Date: 26 Jan 1998 14:05:52 +0100 From: dag-erli@ifi.uio.no (Dag-Erling Coidan Smørgrav) To: marc@bowtie.nl Cc: hackers@FreeBSD.ORG Subject: Re: Is it possible to .. Message-ID: <xzppvlfjsgf.fsf@hrotti.ifi.uio.no> In-Reply-To: Marc van Kempen's message of "Mon, 26 Jan 1998 12:43:24 %2B0100" References: <199801261143.MAA28747@bowtie.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Marc van Kempen <marc@bowtie.nl> writes: > > If what you really meant to ask is "how do I use a network interface > > before it's configured", you can always ifconfig with a bogus address > > (0.0.0.0), enable promiscuous mode, and then use bpf to bypass the > > TCP/IP stack and "roll your own packets". Again, this requires > > knowledge of the underlying hardware protocol. Ethernet should be > > simple enough; read /sys/net/ethernet.h and /sys/net/if_ethersubr.c. > > Thank you, that is exactly what I meant. > Ethernet support is all I need. > > BTW, how do I enable promiscuous mode? You need to set the PROMISC flag on the interface. Once you have an open descriptor to a bpf device, and have selected an interface with the BIOCSETIF ioctl, you can enable promiscuous mode by issuing a BIOCPROMISC ioctl (no argument required) on the bpf descriptor. AFAIK the only way to switch out of promiscuous mode is to detach the bpf descriptor from the interface, can anybody confirm or deny that? Garrett? Anyway, you can never be certain that an interface is *not* in promiscuous mode, since somebody else may have switched it on. When you close the bpf descriptor, bpfclose() calls bpf_detachd() which disables promiscuous mode if it was enabled (or rather, calls ifpromisc() which decrements the interface's pcount and disables promiscuous mode if it reaches 0). All the other dirty details of bpf programming can be gleaned from the bpf(4) man page and the kernel source code (/sys/net/bpf.c and /sys/net/if.c are particularly relevant) There is also a paper on bpf from USENIX 93 or something - which I of course don't have a copy of here, but the URL to a PostScript version of that paper as well as a lot of other useful pointers are listed in the tcpdump(1) README (/usr/src/contrib/tcpdump/README) Does that answer your question? :) -- * Finrod (INTJ) * Unix weenie * dag-erli@ifi.uio.no * cellular +47-92835919 * RFC1123: "Be liberal in what you accept, and conservative in what you send"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzppvlfjsgf.fsf>