defragment of packet socket

defragment of packet socket

Post by John » Tue, 03 Jun 2003 23:19:01



I write a simple program to set my NIC in promiscuous mode and capture
all tcp or udp datagrams.

The following is taken from linux man page raw(7):
       An  IPPROTO_RAW socket is send only.  If you really want to
receive all IP packets use a packet(7) socket with the ETH_P_IP
protocol. Note that packet sockets don't reassemble IP fragments,
unlike raw sockets.

Does it mean that I need to write codes myself to reassemble ip packet
if it's fragmented? And if I want to receive all TCP segments or UDP
datagrams, is it feasible to use raw socket instead of packet socket
and set the protocol to IPPROTO_TCP or IPPROTO_UDP?

Thanks in advance for any help.

 
 
 

defragment of packet socket

Post by Leigh W3NL » Wed, 04 Jun 2003 00:11:50



Quote:>I write a simple program to set my NIC in promiscuous mode and capture
>all tcp or udp datagrams.

>The following is taken from linux man page raw(7):
>       An  IPPROTO_RAW socket is send only.  If you really want to
>receive all IP packets use a packet(7) socket with the ETH_P_IP
>protocol. Note that packet sockets don't reassemble IP fragments,
>unlike raw sockets.

>Does it mean that I need to write codes myself to reassemble ip packet
>if it's fragmented? And if I want to receive all TCP segments or UDP
>datagrams, is it feasible to use raw socket instead of packet socket
>and set the protocol to IPPROTO_TCP or IPPROTO_UDP?

>Thanks in advance for any help.

Why don't you use ethereal or tcpdump.  They've already written all
that stuff.

Best,
Leigh Bassett
Software architect and embedded systems guru.
Registered Linux user #307936

 
 
 

defragment of packet socket

Post by John » Wed, 04 Jun 2003 11:34:43


Quote:

> Why don't you use ethereal or tcpdump.  They've already written all
> that stuff.

I have already known that. My purpose is to learn something about
tcp/ip by writing some codes myself.
Quote:> Best,
> Leigh Bassett
> Software architect and embedded systems guru.
> Registered Linux user #307936

 
 
 

defragment of packet socket

Post by Lu » Wed, 04 Jun 2003 19:09:58


You may want to use 'pcap' and 'libnet'.



Quote:

> Why don't you use ethereal or tcpdump.  They've already written all
> that stuff.

I have already known that. My purpose is to learn something about
tcp/ip by writing some codes myself.
Quote:> Best,
> Leigh Bassett
> Software architect and embedded systems guru.
> Registered Linux user #307936

 
 
 

1. Userspace packet queuing with libipq: ip_conntrack does not defragment?

Hi all,

I'm using libipq to pass certain packets to my userspace application
on Fedora 6 / Kernel 2.6.21.1 and ipTables 1.3.5.

I do:
modprobe iptable_filter
modprobe ip_queue
modprobe ip_conntrack
iptables -A INPUT -p tcp -j QUEUE

Works fine. However, since ip_conntrack is loaded I would expect that
the packets are defragmented before they are passed to my userspace
appliation (as indicated here for example:
http://lists.netfilter.org/pipermail...y/034006.html).
This does not seem the case, i.e., the maximum size of the packets
which I get (through ->data_len) is 1500 bits.

The len parameter of the ipq_read method is well over 1500, as is the
buffer size.

Any suggestions what I'm doing wrong?

Many thanks,
Michael

ps: I also tried to use "OUTPUT" in my rule since I read somewhere
that connection tracking only works in OUTPUT and PREROUTING: Same
result - maximum packet size is 1500, i.e., no defragmentation :-(

2. DMA driver. Cache.

3. Packet socket losing packets

4. from MkLinux to linux-pmac (alt-gr)

5. Sending Arp reply packets using packet-sockets on linux

6. Backup question!

7. NS_TAP sockets and reading packets that are sent.

8. USB Mouse on Beige G3 and linuxppc2000 Q4/X Display

9. how to close a socket such that no packet will be sent by TCP to peer

10. Device Indexes for Packet Socket interface.

11. dropped udp packets - due to no socket

12. cannot modularize Packet Socket

13. 100 packets/sec outgoing traffic for each socket