On Jul 2, 4:02*am, Michael <michael.rabi...@gmail.com> wrote:
> Hello all.
> I need help to hook Ethernet packet.
> The proprietary packet received from network. This is an IP packet
> with extended L2 header, i.e. the packet has two L2 header + l3 header
> + .... . I need to hook this packet, remove extended l2 header and
> return packet to regular process. Could you help me and advise how can
> I do this. Is it possible with standard IP stack hooking process?
>
> TIA
> Michael
I am assuming that you need to write (or modify) a program to do this
on Linux. Also, by "hook" I assume you mean that you want to capture
and process that ethernet packet (or frame to be precise).
In that case, you can use SOCK_PACKET type of socket. You can create
socket like this
sd=socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));
This will enable sniffing on data link layer. But remember, that you
are sniffing all L2 packets(ETH_P_ALL) on a given subnet and that
packets are copied verbatim to userspace (with all headers). Hence if
LAN is really busy, it can bring system down to its knees. You can use
ETH_P_IP or ETH_P_ARP if you know these are the types you are
interested (check linux/if_ether.h).
Moreover, this type of socket does not support kernel buffering &
filtering. So single read() will return only one ethernet frame.
Search web for SOCK_PACKET and you will come across plenty of good
tutorials.
Cheers,
Tejas Kokje
|
Similar Threads
Linear Mode
