tcpdump mailing list archives
Re: solaris loopback
From: Andrew Brown <atatat () atatdot net>
Date: Fri, 14 Feb 2003 13:09:57 -0500
i tried this once, a few years back, and gave up. interestingly, before i gave up, i tried all the other character devices with the same major number as /dev/hme (/dev/le, /dev/ip, /dev/rawip, etc)Those might be clone devices, in which case the major number is that of the "clone device" and the minor number is, if I correctly remember the STREAMS clone device code from when I last looked at it in the late 1980's/early 1990's, the major device number of the device being cloned.
i might buy that, except that /dev/hme and /dev/le (and presumably the
other network device sounding names) all work for snarfing traffic.
% ls -lL /dev | grep ' 11, ' | sort -t, +1n
crw-rw---- 1 root 11, 3 Mar 1 2000 ip
crw------- 1 root 11, 4 Mar 1 2000 logindmux
crw------- 1 root 11, 5 Mar 1 2000 icmp
crw------- 1 root 11, 5 Mar 1 2000 rawip
crw------- 1 root 11, 7 Mar 1 2000 hme
crw------- 1 root 11, 8 Mar 1 2000 ipdcm
crw------- 1 root 11, 9 Mar 1 2000 ipdptp
crw------- 1 root 11, 10 Mar 1 2000 sp
crw------- 1 root 11, 18 Mar 1 2000 ipd
crw------- 1 root 11, 20 Mar 1 2000 se_hdlc
crw-rw-rw- 1 root 11, 23 Mar 1 2000 ptmx
crw------- 1 root 11, 40 Mar 1 2000 le
crw-rw-rw- 1 root 11, 41 Mar 1 2000 udp
crw-rw-rw- 1 root 11, 42 Mar 1 2000 tcp
crw------- 1 root 11, 43 Mar 1 2000 rts
crw-rw-rw- 1 root 11, 44 Mar 1 2000 arp
crw------- 1 root 11, 63 Mar 1 2000 ie
crw------- 1 root 11, 79 Mar 1 2000 qfe
crw------- 1 root 11, 104 Mar 1 2000 qe
crw------- 1 root 11, 106 Mar 1 2000 be
crw-rw-rw- 1 root 11, 107 Mar 1 2000 llc1
crw-rw-rw- 1 root 11, 136 Apr 19 2000 tnsmbmx
crw-rw-rw- 1 root 11, 137 Apr 19 2000 tnddp
crw-rw-rw- 1 root 11, 138 Apr 19 2000 tnatp
crw-rw---- 1 root 11, 139 Apr 19 2000 tnasp
crw-rw-rw- 1 root 11, 140 Apr 19 2000 tnpap
fwiw, they are all actually just symlinks (as one would expect on
solaris) that point to ../devices/pseudo/clone@0:something, where something is the same as the name in /dev.
some of them have other purposes that i know of (eg, /dev/ip or
/dev/tcp) such as using them for controlling ndd (network device
diddler?) settings. i think that major number 11 on solaris is just a
dumping ground for pseudo devices that do "stuff".
and found that using /dev/sp (aka running tcpdump -isp0) will make the kernel panic.Well, that's a bit gross; even if the device *isn't* a DLPI device it should fail more gracefully.
opening /dev/rawip (for read and write) is equivalent to socket(AF_INET, SOCK_RAW, proto), opening /dev/tcp is equivalent to socket(AF_INET, SOCK_STREAM, 0), /dev/udp is the logical equivalent for SOCK_DGRAM... ...i think the answer is that it's some sort of STREAMS doodad, but its use or behaviour not documented. much like all the settings you can can frob via ndd. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" werdna () squooshy com * "information is power -- share the wealth." - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- solaris loopback Andrew Padilla (Feb 12)
- Re: solaris loopback Rick Jones (Feb 12)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Rick Jones (Feb 14)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Andrew Brown (Feb 12)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Andrew Brown (Feb 14)
- Re: solaris loopback Guy Harris (Feb 14)
- Re: solaris loopback Andrew Brown (Feb 14)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Rick Jones (Feb 12)