From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 3FE861A94C2B for ; Fri, 31 May 2024 05:43:49 -0400 (EDT) (envelope-from pramod.batni@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 19DC031B261; Fri, 31 May 2024 05:43:49 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1717148629; b=Ce1MOL2/1iRxwGZMdHckqrJR8jEnZJUlHdn/y71gwMkyX89wL9 VnOyI6o0d5ME4oZjdSwWxZTfiXegn5qUY6RvtKC7VPqpE9mfKwbUT1SCQlaevFAR SNwfjm2fnZ6sLVYtUGGBpHRxfKvm33GE8j2bywNCwfb3/+mZmdOAl6sdJnXZuoWz WqB8Uey+cwqGWaWqygpSWKwjen8ZWXk0mkLZittRmajbmGJXkoUxq5RAgJ4J17HF jvxDK7REE5BwiFdNB1ecFAC8YAzk5G1Npl4ZGpSlMNl3ErdcIex+o8jOh6sRg5m+ YY56k4ottnYxF0UT1bbWQ5WxGEAZDDumy6Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1717148629; bh=CePDJN7U3yIjL0RvuB3xJXMqR+N6bRW+ck5fVI6lGJs=; b=etZzW+Z8dU2Z 8htdPQ8mhIDO0a4E8UtXQ5qzV6e+XliS7amnBE+26hmrgFyyR9c7EO27mgt15Hhw 19XJ+kaIu9O1ftuxxeD5U60FkMWaj1j2/Ycq1nr1LMWq25nc7eN3cvXWFxqdiKxg e8qKUKb6YqW+Ei3ljTrfgKKhT9RPZM85BlcgfeOFhXbFY3T3GrkZMhtBYZHYHNfc F6MmYFodDn9bfdnyBI61kJ83vPWxTVz1XqMX4sUrC2jG0FpvokQmkopYmAjoNso6 WWG+BVcU/a82hvUB40PaUff11hv3IhKoUL6vFcoNrQAumXBUSuUR0RA2WLV3Zlaq k9yC1LeY5Q== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=eVK1HrnP header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.216.43 (mail-pj1-f43.google.com); spf=pass smtp.mailfrom=pramod.batni@gmail.com smtp.helo=mail-pj1-f43.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=btG8+aZ9; x-me-sender=none; x-ptr=pass smtp.helo=mail-pj1-f43.google.com policy.ptr=mail-pj1-f43.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-100 state=0 Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=eVK1HrnP header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.216.43 (mail-pj1-f43.google.com); spf=pass smtp.mailfrom=pramod.batni@gmail.com smtp.helo=mail-pj1-f43.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=btG8+aZ9; x-me-sender=none; x-ptr=pass smtp.helo=mail-pj1-f43.google.com policy.ptr=mail-pj1-f43.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt3.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-100 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdekiedgudelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepgghfjgfhfffkuffvtgesrgdtreertddtjeenucfh rhhomheprfhrrghmohguuceurghtnhhiuceophhrrghmohgurdgsrghtnhhisehgmhgrih hlrdgtohhmqeenucggtffrrghtthgvrhhnpeehvdetteetffejjeffgfevieelgeekfeek keevueejgeevteejleevudeuvdefteenucffohhmrghinhepthgvlhhkrgdrshhkpdhtoh hpihgtsghogidrtghomhenucfkphepvddtledrkeehrddvudeirdegfeenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedvtdelrdekhedrvdduiedrgeefpd hhvghlohepmhgrihhlqdhpjhduqdhfgeefrdhgohhoghhlvgdrtghomhdpmhgrihhlfhhr ohhmpeeophhrrghmohgurdgsrghtnhhisehgmhgrihhlrdgtohhmqedpnhgspghrtghpth htohepuddprhgtphhtthhopeeouggvvhgvlhhophgvrheslhhishhtshdrihhllhhumhho shdrohhrgheq X-ME-VSScore: -100 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'pramod.batni@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="pramod.batni@gmail.com"; helo=mail-pj1-f43.google.com; client-ip=209.85.216.43 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for ; Fri, 31 May 2024 05:43:48 -0400 (EDT) (envelope-from pramod.batni@gmail.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-2c1e7708cfdso205910a91.2 for ; Fri, 31 May 2024 02:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717148627; x=1717753427; darn=lists.illumos.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=CePDJN7U3yIjL0RvuB3xJXMqR+N6bRW+ck5fVI6lGJs=; b=eVK1HrnPW1UBda0rn0AHlPLFx6HIijTRL7dYZOTkDJ6SjcDYfTJp/gNdJbNINANN1K 15339ZGEGdncbC8/YX+L3LWhbmJXzSSLmHP5gwclqhrZoG37VAIFlrgx07EV79M3CBnd siCtp+3rN+ReJ9XZ4XIxrvT0Qj2LChDgHOHpxfn8fwhmQ53cUJ466qTKbzJNUYY38FRz doTJNlYrpAlBjZBYiZNNFVwUmdN6aZUPzb5FfRNDMx7tKudo0Vbt/dxhPBmvdPWOHI85 UEeslB+Fq0anCQfQEJM/f9f6T3k8Zl0k5azXeR1nzV0ovPKnrFqEkIS5X3UenZaPDR0j JqIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717148627; x=1717753427; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CePDJN7U3yIjL0RvuB3xJXMqR+N6bRW+ck5fVI6lGJs=; b=btG8+aZ9f7DEG2LqSUqAFoFk7XlI/2AG3vZ7i2WJmMLkADiIcHLrEIRnfbNU4/Lq5w SbJsQD5MNUXihk8bjCqFNAO32my3O+z4FF3LP3SrokLCeuVgb8fc3y0HpSst6AwG7sLi uOxwTqGRxuYDvHej4W5A4BcFgSWBpcJaBBcf9B3WVGXTfTVOy+85SBhGMzUNA7PqvcOq q6z1I6g+Vkb7BxnY78W5rKq2CE7M8xTQBD6C3D+oLKIQ0zj3tNNcYMw/CNtPmvVF58fs OJgYWojtCHKK/C7m4sqpzfH5+xywTt3+xgAYKR8uGeqqLrK7d4F+hIoSODjo3tKTTwcG 323Q== X-Gm-Message-State: AOJu0Yw2iJrWmGfN6eTG9xWPpy9G8gnz5TmUuUP0ejpGfKlbrTwjkgYn uTWDalMKwObwLzPvoXZ0VMpk/x4z+sV47SSqDxptDTahp20tp/20eSflAE118JefxubcqmXXFrN Wj2P3V9iBW3txy9/xWIX05+SvusZ3zqgb X-Google-Smtp-Source: AGHT+IEckB7RzgvPk2Z8D5C0cDAY89TVE6TuvaF1Rh4/d4LuJkb/dAV4nDdp59MwN41Zf3yJ6MPdMH7Df1Z+0y6Ho4U= X-Received: by 2002:a17:90a:ac16:b0:2bd:defd:d05f with SMTP id 98e67ed59e1d1-2c1dc5806cfmr1092446a91.13.1717148627010; Fri, 31 May 2024 02:43:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Pramod Batni Date: Fri, 31 May 2024 15:13:35 +0530 Message-ID: Subject: Re: [developer] Raw ethernet packets To: illumos-developer Content-Type: multipart/alternative; boundary="000000000000f08e140619bcd141" Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 4b0f3600-1f32-11ef-ba54-c9096ca94a7b --000000000000f08e140619bcd141 Content-Type: text/plain; charset="UTF-8" Regarding 2. I think the reason snoop not showing the Ethernet packet is probably because /dev/bpf works at the same (or lower) level than the level at which snoop captures the packet. Not sure but worth checking (is the Ethernet packet on the network by some other host on the same network) On Fri, 31 May 2024 at 14:14, Marcel Telka wrote: > Hi, > > I'm trying to send a raw ethernet packet from an userland application > but all my attempts so far were unsuccessful. I basically tried two > approaches (see below) but maybe both are in wrong direction. I'd > appreciate some help, suggestion or pointer to an working example or > application already doing that. > > > 1) socket()/bind() > > int s = socket(AF_PACKET, SOCK_RAW, 0); > > struct sockaddr_ll llp = {}; > llp.sll_family = AF_PACKET; > llp.sll_protocol = 0x0800; > llp.sll_ifindex = 5; /* this is from ifconfig -a */ > > bind(s, (struct sockaddr *)&llp, sizeof (struct sockaddr_ll)); > > The bind() call above failed. > > > 2) bpf > > /* Copy of real ARP packet from snoop capture */ > char buf[] = > "\xff\xff\xff\xff\xff\xff" > "\x00\x1c\x25\xa0\xb7\x2e" > "\x08\x06\x00\x01" > "\x08\x00\x06\x04\x00\x01" > "\x00\x1c\x25\xa0\xb7\x2e" > "\x0a\x00\x00\x0d" > "\xff\xff\xff\xff\xff\xff" > "\x0a\x00\x00\x37" > ; > > int fd = open("/dev/bpf", O_RDWR); > > struct ifreq ifr = { .ifr_name = {} }; > memcpy(&ifr.ifr_name, "e1000g0", 7); > ioctl(fd, BIOCSETIF, (caddr_t)&ifr); > > int enable = 1; > ioctl(fd, BIOCIMMEDIATE, (caddr_t)&enable); > > enable = 1; > ioctl(fd, BIOCSHDRCMPLT, (caddr_t)&enable); > > write(fd, buf, sizeof buf - 1); > > > In this case all functions passed so it looks like everything works, but > I'm unable to snoop the packet on the network. > > > Thank you. > > -- > +-------------------------------------------+ > | Marcel Telka e-mail: marcel@telka.sk | > | homepage: http://telka.sk/ | > +-------------------------------------------+ > > ------------------------------------------ > illumos: illumos-developer > Permalink: > https://illumos.topicbox.com/groups/developer/T9ea91ef91413959c-M0f5ac7181f7a9e8e1120f867 > Delivery options: > https://illumos.topicbox.com/groups/developer/subscription > --000000000000f08e140619bcd141 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Regarding 2.=C2=A0
=C2=A0 =C2=A0
=C2=A0 =C2=A0 I think the reason snoop not showing th= e
=C2=A0 =C2=A0 Ethernet packet is probably because = /dev/bpf
=C2=A0 =C2=A0works at the same (or lower) l= evel than
=C2=A0 =C2=A0the level at which snoop capt= ures the packet.


=C2=A0 =C2=A0Not sure but worth checking (is the=C2=A0=
=C2=A0 =C2=A0Ethernet packet on the network by some=
=C2=A0 =C2=A0 other host on the same network)
=



On Fri, 31 May 2024 = at 14:14, Marcel Telka <marcel@telka.= sk> wrote:
Hi,

I'm trying to send a raw ethernet packet from an userland application but all my attempts so far were unsuccessful.=C2=A0 I basically tried two approaches (see below) but maybe both are in wrong direction.=C2=A0 I'd=
appreciate some help, suggestion or pointer to an working example or
application already doing that.


1) socket()/bind()

=C2=A0 =C2=A0 =C2=A0 =C2=A0 int s =3D socket(AF_PACKET, SOCK_RAW, 0);

=C2=A0 =C2=A0 =C2=A0 =C2=A0 struct sockaddr_ll llp =3D {};
=C2=A0 =C2=A0 =C2=A0 =C2=A0 llp.sll_family =3D AF_PACKET;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 llp.sll_protocol =3D 0x0800;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 llp.sll_ifindex =3D 5;=C2=A0 =C2=A0 /* this is = from ifconfig -a */

=C2=A0 =C2=A0 =C2=A0 =C2=A0 bind(s, (struct sockaddr *)&llp, sizeof (st= ruct sockaddr_ll));

The bind() call above failed.


2) bpf

=C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Copy of real ARP packet from snoop capture *= /
=C2=A0 =C2=A0 =C2=A0 =C2=A0 char buf[] =3D
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\xff\xff\xff\xff\xff\xff"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x00\x1c\x25\xa0\xb7\x2e"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x08\x06\x00\x01"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x08\x00\x06\x04\x00\x01"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x00\x1c\x25\xa0\xb7\x2e"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x0a\x00\x00\x0d"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\xff\xff\xff\xff\xff\xff"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 "\x0a\x00\x00\x37"
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ;

=C2=A0 =C2=A0 =C2=A0 =C2=A0 int fd =3D open("/dev/bpf", O_RDWR);<= br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 struct ifreq ifr =3D { .ifr_name =3D {} };
=C2=A0 =C2=A0 =C2=A0 =C2=A0 memcpy(&ifr.ifr_name, "e1000g0", = 7);
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ioctl(fd, BIOCSETIF, (caddr_t)&ifr);

=C2=A0 =C2=A0 =C2=A0 =C2=A0 int enable =3D 1;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ioctl(fd, BIOCIMMEDIATE, (caddr_t)&enable);=

=C2=A0 =C2=A0 =C2=A0 =C2=A0 enable =3D 1;
=C2=A0 =C2=A0 =C2=A0 =C2=A0 ioctl(fd, BIOCSHDRCMPLT, (caddr_t)&enable);=

=C2=A0 =C2=A0 =C2=A0 =C2=A0 write(fd, buf, sizeof buf - 1);


In this case all functions passed so it looks like everything works, but I'm unable to snoop the packet on the network.


Thank you.

--
+-------------------------------------------+
| Marcel Telka=C2=A0 =C2=A0e-mail:=C2=A0 =C2=A0marcel@telka.sk=C2=A0 |
|=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 homepage: http://telka.sk/= |
+-------------------------------------------+

------------------------------------------
illumos: illumos-developer
Permalink: = https://illumos.topicbox.com/groups/developer/T9ea91ef91413959c-M0f5ac7181f= 7a9e8e1120f867
Delivery options: https://illumos.topicbox= .com/groups/developer/subscription
--000000000000f08e140619bcd141--