Date: Mon, 19 Jul 2004 00:43:35 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Bruce M Simpson <bms@spc.org> Cc: "'net@freebsd.org'" <net@freebsd.org> Subject: Re: Question on SOCK_RAW, implement a bpf->other host tee Message-ID: <Pine.NEB.3.96L.1040719004148.38770A-100000@fledge.watson.org> In-Reply-To: <20040718221925.GE87575@empiric.dek.spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 18 Jul 2004, Bruce M Simpson wrote: > On Sun, Jul 18, 2004 at 05:38:22PM -0400, Robert Watson wrote: > > > I have swapped the ip_len, ip_off fields. > > > > Are you sure you need to do this? I thought BPF/PCAP provided those > > fields in network byte order already, in which case you shouldn't need to > > touch these fields unless you need to adjust them. > > I think Don is referring to the fact that IP_HDRINCL in our stack > expects to see these fields in host byte order (as per my update of the > ip(4) manual page quite recently). Raw socket stuff being different from > bpf stuff. Yes, indeed I misunderstood. However, I think my explanation for the packets not arriving where expected probably remains valid. The only other thing that came to mind was dealing with ip_id -- when the raw IP code sees an ID of 0, it will substitute its own value. I'm not sure how many packets on the wire end up having ID's of zero, but that will be a case where the packet is modified by virtue of being resent using the raw socket interface. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040719004148.38770A-100000>