From owner-freebsd-hackers  Wed Mar 18 00:38:24 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA27911
          for freebsd-hackers-outgoing; Wed, 18 Mar 1998 00:38:24 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA27904
          for <hackers@freebsd.org>; Wed, 18 Mar 1998 00:38:22 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from thithle.watson.org (thithle.pr.watson.org [192.0.2.8]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id DAA18538 for <hackers@freebsd.org>; Wed, 18 Mar 1998 03:38:21 -0500 (EST)
Date: Wed, 18 Mar 1998 03:38:20 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@thithle.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: hackers@FreeBSD.ORG
Subject: need a reference: data link layer packet transmission
Message-ID: <Pine.BSF.3.96.980318033148.410A-100000@thithle.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


For performance testing and bug catching, I would like to be able to
"replay" tcpdump captured packet streams that were promiscuously sniffed
off of a network.  Using the existing tcpdump to do this is ideal, as it
timestamps, etc.  However, I need to be able to resend the packets over
the network, and not all of the packets of interest are IP-packets.  So I
need to be able to manually ship these packets to the link layer for
delivery (on a specific device).  I know that bpf can be used for
transmission as well as reception (bpfwrite), but have had a hard time
finding sample source code that uses this transmission; bpf is primarily
intended for listening and not deliver.

The Stevens UNIX Network Programming book referred me to the rarp source
code, and indeed there is a somewhat obfuscated creation of rarp replies
there, but I was hoping for something a little more tutorial-like.
Similarly, the man pages are not particularly talkative about the
functions associated with BPF (although they due cover the structures
fairly well).  I do not currently have a copy of the original BPF paper,
but was wondering if it was available online, or if there were other
software packages I could look at for further information.  While I am
willing to delve into kernel source to find the answer, I would rather see
some text or a package that does similar things to what I want to write.

Alternatively, if such a package exists that already does what I describe,
a URL to that would be great!

Thanks in advance,

  Robert N Watson 

Carnegie Mellon University http://www.cmu.edu/
SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message