Question on SOCK_RAW, implement a bpf->other host tee
Robert Watson
rwatson at freebsd.org
Sun Jul 18 21:44:06 PDT 2004
On Sun, 18 Jul 2004, Bruce M Simpson wrote:
> On Sun, Jul 18, 2004 at 05:38:22PM -0400, Robert Watson wrote:
> > > I have swapped the ip_len, ip_off fields.
> >
> > Are you sure you need to do this? I thought BPF/PCAP provided those
> > fields in network byte order already, in which case you shouldn't need to
> > touch these fields unless you need to adjust them.
>
> I think Don is referring to the fact that IP_HDRINCL in our stack
> expects to see these fields in host byte order (as per my update of the
> ip(4) manual page quite recently). Raw socket stuff being different from
> bpf stuff.
Yes, indeed I misunderstood. However, I think my explanation for the
packets not arriving where expected probably remains valid. The only
other thing that came to mind was dealing with ip_id -- when the raw IP
code sees an ID of 0, it will substitute its own value. I'm not sure how
many packets on the wire end up having ID's of zero, but that will be a
case where the packet is modified by virtue of being resent using the raw
socket interface.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
More information about the freebsd-net
mailing list