Re: libpcap picks up sent packets on freebsd (plus link state query)

[Guy Harris <guy () alum mit edu>]

On Jan 7, 2016, at 2:20 AM, mate csaba <matecs () niif hu> wrote:

> i'm developing a router (rtros.nop.hu) which uses libpcap to capture and send packets to interfaces.
> the interface handler can be found here: http://sources.nop.hu/src/zzz/nat-pcapInt.c
> it's an interface<---->udp socket converter tool: when a packet captured, it'll be sent
> to the udp, when a packet received from the udp, it'll be sent to the interface.
> it works fine on linux for years. now i've noticed that on debian/sid/kfreebsd,
> when i send a packet to the interface, it's get captured.
> could you give me hints how to avoid it in a platform independent manner?

If you limit yourself to platforms on which libpcap has the pcap_setdirection() function, try calling

        pcap_setdirection(ifacePcap, PCAP_D_IN);

before the

        printf("serving others\n");

call.

(I'm a bit surprised that you're not seeing outgoing packets on Linux, though.)

> and a bonus feature request (?):
> could you please provide an api for interface up/down states?

An API to query the interface state?

Or a mechanism to get notified of interface state changes?

The first could probably be done fairly straightforwardly (but you obviously will only be able to use it if you have a 
newer version of libpcap).

The latter would involve more work, and might not be possible if the OS doesn't have a mechanism to deliver those 
events.  (Linux and OS X can, I think - Wireshark uses mechanism on those OSes to be notified when interfaces appear 
and disappear - but it'd take a bit of work to find out what mechanisms, if any, exist on various *BSDs, Solaris, 
Windows, etc..)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers