With reference to using raw ethernet sockets here
s = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
struct sockaddr_ll socket_address;
socket_address.sll_family = AF_PACKET;
socket_address.sll_protocol = htons(ETH_P_ALL);
bind(s, (struct sockaddr *) & socket_address, sizeof(socket_address));
recvfrom(s, buffer, ETH_FRAME_LEN, 0, NULL, NULL);
Host A has a process listening on the above stated raw ethernet socket.
Host B pings host A.
I receives the echo request in host A but the host A network stack seems to be able to see the echo request and reply the ping. The questions that revolves around this is:
1. Is the raw ethernet socket merely peeking at ethernet frames only, ie it makes a copy to pass up the ethernet raw socket and the payload continues up the network stack?
2. Or raw ethernet socket only totally grab datagram of unknown protocol, ie. TCP/UDP/ICMP/etc will still goes up the network stack
3. Or the network stack will always handle ICMP even when a raw ethernet socket is bounded.