Subject: /dev/tap and tcpdump don't go together very well?
To: None <>
From: Rhialto <>
List: current-users
Date: 04/08/2007 04:09:22
For the ethernet access of a PDP-10 emulator I am experimenting with
/dev/tap in addition to the traditional use of /dev/bpf, so that the
local host can see ethernet packets that are destined for it. Packets
sent through /dev/bpf only go to the wire, not into the network input
stream. On the other hand, packets written to /dev/tap do go in (if
there is no matching IP address they will be ignored but that is another

However, it seems that as soon as I use ``tcpdump -i tap0'' (and hence
bpf) to see the packets flowing through the tap, the packets are only
seen by tcpdump and not anymore by the host anymore. So I get the
situation where tcpdump shows me that "it works" but it doesn't really.

I conclude this from the fact that I can reliably freeze a telnet
connection from the host into the emulator by doing a tcpdump on tap0.
It shows me the returning packets to the host, but the connection
remains frozen. When I stop tcpdump, my typed-in characters appear after
all (no doubt due to TCP retransmission, or conceivably because the
packets have been buffered somewhere but that seems quite unlikely).

I'm using a -current of some time ago (4.99.5).

Does this ring a bell?

___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/        -- Cetero censeo "authored" delendum esse.