Re: [tcpdump-workers] libpcap picks up sent packets on freebsd (plus link state query)
hi,
On 01/07/2016 11:51 AM, Guy Harris wrote:
On Jan 7, 2016, at 2:20 AM, mate csaba wrote:
i'm developing a router (rtros.nop.hu) which uses libpcap to capture and send
packets to interfaces.
the interface handler can be found here:
http://sources.nop.hu/src/zzz/nat-pcapInt.c
it's an interface<>udp socket converter tool: when a packet captured, it'll
be sent
to the udp, when a packet received from the udp, it'll be sent to the interface.
it works fine on linux for years. now i've noticed that on debian/sid/kfreebsd,
when i send a packet to the interface, it's get captured.
could you give me hints how to avoid it in a platform independent manner?
If you limit yourself to platforms on which libpcap has the pcap_setdirection()
function, try calling
pcap_setdirection(ifacePcap, PCAP_D_IN);
before the
printf("serving others\n");
call.
thanks for the hint, this solved my issue: now it works fine on both
linux and kfreebsd.
(I'm a bit surprised that you're not seeing outgoing packets on Linux, though.)
surely it worked fine without setdir, i'm testing regularly since linux
2.6 times on debian/sid/{i386|amd64}...
and a bonus feature request (?):
could you please provide an api for interface up/down states?
An API to query the interface state?
yess. a libpcap api which is a wrapper for SIOCGIFFLAGS & (IFF_RUNNING |
IFF_UP) or similar
it would be very elegant if i don't call ioctl at all from this pcap
code i've other codes for linux
which uses raw sockets or zerocopy, they need to call ioctls, but pcap
code really should not...
Or a mechanism to get notified of interface state changes?
this one would be also nice if i would like to achieve interface down
detection within some millisecs for fast routing protocol convergence...
(my side is ready for it so if you've plans here, i would be really
happy to test out the results...)
The first could probably be done fairly straightforwardly (but you obviously
will only be able to use it if you have a newer version of libpcap).
so you mean that there's a function somewhere, like setdirection? could
you point me to the right direction once again, please? :)
The latter would involve more work, and might not be possible if the OS doesn't
have a mechanism to deliver those events. (Linux and OS X can, I think -
Wireshark uses mechanism on those OSes to be notified when interfaces appear
and disappear - but it'd take a bit of work to find out what mechanisms, if
any, exist on various *BSDs, Solaris, Windows, etc..)
sounds interesting... if you implement interface down callback, i would
appreciate it
and if a platform can't do it, i still can query periodically the
interface state with poll mechanism you mentioned above...
regards,
cs
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] libpcap picks up sent packets on freebsd (plus link state query)
dear team,
i'm still waiting for your idea on how to achieve fast link loss
detection with libpcap
thanks in advance,
csaba mate
niif/as1955
On 01/07/2016 12:50 PM, mate csaba wrote:
hi,
On 01/07/2016 11:51 AM, Guy Harris wrote:
On Jan 7, 2016, at 2:20 AM, mate csaba wrote:
i'm developing a router (rtros.nop.hu) which uses libpcap to capture
and send packets to interfaces.
the interface handler can be found here:
http://sources.nop.hu/src/zzz/nat-pcapInt.c
it's an interface<>udp socket converter tool: when a packet
captured, it'll be sent
to the udp, when a packet received from the udp, it'll be sent to
the interface.
it works fine on linux for years. now i've noticed that on
debian/sid/kfreebsd,
when i send a packet to the interface, it's get captured.
could you give me hints how to avoid it in a platform independent
manner?
If you limit yourself to platforms on which libpcap has the
pcap_setdirection() function, try calling
pcap_setdirection(ifacePcap, PCAP_D_IN);
before the
printf("serving others\n");
call.
thanks for the hint, this solved my issue: now it works fine on both
linux and kfreebsd.
(I'm a bit surprised that you're not seeing outgoing packets on
Linux, though.)
surely it worked fine without setdir, i'm testing regularly since
linux 2.6 times on debian/sid/{i386|amd64}...
and a bonus feature request (?):
could you please provide an api for interface up/down states?
An API to query the interface state?
yess. a libpcap api which is a wrapper for SIOCGIFFLAGS & (IFF_RUNNING
| IFF_UP) or similar
it would be very elegant if i don't call ioctl at all from this pcap
code i've other codes for linux
which uses raw sockets or zerocopy, they need to call ioctls, but pcap
code really should not...
Or a mechanism to get notified of interface state changes?
this one would be also nice if i would like to achieve interface down
detection within some millisecs for fast routing protocol convergence...
(my side is ready for it so if you've plans here, i would be really
happy to test out the results...)
The first could probably be done fairly straightforwardly (but you
obviously will only be able to use it if you have a newer version of
libpcap).
so you mean that there's a function somewhere, like setdirection?
could you point me to the right direction once again, please? :)
The latter would involve more work, and might not be possible if the
OS doesn't have a mechanism to deliver those events. (Linux and OS X
can, I think - Wireshark uses mechanism on those OSes to be notified
when interfaces appear and disappear - but it'd take a bit of work to
find out what mechanisms, if any, exist on various *BSDs, Solaris,
Windows, etc..)
sounds interesting... if you implement interface down callback, i
would appreciate it
and if a platform can't do it, i still can query periodically the
interface state with poll mechanism you mentioned above...
regards,
cs
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
