Re: [tcpdump-workers] pcap_inject() on loopback (FreeBSD)

Sun, 15 Jun 2014 11:10:18 -0700 

On Jun 15, 2014, at 5:23 AM, Fernando Gont <ferna...@gont.com.ar> wrote:

> I'm trying to send an IPv6 packet with pcap_inject() on the loopback
> interface of a FreeBSD 9.2 system.
> 
> What I write with pcap_inect() is the IPv6 packet, preceded with the
> 4-byte AF header (which I set to PF_INET6 (which is 28) in host byte order).
> 
> However, pcap_inject() fails with
> "send: Address family not supported by protocol family"
> 
> and I also get this message on the console::
> "looutput: af=31 unexpected"
> 
> which would seem to indicate that pcap_inject() is overwriting the value
> I set with something else (pseudo_AF_HDRCMPLT?).

It indicates that *some* piece of code is overwriting that value.

However, pcap_inject(), on systems with BPF, is:

        static int
        pcap_inject_bpf(pcap_t *p, const void *buf, size_t size)
        {
                int ret;

                ret = write(p->fd, buf, size);
        #ifdef __APPLE__

                        a bunch of code only used on OS X/iOS

        #endif /* __APPLE__ */
                if (ret == -1) {
                        snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
                            pcap_strerror(errno));
                        return (PCAP_ERROR);
                }
                return (ret);
        }

so it's not what's setting pseudo_AF_HDRCMPLT.

The offending code is in bpfwrite():

        if (d->bd_hdrcmplt)
                dst.sa_family = pseudo_AF_HDRCMPLT;

"dst" is handed to looutput() in sys/net/if_loop.c, which does

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == AF_UNSPEC)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

The common code for Ethernet sends (ether_output()) explicitly handles both 
AF_UNSPEC *and* pseudo_AF_HDRCMPLT; the loopback driver needs to handle it as 
well, e.g. either

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == pseudo_AF_HDRCMPLT)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

or      

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == pseudo_AF_HDRCMPLT || dst->sa_family == AF_UNSPEC)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

As the person who came across this bug, you should file a bug on this; if you 
can, CC me on it, or, if not, let me know what bug ID it gets assigned so that 
I can try to CC myself on it.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to