Introduction to Linux Packet Sockets (1)

This article comes mainly from the manual of the man Packet Linux comes in:
Http://man7.org/linux/man-pages/man7/packet.7.html

Usually used in the inet socket provides a 7-layer grasp of the ability to grab the data is directly TCP or UDP payload, do not care about L3 and L4 header information.

Packet socket provides the ability of L2, also known as raw socket, meaning is not through the operating system TCP/IP protocol stack processing packet, grabbed the packet needs to handle the TCP/IP header information.
Currently, the main use of packet sockets is LIBPCAP,NETSNI?-NG,HOSTAPD (HOSTAPD is a user layer of wireless AP management program).

The packet socket function API provided by Linux is as follows:

       #include <sys/socket.h>       #include <netpacket/packet.h>       #include <net/ethernet.h >/* The L2 protocols       */socket_typeProtocol);

Socket_type have Sock_raw and Sock_dgram, the main difference between the two is the 2-layer head treatment.
If you specify SOCK_RAW, then the data we get contains all the L2 headers and payload,
If SOCK_DGRAM is specified, then the data we receive will be removed from the L2 header, which is the IP header and payload.
The second-level header information is placed in a common struct SOCKADDR_LL structure.

Protocol is mainly the protocol type defined in <linux/if_ether.h>, we can specify ETH_P_IP to crawl IP packet,eth_p_arp to crawl ARP packet, in general we can specify ETH_P_ All to crawl all types of packet.
Note: When passing in parameters, you should convert to network byte order htons (Eth_p_all).

The SOCKADDR_LL structure is used to make the table appear to be a device-independent physical layer address information, defined as follows:

struct sockaddr_ll {unsigned short sll_family; /* Always af_packet */unsigned short sll_protocol;  /* Physical Layer protocol */INT sll_ifindex;   /* Interface number */unsigned short sll_hatype;  /* ARP Hardware type */unsigned char sll_pkttype;    /* Packet type */unsigned char sll_halen;  /* Length of Address */unsigned char sll_addr[8]; /* Physical Layer Address */}; 

Each domain is defined as follows:
Sll_family: Always Af_packet
Ssll_protocol: The type of protocol defined in <linux/if_ether.h>, which is the second parameter we pass to the socket, is the network order.

Sll_ifindex: The index of the network card in the kernel, defined in the IFREQ structure, can refer to the following link:
Http://man7.org/linux/man-pages/man7/netdevice.7.html

The If_nametoindex () function provides a conversion from the NIC name to index, which is used in the following example code. Such as
If you can't find this function usage, you need to install Manpages-posix-dev.

Sll_hatype:arp hardware type, defined in header file <linux/if_arp.h>, such as arphrd_ether representation
The Ethernet network card type of 10Mbps. The kernel uses arphdr_xxx to represent the type of network card.
Sll_pkttype: Represents the type of packet that is currently received, mainly with the following legal values:

       Packet_host The package sent to the current host ,       Packet_broadcast Broadcast packet, packet_multicast multicast packet              Packet_otherhost because the NIC is set up in promiscuous mode to receive packets       sent to other hosts Packet_outgoing from the local, accidentally loopback to the current socket ,       These types are only meaningful when received.

Sll_halen: Indicates the length of the current MAC address
SLL_ADDR: Stores the current MAC address

When sending a packet, it is sufficient to set the following fields:

sll_family sll_addr Sll_halen Sll_ifindex. The rest should be set to 0.

Sll_hatype and Sll_pkttype are set to the current packet information when they receive the packet.
For the bind () function, only Sll_protocol and Sll_ifindex will be used.

The following series of packet socket options and MMAP related to this article are on individual blogs:

Www.hiyoufu.com

Welcome to visit!