Question on SOCK_RAW, implement a bpf->other host tee
Chuck Swiger
cswiger at mac.com
Sat Jul 17 12:44:44 PDT 2004
Don Bowman wrote:
[ ... ]
> Shouldn't the stack ARP for the destination
> in my 'sendto', and fill in the ether header?
By using SOCK_RAW, you are bypassing the IP layer (or PF_INET, whatever you
wish to call it), which I think means that you are also bypassing the ARP
lookup code which normally would do so.
> The ether-source is filled in, presumably by
> the driver.
Yes, and probably recomputing the frame-level checksum, but that's about it.
When using raw sockets, one should try to pass in a packet that is completely
filled in. I've found using libnet (in ports as net/libnet) is a pretty
reasonable way of constructing packets, if need be: you build a packet one ISO
layer at a time, and it will fill in the things not being handled when using
SOCK_RAW.
Oh, if it's easier to swap sender and dest addresses within an existing
packet, say for ICMP ECHO_REQUEST :-), by all means do so. Still, libnet and
libpcap play nicely together.
Is the problem that you don't know or have the MAC addr of the destination handy?
--
-Chuck
More information about the freebsd-net
mailing list