Date: Thu, 01 Oct 1998 23:36:09 +0930 From: Leigh Hart <hart@dotat.com> To: "Juan L. Freniche" <jlfreniche@acm.org> Cc: FreeBSD Net <freebsd-net@FreeBSD.ORG> Subject: Re: ZNYX and writing/reading LL frames Message-ID: <199810011406.XAA19276@at.dotat.com> In-Reply-To: Your message of "Thu, 01 Oct 1998 09:28:50 %2B0200." <36132F32.2D81@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Juan, Funny, I started asking some of these questions of myself just yesterday ;] Most of your answers lie within man... I have no idea what you're trying to do with that wierd'n'wonderful network diagram, however, onto your questions: "Juan L. Freniche" <jlfreniche@acm.org> wrote: > > 3 How to program (in C) the interface in promiscuous mode? > ---> Still Open man bpf and see below. > 5 How to write link-layer frames? The application will write the > complete frame, including the first 14 bytes. > ---> Still Open man bpf - you can open /dev/bpf0 - ioctl a few times to setup which interface you want to attach the filter to, use ioctl to set the interface to promiscuous mode and optionally use ioctl again to set the read operation to one-packet-at-a-time mode, rather than allowing the bpf to buffer as many frames into your read call as it can manage (using BIOCIMMEDIATE) - this makes life a little simpler, that's all. Then you can write frames to your hearts content. There is one caveat - in 2.2.5 (at least, not sure about -current) when you write an ethernet frame out via the bpf file descriptor, the kernel re-writes the source MAC address in your packet to that of the interface which is being used to send the packet. This is designed to prevent spoof attacks I presume, but its a pain in the neck if you're writing a bridge application in userland :) I'll be generating a small diff for the hack I made to fix this sooner or later ;] (see if_ethersubr.c in ether_output, at or about case AF_UNSPEC:, where memcpy is used to set eh->ether_shost) Will allow you to write link-layer frames to the device. > 6 How to read, in an exclusive way, link-layer frames? By exclusive I > mean that the application will receive the frame and that, given the > non-standard header (in particular, the EtherType), that frame must > not be passed to the network stack. > ---> Still Open You can read packets using the above bpf stuff, but note that your buffer will contain not just the packet, but also an extra bpf_hdr which has a few other details about the packet - use the following to bypass the header and get straight into the meat of the ethernet frame: frame_ptr = buffer+((struct bpf_hdr *)buffer)->bh_hdrlen; (don't use sizeof(struct bpf_hdr) to get the length of the bpf_hdr, read /usr/include/net/bpf.h for the reasons why...) As for stopping the packets from reaching the higher level protocols, I don't believe you can do this exclusively without frobbing the kernel. Cheers Leigh -- | "By the time they had diminished | Leigh Hart, <hart@dotat.com> | | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810011406.XAA19276>