tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: sending raw packet using pcap

From: "Chris sun" <lei_sun () comcast net>
Date: Wed, 12 Nov 2003 15:51:53 -0500
Thank you for your suggestion.
I tested calling write() directly on the pcap file descriptor, it works well
if I send packet slow, ie. loop sending paceket and sleep 1 second in each
loop. However, if I don't sleep, I will constantly get error calling the
write( )function.
As you described , I should construct a sockaddr_ll and call sendto()
instead of write(). In my case, I constructed whole customized ethernet
frame, just want to put in on wire.  The structure
struct sockaddr_ll
  {
    unsigned short int sll_family;
    unsigned short int sll_protocol;
    int sll_ifindex;
    unsigned short int sll_hatype;
    unsigned char sll_pkttype;
    unsigned char sll_halen;
    unsigned char sll_addr[8];
  };
contain sll_addr[] which looks like a destination MAC address.  should I
fill that out? And what about other field in this structure ?

Thank you!
----- Original Message ----- 
From: "Guy Harris" <guy () alum mit edu>
To: "Chris sun" <lei_sun () comcast net>
Cc: <tcpdump-workers () tcpdump org>
Sent: Tuesday, November 11, 2003 1:03 AM
Subject: Re: [tcpdump-workers] sending raw packet using pcap



On Mon, Nov 10, 2003 at 04:32:51PM -0500, Chris sun wrote:

The only thing I did is modified pcap_bpf.c file and change the call
to ope() from O_RDONLY to O_RDWR.  than call write(pd->fd, .....) to
write data into pcap.
I am running my test in RH linux 7.2,


If you're not running a system that uses BPF (BSD, including Mac OS X,
or AIX if configured for BPF), modifying the "pcap-bpf.c" has no effect.

In particular, it's "pcap-linux.c", not "pcap-bpf.c", that handles
capture on Linux.

In addition, the way you send packets on a descriptor used by libpcap is
platform-dependent (which is why libpcap should have a send-packet
interface; we will probably add one at some point, but there's no
schedule for it at this time).  On Linux, you're supposed to construct
(at least with modern Linuxes with a 2.2 or later kernel) a "struct
sockaddr_ll" and use "sendto()" when sending on a PF_PACKET/SOCK_RAW
socket.

However, you might want to look at libnet, which includes support for
sending packets on some platforms, including, as I remember, Linux:

http://www.packetfactory.net/projects/libnet/
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use

mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: