Hi Vincenzo, > For my thesis, i'm trying to write a bluez based honeypot. > The basic concept is to listen at the hci level and perform actions. (switch > on sockets in rfcomm or l2cap channels or addresses to audit the data) > > I started studying the hcidump code and the hci socket. The main problem i'm > having is that the hci socket which is created in this way > > sk = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); > > does not "pop" the package from the bluez stack, it just reads but the package > will continue to be processed by the stack. So if there is an attempt for a > connection it will find a closed socket. Is there a way to "pop" the package > from the stack, so i can read the destination channel or address of the > package and turn on a socket on that specified channel or address and then > "push" again the package into the stack? > > If it's not possible, the only way to set my bluetooth honeypot up is to open > a socket for each rfcomm and l2cap channel and address and wait for data to > audit. what you are planning is to write a whole Bluetooth stack in userspace, but wanna have the kernel do the hardware abstraction :) You need to set the device into RAW mode. Otherwise the kernel will keep processing the HCI packets. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
