Why is tcpdump able to sniff packets on the wrong loopback interface?

[Igor2022]

Supposing I have several loopback interfaces: lo0 and lo1. lo0 is configured implicitly by the system, configuration of lo1 follows:

/etc/rc.conf

cloned_interfaces="lo1:sticky"

ifconfig_lo1="inet 192.168.30.1 netmask 255.255.255.0"
ifconfig_lo1_alias0="inet 192.168.30.2/32"
ifconfig_lo1_alias1="inet 192.168.30.3/32"
ifconfig_lo1_alias2="inet 192.168.30.4/32"

And then I have an authoritative DNS server (for testing my zone) listening on an address associated with lo1:

# sockstat | grep ":53"
bind     named       1648 15  udp4   192.168.30.3:53       *:*
bind     named       1648 16  udp4   192.168.30.3:53       *:*
bind     named       1648 17  tcp4   192.168.30.3:53       *:*
bind     named       1648 19  tcp4   192.168.30.3:53       *:*

That server can be access like that:

# dig @192.168.30.3 site-01.example.com

and it works just fine. What baffles me is that tcpdump utility can't sniff interaction between dig and named on lo1, but instead can sniff the packets on lo0:

# tcpdump -ni lo1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lo1, link-type NULL (BSD loopback), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel

# tcpdump -ni lo0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lo0, link-type NULL (BSD loopback), snapshot length 262144 bytes
01:05:17.318083 IP 192.168.30.3.18286 > 192.168.30.3.53: 16590+ [1au] A? site-01.example.com. (60)
01:05:17.318182 IP 192.168.30.3.53 > 192.168.30.3.18286: 16590*- 1/0/1 A 78.107.232.96 (92)
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel

So my question is: why does tcpdump see those packets on lo0, given that the packets are supposedly transmitted and received on lo1?

 

[gotnull]

Take what I say with a grain of salt because I am far from being an expert, especially with network (an area where I struggle a lot), there is a paragraph in the book "FreeBSD Mastery Jails" called "Jails and the Loopback Interface" where the author explains that loopback addresses can reach each other in this specific jail case and therefore is not a security measure.
So I assume that what you experiment is just the normal behavior and is expected, lo1 is just a cloned interface from lo0 not a real independent one, that how I understand it, BUT you should definitively wait for a response from users more qualified than me because I might be wrong.

 

[Igor2022]

Thank you gotnull!
Just to avoid misunderstanding, I should've mentioned in the question that I'm not running any jails yet. True, moving services to jails is my ultimate goal, but I'm still experimenting. The setup described in the first post does have several fibs and several jails prepared, but none of them are started. All services run on the host system and all interfaces use fib 0.

Here are my routing tables, for the context:

]# netstat -4rnF0
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.26.1       UGS         em0          # <-- This is my gateway in the upstream ethernet connection
127.0.0.1          link#3             UH          lo0
192.168.10.1       link#8             UH          lo2
192.168.26.0/24    link#2             U           em0
192.168.26.11      link#3             UHS         lo0          # <-- This is my 'public' IP, assigned by the upstream server via DHCP
192.168.30.1       link#7             UH          lo1
192.168.30.2       link#7             UH          lo1
192.168.30.3       link#7             UH          lo1
192.168.30.4       link#7             UH          lo1
192.168.33.0/24    link#1             U          igb0          # <-- This is my internal downstream ethernet interface
192.168.33.1       link#3             UHS         lo0
192.168.43.0/24    link#4             U         wlan0          # <-- This is my internal downstream WiFi AP
192.168.43.1       link#3             UHS         lo0

# netstat -4rnF1
Routing tables (fib: 1)

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.10.1       UGS         lo2
127.0.0.1          link#3             UHS         lo0
192.168.10.0/24    link#8             US          lo2
192.168.30.0/24    link#7             US          lo1

The system is FreeBSD 14.0 RELEASE.

 

[gotnull]

Just to avoid misunderstanding, I should've mentioned in the question that I'm not running any jails yet.

I only brought the jail situation to pointed out this particular problem with loopback in this specific context.
The main idea was to say if it exists in this specific case it might also exists in other situation like yours for example.
But again I only speculate, someone more qualified than me will certainly give you a better explanation.