=============================================================================== $Id: RAWSOCKET_NON_SEQUITUR,v 1.1.1.1 2012/02/21 22:14:23 misho Exp $ LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman http://www.packetfactory.net/libnet =============================================================================== Raw sockets are horribly non-standard across implementations. Here is an incomplete list of some of the differences (corrections welcomed): Linux 2.2+: IP fragmentation: performed if packet is larger than MTU IP checksum: always filled in IP total length: always filled in IP ID: filled in when zero IP source address: filled in when zero IP destination address: filled in when zero Max packet size before kernel complains: 1500 bytes Solaris 2.6+: IP fragmentation bits: can't specify IP fragmentation: performed if packet is larger than MTU IP DF bit: always set IP checksum: always filled in Max packet size before kernel complains: ? OpenBSD 2.8+: IP fragmentation: performed if packet is larger than MTU Max packet size before kernel complains: 8192 bytes Solaris, for example, has terrible support for this packet interface. Older OpenBSD versions and recent FreeBSD versions have the BSD_BYTE_SWAP issue where the ip_len and ip_frag fields need to be in little endian order. Linux apparently doesn't allow for the injection of broadcast IP datagrams. Whenever complete control over the IP header is desired, use the link layer API. EOF