netbsd-bugs: bin/33078: "tcpdump host foo" does not work

Subject: bin/33078: "tcpdump host foo" does not work
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <martti.kuparinen@iki.fi>
List: netbsd-bugs
Date: 03/14/2006 14:00:09
>Number:         33078
>Category:       bin
>Synopsis:       "tcpdump host foo" does not work
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 14 14:00:08 +0000 2006
>Originator:     Martti Kuparinen
>Release:        NetBSD 3.0_STABLE
>Organization:
>Environment:
	
	
System: NetBSD xen1 3.0_STABLE NetBSD 3.0_STABLE (DOMAIN0) #0: Tue Mar 14 14:41:20 EET 2006 root@xen1:/usr/src/sys/arch/i386/compile/DOMAIN0 i386
Architecture: i386
Machine: i386
>Description:

We have two interfaces in our Xen domain-0 server, wm0 is only used by the dom0
and wm1 is used by all domUs. wm1 does not have any address assigned to it,
it's only marked up like this:


ROOT xen1:~> ifconfig wm1
wm1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        capabilities=87<IP4CSUM,TCP4CSUM,UDP4CSUM,TSO4>
        enabled=0
        address: 00:04:23:xx:xx:xx
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::204:23ff:xxxx:xxxx%wm1 prefixlen 64 scopeid 0x2


I don't know if it makes any difference but we have multiple vlanXXXX
and bridgeXXXX interfaces (one for every VLAN id) and vlanXXX interfaces
are configured like this:


ROOT xen1:~> cat /etc/ifconfig.vlan1128
create
vlan 1128 vlanif wm1
!ifconfig bridge1128 create
!brconfig bridge1128 add vlan1128 up
ROOT xen1:~> 


Each xvifX.Y interface is connected to a bridgeXXXX interface
to give the virtual host connectivity to the right VLAN. This works just fine
and we are able to create very complex networks just using one physical
server.

I was running "tcpdump -eni wm1" and saw all traffic to/from our domU hosts
(including the 802.1Q headers) so I wanted to see only one host and executed
the following command but absolutely nothing appears on the screen:


ROOT xen1:~> tcpdump -eni wm1 host aaa.aaa.aaa.aaa
tcpdump: WARNING: wm1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wm1, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
33 packets received by filter
0 packets dropped by kernel
ROOT xen1:~> 


So even though the traffic from aaa.aaa.aaa.aaa is visible during the first
tcpdump invocation it won't appear when using the "host foo" argument
with tcpdump.

>How-To-Repeat:
>Fix:

>Unformatted: