Open kpcyrd opened 7 years ago
Yeah, on Linux, we would use an AF_PACKET
socket. Also, the error handling and OS-specific gating could definitely be better. A wrapper around libpcap
is viable option, but ether
is meant to be a rustic replacement.
Tasks:
bpf
module to macOS (BSD?)Tap
via AF_PACKET
I ran into another issue:
is failing with this error:
This is the code of open():
It appears linux doesn't support berkley packet filter so it doesn't have
/dev/bpf*
, falls through the loop and returnslast_os_error()
which was unrelated and successful. :)You might want to look into the pcap crate, I managed to dump traffic successfully using it, but I didn't feel like decoding ethernet, ip and tcp manually.