Abdul Basit wrote:
Please make a habit to check the return values.Hello,I was trying to learn raw sockets, I wrote a simple program to get all icmp packets and display .. -- program int main(void) { int sockfd; int ip_len; char *buf; int n; struct icmp *icmp; struct ip *ip; buf = (char*) malloc(sizeof(struct ip)+sizeof(struct icmp)); sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
To answer your question:
(W. Richard Stevens)
The semantics of BSD raw sockets are:
- TCP and UDP: no one other than the kernel gets these.
- ICMP: a copy of each ICMP gets passed to each matching raw socket, except for a few that the kernel generates the reply for: ICMP echo request, timestamp request, and mask request.
- IGMP: all of these get passed to all matching raw sockets.
- all other protocols that the kernel doesn't deal with (OSPF, etc.): these all get passed to all matching raw sockets.
Also read
http://www.whitefang.com/rin/rawfaq.html
Consider using libpcap - this is the portable library that usesAlso, if anyone know any good tutorial on bpf , let me know the url (some simple example for capturing will be good .. i read bpf manpage, it seems little obscure to me).
bpf, raw socket, packet socket or whatever packets source is available
for the particular platform.
Pcap tutorial available here: http://reactor-core.org/security/libpcap-tutorial.html
After you become familiar with libpcap, the bpf manual page will not
seem obscure at all.
Also, look at the trafd or ipcad daemons in the ports collection
(/usr/ports/net).
--
Lev Walkin
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
