pcap DLT_NULL encapsulation

[Fernando Gont <fernando () gont com ar>]

Folks,

I've working on a libpcap-based program that sends packets over a
gogoc-created tunnel in FreeBSD 9.0. The gogoc-created interface is of
type DLT_NULL.

My understanding is that packets sent/received on such interface type
include a 4-byte header that includes the address family as a 32-bit
integer, in host byte order.

Packets sent with tools such as ping6, get the corresponding header set
to 0x1c (PF_INET6). However, packets sent with pcap_inject() get such
header set to 0x1f, even when I explicitly set it to PF_INET6 (0x1c).

> From a practical point of view, everything works ok (i.e., my packets
*are* successfully sent over the tunnel). However, when sniffing traffic
on my local host, I get a "AF unknown (31)", as in:

--- cut here ----
04:31:09.377625 AF Unknown (31), length 108:
        0x0000:  6000 0000 0040 3aff 2001 05c0 1000 000a  `....@:.........
        0x0010:  0000 0000 0000 152d 2001 05c0 1000 000a  .......-........
        0x0020:  0000 0000 0000 0108 8000 d368 667c 0000  ...........hf|..
---- cut here ----

it looks like no matter what I write in that header, the contents never
change when the packet hit the interface (i.e., once pcap_inject() is
called, it seems those bytes are being rewritten).

Is this a known issue with gogoc? Am I missing something else?

Thanks!

Best regards,
-- 
Fernando Gont
e-mail: fernando () gont com ar || fgont () si6networks com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers