Aaron Turner wrote:
Long story short, I just figured out that both pcap_inject() and
pcap_sendpacket() have the same problem (a bug in my code was hiding
the error returned by pcap_sendpacket()).
However the bug doesn't seem to affect directly sending using BPF
directly or using Libnet (which also goes through BPF on OS X).
I.e., if you directly call write() on a BPF device with a byte count >
1500, it succeeds in OS X 10.4.9?
Does your code do a BIOCSHDRCMPLT ioctl on the BPF device? (Libnet
1.1.2.1 doesn't appear to do so on OS X.) There appears to be a bug
wherein the BPF write code in OS X, when the "header complete" mode is
set on the BPF device, compares the *total* packet length, not the
packet length minus the link-layer header length, against the MTU on the
adapter, so a full-length packet is too big.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
