Unable to send full sized packets on OS X

[aturner]

There is a bug in the OS X kernel when the BIOCSHDRCMPLT ioctl is set for a BPF device. This ioctl allows you to forge the source MAC address. The issue is that the effective MTU is reduced by 14 bytes to 1486 bytes.

Hence you have two options:

1. Be able to replay full packets, but w/o forging the SRC MAC
2. Forge the source MAC, but frames (including L2 header) can not be larger then 1500 bytes.

Currently, if you use BPF or Libnet, you'll get option #1. If you select pcap_inject/pcap_sendpacket you'll get option #2.

I've opened a bug w/ apple via ADC for this issue: 5108045

See also ticket #151

[aturner]

(In [1790]) report errno on send failure. and only warn on errors, not exit. This is to make things a little less painful for people dealing with the BPF bug in OS X. refs #142

[aturner]

(In [1792]) print errno for other methods. refs #142

[aturner]

Apple has gotten back to me and it sounds like they've implemented a fix. No ETA on releasing it, but I can only hope 10.4.10.

[aturner]

(In [1930]) enable src mac spoofing on OS X now that Leopard fixes issue w/ spoofing and large frames. fixes #142, #151