tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: build a raw packet

From: yet another braindamaged entity <sickmind () lavabit com>
Date: Thu, 16 Dec 2010 01:04:41 +0300
On 10:23 Wed 15 Dec     , Gabe Black wrote:

Hi,

I've been working on getting line-rate performance for an application that custom routes potentially small ethernet 
packets.  Almost all methods that I have tried start dropping packets at smaller ethernet frames.  The method that 
seems to be most promising is using PACKET_MMAP (for both transmit and receive) which I believe libpcap can use as 
well.

However, PACKET_MMAP gives you the raw packet.  I've looked at libpcap's inject function which seems to also deal 
with raw packets, but I am unable to find an api that will help build the raw packet (in my case a udp packet).  What 
is the best way to build a raw packet to make use of of pcap's inject (or in my case PACKET_MMAP)?

I do know the destination IP address (and port) that I want to send the packets.  What I do not know is the next hop 
mac address to fill in the ethernet header; that seems to be the challenging part.  From what I understand, I would 
need to send an arp to find the next-hop address, but there doesn't seem to be a good way to do that 
programmatically.  

Is there an easier way to construct a valid raw packet?  I mean the socket layer seems to do that for you (not sure 
if it does it in the kernel or in user land).  Is there a way to make use of those facilities operating on your 
buffer?  

Another alternative to get this info that I thought of would be to use normal sockets to send a dummy udp packet to 
the destination and "capture" the packet to find out what it all used in the packet headers... however, I'm not sure 
if this is the best option as I would like to capture the packet before it is sent (but after the packet is built and 
all the address resolution has occurred) to retrieve the header info without actually sending the packet.

Anyone have any suggestions?  I've done lots of googling on building a raw packet, but I can't find anything that 
deals with the ethernet frame part (i.e. next hop mac address).

Again, I don't use the higher level socket api as it can't keep up with line-rate small ethernet packets.

Gabe
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


try using libnet.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: