我有一个 tun 适配器(OS X),如下所示:
tun11: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.12.0.2 --> 10.12.0.1 netmask 0xff000000
open (pid 4004)
我发送UDP数据包:
echo "lol" | nc -4u 10.12.0.1 8000
能够通过 tcpdump :
查看➜ build git:(master) ✗ sudo tcpdump -i tun11 -vv
tcpdump: listening on tun11, link-type NULL (BSD loopback), capture size 262144 bytes
14:39:16.669055 IP (tos 0x0, ttl 64, id 21714, offset 0, flags [none], proto UDP (17), length 32)
10.12.0.2.55707 > 10.12.0.1.irdmi: [udp sum ok] UDP, length 4
但是当我使用捕获过滤器时,我什么都看不到:
➜ build git:(master) ✗ sudo tcpdump -i tun11 udp -vv
tcpdump: listening on tun11, link-type NULL (BSD loopback), capture size 262144 bytes
相同的语法适用于以太网适配器:
➜ build git:(master) ✗ sudo tcpdump -i en0 udp -vv
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:42:15.010329 IP (tos 0x0, ttl 128, id 7539, offset 0, flags [none], proto UDP (17), length 291)
xxxx.54915 > 10.64.3.255.54915: [udp sum ok] UDP, length 263
我检查了人 pcap-filter ,发现了一个与捕获过滤器相关的有趣句子:
Note that this primitive does not chase the protocol header chain.
这与我的问题有关吗?无论如何,为什么捕获过滤器(至少是协议部分)不适用于环回适配器,是否有办法使它们工作?
加成
有趣的是,它适用于OpenVPN创建的tun设备。但我不明白有什么不同。
tun11: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.12.0.2 --> 10.12.0.1 netmask 0xff000000
open (pid 5792)
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 198.18.1.214 --> 198.18.1.213 netmask 0xffffffff
inet6 xxxx%utun0 prefixlen 64 optimistic scopeid 0xa
inet6 xxxx::1074 prefixlen 64 tentative
nd6 options=1<PERFORMNUD>