On Tue, Feb 24, 2009 at 8:17 AM, Oliver Zheng < mailinglists+tcpd...@oliverzheng.com<mailinglists%2btcpd...@oliverzheng.com> > wrote:
> Thanks for the response Aaron. > > On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner <synfina...@gmail.com> > wrote: > > In my experience, sending packets on eth0 causes the packet to bypass > > the TCP/IP stack and be sent out sight unseen. Hence, you won't be > > able to inject packets into a TCP stream with the target of the local > > host. > > Well that kind of sucks. =( It seems weird that an outgoing packet > like this could be filtered by the kernel. What criteria does a packet > like this fit for it to be filtered out? (e.g. it doesn't match a TCP > connection, but obviously it does in this case.) The only thing I can > think of is that the kernel uses a different incoming adapter (really > low level?) than libpcap, which sounds wrong since libpcap should be > operating at the lowest possible layer, right? Do you want to send the packet to lo specifically or do you want to inject/send it to a socket endpoint attached locally? I.e. to a local ip address, be it attached to eth0 or elsewhere? You can do that using a raw socket. Well, I do that with no problem. This code is from ctdb ( http://samba.ctdb.org common/system_linux.c ) and does just that. (this is part of the ctdb "tickle-ack" and "tcp socketkiller" which ctdb uses to make sure that failover and session recoveries are as fast as possible. It does this by injecting/spoofing carefully crafted TCP packets and sending them to the locally established socket.) /* open a raw socket to send this segment from */ s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); if (s == -1) { DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n", strerror(errno))); return -1; } ret = setsockopt(s, SOL_IP, IP_HDRINCL, &one, sizeof(one)); if (ret != 0) { DEBUG(DEBUG_CRIT,(__location__ " failed to setup IP headers (%s)\n", strerror(errno))); close(s); return -1; } set_nonblocking(s); set_close_on_exec(s); ret = sendto(s, &ip4pkt, sizeof(ip4pkt), 0, &dest->ip, sizeof(dest->ip)); close(s); - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
