Reputation: 1674
C PF_PACKET Link-layer Processing
I'm trying to figure out the data structure that is stored in 'buffer' after the following:
sock=socket(PF_PACKET, SOCK_RAW, htons(ETHERTYPE_IP));
recvfrom(sock, buffer, 2048, 0, NULL, NULL);
I'd like to be able to poke into the data structure and read in the link-layer, IP layer, and TCP layer if it is a TCP packet. I tried the man pages, and some header files, but have it's just all over the place.
Thanks in advance.
Upvotes: 2
Views: 1439
Answers (2)
Reputation: 104090
I believe what you're after is the RFC that specifies how IP is encapsulated in Ethernet. Sadly that RFC is very thin, but a more recent RFC includes significantly more detail.
Upvotes: 1
Reputation: 19443
This is the raw bits that go over the wire (OSI layer 2). The man page for packet explains it pretty well.
What I would do is to get the output of this and compare it to the output of a Wireshark session looking at the same data. You then should be able to correlate the two and see what's going on.
Upvotes: 3
Related Questions
- addition of a new network protocol in the linux kernel
- how to write(implement) Application layer network protocol
- The message buffer struct(mbuf): Linux equivalent
- Packet manipulation library in C
- C network programming?
- Correct way to parse network packet in C
- constructing and parsing network packet
- (C) Virtual network adapter
- packet travelling in layers
- Accessing data link layer packets