From owner-freebsd-hackers@FreeBSD.ORG Tue Jan 25 14:41:57 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC42B16A4CE for ; Tue, 25 Jan 2005 14:41:57 +0000 (GMT) Received: from web52710.mail.yahoo.com (web52710.mail.yahoo.com [206.190.39.161]) by mx1.FreeBSD.org (Postfix) with SMTP id 4187143D1D for ; Tue, 25 Jan 2005 14:41:55 +0000 (GMT) (envelope-from kamalpr@yahoo.com) Received: (qmail 11127 invoked by uid 60001); 25 Jan 2005 14:41:54 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=jyfzWwbVQ6Y/rTUPPGwG99GhpNwEptVSFASgTEG8Hao3UtslZyUhJW8HNTdEj/mfpSzmBGlFcQgzJ/8f9PBE0kpm8HQ6wIZk0U1y9r12BPpG4G4keUDTuZsXpbbNFnSXcZ51maG/ktNT2Z9VWRqlqCQYfWx+dvuEmAW9q8kggNc= ; Message-ID: <20050125144154.11125.qmail@web52710.mail.yahoo.com> Received: from [203.195.199.244] by web52710.mail.yahoo.com via HTTP; Tue, 25 Jan 2005 06:41:54 PST Date: Tue, 25 Jan 2005 06:41:54 -0800 (PST) From: "Kamal R. Prasad" To: DJF , hackers@freebsd.org In-Reply-To: <20050125094646.GA969@nexus.hta.fhz.ch> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Rawsock bpf mambo jambo? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kamalp@acm.org List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 14:41:57 -0000 bpf is a packet filter -which can be used to snoop on all packets at the interface at the link level. You would have to create a socket to do I/O, but the snooper can mess around with the existing connection. regards -kamal --- DJF wrote: > Hi everybody, > > I've recently been looking into raw socket > programming. However there's still a question that > remains. Maybe it's just a case of RTFM, if so point > me to a good manual on the topic. > The man pages indicate that you can do read and > write operations with rawsock aswell as bpf. > However, in all of the source codes I found, a raw > socket was used to write to, and bpf was used to > read from the interface. > > What's the advantage in using the rawsock bpf > combination instead of > bpf (or raw socket) only? > > Thx in advance, > dave > > -- > Encrypt your emails! My PGPkeyID: 0xA37C182D > _ > ( ) ASCII Ribbon Campaign against > X HTML mail and news > / \ > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to > "freebsd-hackers-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com