[ipv6hackers] pcap DLT_NULL encapsulation in FreeBSD/gogoc tunnel

Fernando Gont fernando at gont.com.ar
Fri Feb 22 12:40:15 CET 2013


While working on tunnel support for the toolkit I used a gogoc-created
tunnel in FreeBSD 9.0. The gogoc-created interface is of
type DLT_NULL.

My understanding is that packets sent/received on such interface type
include a 4-byte header that includes the address family as a 32-bit
integer, in host byte order.

Packets sent with tools such as ping6, get the corresponding header set
to 0x1c (PF_INET6). However, packets sent with pcap_inject() get such
header set to 0x1f, even when I explicitly set it to PF_INET6 (0x1c).

>From a practical point of view, everything works ok (i.e., packets
*are* successfully sent over the tunnel). However, when sniffing traffic
on my local host, I get a "AF unknown (31)", as in:

--- cut here ----
04:31:09.377625 AF Unknown (31), length 108:
	0x0000:  6000 0000 0040 3aff 2001 05c0 1000 000a  `....@:.........
	0x0010:  0000 0000 0000 152d 2001 05c0 1000 000a  .......-........
	0x0020:  0000 0000 0000 0108 8000 d368 667c 0000  ...........hf|..
---- cut here ----

it looks like no matter what I write in that header, the contents never
change when the packet hit the interface (i.e., once pcap_inject() is
called, it seems those bytes are being rewritten).

Is this a known issue with gogoc? Am I missing something?


Best regards,
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the Ipv6hackers mailing list