Date: Sat, 17 Jul 2004 15:43:55 -0400 From: Chuck Swiger <cswiger@mac.com> To: Don Bowman <don@sandvine.com> Cc: "'net@freebsd.org'" <net@freebsd.org> Subject: Re: Question on SOCK_RAW, implement a bpf->other host tee Message-ID: <40F9817B.2070905@mac.com> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337051D9365@mail.sandvine.com> References: <FE045D4D9F7AED4CBFF1B3B813C85337051D9365@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Don Bowman wrote: [ ... ] > Shouldn't the stack ARP for the destination > in my 'sendto', and fill in the ether header? By using SOCK_RAW, you are bypassing the IP layer (or PF_INET, whatever you wish to call it), which I think means that you are also bypassing the ARP lookup code which normally would do so. > The ether-source is filled in, presumably by > the driver. Yes, and probably recomputing the frame-level checksum, but that's about it. When using raw sockets, one should try to pass in a packet that is completely filled in. I've found using libnet (in ports as net/libnet) is a pretty reasonable way of constructing packets, if need be: you build a packet one ISO layer at a time, and it will fill in the things not being handled when using SOCK_RAW. Oh, if it's easier to swap sender and dest addresses within an existing packet, say for ICMP ECHO_REQUEST :-), by all means do so. Still, libnet and libpcap play nicely together. Is the problem that you don't know or have the MAC addr of the destination handy? -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40F9817B.2070905>