tcpdump mailing list archives
Re: solaris loopback
From: Andrew Brown <atatat () atatdot net>
Date: Fri, 14 Feb 2003 13:09:57 -0500
i tried this once, a few years back, and gave up. interestingly, before i gave up, i tried all the other character devices with the same major number as /dev/hme (/dev/le, /dev/ip, /dev/rawip, etc)Those might be clone devices, in which case the major number is that of the "clone device" and the minor number is, if I correctly remember the STREAMS clone device code from when I last looked at it in the late 1980's/early 1990's, the major device number of the device being cloned.
i might buy that, except that /dev/hme and /dev/le (and presumably the other network device sounding names) all work for snarfing traffic. % ls -lL /dev | grep ' 11, ' | sort -t, +1n crw-rw---- 1 root 11, 3 Mar 1 2000 ip crw------- 1 root 11, 4 Mar 1 2000 logindmux crw------- 1 root 11, 5 Mar 1 2000 icmp crw------- 1 root 11, 5 Mar 1 2000 rawip crw------- 1 root 11, 7 Mar 1 2000 hme crw------- 1 root 11, 8 Mar 1 2000 ipdcm crw------- 1 root 11, 9 Mar 1 2000 ipdptp crw------- 1 root 11, 10 Mar 1 2000 sp crw------- 1 root 11, 18 Mar 1 2000 ipd crw------- 1 root 11, 20 Mar 1 2000 se_hdlc crw-rw-rw- 1 root 11, 23 Mar 1 2000 ptmx crw------- 1 root 11, 40 Mar 1 2000 le crw-rw-rw- 1 root 11, 41 Mar 1 2000 udp crw-rw-rw- 1 root 11, 42 Mar 1 2000 tcp crw------- 1 root 11, 43 Mar 1 2000 rts crw-rw-rw- 1 root 11, 44 Mar 1 2000 arp crw------- 1 root 11, 63 Mar 1 2000 ie crw------- 1 root 11, 79 Mar 1 2000 qfe crw------- 1 root 11, 104 Mar 1 2000 qe crw------- 1 root 11, 106 Mar 1 2000 be crw-rw-rw- 1 root 11, 107 Mar 1 2000 llc1 crw-rw-rw- 1 root 11, 136 Apr 19 2000 tnsmbmx crw-rw-rw- 1 root 11, 137 Apr 19 2000 tnddp crw-rw-rw- 1 root 11, 138 Apr 19 2000 tnatp crw-rw---- 1 root 11, 139 Apr 19 2000 tnasp crw-rw-rw- 1 root 11, 140 Apr 19 2000 tnpap fwiw, they are all actually just symlinks (as one would expect on solaris) that point to ../devices/pseudo/clone@0:something, where something is the same as the name in /dev. some of them have other purposes that i know of (eg, /dev/ip or /dev/tcp) such as using them for controlling ndd (network device diddler?) settings. i think that major number 11 on solaris is just a dumping ground for pseudo devices that do "stuff".
and found that using /dev/sp (aka running tcpdump -isp0) will make the kernel panic.Well, that's a bit gross; even if the device *isn't* a DLPI device it should fail more gracefully.
opening /dev/rawip (for read and write) is equivalent to socket(AF_INET, SOCK_RAW, proto), opening /dev/tcp is equivalent to socket(AF_INET, SOCK_STREAM, 0), /dev/udp is the logical equivalent for SOCK_DGRAM... ...i think the answer is that it's some sort of STREAMS doodad, but its use or behaviour not documented. much like all the settings you can can frob via ndd. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" werdna () squooshy com * "information is power -- share the wealth." - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- solaris loopback Andrew Padilla (Feb 12)
- Re: solaris loopback Rick Jones (Feb 12)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Rick Jones (Feb 14)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Andrew Brown (Feb 12)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Andrew Brown (Feb 14)
- Re: solaris loopback Guy Harris (Feb 14)
- Re: solaris loopback Andrew Brown (Feb 14)
- Re: solaris loopback Guy Harris (Feb 13)
- Re: solaris loopback Rick Jones (Feb 12)