Leonardo Taccari writes: > [...] > I'm trying to setup two separate rump servers based on > <https://www.netbsd.org/docs/rump/sptut.html> in order to generate and > record some network traffic via tcpdump(8). > I was able to setup two bridged tap-s interface and they are able to > communicate. However, when observing on an interface the packets seems > duplicated. I would expect to have no duplicate packets. > [...]
Martin (<martin>) off list kindly pointed out shmif(4) - that is simpler, does not require any root privileges and for the purpose of capturing traffic is probably even better! Thanks Martin! For completeness, here the setup to spin up the rump servers, assuming that `/tmp/shmif` is the regular file that will be used for shmif(4): ``` $ export RUMP_SERVER=unix:///tmp/rump0 $ rump_allserver ${RUMP_SERVER} $ rump.ifconfig shmif0 create $ rump.ifconfig shmif0 linkstr "/tmp/shmif" $ rump.ifconfig shmif0 10.0.0.1/24 up ``` ...and 2nd rump server: ``` $ export RUMP_SERVER=unix:///tmp/rump1 $ rump_allserver ${RUMP_SERVER} $ rump.ifconfig shmif0 create $ rump.ifconfig shmif0 linkstr "/tmp/shmif" $ rump.ifconfig shmif0 10.0.0.2/24 up ``` OK, from the 1st rump server let's verify that this work: ``` $ rump.ping -c 1 10.2 PING 10.2 (10.0.0.2): 56 data bytes 64 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=3.235939 ms ----10.2 PING Statistics---- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 3.235939/3.235939/3.235939/0.000000 ms ``` ...and then we can try to initiate a TCP transmission... in the 2nd rump server we start listening via socat: ``` $ export LD_PRELOAD=/usr/lib/librumphijack.so $ socat TCP-LISTEN:1234 - ``` ...and from the 1st rump server: ``` $ export LD_PRELOAD=/usr/lib/librumphijack.so $ echo 'frobnitz' | socat - TCP-CONNECT:10.0.0.2:1234 ``` >From the host we could not capture the PCAP directly but there is shmif_dumpbus(1) exactly for that purpose: ``` $ shmif_dumpbus -p - /tmp/shmif 2>/dev/null | tcpdump -nr - tcp reading from file -, link-type EN10MB (Ethernet), snapshot length 1518 01:03:06.250004 IP 10.0.0.1.54039 > 10.0.0.2.1234: Flags [S], seq 758414778, win 32768, options [mss 1460,nop,wscale 3,sackOK,TS val 1 ecr 0], length 0 01:03:33.990004 IP 10.0.0.2.1234 > 10.0.0.1.54039: Flags [S.], seq 2274318360, ack 758414779, win 32768, options [mss 1460,nop,wscale 3,sackOK,TS val 1 ecr 1], length 0 01:03:06.250004 IP 10.0.0.1.54039 > 10.0.0.2.1234: Flags [.], ack 1, win 4197, options [nop,nop,TS val 1 ecr 1], length 0 01:03:06.250004 IP 10.0.0.1.54039 > 10.0.0.2.1234: Flags [P.], seq 1:10, ack 1, win 4197, options [nop,nop,TS val 1 ecr 1], length 9 01:03:06.250004 IP 10.0.0.1.54039 > 10.0.0.2.1234: Flags [F.], seq 10, ack 1, win 4197, options [nop,nop,TS val 1 ecr 1], length 0 01:03:33.990004 IP 10.0.0.2.1234 > 10.0.0.1.54039: Flags [.], ack 11, win 4196, options [nop,nop,TS val 1 ecr 1], length 0 01:03:34.510004 IP 10.0.0.2.1234 > 10.0.0.1.54039: Flags [F.], seq 1, ack 11, win 4196, options [nop,nop,TS val 2 ecr 1], length 0 01:03:06.770004 IP 10.0.0.1.54039 > 10.0.0.2.1234: Flags [.], ack 2, win 4197, options [nop,nop,TS val 2 ecr 2], length 0 ``` I have not still figured out why the bridge-d tap-s ends up with duplicated packets but at least for the problem to generate and capture traffic shmif(4) definitely did the trick. Thanks again Martin!