Just to save Andi Kleen some typing... Try reading "man 7 raw". As he and Alan Cox noted a while back, these limitations are not in Linux but exist in some other implementations of BSD. Also it's worth noting that if you want your code to be portable, that this may not be the best route to go because of this. later, Tuan On Tue, 12 Jun 2001, Mal Hacker wrote: > thanks a lot for that bit of info but i would have > another question in my mind which is what stevens says > that : > > The following rules sapply to the raw socket input > i.e. which all packets does the kernel pass to the raw > socket : > 1. received tcp packets and udp packet are never > passed to the raw socket. if a process need to read ip > datagrams containing tcp/udp packet then it must read > them at the datalink layer i.e. PF_PACKET/ SOCK_PACKET > sockets. > > so what do you comment on this. please tell me if i am > wrong at any place.. > thanks > malhacker > > > > > > casey as i said that > > --- Casey Carter <Casey@Carter.net> wrote: > > You want a simple raw socket, with no protocol set, > > i.e., > > > > int sock = socket(PF_INET, SOCK_RAW, 0); > > > > This will get all IP packets, after reassembly. > > > > Mal Hacker wrote: > > > > > > hello friends, > > > > > > > now as i am mailing u so the basic reason is that > > i > > > have a problem and maybe anybody of u can suggest > > me > > > some good solution.... the main motive of mine is > > to > > > design a network sniffer...currently on a linux > > > platform and complete userlevel > > implementation....with > > > the basic motive of making it platform independent > > ... > > > but for now I can go with linux only. now what i > > > have gone thru is tcpdump/libpcap/linux socket > > filter/ > > > and have also read something about ipchains and > > some > > > related stuff..so here is my basic problem... a) > > is > > > there any system call (or a set of them) available > > > which gives me ip packets from network interface, > > by > > > that i mean : all ip packets with ethernet header > > > removed but reassembled (i.e. in anycase either > > for > > > tcp or udp i should not get fragmented packets). > > b) > > > secondly is there a way to do the same thing via > > > libpcap 'coz libpcap probably does'nt support ip > > > reassembly (as i know). and due to the same reason > > > tcpdump fails for fragmented packets. c) does > > > LSF(linux > > > dsocket filter) has a similar option ? All this > > with > > > the fact that i don't want to modify the existing > > > kernel code so as to make some modifications on > > the > > > raw socket BSD interface to provide such a option. > > > Also, you may say that ipchains or some other > > stuff > > > may support this, them if possible please guide me > > to > > > it coz i have not read about them. Other than > > libpcap > > > (user level filtering on linux) and of course LSF > > is > > > there any other filtering method which can be > > employed > > > to do the above task..... Also, the basic reason > > for > > > this is that i want to do some sort of in-kernel > > > filtering so that all the packets which i am > > reading > > > thru the interface are somewhat filtered on the > > basis > > > of some very basic criterieas...i.e. upto some ip > > > address and port number filtering.. thanks ...i > > may > > > not be too clear in what i am asking for..but > > > maybe..someone may be able to help... > > > thanks in advance > > > mal > > > > > > PS: I think I had sent this mail to this grp > > before > > > also but I think that was lost somewhere on the > > way as > > > it did'nt even got into my mailbox ...sorry if it > > a > > > repeat post.... > > > > > > ===== > > > > > > Image by FlamingText.com > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Get personalized email addresses from Yahoo! Mail > > - only $35 > > > a year! http://personal.mail.yahoo.com/ > > > - > > > : send the line > > "unsubscribe linux-net" in > > > the body of a message to majordomo@vger.kernel.org > > > > -- > > Casey Carter > > Casey@Carter.net > > ccarter@uiuc.edu > > AIM: cartec69 > > > ===== > > Image by FlamingText.com > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org > -- Tuan Hoang The MITRE Corporation tuan@optimus.mitre.org - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
