I'm writing a little tunneling app with layer 2 interfaces (TAP) as endpoints. In the course of testing this on OSX, I noticed I was getting all sorts of traffic I didn't expect on the tunnel, both when the tunnel was running on a single OSX machine, and when I tunneled between OSX and a Linux box. I'd like to filter this traffic out, and I'm wondering what the best way to do this is.
The tunnel looks like this (note both endpoints can be on the same machine):
tap0 -> tunnel app -> UDP tunnel -> tunnel app -> tap1
The notable traffic is Bonjour packets on destination port 5353 and ICMP/IGMP. Multicast is enabled on the TAP interface. I'd like to block this sort of traffic. My thoughts on doing this:
- Turn off multicast on the interface (doesn't work on OSX, see below)
- Use
ebtables - Parse the packets coming off the interface inside the tunnel app and ignore them there
Is there a better/easier way to do this?
I tried turning off multicast on the OSX interface (let's call it tap0) but I get an error.
$ ifconfig tap0 -multicast
ifconfig: -multicast: bad value
EDIT: After a bit more hunting around, it appears UNIX and BSD ifconfig have different options. Is there another way to block multicast/ICMP traffic on a given interface in OSX/BSD?
here's the ifconfig output...
OSX (with osxtuntap):
$ ifconfig tap1
tap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 92:d9:e6:65:5a:8c
inet 10.0.0.2 netmask 0xffffff00 broadcast 10.0.0.255
open (pid 17121)
Linux:
$ ifconfig tunX
tunX Link encap:Ethernet HWaddr 4a:29:02:e6:b0:b9
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::4829:2ff:fee6:b0b9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)