pcap_inject on a disconnected interface

1
votes

I'm trying to implement replaying packets stored in .pcap files using libpcap. The process is very simple: I would open the pcap file with 'pcap_open_offline' then pass packets to the device opened with pcap_open_live, and send them with pcap_inject through the interface.

Now the NIC doesn't have an ethernet cable connected to it. I know that pcap_open_live won't tell whether the device opened supports sending, so I get errors from pcap_inject (errno 100). Is this to be expected? If I simply use tcpreplay from the cmd line, it finishes and presents no error, with or without the ethernet cable plugged in.

Anyone know how tcpreplay/tcpedit handles "dead" interfaces? Does tcpreplay rewrite packet headers whereas I'm trying to send them raw? Any help is appreciated!

I'm on Ubuntu 14.04 and the interface is address-less and in promisc mode: 

auto eth1
iface eth1 inet manual
    up ifconfig eth1 promisc up
    down ifconfig eth1 promisc down
1
clinuxlibpcaptcpreplay

1 Answers

1
votes

Now the NIC doesn't have an ethernet cable connected to it.

Then what useful result do you expect to get by sending packets on that NIC?

I know that pcap_open_live won't tell whether the device opened supports sending

Whether the device is up or not can change over time, so any answer you get from pcap_open_live() could be incorrect by the time you actually try to send the packet.

so I get errors from pcap_inject (errno 100)

Searching for 100 in Linux errno.h reveals:

#define ENETDOWN    100 /* Network is down */

I guess the Linux networking doesn't like it when people try to send packets on an interface that's down with a send() system call, which is what libpcap does.

Is this to be expected?

Yes.

If I simply use tcpreplay from the cmd line, it finishes and presents no error

tcpreplay has a whole bunch of different mechanisms it uses to send packets. See sendpacket() in the sendpacket.c source file in the tcpreplay source. Some of them might, for example, silently drop packets being sent on a dead interface, rather than reporting an error, and it might be using one of those mechanisms.