From owner-freebsd-hackers  Tue Mar  9  0:51:51 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from kyrnet.kg (ns.kyrnet.kg [195.254.160.9])
	by hub.freebsd.org (Postfix) with ESMTP id 139F115040
	for <freebsd-hackers@FreeBSD.ORG>; Tue,  9 Mar 1999 00:51:18 -0800 (PST)
	(envelope-from fygrave@tigerteam.net)
Received: from localhost by kyrnet.kg (8.9.3/8.9.1) with ESMTP id NAA12309;
	Tue, 9 Mar 1999 13:41:25 +0500 (GMT)
X-Authentication-Warning: kyrnet.kg: fygrave owned process doing -bs
Date: Tue, 9 Mar 1999 13:41:25 +0500 (GMT)
From: CyberPsychotic <fygrave@tigerteam.net>
X-Sender: fygrave@kyrnet.kg
To: Alfred Perlstein <bright@cygnus.rush.net>,
	Mike Smith <mike@smith.net.au>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: SOCK_RAW on BSD
In-Reply-To: <Pine.BSF.3.96.990308115737.1330F-100000@cygnus.rush.net>
Message-ID: <Pine.GSO.4.05.9903091329050.9775-100000@kyrnet.kg>
Confirm-receipt-to: fygrave@usa.net
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

~ 
~ If you are trying to capture packets you should look at 'bpf', if you
~ are trying to capture packets in a portable fashion, look at the library
~ 'pcap'
~ 

 Yep. Yesterday night I got back to my R.Steven's Unix Network Programming
biblebook which says in section 25.4:

"Received UDP/TCP packets are never passed to a raw socket. if process wants
 to read IP datagrams containing UDP/TCP packets, they must be read at
 datalink layer."

This should explain everything. This morning I had a chance to test this
thing on several Solaris systems (2.5-2.7), and got the same result as on
BSD. Looks like Linux is the only platform which acts different. Not the
reason to laugh at it but... ;-)

Thanks again to everyone who responded, I will probably switch to pcap for
the sake of compatibility.


regards

~ Fyodor




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message