Hello to everyone,
I am new to kernel internals, and I would like to know how can a sniffer
read whole packets, I mean including the link layer header. In the receive
path, this happens, I think, in the net_rx_action(), but in the transmit
path?
I know that there is a function called dev_queue_xmit_nit() for this, but
how can a driver add a link layer header to a packet before this function
gets called? The hard_start_xmit() of the driver is, in fact, called after
the dev_queue_xmit_nit(), (in the function dev_queue_xmit() ).
I think I'm missing something important about the subject, but I hope someone
will answer me, anyway.
Thank you in advance,
Lanfranco
Hi salinarl!
You don't need to write a kernel module to do this.
Use RAW sockets. (See man 2 socket). If you're not interested in the link
layer, you can also use DGRAM sockets to get everything from layer 3 and up
(ip, arp, etc.)
> I am new to kernel internals, and I would like to know how can a sniffer
> read whole packets, I mean including the link layer header. In the receive
> path, this happens, I think, in the net_rx_action(), but in the transmit
> path?
> I know that there is a function called dev_queue_xmit_nit() for this, but
> how can a driver add a link layer header to a packet before this function
> gets called? The hard_start_xmit() of the driver is, in fact, called after
> the dev_queue_xmit_nit(), (in the function dev_queue_xmit() ).
> I think I'm missing something important about the subject, but I hope someone
> will answer me, anyway.
> Thank you in advance,
>
> Lanfranco
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Regards
Abraham
What we wish, that we readily believe.
-- Demosthenes
__________________________________________________________
Abraham vd Merwe - 2d3D, Inc.
Device Driver Development, Outsourcing, Embedded Systems
Cell: +27 82 565 4451 Snailmail:
Tel: +27 21 761 7549 Block C, Antree Park
Fax: +27 21 761 7648 Doncaster Road
Email: [email protected] Kenilworth, 7700
Http: http://www.2d3d.com South Africa
----- Original Message -----
From: Abraham vd Merwe <[email protected]>
To: salinarl <[email protected]>
Cc: Linux Kernel Development <[email protected]>
Sent: Monday, December 10, 2001 9:09 AM
Subject: Re: Question about sniffers and linux
>Hi salinarl!
>
>You don't need to write a kernel module to do this.
>
>Use RAW sockets. (See man 2 socket). If you're not interested in the link
>layer, you can also use DGRAM sockets to get everything from layer 3 and up
>(ip, arp, etc.)
>
Thank you for your answer, Abraham!
Perhaps I did not explain myself very well: I know about RAW sockets, but
the problem is that, for example, PPP headers are not passed to packet
sockets (for outgoing packets), because they are added inside the PPP driver
after the call to dev_queue_xmit_nit().
I don't know if this problem is typical of PPP, but it seems quite general,
to me. I think Ethernet headers are a special case, because they are taken
from a
cache and added in the IP layer, so they are visible to packet sockets.
Can someone please tell me if I'm wrong?
Best regards,
Lanfranco