send_arp | Poison victim 's ARP table | Hacking library

If I follow the code correctly, you're redoing a ton of work for every IP address that doesn't need to be redone. Every time through the main loop you're:

• creating a new packet socket
• binding it
• setting up a tx packet ring buffer
• mmap'ing it
• sending a single packet
• unmapping
• closing the socket

That's a huge amount of work you're causing the system to do for one packet.

You should only create one packet socket at the beginning, set up the tx buffer and mmap once, and leave it open until the program is done. You can send any number of packets through the interface without closing/re-opening.

This is why your top time users are setsockopt, mmap, unmap, etc. All of those operations are heavy in the kernel.

Also, the point of PACKET_TX_RING is that you can set up a large buffer and create one packet after another within the buffer without making a send system call for each packet. By using the packet header's tp_status field you're telling the kernel that this frame is ready to be sent. You then advance your pointer within the ring buffer to the next available slot and build another packet. When you have no more packets to build (or you've filled the available space in the buffer [i.e. wrapped around to your oldest still-in-flight frame]), you can then make one send/sendto call to tell the kernel to go look at your buffer and (start) sending all those packets.

You can then start building more packets (being careful to ensure they are not still in use by the kernel -- through the tp_status field).

That said, if this were a project I were doing, I would simplify a lot - at least for the first pass: create a packet socket, bind it to the interface, build packets one at a time, and use send once per frame (i.e. not bothering with PACKET_TX_RING). If (and only if) performance requirements are so tight that it needs to send faster would I bother setting up and using the ring buffer. I doubt you'll need that. This should go a ton faster without the excess setsockopt and mmap calls.

Finally, a non-blocking socket is only useful if you have something else to do while you're waiting. In this case, if you have the socket set to be non-blocking and the packet can't be sent because the call would block, the send call will fail and if you don't do something about that (enqueue the packet somewhere, and retry later, say), the packet will be lost. In this program, I can't see any benefit whatsoever to using a non-blocking socket. If the socket blocks, it's because the device transmit queue is full. After that, there's no point in you continuing to produce packets to be sent, you won't be able send those packets either. Much simpler to just block at that point until the queue drains.