tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap_inject() on loopback (FreeBSD)

From: Guy Harris <guy () alum mit edu>
Date: Sun, 15 Jun 2014 11:07:36 -0700

On Jun 15, 2014, at 5:23 AM, Fernando Gont <fernando () gont com ar> wrote:


I'm trying to send an IPv6 packet with pcap_inject() on the loopback
interface of a FreeBSD 9.2 system.

What I write with pcap_inect() is the IPv6 packet, preceded with the
4-byte AF header (which I set to PF_INET6 (which is 28) in host byte order).

However, pcap_inject() fails with
"send: Address family not supported by protocol family"

and I also get this message on the console::
"looutput: af=31 unexpected"

which would seem to indicate that pcap_inject() is overwriting the value
I set with something else (pseudo_AF_HDRCMPLT?).


It indicates that *some* piece of code is overwriting that value.

However, pcap_inject(), on systems with BPF, is:

        static int
        pcap_inject_bpf(pcap_t *p, const void *buf, size_t size)
        {
                int ret;

                ret = write(p->fd, buf, size);
        #ifdef __APPLE__

                        a bunch of code only used on OS X/iOS

        #endif /* __APPLE__ */
                if (ret == -1) {
                        snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "send: %s",
                            pcap_strerror(errno));
                        return (PCAP_ERROR);
                }
                return (ret);
        }

so it's not what's setting pseudo_AF_HDRCMPLT.

The offending code is in bpfwrite():

        if (d->bd_hdrcmplt)
                dst.sa_family = pseudo_AF_HDRCMPLT;

"dst" is handed to looutput() in sys/net/if_loop.c, which does

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == AF_UNSPEC)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

The common code for Ethernet sends (ether_output()) explicitly handles both AF_UNSPEC *and* pseudo_AF_HDRCMPLT; the 
loopback driver needs to handle it as well, e.g. either

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == pseudo_AF_HDRCMPLT)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

or      

        /* BPF writes need to be handled specially. */
        if (dst->sa_family == pseudo_AF_HDRCMPLT || dst->sa_family == AF_UNSPEC)
                bcopy(dst->sa_data, &af, sizeof(af));
        else
                af = dst->sa_family;

As the person who came across this bug, you should file a bug on this; if you can, CC me on it, or, if not, let me know 
what bug ID it gets assigned so that I can try to CC myself on it.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: