn't appear unless you use bpf filters so that tcpdump without specifying filters works just fine. I'm not sure if fixing all the existing DLT_NULL drivers is a way to go or not... --kj Kenjiro Cho Sony Computer Science Laboratory Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704140542.OAA28378>