Unable to capture from loopback

[eddie4]

I searched the git and the wiki and in https://github.com/buger/goreplay/issues/469 you state the following:

You can also specify interface directly to GoReplay, for example em1:8080.

This does not seem to be the case for the loopback interface

~# tcpdump host 127.0.198.9
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp4s0f0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

~# tcpdump host 127.0.198.9 -i lo

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
13:20:03.844404 IP localhost.46782 > 127.0.198.9.http: etc.....
3 packets captured
6 packets received by filter
0 packets dropped by kernel

I think this is the reason that the following gives no output

./gor --input-raw lo:80 --output-stdout
./gor --input-raw 127.0.198.9:80 --output-stdout

I have the temporary workaround of saving it via tcpdump and then sending it with goreply but would be really nice if it would be live.

[eddie4]

The problem

line 276 of https://github.com/buger/goreplay/blob/master/raw_socket_listener/listener.go seems hard code 127.0.0.1. as the only loopback adres possible.

 ./gor --input-raw 127.0.0.1:80 --output-stdout

won't work for 127.0.198.9 as it isn't the correct IP and probebly dropped later in the process. Changing the websites address to 127.0.0.1 does work.

Fix would be to change 127.0.0.1 to if in subnet 127.0.0.0/8. I guess this is a edge of an edge case not many people use other parts of loopback address space. But we do.

[buger]

I such case you should try —input-raw-bpf-filter option, which accepts tcp dump syntax. For example “port 80” or “host 127.0.0.68 and port 80"