From owner-freebsd-net@FreeBSD.ORG  Sat Jul 17 19:44:43 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E471A16A4CE
	for <net@freebsd.org>; Sat, 17 Jul 2004 19:44:43 +0000 (GMT)
Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7378743D2D
	for <net@freebsd.org>; Sat, 17 Jul 2004 19:44:43 +0000 (GMT)
	(envelope-from cswiger@mac.com)
Received: from [192.168.1.3] ([68.161.84.3]) by out002.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040717194442.CZLK9273.out002.verizon.net@[192.168.1.3]>;
          Sat, 17 Jul 2004 14:44:42 -0500
Message-ID: <40F9817B.2070905@mac.com>
Date: Sat, 17 Jul 2004 15:43:55 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.1) Gecko/20040707
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Don Bowman <don@sandvine.com>
References: <FE045D4D9F7AED4CBFF1B3B813C85337051D9365@mail.sandvine.com>
In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337051D9365@mail.sandvine.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from
	[68.161.84.3] at Sat, 17 Jul 2004 14:44:42 -0500
cc: "'net@freebsd.org'" <net@freebsd.org>
Subject: Re: Question on SOCK_RAW, implement a bpf->other host tee
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2004 19:44:44 -0000

Don Bowman wrote:
[ ... ]
> Shouldn't the stack ARP for the destination
> in my 'sendto', and fill in the ether header?

By using SOCK_RAW, you are bypassing the IP layer (or PF_INET, whatever you 
wish to call it), which I think means that you are also bypassing the ARP 
lookup code which normally would do so.

> The ether-source is filled in, presumably by
> the driver.

Yes, and probably recomputing the frame-level checksum, but that's about it. 
When using raw sockets, one should try to pass in a packet that is completely 
filled in.  I've found using libnet (in ports as net/libnet) is a pretty 
reasonable way of constructing packets, if need be: you build a packet one ISO 
layer at a time, and it will fill in the things not being handled when using 
SOCK_RAW.

Oh, if it's easier to swap sender and dest addresses within an existing 
packet, say for ICMP ECHO_REQUEST :-), by all means do so.  Still, libnet and 
libpcap play nicely together.

Is the problem that you don't know or have the MAC addr of the destination handy?

-- 
-Chuck