[CFT] Virtual BPF interfaces (was: CFR: ipfw0 pseudo-interface clonable)

Alexander V. Chernikov melifaro at FreeBSD.org
Sun Dec 2 00:48:43 UTC 2012 

On 10.06.2012 18:20, Alexander V. Chernikov wrote:
> On 27.04.2012 03:44, Hiroki Sato wrote:
>> "Alexander V. Chernikov"<melifaro at FreeBSD.org> wrote
>> in<4F96E71B.9020405 at FreeBSD.org>:
>>
>> me> On 24.04.2012 21:05, Hiroki Sato wrote:
>
> Proof-of-concept patch attached.

Hopefully, libcap code is easily extendable.
New version attached:
* BPF code is now able to use 'virtual' interfaces without real ifnet
* New bpfattach3() / bpfdetach3() routines were added to attach virtual 
ifaces
* New BIOCGIFLIST ioctl is added to permit userland to retrieve 
available virtual interfaces
* freebsd-specific 'platform_finddevs' version is added to libpcap code 
(new file)

There are some rough edges (conditional code in pcap-bpf.c, lack of 
documentation, maybe some style issues), but generally it seems to work 
and does not interfere with contrib/ code much (from my point of view).

ipfw log device was converted to use new bpf(4) api, see attached patch.


Small example:

4:17 [0] zfscurr0# tcpdump -D
1.em0
2.em1
3.lo0
4:17 [0] zfscurr0# kldload ipfw
4:17 [0] zfscurr0# ifconfig -l
em0 em1 lo0
4:17 [0] zfscurr0# tcpdump -D
1.em0
2.ipfw0 (ipfw log interface)
3.em1
4.lo0

4:40 [1] zfscurr0# ipfw add 100 count log logamount 0 ip from any to any
00100 count log ip from any to any

4:40 [0] zfscurr0# tcpdump -i ipfw0 -lns0
tcpdump: WARNING: SIOCGIFADDR: ipfw0: Device not configured
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipfw0, link-type EN10MB (Ethernet), capture size 65535 bytes
04:41:27.233653 IP 10.0.0.92.22 > 10.0.0.5.59076: Flags [P.], seq 
2783103749:2783103941, ack 3836123088, win 1040, options [nop,nop,TS val 
1668094903 ecr 564715671], length 192
04:41:27.233678 IP 10.0.0.5.59076 > 10.0.0.92.22: Flags [.], ack 0, win 
1039, options [nop,nop,TS val 564715680 ecr 1668094903], length 0


Btw, do we still need warning about lack of IPv4 address?

>
> Unfortunately, there are problems with this approach, too.
>
> pcap_findalldevs() uses external to BPF method (possibly NET_RT_IFLIST),
> so programs relying on that function for showing some kind of combo-box
> (like wireshark) with all possible variant won't allow user to specify
> such interface.
>
> Additionally, tcpdump assumes that passed interface name is real and
> warns us that SIOCGIFADDR returns error.
>
>
>>
>> -- Hiroki
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: bpf_virtual.diff
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20121202/57008ed3/attachment.ksh>

More information about the freebsd-net mailing list