I also have ip forwarding on, and i set promiscious mode on the interface as well (though I dont think I need that.)

I'm also using a raw socket, which I think might be part of the complication.

However, I read through that thread and see perhaps I should use the IFF_NO_PI flag when the tunnel is allocated. How do I do that if i set it persistently from outside the app?

Is there an iproute2 command to set that flag? Honestly I dont fully understand what it does... i am reading packets just fine on the tunnel interface on local side that come into my application just fine without that flag set... so why would i need it only for writing? (Both are using raw_sockets)?

Thanks for any advice you may be able to give.

FYI: Kernel version is 2.6.32

thanks for answering. I think I'm not using transport or net layers only Ethernet. Because the program A is only a master that sends frames to slaves over a ethernet link. Right now I don't have any ip address assigned to the interface I'm using to transmit and the slaves are receiving the messages. Maybe I've just said a very stupid thinng but I haven't read the program A code yet. the program B has to be an error injector if this helps to understand what I want to do.

I'll look into raw sockets, right now i don't totally understand how those work. I just tested a code I found online to send and receive ethernet raw frames but I've not used it on a virtualinterface yet.
http://austinmarton.wordpress.com/2012/06/03/receiving-raw-packets-in-linux-without-pcap/
http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/

There are some points that are not clear in your statement. First, program A most likely uses TCP or UDP (perhaps raw IP), so strictly speaking it's not producing "ethernet frames". This means it has an open socket of some kind, to which it sends data. The operating system, upon receiving this data, does what it deems appropriate with it; this might include creating ethernet frames and sending them out an interface; this interface, in turn, might be a tap interface, which is where program B would get them.
It is important to note that this frames contain the data originally written from program A, but it's buried into the payload; outside it will have headers (ethernet, IP, TCP/UDP) added later by the operating system (not by program A).
Once B has the frames, it can change them (assuming it knows where and how to do it - offset into the frame, recalculating checksums and so on), but then it has the problem of how to resend them from userspace so that they appear as they are on the wire. To do that you need the AF_PACKET raw socket (at least under Linux; I suppose equivalent functionality is available under other operating systems). See for example here (but google finds many results): http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/
Note that the way B changes the frames can influence the way they come back (notably the source MAC address should be set appropriately depending on the need).

my idea is creating a tap interface and puting this tap_interface as a default ethernet interfice for the programA. And put the program B listening in the tap_interface and sending for the physical one after doing my modification on the data.

A------>B(modifications)--->eth0

Am I right and I can do this or I am not understanding what really TAP do?

hi waldner, thanks again. I'm working cross-platform in c# with mono, so I was keen to avoid a separate stub program in c, python or anything external to the main binary really. thanks to your posts and comments here I was able to understand the problem. now i've got pure c# (once i worked out the appropriate pinvoke system call imports) to attach to the tun interface and let libpcap do its job. works a charm too, so many thanks again for your help, i'd have been really stuck without you!

cheers,
marc