tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

build a raw packet

From: Gabe Black <Gabe.Black () jdsu com>
Date: Wed, 15 Dec 2010 10:23:47 -0800
Hi,

I've been working on getting line-rate performance for an application that custom routes potentially small ethernet 
packets.  Almost all methods that I have tried start dropping packets at smaller ethernet frames.  The method that 
seems to be most promising is using PACKET_MMAP (for both transmit and receive) which I believe libpcap can use as well.

However, PACKET_MMAP gives you the raw packet.  I've looked at libpcap's inject function which seems to also deal with 
raw packets, but I am unable to find an api that will help build the raw packet (in my case a udp packet).  What is the 
best way to build a raw packet to make use of of pcap's inject (or in my case PACKET_MMAP)?

I do know the destination IP address (and port) that I want to send the packets.  What I do not know is the next hop 
mac address to fill in the ethernet header; that seems to be the challenging part.  From what I understand, I would 
need to send an arp to find the next-hop address, but there doesn't seem to be a good way to do that programmatically.  

Is there an easier way to construct a valid raw packet?  I mean the socket layer seems to do that for you (not sure if 
it does it in the kernel or in user land).  Is there a way to make use of those facilities operating on your buffer?  

Another alternative to get this info that I thought of would be to use normal sockets to send a dummy udp packet to the 
destination and "capture" the packet to find out what it all used in the packet headers... however, I'm not sure if 
this is the best option as I would like to capture the packet before it is sent (but after the packet is built and all 
the address resolution has occurred) to retrieve the header info without actually sending the packet.

Anyone have any suggestions?  I've done lots of googling on building a raw packet, but I can't find anything that deals 
with the ethernet frame part (i.e. next hop mac address).

Again, I don't use the higher level socket api as it can't keep up with line-rate small ethernet packets.

Gabe
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: