~ Hi,
~ About 4 months ago, I remember reading in the Linux Kernel Hackers
~ guide that Linux does not support SOCK_RAW. I do not know how true it is
~ now.
~ Can someone enlighten me with a books or web site about raw sockets,
~ packet filtering ...etc. I know the normal client, server stuff.
~
recently I've been monitoring the related thread at nmap-hackers mailing
list ([EMAIL PROTECTED]), here's the quote which may give some
hints, but not all:
--/cut here/--
> >
> Sorry, but I don't agree w/ ya Juan.
>
> Doing fd = socket(PF_INET, SOCK_RAW, htons(0x0800)) and the
read(fd,...);
> is a Linux feature.
Read again: PF_PACKET, not PF_INET. And it's not a Linux
feature; AFAIK, it's there in all the platforms with glibc-2 and
glibc-2.1.
> Ok, I know that SOCK_PACKET is a linux feature too, but the concept is
> different.
PF_PACKET,SOCK_RAW and PF_INET,SOCK_PACKET do exactly the same
thing, but the former is a GNU standard and the latter is Linux
specific.
---/cut here/--
looks like PF_PACKET seem to be replacement for SOCK_RAW, if I want to
access all the datagrams. (hmm.. SOCK_PACKET seem to generate too much
data (i.g. datalink-specific protocol headers (ethernet/ppp/..) probably
PF_PACKET also may do this.. I also heard that a sort of packet-filtering
device is being developed for Linux kernel (the similar to BSD bpf thing).
