Subject: Re: pcap and ICMP messages
To: =?UTF-8?B?SsO2cm4gU2VnZXI=?= <joern.seger@udo.edu>
From: mouss <usebsd@free.fr>
List: tech-net
Date: 09/16/2004 01:33:05
It's not easy to see where you're heading...
however, unless I'm missing something, you only have 3 ways:

- use raw sockets as suggested by Ignatios. of course, you'll need as 
many sockets as protocols, but if you only need to handle a finite 
number of protocols, it's just a matter of programming.

- use pcap as you did, and get rid of the error messages by:
    * ignoring them:)
    * droping the packets by ipf as ignatios said

- modify the ip stack. this is only worth the pain if you can "justify" 
it, but it's not beyond reach.




Jörn Seger wrote:

> Am Mittwoch, 15. September 2004 12:04 schrieben Sie:
> 
> 
>>why do you need the IP-header? The kernel's IP stack can handle it fine,
>>normally... (unless you want to do the strange things traceroute asks
>>for...)
> 
> 
> ... hm - not easy to explain: I wrote a simulation and I would like to 
> exchange the network layer object from the simulation network by a "real" 
> network backend. But the protocols within the simulation can produce packets 
> with different ip_proto IDs (e.g. unkown for the kernel), which will be 
> handled in a base network layer object. This all should help for "rapid 
> prototyping" to get a simulated protocol working on a real network without 
> reimplementation for a demo.
> 
> The problems really start, when I try to do things like "running different 
> protocols on the same host in parallel" - hm ... do I really need this ...I 
> don't know but it would be a "nice to have"!
> 
> That's it - Best regards - Jörn 
> 
> 
>