tcpdump mailing list archives
pcap DLT_NULL encapsulation
From: Fernando Gont <fernando () gont com ar>
Date: Tue, 19 Feb 2013 04:46:52 -0300
Folks, I've working on a libpcap-based program that sends packets over a gogoc-created tunnel in FreeBSD 9.0. The gogoc-created interface is of type DLT_NULL. My understanding is that packets sent/received on such interface type include a 4-byte header that includes the address family as a 32-bit integer, in host byte order. Packets sent with tools such as ping6, get the corresponding header set to 0x1c (PF_INET6). However, packets sent with pcap_inject() get such header set to 0x1f, even when I explicitly set it to PF_INET6 (0x1c).
From a practical point of view, everything works ok (i.e., my packets
*are* successfully sent over the tunnel). However, when sniffing traffic on my local host, I get a "AF unknown (31)", as in: --- cut here ---- 04:31:09.377625 AF Unknown (31), length 108: 0x0000: 6000 0000 0040 3aff 2001 05c0 1000 000a `....@:......... 0x0010: 0000 0000 0000 152d 2001 05c0 1000 000a .......-........ 0x0020: 0000 0000 0000 0108 8000 d368 667c 0000 ...........hf|.. ---- cut here ---- it looks like no matter what I write in that header, the contents never change when the packet hit the interface (i.e., once pcap_inject() is called, it seems those bytes are being rewritten). Is this a known issue with gogoc? Am I missing something else? Thanks! Best regards, -- Fernando Gont e-mail: fernando () gont com ar || fgont () si6networks com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- pcap DLT_NULL encapsulation Fernando Gont (Feb 20)