Regarding 2.
I think the reason snoop not showing the
Ethernet packet is probably because /dev/bpf
works at the same (or lower) level than
the level at which snoop captures the packet.
Not sure but worth checking (is the
Ethernet packet on the network by some
other host on the same network)
Hi,
I'm trying to send a raw ethernet packet from an userland application
but all my attempts so far were unsuccessful. I basically tried two
approaches (see below) but maybe both are in wrong direction. I'd
appreciate some help, suggestion or pointer to an working example or
application already doing that.
1) socket()/bind()
int s = socket(AF_PACKET, SOCK_RAW, 0);
struct sockaddr_ll llp = {};
llp.sll_family = AF_PACKET;
llp.sll_protocol = 0x0800;
llp.sll_ifindex = 5; /* this is from ifconfig -a */
bind(s, (struct sockaddr *)&llp, sizeof (struct sockaddr_ll));
The bind() call above failed.
2) bpf
/* Copy of real ARP packet from snoop capture */
char buf[] =
"\xff\xff\xff\xff\xff\xff"
"\x00\x1c\x25\xa0\xb7\x2e"
"\x08\x06\x00\x01"
"\x08\x00\x06\x04\x00\x01"
"\x00\x1c\x25\xa0\xb7\x2e"
"\x0a\x00\x00\x0d"
"\xff\xff\xff\xff\xff\xff"
"\x0a\x00\x00\x37"
;
int fd = open("/dev/bpf", O_RDWR);
struct ifreq ifr = { .ifr_name = {} };
memcpy(&ifr.ifr_name, "e1000g0", 7);
ioctl(fd, BIOCSETIF, (caddr_t)&ifr);
int enable = 1;
ioctl(fd, BIOCIMMEDIATE, (caddr_t)&enable);
enable = 1;
ioctl(fd, BIOCSHDRCMPLT, (caddr_t)&enable);
write(fd, buf, sizeof buf - 1);
In this case all functions passed so it looks like everything works, but
I'm unable to snoop the packet on the network.
Thank you.
--
+-------------------------------------------+
| Marcel Telka e-mail: marcel@telka.sk |
| homepage: http://telka.sk/ |
+-------------------------------------------+
------------------------------------------
illumos: illumos-developer
Permalink: https://illumos.topicbox.com/groups/developer/T9ea91ef91413959c-M0f5ac7181f7a9e8e1120f867
Delivery options: https://illumos.topicbox.com/groups/developer/subscription