Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Mar 1999 17:11:38 -0500
From:      "Bosko Milekic" <bmilekic@dsuper.net>
To:        "CyberPsychotic" <fygrave@tigerteam.net>
Cc:        <freebsd-hackers@FreeBSD.ORG>
Subject:   Re: SOCK_RAW on BSD
Message-ID:  <001d01be6a79$cfbefd20$0100000a@jehovah.technokratis.com>
next in thread | raw e-mail | index | archive | help 

Read below...

-----Original Message-----
From: CyberPsychotic <fygrave@tigerteam.net>
To: Alfred Perlstein <bright@cygnus.rush.net>; Mike Smith
<mike@smith.net.au>
Cc: freebsd-hackers@FreeBSD.ORG <freebsd-hackers@FreeBSD.ORG>
Date: Tuesday, March 09, 1999 3:52 AM
Subject: Re: SOCK_RAW on BSD


>~
>~ If you are trying to capture packets you should look at 'bpf', if you
>~ are trying to capture packets in a portable fashion, look at the library
>~ 'pcap'
>~
>
> Yep. Yesterday night I got back to my R.Steven's Unix Network Programming
>biblebook which says in section 25.4:
>
>"Received UDP/TCP packets are never passed to a raw socket. if process
wants
> to read IP datagrams containing UDP/TCP packets, they must be read at
> datalink layer."
>
>This should explain everything. This morning I had a chance to test this
>thing on several Solaris systems (2.5-2.7), and got the same result as on
>BSD. Looks like Linux is the only platform which acts different. Not the
>reason to laugh at it but... ;-)


    Actually, under Linux, one _also_ has to read from the datalink layer in
order to be able to get TCP and/or UDP datagrams. The difference is that
under Linux, one would create a socket of type SOCK_PACKET to be able to
consequently read from it. There are several disadvantages to SOCK_PACKET
(in comparison to libpcap and bpf, for instance) -- such as no kernel
buffering and/or filtering.

    Therefore, to end this thread, as Mike Smith mentionned in an earlier
reply to this: ideally, for portability issues, using libpcap is the best
idea (support for BPF, DLPI, NIT, SOCK_PACKET, etc.)


>
>Thanks again to everyone who responded, I will probably switch to pcap for
>the sake of compatibility.
>
>
>regards
>
>~ Fyodor
>
>


Cheers,


<- - - - - - -   -  -  - - ---  --- -- -  -
      Bosko Milekic <bmilekic@supernet.ca>
      http://www.supernet.ca/~bmilekic/
      Delphi SuperNet - 1-888-SUPER-MTL
                           -- - -- - - - - - --- --- - - - - - - - - - - >






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01be6a79$cfbefd20$0100000a>