[SOLVED] example for netwrok packet code for creating a module and access the packet data
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
example for netwrok packet code for creating a module and access the packet data
i'm doing my main project and have to write a network module that could access the TCP/IP packets recieved and show the data on the user space... i have read through few books but couldnt manage to get a fullfledge example to start with... can some one help.. i need an example that could access the network packet and its data...
some data that could help me to work with... something related to netlink
Last edited by oracle89divi22; 01-05-2012 at 05:36 AM.
In userspace, one uses socket()s to send and receive TCP/IP data. You can also send & receive raw ethernet datagrams using sockets and the Raw Sockets protocol. For a good primer on network programming in Linux, with working example C source, see Beej's Guide.
i've tried writing with raw socket and could collect the packet but i'm not sure if its accessing all packets.... my teachers said through that i'm only getting the packets that are broadcasted...
i coulndt understand much what he meant.he asked me to search more and check if i can use netlink
#include<stdio.h> //For standard things
#include<netinet/ip_icmp.h> //Provides declarations for icmp header
#include<netinet/udp.h> //Provides declarations for udp header
#include<netinet/tcp.h> //Provides declarations for tcp header
#include<netinet/ip.h> //Provides declarations for ip header
if(logfile==NULL) printf("Unable to create file.");
//Create a raw socket that shall sniff
sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP);
if(sock_raw < 0)
saddr_size = sizeof saddr;
//Receive a packet
data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size);
if(data_size <0 )
printf("Recvfrom error , failed to get packets\n");
//Now process the packet
ProcessPacket(buffer , data_size);
void ProcessPacket(unsigned char* buffer, int size)
//Get the IP Header part of this packet
struct iphdr *iph = (struct iphdr*)buffer;
switch (iph->protocol) //Check the Protocol and do accordingly...
case 1: //ICMP Protocol
case 2: //IGMP Protocol
case 6: //TCP Protocol
print_tcp_packet(buffer , size);
case 17: //UDP Protocol
print_udp_packet(buffer , size);
default: //Some Other Protocol like ARP etc.
printf("TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d Total : %d\r",tcp,udp,icmp,igmp,others,total);
void print_ip_header(unsigned char* Buffer, int Size)
unsigned short iphdrlen;
for(i=0 ; i < Size ; i++)
if( i!=0 && i%16==0) //if one line of hex printing is complete...
for(j=i-16 ; j<i ; j++)
if(data[j]>=32 && data[j]<=128)
fprintf(logfile,"%c",(unsigned char)data[j]); //if its a number or alphabet
else fprintf(logfile,"."); //otherwise print a dot
Yes, using raw sockets will only receive broadcast and unicast packets. Are you trying to create a sniffer? For that you should probably use libpcap. A sniffer needs to operate the ethernet interface in promiscuous mode, meaning that it will capture all packets, irrespective of the destination MAC in the ethernet header.
i have a code thats reads and writes packets from netlink sockets.... i'm planning to modify this code to collect packets and display it on the user space but i have errors in the user program...
gcc user.c -o user
user.c: In function ‘main’:
user.c:21: warning: incompatible implicit declaration of built-in function ‘memset’
user.c:33: warning: incompatible implicit declaration of built-in function ‘malloc’
user.c:39: warning: incompatible implicit declaration of built-in function ‘strcpy’
user.c:48: warning: incompatible implicit declaration of built-in function ‘printf’
user.c:54: warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘void *’
thanks chrism01 i did that and it has resolved most of the errors i had.... i executed it successfully along with a warning but now the state is that the socket is not being created am i doing anything wrong please check
Since you are using raw socket protocol, you must have root privileges. Not having that would explain the failure to create a socket. You should be able to get rid of the compiler warning by casting the void pointer argument to a char *.
nombr i've corrected the code and made it execute fine... this now sends data from kernel to the userspace...:-) nw all i need to do is catch hold of packets from the TCP/ip stack and send those from kernel to userspace can you explain what can i do for that to happen..
thanks in advance..
i got this output in the var/log/messages file
Netlink received msg payload: Hello
Sorry, I didn't notice you were working in kernel space. I think you have to short-circuit the TCP/IP stack, since that layer will only capture IP packets. I have no idea ho to accomplish any of what you're doing, but I do question why you need/want to do any of it in kernel space. Sniffers work just fine in userspace, as long as they get sufficient privileges.