Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 01-06-2005, 07:36 AM   #1
LQ Newbie
Registered: Oct 2004
Distribution: Redhat Linux 9
Posts: 11

Rep: Reputation: 0
Question Raw Ethernet Sockets

With reference to using raw ethernet sockets here

s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
struct sockaddr_ll socket_address;
socket_address.sll_family   = AF_PACKET;
socket_address.sll_protocol = htons(ETH_P_ALL);
bind(s, (struct sockaddr *) & socket_address, sizeof(socket_address));

recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
Host A has a process listening on the above stated raw ethernet socket.
Host B pings host A.

I receives the echo request in host A but the host A network stack seems to be able to see the echo request and reply the ping. The questions that revolves around this is:

1. Is the raw ethernet socket merely peeking at ethernet frames only, ie it makes a copy to pass up the ethernet raw socket and the payload continues up the network stack?
2. Or raw ethernet socket only totally grab datagram of unknown protocol, ie. TCP/UDP/ICMP/etc will still goes up the network stack
3. Or the network stack will always handle ICMP even when a raw ethernet socket is bounded.
Old 01-06-2005, 10:07 AM   #2
Registered: Aug 2003
Location: DMZ
Distribution: Ubuntu
Posts: 144

Rep: Reputation: 15
FIXME: I think it is just like a sniffer, it takes a copy of the packet while the original packet continuous its trip to the kernel. So the solution for this is to use kernel hooks, i.e. change the kernel code or add lodable kernel modules to take the packet and don't pass it to the kernel.
Old 01-06-2005, 06:51 PM   #3
LQ Newbie
Registered: Oct 2004
Distribution: Redhat Linux 9
Posts: 11

Original Poster
Rep: Reputation: 0


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pblm in Raw Sockets fpfernando Linux - Software 1 10-08-2005 01:04 AM
Problem sniffing with raw sockets warned Programming 4 08-28-2004 01:10 PM
raw sockets and C wrongman Programming 3 05-04-2004 02:17 PM
can I use mmap with raw sockets? kanth Programming 2 02-28-2004 12:42 PM
raw sockets BashTin Programming 1 06-07-2003 06:34 AM

All times are GMT -5. The time now is 07:22 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration