Re: libpcap pcap_sendpacket support across platforms.

["Mark Pizzolato" <List-tcpdump-workers () subscriptions pizzolato net>]

On Mar 12, 2004, at 11:33 AM, Guy Harris wrote:

> On Mar 12, 2004, at 2:03 AM, Mark Pizzolato wrote:
>
> > I've been working on a system simulator (simh
> > http://simh.trailing-edge.com)
> > which provides ethernet device emulation for the systems which
> > originally
> > had ethernet devices (i.e. vax, pdp11 and pdp10).
> >
> > The ethernet support for this package was originally implemented on
Windows
> > with Winpcap, and then ported back to other platforms leveraging the
generic
> > libpcap capabilities.  The only lacking piece here, from an API poinit
of
> > view, has been pcap_sendpacket.  Just to get by, we've had platform
specific
> > network code in the layer which uses libpcap to provide a
pcap_sendpacket
> > for the non Windows platforms.  This only solves part of the problem
since
> > several platforms use pcap-bpf.c or pcap-pf.c or pcap-snit.c which open
the
> > network device O_RDONLY.  To get useful functionality on these
platforms,
> > we've needed to hack pcap-bpf.c, or pcap-pf.c or pcap-snit.c and change
> > O_RDONLY to O_RDWR.  If would seem that the right thing to do is to
> > generically include pcap_sendpacket and the related open requirements
> > in the base pcap library.
>
> Well, the right thing to do is not necessarily to change O_RDONLY to
> O_RDWR, as that would mean you can't give people "capture but not send"
> privileges on BPF platforms by giving them read but not write access to
> the BPF devices.

Good point!

However, that problem can easily be solved with the following:

       [...]
        fd  = open(device, O_RDWR);
        if (fd < 0 && errno == EACCES)
                fd  = open(device, O_RDONLY);
       [...]

This would then leave the pcap connection to behave in a more consistent way
across all platforms (i.e. you can write to the connection when you have
privilege/authority to do so).


> The best thing to do probably is to add a new API for opening captures
> that lets you specify whether you're opening for capturing, sending, or
> both; the new API can also fix a number of other problems (setting the
> internal capture buffer size - which, on BPF devices, must be done
> before the BPF device is bound to an interface; allowing things such as
> monitor mode to be specified at open time; supporting remote capture,
> as per WinPcap's "pcap_open_ex()"; etc.).

These can certainly be done also, but they would seem to address other
features.

> > In pcap.h, I've messed with PCA_MINOR_VERSION in  an attempt to have
> > the code which uses pcap.h to have a compile time means of determinig if
> > pcap_sendpacket is available:
> >
> > #if (_WIN32) || (PCAP_MAJOR_VERSION > 2) || ((PCAP_MAJOR_VERSION == 2)
> > && (PCAP_MINOR_VERSION > 4))
> > #define HAS_PCAP_SENDPACKET 1
> > #endif
> >
> > Is there a better way to do this at compile time?
>
> autoconf.

Got it, Not messing with PCAP_VERSION_MINOR anymore.

Attached is a revised patch, which keeps prior behaviors, while also
providing for pcap_sendpacket when possible.

- Mark Pizzolato

Attachment: pcap_sendpacket.patch
Description: