Hi, I am trying to build a portscanner with this library.

I am crafting a TCP SYN for IPv6 the following way:

func sendMessages(c net.PacketConn, source net.HardwareAddr) {
	// rewrite function to portscan of single IP
	WholePacket := make([]byte, 80)

	// IP header, consists of IP version, DiffServ, etc.
	src := []byte("600d0fcd00280640")
	var IPheader = WholePacket[0:8]
	hex.Decode(IPheader, src)

	src = []byte("20014c10100900010000000000000008")
	var SourceIP = WholePacket[8:24]
	hex.Decode(SourceIP, src)

	src = []byte("20010bc8472c27090000000000000001")
	var DestIP = WholePacket[24:40]
	hex.Decode(DestIP, src)

	// source port
	src = []byte("b86c")
	var SourcePort = WholePacket[40:42]
	hex.Decode(SourcePort, src)

	// dest port 
	src = []byte("0050")
	var DestPort = WholePacket[42:44]
	hex.Decode(DestPort, src)

	// tcp data 
	src = []byte("8aa5439c00000000a002708040a90000020405a00402080a07c181540000000001030307")
	var TCPData = WholePacket[44:80]
	hex.Decode(TCPData, src)
}

I have omitted the rest of the function which is comparable to the example code.

I can see that the packet is being sent with tcpdump and I can see that is being received on the remote host. But, the remote host does not reply on this packet. I have tried randomizing the source port and sequence number, but this does not help. I can use nmap without issues to scan the remote host.

Thanks in advance for any help!

I was trying to build a package which depends on github.com/google/gopacket/pcap which depends on this package. I need (yes I know...) really need to run it on a 32bit Linux install but the build fails:

# github.com/mdlayher/raw
../../mdlayher/raw/raw_linux.go:316:32: undefined: syscall.SYS_GETSOCKOPT
../../mdlayher/raw/raw_linux.go:329:32: undefined: syscall.SYS_SETSOCKOPT
../../mdlayher/raw/timeval.go:17:6: cannot use int64(timeout / time.Second) (type int64) as type int32 in field value
../../mdlayher/raw/timeval.go:18:7: cannot use int64(timeout % time.Second / time.Microsecond) (type int64) as type int32 in field value

I am aware that a i386 build is not a priority in 2018 but this could probably be solved with just build costraints and splitting out the statistics into a separate file?

So instead of // +build linux use '// +build linux,!386for 64bit and// +build linux,386` for the 32bit files? Unfortunately I am a Go beginner so testing this enough to present a patch is proving a bit painful for me...

Any suggestions?

root@31e07f454ad2:~# go get github.com/mdlayher/raw
# github.com/mdlayher/raw
/go/src/github.com/mdlayher/raw/raw_linux.go:317: undefined: unix.Errno
/go/src/github.com/mdlayher/raw/raw_linux.go:330: undefined: unix.Errno
root@31e07f454ad2:/go/src/github.com/mdlayher/raw# uname -a
Linux 31e07f454ad2 4.9.93-linuxkit-aufs #1 SMP Wed Jun 6 16:55:56 UTC 2018 x86_64 GNU/Linux
root@31e07f454ad2:/go/src/github.com/mdlayher/raw# cat /etc/*elease
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Hi,

Just a head up that the repo currently doesn't build on windows (I expect any that use raw_others.go). Error below.

go get github.com/mdlayher/raw

github.com/mdlayher/raw

C:\go\src\github.com\mdlayher\raw\raw.go:115: too many arguments in call to listenPacket
have (*net.Interface, uint16, *Config)
want (*net.Interface, uint16)
C:\go\src\github.com\mdlayher\raw\timeval.go:17: cannot use int64(timeout / time.Second) (type int64) as type int32 in field value
C:\go\src\github.com\mdlayher\raw\timeval.go:18: cannot use int64(timeout % time.Second / time.Microsecond) (type int64) as type int32 in field value

Hope that's of some help.

I have started using Git modules.
@mdlayher Please tag the current version ... v1.0.0 would be fine for me.

While getting the library:

go get github.com/mdlayher/raw

github.com\mdlayher\raw\raw.go:136:37: cannot use *cfg (type Config) as type *Config in argument to listenPacket

Hi,

I'm planning on using your library to send/receive Fibre Channel frames using my own netdev. It is using ARPHRD_FCFABRIC as type, and 3 byte hardware addresses as per FC-FS-5.

In my local copy I hacked in the following on the write path to test the function:

diff --git a/raw_linux.go b/raw_linux.go
index 05d515b..622c6cd 100644
--- a/raw_linux.go
+++ b/raw_linux.go
@@ -163,7 +163,7 @@ func (p *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
 func (p *packetConn) WriteTo(b []byte, addr net.Addr) (int, error) {
        // Ensure correct Addr type.
        a, ok := addr.(*Addr)
-       if !ok || a.HardwareAddr == nil || len(a.HardwareAddr) < 6 {
+       if !ok || a.HardwareAddr == nil || len(a.HardwareAddr) < 3 {
                return 0, unix.EINVAL
        }

but clearly this is not a proper fix. I propose the check to be dropped or changed to read the length from the device.

For completeness sake, this is the output of ip link on the interface:

3: fc0: <NOARP,UP,LOWER_UP> mtu 2148 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/fcfb0 00:00:00 brd ff:ff:ff

As the title say.

An analogous change to #40 should be made for BSD, eliminating the need for a read loop with sleeps in the middle.

hello,
I listen packet use:
conn, err := raw.ListenPacket(&ifi, uint16(lldp.EtherType), &raw.Config{})
when read package :
n, addr, err := conn.ReadFrom(b)

the lldp package can not be captured, but when change IPv4 and ARP, the packages can be captured.

It's pretty gross and will hopefully be obsolete with Go 1.9.

As we've seen so far, it can be difficult to account for all of the various platform-specific APIs. This will enable maximum control for callers of this library.

I would like to propose this, and perhaps kick this off myself, and have this thread open for any future discussions, if that is alright.

From a conversation in #40.

This commit broke router7’s dhcp4 client: rtr7/router7#25

After a git revert f434146, everything works as expected.
At HEAD, dhcp4 gets one reply, then fails to ever send packets on the network interface, resulting in the > DHCP lease expiring.

Haven’t investigated it any further, but perhaps this is sufficient to spot the mistake?

/cc @hugelgupf @stapelberg

something wrong.
Centos6,Go 1.7

github.com/mdlayher/raw

github.com/mdlayher/raw/raw_linux.go:88:14: f.SyscallConn undefined (type *os.File has no field or method SyscallConn)
github.com/mdlayher/raw/raw_linux.go:292:12: s.f.SetDeadline undefined (type *os.File has no field or method SetDeadline)
github.com/mdlayher/raw/raw_linux.go:296:12: s.f.SetReadDeadline undefined (type *os.File has no field or method SetReadDeadline)
github.com/mdlayher/raw/raw_linux.go:300:12: s.f.SetWriteDeadline undefined (type *os.File has no field or method SetWriteDeadline)

Not sure if you want to fix it, since your program is pretty broken if you try to do this, but:

addr:=&raw.Addr{}
conn.WriteTo(b, addr)

results in a nil pointer dereference in raw_linux.go:162 (addr.HardwareAddr is not checked for nil)

Is it possible to send and receive beacon frames with this package? I'm hoping to implement very simple network-less wifi connectivity. Aiming to send and receive a custom frame containing a small amount of numerical information.

On macOS, I can monitor beacon frames with:

tcpdump "type mgt subtype beacon" -I -e -i en0

Should the flag be 1 instead of 0? 1 will allow for MAC spoofing on the wire which i believe is what the comment is suggesting.

Line 202
// Do not automatically complete source address in ethernet headers if err := syscall.SetBpfHeadercmpl(fd, 0); err != nil { return 0, err }

0 flag sets automatic header completion per BPF man page (read interface address will be written in place of frame provided to BPF for outgoing transaction)
BIOCSHDRCMPLT BIOCGHDRCMPLT (u_int) Set or get the status of the ``header complete'' flag. Set to zero if the link level source address should be filled in automatically by the interface output routine. Set to one if the link level source address will be written, as provided, to the wire. This flag is initialized to zero by default.

I got the following error while go get github.com/mdlayher/arp.

$ go get github.com/mdlayher/arp
# github.com/mdlayher/raw
/bla/src/github.com/mdlayher/raw/raw.go:88:7: undefined: bpf.Setter

$ go version
go version go1.9.3 linux/amd64

I have now commented the line away locally which does work.

@mdlayher
hello expert, I have an question that how to capture lldp packets without promiscuous mode,I want use your code handle this, please help me ,thanks!

I'd like to submit a PR for Multicast group joining, I have an initial hack at the Linux implementation however I am running into a question of how to proceed for BSD. Because Linux implements multicast join as a setsockopt, that is not an option on the BSD side. There does not appear to be any way with BPF (there are filter commands but they do not add the mcast addr to the interface so they capture nothing... tcpdump -i emx -np ether multicast shows no output until manual addition of mcast groups). BSD does have mtest which takes commands and sends them to ioctl via a AF_LINK socket.

Do you think this should be implemented by opening an AF_LINK socket simply to add the mcast then closing the socket? Also this is a perm add so we'd have to defer a mcast group deletion on thread close.

Example (considering some changes) on the Linux side...

// JoinMulticast joins or drops membership of datalink layer multicast address on interface,
// allowing it to recieve multicast traffic.
func (p *packetConn) SetMulticast(b bool, addr net.Addr) error {
	// Ensure correct Addr type
	a, ok := addr.(*Addr)
	if !ok || len(a.HardwareAddr) < 6 {
		return syscall.EINVAL
	}

	// Convert hardware address back to byte array form
	var baddr [8]byte

	copy(baddr[:], a.HardwareAddr)

	mreq := unix.PacketMreq{
		Ifindex: int32(p.ifi.Index),
		Type:    unix.PACKET_MR_MULTICAST,
		Alen:    uint16(len(a.HardwareAddr)),
		Address: baddr,
	}

	membership := unix.PACKET_ADD_MEMBERSHIP
	if !b {
		membership = unix.PACKET_DROP_MEMBERSHIP
	}

	return p.s.SetSockopt(unix.SOL_PACKET, membership, unsafe.Pointer(&mreq), unix.SizeofPacketMreq)
}

$ go  get github.com/mdlayher/arp
# github.com/mdlayher/raw
../../_go/src/github.com/mdlayher/raw/raw_linux.go:86:14: f.SyscallConn undefined (type *os.File has no field or method SyscallConn)

I get this because I'm trying to build vip-manager, which apparently depends on github.com/mdlayher/arp which apparently depends on github.com/mdlayher/raw.

Not being experienced with building go stuff I do not have a clue on how to fix this. The only thing I can google up is bettercap/bettercap#468 which I'm unable to translate into a fix for not being able to go get github.com/mdlayher/raw.

Any help is very appreciated.

github.com/mdlayher/raw/raw_linux.go:285: undefined: syscall.SYS_SETSOCKOPT

In fact, it's not even defined in https://github.com/golang/sys/blob/master/unix/zsysnum_linux_386.go either... the closest reason I can find is https://github.com/golang/sys/blob/master/unix/syscall_linux_386.go#L186

Hello, I encountered a problem during use in Macos, As follows:

panic: runtime error: slice bounds out of range [:4098] with capacity 4096

goroutine 886516 [running]:
github.com/mdlayher/raw.(*packetConn).ReadFrom(0xc0061cd6e0, {0xc005833280, 0x80, 0x80})
    /github.com/mdlayher/raw/raw_bsd.go:163 +0x9e5
github.com/mdlayher/raw.(*Conn).ReadFrom(0xc00462e278, {0xc005833280, 0x80, 0x80})
    /github.com/mdlayher/raw/raw.go:47 +0x99

I searched the source code and found the problem here on raw_bsd.go:

func (p *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
 ......
 
     // Skip past BPF header to retrieve ethernet frame
     out := copy(b, buf[bpfl:bpfl+n])
 ......
 }

I carefully sorted out your logic. I think there's a small problem. Should it be:

  func (p *packetConn) ReadFrom(b []byte) (int, net.Addr, error) {
  .......
  
	  // Skip past BPF header to retrieve ethernet frame
	  out := copy(b, buf[bpfl:n])
  ......
  }

I don't know if the understanding is correct. Please correct it. Thank you!

func htons should take host endianness into account:

func htons(i uint16) uint16 {
	return (i<<8)&0xff00 | i>>8
}

Depending on host endianness this should be a no-op or not.

The issue was spotted when trying to use this lib on a device with a different endianness...

like libcap can set capture direction by pcap_setdirection()