Re: Question about sniffers and linux

Abraham vd Merwe (abraham@2d3d.co.za)
Mon, 10 Dec 2001 10:09:18 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Abraham vd Merwe: "2.4.16 & OOM killer screw up"
Previous message: Stevie O: "Re: "Colo[u]rs""

--M/SuVGWktc5uNpra
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi salinarl!

You don't need to write a kernel module to do this.

Use RAW sockets. (See man 2 socket). If you're not interested in the link
layer, you can also use DGRAM sockets to get everything from layer 3 and up
(ip, arp, etc.)

> I am new to kernel internals, and I would like to know how can a sniffer
> read whole packets, I mean including the link layer header. In the receive
> path, this happens, I think, in the net_rx_action(), but in the transmit
> path?
> I know that there is a function called dev_queue_xmit_nit() for this, but
> how can a driver add a link layer header to a packet before this function
> gets called? The hard_start_xmit() of the driver is, in fact, called after
> the dev_queue_xmit_nit(), (in the function dev_queue_xmit() ).
> I think I'm missing something important about the subject, but I hope som=
eone=20
> will answer me, anyway.
> Thank you in advance,
>=20
> Lanfranco
>=20
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

--=20

Regards
Abraham

What we wish, that we readily believe.
-- Demosthenes

__________________________________________________________
Abraham vd Merwe - 2d3D, Inc.

Device Driver Development, Outsourcing, Embedded Systems

Cell: +27 82 565 4451 Snailmail:
Tel: +27 21 761 7549 Block C, Antree Park
Fax: +27 21 761 7648 Doncaster Road
Email: abraham@2d3d.co.za Kenilworth, 7700
Http: http://www.2d3d.com South Africa

--M/SuVGWktc5uNpra
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8FG2uzNXhP0RCUqMRAraxAJ9W3SPeo3D/49ft5YRzxH2Ttz7G7QCdHyzt
eHYMTv53u6L3k7Duk7RwuI8=
=tI8l
-----END PGP SIGNATURE-----

--M/SuVGWktc5uNpra--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Abraham vd Merwe: "2.4.16 & OOM killer screw up"
Previous message: Stevie O: "Re: "Colo[u]rs""