Re: [tcpdump-workers] sending raw packet using pcap

Wed, 12 Nov 2003 14:53:36 -0800 

Thank you for your suggestion.
I tested calling write() directly on the pcap file descriptor, it works well
if I send packet slow, ie. loop sending paceket and sleep 1 second in each
loop. However, if I don't sleep, I will constantly get error calling the
write( )function.
As you described , I should construct a sockaddr_ll and call sendto()
instead of write(). In my case, I constructed whole customized ethernet
frame, just want to put in on wire.  The structure
struct sockaddr_ll
  {
    unsigned short int sll_family;
    unsigned short int sll_protocol;
    int sll_ifindex;
    unsigned short int sll_hatype;
    unsigned char sll_pkttype;
    unsigned char sll_halen;
    unsigned char sll_addr[8];
  };
contain sll_addr[] which looks like a destination MAC address.  should I
fill that out? And what about other field in this structure ?

Thank you!
----- Original Message ----- 
From: "Guy Harris" <[EMAIL PROTECTED]>
To: "Chris sun" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, November 11, 2003 1:03 AM
Subject: Re: [tcpdump-workers] sending raw packet using pcap


> On Mon, Nov 10, 2003 at 04:32:51PM -0500, Chris sun wrote:
> > The only thing I did is modified pcap_bpf.c file and change the call
> > to ope() from O_RDONLY to O_RDWR.  than call write(pd->fd, .....) to
> > write data into pcap.
> > I am running my test in RH linux 7.2,
>
> If you're not running a system that uses BPF (BSD, including Mac OS X,
> or AIX if configured for BPF), modifying the "pcap-bpf.c" has no effect.
>
> In particular, it's "pcap-linux.c", not "pcap-bpf.c", that handles
> capture on Linux.
>
> In addition, the way you send packets on a descriptor used by libpcap is
> platform-dependent (which is why libpcap should have a send-packet
> interface; we will probably add one at some point, but there's no
> schedule for it at this time).  On Linux, you're supposed to construct
> (at least with modern Linuxes with a 2.2 or later kernel) a "struct
> sockaddr_ll" and use "sendto()" when sending on a PF_PACKET/SOCK_RAW
> socket.
>
> However, you might want to look at libnet, which includes support for
> sending packets on some platforms, including, as I remember, Linux:
>
> http://www.packetfactory.net/projects/libnet/
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use
mailto:[EMAIL PROTECTED]

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]

Reply via email to