Linux Data link access Eth_p_all et cetera __linux

Linux itself has two groups that receive packets from the Data link layer:

One is Fd=socket (Pf_packet,sock_raw,htons (Eth_p_all));

The other is Fd=socket (Af_inet,sock_packet,htons (Eth_p_all));

The protocol family is used more for pf_packet sockets.

The eth_p_all itself is defined in/usr/include/linux/if_ether.h,

#define Eth_p_all 0x0003

Eth_p_all takes up two byte values of 0x0003

The other:

#define ETH_P_LOOP      0x0060/          * Ethernet loopback packet/      
#define ETH_P_PUP       0x0200/          * Xerox PUP Packet             */      
#define ETH_P_PUPAT     0x0201/          * Xerox pup Addr Trans packet/      
#define Eth_p_ip< c12/>0x0800/          * Internet Protocol Packet     * *      
#define ETH_P_X25       0x0805/* CCITT          X.25                   * *      
#define ETH_P_ARP       0x0806/          * Address Resolution packet/      
#define ETH_P_BPQ       0x08ff /          * G8BPQ ax.25 Ethernet Packet  [Not a
#define ETH_P_IEEEPUP   0x0a00/          * Xerox IEEE802.3 PUP Packet * * *        
#define Eth_p_ieeepupat 0X0A01/          * Xerox IEEE802.3 PUP Addr Trans packet*/

In the Ethernet package, the data in the data link frame of type 0800 indicates the IP message, 0806 is the ARP message and so on.

In the socket function, specifying the third argument to Eth_p_arp indicates only which types of frames in the received frame are passed to the created socket.

Knowing these, we can receive data link frames for types that are not defined in If_ether.h.

Like what:

Socket (Pf_packet, Sock_raw, htons (0x88cc));

This is to pass the data Link message data type of 88CC message to socket, 0x88cc message is LLDP message, IF_ETHER.H is not defined. We can use Recvfrom to get the type of data link frames.

Using the SendTo function, you can send a data link frame header defined by us (where you can set the Type field to 0x88cc).

Consider the limitations that the kernel will receive by passing the message to the original socket two:

1 One is TCP/UDP group will never pass to raw socket

The second is that most ICMP is passed to the raw socket after the kernel has finished processing

The third is that all IGMP passes to the raw socket after the kernel has finished processing
Four is the kernel does not know its protocol field of IP data packets passed to raw socket

Five is a data to arrive in a fragmented form, then after all the fragments to the reorganization, before passing to the raw socket

If the above 5 conditions are met, then the following 3 conditions must also be met:

2 One is the creation of the original socket, the Protocol field is not 0, then the received Data Message Protocol field, must match the value, otherwise, do not pass the message

The second is bind the local IP address, the datagram's destination address must match the local IP address

The third is connect a field IP address, then the datagram source address must also match.

This means that the original socket is not actually able to receive tcp/udp groupings, and can only be received using the Libpcap library. But the libpcap of the library is that it can only receive and not send.

The following instance sends an Ethernet data link frame, specifying that the upper message type is 0x88cc

/* author:gs<song0071000@126.com> TIME:2013/9/23 function:send L2 Packets * * * * #include <sys/types. h> #include <sys/socket.h> #include <stdlib.h> #include <string.h> #include <stdint.h>/*for uint16_t*/#include <stdio.h> #include <net/if.h> #include <linux/if_packet.h> struct LLDPDU {cha

	R Dst[6];

	Char src[6];

uint16_t type;



};

	int main (int argc,char* argv[]) {struct lldpdu* lpacket = malloc (sizeof (struct LLDPDU));

	memset (lpacket,0,sizeof (struct LLDPDU));

	struct SOCKADDR_LL sll;

	memset (&sll,0,sizeof (struct sockaddr_ll));

	int SK = socket (Pf_packet, Sock_raw, htons (0x88cc));/* Use the Pf_packet interface to create sockets/sll.sll_family = Pf_packet; Sll.sll_ifindex = If_nametoindex ("eth0"); Although the/*SLL is used to specify the destination address, in this structure sll_ifindex specifies the interface index of the native sending message/Sll.sll_ 

	protocol = htons (0x88cc);

	SLL.SLL_ADDR[0] = 0x34;/*sll_addr specified destination MAC address * * sll.sll_addr[1] = 0xb0;

	SLL.SLL_ADDR[2] = 0x52;

	SLL.SLL_ADDR[3] = 0xDA; Sll. sll_addr[4] = 0xDA;



	SLL.SLL_ADDR[5] = 0x18;

	LPACKET-&GT;DST[0] = The destination address of the L2 message that 0x34;/* oneself constructs * * * lpacket->dst[1] = 0xb0;

	LPACKET-&GT;DST[2] = 0x52;

	LPACKET-&GT;DST[3] = 0xDA;

	LPACKET-&GT;DST[4] = 0xDA;



	LPACKET-&GT;DST[5] = 0x18;

	Lpacket->src[0] = 0x00;/* The source address of the L2 message constructed by oneself * * * lpacket->src[1] = 0x0c;

	LPACKET-&GT;SRC[2] = 0x29;

	LPACKET-&GT;SRC[3] = 0x8d;

	LPACKET-&GT;SRC[4] = 0xf1;	

	LPACKET-&GT;SRC[5] = 0x04; Lpacket->type = htons (0x88cc);/* Message type/while (1) {/* only L2 header, data is empty.

		Send 0x88cc message every 3 seconds, that is, LLDP message/sendto (SK, Lpacket, 0, (struct sockaddr*) &sll, sizeof (struct sockaddr_ll));

		printf ("Send one LLDP packet\n");

	Sleep (3);

return 0; }

One of the things to note here is Sockaddr_ll, where the sll_ifindex specifies that the native sends the interface index, not the destination Address interface index.

The above program sends the LLDP message, can capture in the Wireshark.

Discover a strange phenomenon, what happens when the destination address in the SLL is inconsistent with the destination address in the message.

After the actual test, it is found that in this case, Wireshark capture the message in the message to the destination address. In fact, SLL can be sent to the correct destination by a MAC address that does not specify a purpose in the message. It uses the first 6 bytes of the message as the destination address.