LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Raw Ethernet Sockets (https://www.linuxquestions.org/questions/programming-9/raw-ethernet-sockets-274541/)

alanwolfen 01-06-2005 07:36 AM
Raw Ethernet Sockets
 
With reference to using raw ethernet sockets here

Code:
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
struct sockaddr_ll socket_address;
socket_address.sll_family  = AF_PACKET;
socket_address.sll_protocol = htons(ETH_P_ALL);
bind(s, (struct sockaddr *) & socket_address, sizeof(socket_address));

recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
Host A has a process listening on the above stated raw ethernet socket.
Host B pings host A.

I receives the echo request in host A but the host A network stack seems to be able to see the echo request and reply the ping. The questions that revolves around this is:

1. Is the raw ethernet socket merely peeking at ethernet frames only, ie it makes a copy to pass up the ethernet raw socket and the payload continues up the network stack?
2. Or raw ethernet socket only totally grab datagram of unknown protocol, ie. TCP/UDP/ICMP/etc will still goes up the network stack
3. Or the network stack will always handle ICMP even when a raw ethernet socket is bounded.

gr33ndata 01-06-2005 10:07 AM
FIXME: I think it is just like a sniffer, it takes a copy of the packet while the original packet continuous its trip to the kernel. So the solution for this is to use kernel hooks, i.e. change the kernel code or add lodable kernel modules to take the packet and don't pass it to the kernel.

alanwolfen 01-06-2005 06:51 PM
Thanks.


All times are GMT -5. The time now is 04:43 PM.