LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices


Reply
  Search this Thread
Old 07-15-2009, 01:00 PM   #1
unikat
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Rep: Reputation: 0
RAW socket in kernel module


Hi everyone,

I have a problem regarding RAW socket in kernel space. I want to get all the RAW packets on an ethernet interface and timestamp them. after that I want to sent them to a user space application. but my problem now is, that I'm not able to configure a RAW socket in the kernel space. has someone an idea about it?

One of the problem is, that I m not able to use the function/system call ioctl for ex.
Like in this few code lines:

memset(&ifInfo, 0x00, sizeof(ifInfo));
strncpy(ifInfo.ifr_name, iface, IFNAMSIZ);
ioctl(sock, SIOCGIFFLAGS, &ifInfo);
ifInfo.ifr_flags |= IFF_PROMISC;
ioctl(sock, SIOCSIFFLAGS, &ifInfo);

and without that I have no idea how to get for ex. the interface index or to get the interface in the promisc. mode. Hope someone has a hint or something.

thanks
 
Old 07-15-2009, 02:51 PM   #2
ranthal
LQ Newbie
 
Registered: Jun 2009
Location: Carlsbad, CA
Posts: 24

Rep: Reputation: 15
Can't this be accomplished mostly with the AF_INET socket family?

I haven't done much ioctl either but another option for communicating with user-space is the netlink socket:
http://www.linuxjournal.com/article/7356

If you make clever use of SKBs then I think those two types of sockets could have you covered. I'd recommend looking at the chapter on Network Drivers in the O'Reilly Linux Device Drivers book if you haven't already. It's is available online in pdf form. If you do a simple Google search it will probably be one of the first hits.
 
Old 07-15-2009, 03:43 PM   #3
unikat
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Original Poster
Rep: Reputation: 0
the problem which I have isn't the communication between the user and kernel space. it is to use the sockets in the kernel space for the ethernet communication. I mean how can I get the RAW ethernet packtes, which my nic is receiving? And for that purpose I wanted to use the RAW Sockets.
Or did I get you wrong? You meant to used them for kernel- user space communication?
 
Old 07-23-2009, 03:43 PM   #4
orgcandman
Member
 
Registered: May 2002
Location: new hampshire
Distribution: Fedora, RHEL
Posts: 600

Rep: Reputation: 109Reputation: 109
Quote:
Originally Posted by unikat View Post
the problem which I have isn't the communication between the user and kernel space. it is to use the sockets in the kernel space for the ethernet communication. I mean how can I get the RAW ethernet packtes, which my nic is receiving? And for that purpose I wanted to use the RAW Sockets.
Or did I get you wrong? You meant to used them for kernel- user space communication?
If all you want is the raw ethernet packets, you don't need to be in kernel space. You can do this from user space with a socket call, and some ioctls.

Here's the example user-space code:
Code:
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <fcntl.h>
#include <linux/if_ether.h>
#include <netinet/in.h>
#include <features.h>
#include <linux/if_packet.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include <linux/ip.h>
#include <netinet/in.h>

int raw_ethernet_interface(char *name)
{
    int fd = -1;
    int result;
    struct sockaddr_ll s1;
    struct ifreq interface_obj;

    memset(&s1, 0, sizeof(struct sockaddr_ll));

    fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
    if(fd < 0)
    {
        return -1;
    }

    strcpy((char *)interface_obj.ifr_name, name);
    result = ioctl(fd, SIOCGIFINDEX, &interface_obj);

    if(result < 0)
    {
        close(fd);
        return -1;
    }

    s1.sll_family = AF_PACKET;
    s1.sll_ifindex = interface_obj.ifr_ifindex;
    s1.sll_protocol = htons(ETH_P_IP);

    result = bind(fd, (struct sockaddr *)&s1, sizeof(s1));
    if(result < 0)
    {
        close(fd);
        return -1;
    }

    return fd;
}
Just change ETH_P_IP to ETH_P_ALL and it should work. Otherwise, this will only return packets with the ethernet type 0x0800 (which is IP).

Is there any reason it needs to be in kernel space?
 
Old 08-09-2010, 05:38 AM   #5
DonnoWhatToDo
LQ Newbie
 
Registered: Aug 2010
Posts: 5

Rep: Reputation: 0
Help

Hey unikat,
I'm also facing a prob that I think you already faced.
I'm trying to write a kernel driver that listen to all transportation on my Ethernet .
I want to get all the RAW packets on an ethernet interface and timestamp them.

can you plz help me how to start ?

Thanks in advance
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Raw socket programming with C arabindav Programming 17 06-09-2011 12:58 PM
close socket + kernel module ibaniski Linux - Kernel 2 11-11-2008 03:45 PM
Raw socket and Kernel config help yannifan Linux - Networking 1 05-05-2007 03:36 PM
Help with raw socket programming tuxfood Programming 2 07-25-2005 02:17 PM
Socket Raw linuxanswer Programming 1 04-01-2004 10:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel

All times are GMT -5. The time now is 05:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration