BPF injection
I am using OSX 10.4.9 power-pc Darwin Kernel Version 8.9.0
I am trying to use the BPF api to capture and inject packets. Essentially, I need raw access to the Ethernet network. The problem I am encountering is that when I inject a packet using a write() command, subsequent read() commands see the injected packet. I tried avoiding this using the BIOCSSEESENT which disabled capture of all locally generated packets. But it only worked for the OS-stack generated packets, and not the packets I was generating via the bpf write() function.
Looking at the FreeBSD kernel, they solve the problem using a BIOCFEEDBACK setting, which disables the capture operating bpf-read()ing the packets you put in via bpf-write().
My questions are:
1. Is there some BIOCFEEDBACK equivalent on the MacOS that I am unaware of?
2. If not, is there some way I can edit the BPF source code on this version of the kernel, and run my own BPF?
3. If not, what is the proper way to request Apple to fix this shortcomming?
Thanks
-David
Powerbook G4 Mac OS X (10.4.9)
I am trying to use the BPF api to capture and inject packets. Essentially, I need raw access to the Ethernet network. The problem I am encountering is that when I inject a packet using a write() command, subsequent read() commands see the injected packet. I tried avoiding this using the BIOCSSEESENT which disabled capture of all locally generated packets. But it only worked for the OS-stack generated packets, and not the packets I was generating via the bpf write() function.
Looking at the FreeBSD kernel, they solve the problem using a BIOCFEEDBACK setting, which disables the capture operating bpf-read()ing the packets you put in via bpf-write().
My questions are:
1. Is there some BIOCFEEDBACK equivalent on the MacOS that I am unaware of?
2. If not, is there some way I can edit the BPF source code on this version of the kernel, and run my own BPF?
3. If not, what is the proper way to request Apple to fix this shortcomming?
Thanks
-David
Powerbook G4 Mac OS X (10.4.9)
