[tcpdump-workers] libpcap picks up sent packets on freebsd (plus link state query)

mate csaba matecs at niif.hu
Mon Jan 18 12:12:43 EST 2016


dear team,
i'm still waiting for your idea on how to achieve fast link loss 
detection with libpcap....
thanks in advance,
csaba mate
niif/as1955



On 01/07/2016 12:50 PM, mate csaba wrote:
> hi,
>
> On 01/07/2016 11:51 AM, Guy Harris wrote:
>> On Jan 7, 2016, at 2:20 AM, mate csaba <matecs at niif.hu> wrote:
>>
>>> i'm developing a router (rtros.nop.hu) which uses libpcap to capture 
>>> and send packets to interfaces.
>>> the interface handler can be found here: 
>>> http://sources.nop.hu/src/zzz/nat-pcapInt.c
>>> it's an interface<---->udp socket converter tool: when a packet 
>>> captured, it'll be sent
>>> to the udp, when a packet received from the udp, it'll be sent to 
>>> the interface.
>>> it works fine on linux for years. now i've noticed that on 
>>> debian/sid/kfreebsd,
>>> when i send a packet to the interface, it's get captured.
>>> could you give me hints how to avoid it in a platform independent 
>>> manner?
>> If you limit yourself to platforms on which libpcap has the 
>> pcap_setdirection() function, try calling
>>
>>     pcap_setdirection(ifacePcap, PCAP_D_IN);
>>
>> before the
>>
>>     printf("serving others\n");
>>
>> call.
> thanks for the hint, this solved my issue: now it works fine on both 
> linux and kfreebsd.
>
>
>>
>> (I'm a bit surprised that you're not seeing outgoing packets on 
>> Linux, though.)
> surely it worked fine without setdir, i'm testing regularly since 
> linux 2.6 times on debian/sid/{i386|amd64}...
>
>
>>> and a bonus feature request (?):
>>> could you please provide an api for interface up/down states?
>> An API to query the interface state?
> yess. a libpcap api which is a wrapper for SIOCGIFFLAGS & (IFF_RUNNING 
> | IFF_UP) or similar....
> it would be very elegant if i don't call ioctl at all from this pcap 
> code.... i've other codes for linux
> which uses raw sockets or zerocopy, they need to call ioctls, but pcap 
> code really should not...
>
>> Or a mechanism to get notified of interface state changes?
> this one would be also nice if i would like to achieve interface down 
> detection within some millisecs for fast routing protocol convergence...
> (my side is ready for it so if you've plans here, i would be really 
> happy to test out the results...)
>
>> The first could probably be done fairly straightforwardly (but you 
>> obviously will only be able to use it if you have a newer version of 
>> libpcap).
> so you mean that there's a function somewhere, like setdirection? 
> could you point me to the right direction once again, please? :)
>
>> The latter would involve more work, and might not be possible if the 
>> OS doesn't have a mechanism to deliver those events.  (Linux and OS X 
>> can, I think - Wireshark uses mechanism on those OSes to be notified 
>> when interfaces appear and disappear - but it'd take a bit of work to 
>> find out what mechanisms, if any, exist on various *BSDs, Solaris, 
>> Windows, etc..)
> sounds interesting... if you implement interface down callback, i 
> would appreciate it....
> and if a platform can't do it, i still can query periodically the 
> interface state with poll mechanism you mentioned above...
>
> regards,
> cs
>



More information about the tcpdump-workers mailing list