Re: BPF to filter/mod ARP
- Reply: Scheffenegger, Richard: "RE: BPF to filter/mod ARP"
- In reply to: Scheffenegger, Richard: "BPF to filter/mod ARP"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 01 Mar 2023 20:58:32 UTC
> On 1. Mar 2023, at 21:33, Scheffenegger, Richard <rscheff@freebsd.org> wrote: > > Hi group, > > Maybe someone can help me with this question - as I am usually only looking at L4 and the top side of L3 ;) > > In order to validate a peculiar switches behavior, I want to adjust some fields in gracious arps sent out by an interface, after a new IP is assigned or changed. Wouldn't scapy allow you to do this kind of testing? Best regards Michael > > I believe BPF can effectively filter on arbitrary bit patterns and modify packets on the fly. > > However, as ARP doesn't seem to be accessible in the ipfw infrastructure, I was wondering how to go about setting up an BPF to tweak (temporarily) some of these ARPs to validate how the switch will behave. > > (I need to validate, if there is some difference when the target hardware address doesn't conform to RFC5227 - which states it SHOULD be zero and is ignored on the receiving side; i have reasons to believe that the switch needs either a target hardware address of ff:ff:ff:ff:ff:ff or the local interface MAC, to properly update it's entries.) > > Thanks a lot! > > Richard > <OpenPGP_0x17BE5899E0B1439B.asc>