Date: Wed, 10 Mar 1999 11:44:50 +0500 (GMT) From: CyberPsychotic <fygrave@tigerteam.net> To: Bosko Milekic <bmilekic@oracle.dsuper.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: SOCK_RAW on BSD Message-ID: <Pine.GSO.4.05.9903101137500.9775-100000@kyrnet.kg> In-Reply-To: <001d01be6a79$cfbefd20$0100000a@jehovah.technokratis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
~ Actually, under Linux, one _also_ has to read from the datalink layer in ~ order to be able to get TCP and/or UDP datagrams. The difference is that ~ under Linux, one would create a socket of type SOCK_PACKET to be able to ~ consequently read from it. There are several disadvantages to SOCK_PACKET ~ (in comparison to libpcap and bpf, for instance) -- such as no kernel ~ buffering and/or filtering. ~ in theory yes, only SOCK_PACKET gives you access to datalink layer, and thus make it possible to read TCP/UDP/ICMP/* packs. But try that piece of code I had posted before. Specifying IPPROTO_RAW, for the type of socket you wouldn't get much, however specifying IPPROTO_IP you will be able to get all the sorts of broken packets (which kernel wasn't able to classify as udp/tcp/or icmp datagrams), going by analogue, specifying IPPROTO_TCP|UDP|ICMP you will be able to monitor these sorts of datagrams. What's good about this thing, that you will not have to open several devices on multihomed machine. However the incompatibility with BSD stack (and probably others, I wasn't able to test it on hpux/sunos4.X/irix machines) makes this thing good only, if you are writing Linux-only packages. Also this might be problem of compatibility with recent kernel releases. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9903101137500.9775-100000>