Ticket #142 (closed defect: fixed)
Unable to send full sized packets on OS X
| Reported by: | aturner | Owned by: | aturner |
|---|---|---|---|
| Priority: | medium | Milestone: | 3.2.2 |
| Component: | tcpreplay | Version: | 3.0.beta13 |
| Keywords: | Cc: | ||
| Operating System: | OS X 10.4.9 | Add to FAQ?: | yes |
| Hardware: | All | ||
| Output of tcpreplay -V: | |||
Description (last modified by aturner) (diff)
There is a bug in the OS X kernel when the BIOCSHDRCMPLT ioctl is set for a BPF device. This ioctl allows you to forge the source MAC address. The issue is that the effective MTU is reduced by 14 bytes to 1486 bytes.
Hence you have two options:
- Be able to replay full packets, but w/o forging the SRC MAC
- Forge the source MAC, but frames (including L2 header) can not be larger then 1500 bytes.
Currently, if you use BPF or Libnet, you'll get option #1. If you select pcap_inject/pcap_sendpacket you'll get option #2.
I've opened a bug w/ apple via ADC for this issue: 5108045
See also ticket #151
Change History
comment:3 Changed 3 years ago by aturner
Apple has gotten back to me and it sounds like they've implemented a fix. No ETA on releasing it, but I can only hope 10.4.10.
comment:4 Changed 3 years ago by aturner
- Summary changed from Unable to send full sized packets and forge src MAC at the same time on OS X to Unable to send full sized packets on OS X
Note: See
TracTickets for help on using
tickets.
(In [1790]) report errno on send failure. and only warn on errors, not exit. This is to make things a little less painful for people dealing with the BPF bug in OS X. refs #142