Re: Rawsock bpf mambo jambo?
From: Robert Watson (rwatson_at_freebsd.org)
Date: 01/25/05
- Previous message: Alin-Adrian Anton: "Re: Rawsock bpf mambo jambo?"
- In reply to: DJF: "Rawsock bpf mambo jambo?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 25 Jan 2005 15:52:35 +0000 (GMT) To: DJF <deiif@yahoo.com>
On Tue, 25 Jan 2005, DJF wrote:
> I've recently been looking into raw socket programming. However there's
> still a question that remains. Maybe it's just a case of RTFM, if so
> point me to a good manual on the topic. The man pages indicate that you
> can do read and write operations with rawsock aswell as bpf. However, in
> all of the source codes I found, a raw socket was used to write to, and
> bpf was used to read from the interface.
>
> What's the advantage in using the rawsock bpf combination instead of bpf
> (or raw socket) only?
Hmm. Well, both of the mechanisms have some limitations, so it could be
that combining them overcomes some of those limitations. Here are some
features/limitations of both:
Raw IP socket
Works at the IP layer
Works only with IP packets
Checksums can be calculated for your
Receives packets "unmatched" by the rest of the IP stack
Send operations are routed using the routing table
If there's a send error, it is available via errno
Receives packets from any interface
Will pick a source address for you if you like
Filtered by IP-layer firewalling
BPF
Works at the linker layer
Works with any link layer packets from the interface
Calculate your own checksums if you transmit
Figure out your own address if you transmit
If you want routing from above the link layer, do it yourself
Receives any packets, not just unmatched packets (subject to
selection of a point in the link layer protocol stack)
No send error delivery
You must pick an interface, and it requires an ioctl to switch --
if you need to receive from more than one interface, you need more
than one file descriptor open to more than one BPF device
Not filtered by IP-layer firewalling
So, you might use IP to send a packet, so that it picks an address, does
lots of the paperwork, routing, etc, but then look for the response using
BPF. Or, you might use BPF to implement low level listening
functionality, but send responses using the IP layer.
Note that the reason that dhclient uses BPF on FreeBSD instead of a UDP
socket is that a quirk (feature) of the Berkeley sockets API is that you
can't bind the IP address 0.0.0.0 for sending.
Robert N M Watson
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Alin-Adrian Anton: "Re: Rawsock bpf mambo jambo?"
- In reply to: DJF: "Rawsock bpf mambo jambo?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
