bpf writes on tun device

From: Matthew Luckie (mjl_at_luckie.org.nz)
Date: 05/26/05

  • Next message: Lee Johnston: "FreeBSD 5.4 - TCP MD5" 
    Date: Thu, 26 May 2005 22:36:58 +1200
To: freebsd-net@freebsd.org

    Hi

    I would like to use the BPF device to write packets on a tun device,
    which is bpf type DLT_NULL. I'm aware that the man page (for 4.X and
    5.X) says that BPF writes are only supported on Ethernet and SLIP links.
      I did notice, though, that the tunoutput function in sys/net/if_tun.c
    has some BPF code, and the cvs log says that write support was added
    back in revision 1.10 of the if_tun.c code 9 odd years ago.

            /* BPF write needs to be handled specially */
            if (dst->sa_family == AF_UNSPEC) {
                    dst->sa_family = *(mtod(m0, int *));
                    m0->m_len -= sizeof(int);
                    m0->m_pkthdr.len -= sizeof(int);
                    m0->m_data += sizeof(int);
            }

    it expects the BPF writer to supply an integer defining the address
    family of the packet embedded in the packet we wish to write.

    I can successfully write BPF packets up to 1500 bytes in size (1496 IP
    bytes without the address family integer). Writes larger than this
    return EMSGSIZE.

    I presume this is because of the following code in bpfwrite:

            if (datlen > ifp->if_mtu) {
                    m_freem(m);
                    return (EMSGSIZE);
            }

    although I haven't figured out how I manage to write 1514 bytes to an
    ethernet (1500 IP bytes + 14 for the ethernet header).

    I've got my code at http://www.wand.net.nz/~mjl12/bpf_null_tx.c which
    forms an ICMP echo request packet.

    This is on a FreeBSD 4.10 machine.

    I have two questions:

    1. Should I be able to send IP MTU sized packets on tun devices, on any
    FreeBSD releases?

    2. How come the bpf check against the interface MTU succeeds for
    ethernet writes of 1514, despite if->if_mtu seemingly being set to 1500
    in if_ethersubr.c?

    Thanks

    Matthew
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Lee Johnston: "FreeBSD 5.4 - TCP MD5"

    Relevant Pages

    • Re: bge dropping packets issue
      ... listening in this instance is using BPF. ... to understand how much can BPF take before dumping packets due to lack ... bpf is turned on on the receiver. ... packets at a send rate of about 400 kpps. ...
      (freebsd-net)
    • [ANN]: Microolap Packet Sniffer SDK 4.0
      ... The major release 4.0 of Packet Sniffer SDK is out: Ethernet emulation mode for Loopback traffic, Adjustable packets pool, support of x64systems in BPF JIT compiler, packets marking in BPF filter, the queue for packets sending..... ... Ethernet emulation mode for HNLBAdapter object is added. ... All objects, properties, methods, and events available for HNAdapter object now are available for Loopback adapter too. ...
      (borland.public.delphi.thirdpartytools.general)
    • Re: memory mapped packet capturing - bpf replacement ?
      ... > the point at which packets started to be dropped. ... A bit offtopic - what traffic generator you use? ... > still got the same number of copies as vanilla BPF. ... I am copying whole mbuf chain the same way BPF does. ...
      (freebsd-hackers)
    • Re: bpf/pcap are weird
      ... BIOCIMMEDIATE mode means "make incoming packets readable immediately; ... might want to try to get as many packets as possible per read on the BPF ... BIOCIMMEDIATE mode would probably still want to block, rather than spin, ... store buffer fills *OR* the timeout expires - then it does need to be ...
      (freebsd-arch)
    • Re: Rawsock bpf mambo jambo?
      ... With raw sockets, you are still bound to using IP packets (even if you ... when the link goes out via ethernet. ... BPF can be used to read/write ethernet packets too, for example, while ...
      (freebsd-hackers)