OpenSolaris

Printable Version Enter a New Search
Bug ID 6806687
Synopsis snoop erroneously defaults to loopback
State 10-Fix Delivered (Fix available in build)
Category:Subcategory network:snoop
Keywords
Responsible Engineer Peter Memishian
Reported Against
Duplicate Of
Introduced In solaris_nevada
Commit to Fix snv_110
Fixed In snv_110
Release Fixed solaris_nevada(snv_110)
Related Bugs 6783149 , 6806693 , 4958215 , 4085089
Submit Date 17-February-2009
Last Update Date 11-March-2009
Description 
As of build 107, if "snoop" is issued with no arguments, it defaults to 
loopback: 
 
  # snoop 
  Using device lo0 (promiscuous mode) 
 
This is due to an environmental change and exposure of a latent bug: 
 
    * Clearview IP Observability devices went into build 103, providing 
      support for /dev/lo0 (and more).  As a result, it is now possible 
      for snoop to open /dev/lo0. 
 
    * Clearview IPMP went into build 107, and simplified the interface 
      flags check in snoop_capture.c from IFF_VIRTUAL|IFF_LOOPBACK to just 
      IFF_LOOPBACK.  Since loopback interfaces always have IFF_VIRTUAL 
      set, this seems reasonable on its face.  However, since snoop uses 
      SIOCGIFFLAGS (rather than SIOCGLIFFLAGS) and since IFF_VIRTUAL is in 
      the high-order bits, it cannot be seen.  That is, the IFF_VIRTUAL 
      check has never done anything, which the removal of IFF_LOOPBACK 
      exposed. 

This needs to be fixed.
Work Around 
N/A
Comments 
I've set the Introduced in Build value to snv_107 because that's when
the latent bug became exposed, but the non-functional IFF_VIRTUAL
test goes back to s10_64 via 4958215.