What i get from indev from a sample capture are as follows; indev_name = * outdev_name = wlan0 physindev_name = * physoutdev_name = * nfq_get_physindev_name returns device name on my host. I can retrieve wlan0 mac but this would be the MAC address on my host. (I am testing my application on PC for now but the target is a router as you said) What I am looking for is a destination MAC address. e.g. when I capture the network on the same host via libpcap, I get following dump 17:29:34.575912 AA:AA:AA:AA:AA:AA > BB:BB:BB:BB:BB:BB, ethertype IPv4 (0x0800), length 1197: (tos 0x0, ttl 57, id 37046, offset 0, flags [DF], proto TCP (6), length 1183) where AA:AA:AA:AA:AA:AA is the gateway_MAC_address that my PC connected and BB:BB:BB:BB:BB:BB is the wlan_interface_mac of my PC. My aim is to capture my gateway mac address (AA:AA:AA:AA:AA:AA) as a destination MAC from my PC via NFQUEUE. (like tcpdump example) Is that possible? Thanks for your help regards, On Wed, Mar 17, 2021 at 6:54 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Wed, Mar 17, 2021 at 04:53:09PM +0100, Pablo Neira Ayuso wrote: > > On Wed, Mar 17, 2021 at 05:41:53PM +0300, ilker wrote: > > > it only gives the source MAC address:( > > > I need the destination MAC address.. I will use > > > src_mac+dst_mac+ethertype and reconstruct the full ETH header. > > > I tried > > > nfq_get_physindev_name > > > nfq_get_physoutdev_name > > > nfq_get_indev_name > > > nfq_get_outdev_name > > > > > > but neither of them gave me a MAC. > > > A libpcap fanboy said that netfilter can not and libpcap can give.. I > > > don't want to convert my code to pcap that is why I am looking for a > > > solution. > > > > nfq_get_indev_name provides the input device. From userspace, you can > > retrieve the destination MAC from the indev. The ethernet protocol is > > coming in the ->hw_protocol field. > > I'm assuming your setup is a router, then destination MAC can be > infered.
