Raw Ethernet Sockets
With reference to using raw ethernet sockets here
Code:
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); Host B pings host A. I receives the echo request in host A but the host A network stack seems to be able to see the echo request and reply the ping. The questions that revolves around this is: 1. Is the raw ethernet socket merely peeking at ethernet frames only, ie it makes a copy to pass up the ethernet raw socket and the payload continues up the network stack? 2. Or raw ethernet socket only totally grab datagram of unknown protocol, ie. TCP/UDP/ICMP/etc will still goes up the network stack 3. Or the network stack will always handle ICMP even when a raw ethernet socket is bounded. |
FIXME: I think it is just like a sniffer, it takes a copy of the packet while the original packet continuous its trip to the kernel. So the solution for this is to use kernel hooks, i.e. change the kernel code or add lodable kernel modules to take the packet and don't pass it to the kernel.
|
Thanks.
|
All times are GMT -5. The time now is 04:43 PM. |