PACKET

NAME

packet, PF_PACKET - packet interface on device level.

SYNOPSIS

#include <sys/socket.h>

#include <features.h> /* for the glibc version number */
#if __GLIBC__ >= 2 && __GLIBC_MINOR >= 1
#include <netpacket/packet.h>
#include <net/ethernet.h> /* the L2 protocols */
#else
#include <asm/types.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h> /* The L2 protocols */
#endif packet_socket = socket(PF_PACKET, int socket_type, int protocol);
 

DESCRIPTION

Packet sockets are used to receive or send raw packets at the device driver
(OSI Layer 2) level. They allow the user to implement protocol modules in user space on top of the physical layer.

The socket_type is either SOCK_RAW for raw packets including the link level header or SOCK_DGRAM for cooked packets with the link level header removed. The link level header information is available in a common format in a sockaddr_ll. protocol is the IEEE 802.3 protocol number in network order. See the <linux/if_ether.h> include file for a list of allowed protocols. When protocol is set to htons(ETH_P_ALL) then all protocols are received. All incoming packets of that protocol type will be passed to the packet socket before they are passed to the protocols implemented in the kernel.
  Only processes with effective uid 0 or the CAP_NET_RAW capability may open packet sockets.

SOCK_RAW packets are passed to and from the device driver without any changes in the packet data. When receiving a packet, the address is still parsed and passed in a standard sockaddr_ll address structure. When transmitting a packet, the user supplied buffer must contain the physical layer header. That packet is then queued unmodified to the network driver of the interface defined by the destination address. SOCK_RAW is similar to but not compatible with the obsolete SOCK_PACKET of Linux 2.0.

SOCK_DGRAM operates on a slightly higher level. The physical header is removed before the packet is passed to the user. Packets sent through a SOCK_DGRAM packet socket get a suitable physical layer header based on the information in the sockaddr_ll destination address before they are queued.

By default all packets of the specified protocol type are passed to a packet socket. To only get packets from a specific interface use bind(2) specifying an address in a struct sockaddr_ll to bind the packet to an interface.

 

ADDRESS TYPES

The sockaddr_ll is a device independent physical layer address.


struct sockaddr_ll
{
    unsigned short  sll_family;    /* Always AF_PACKET */
    unsigned short  sll_protocol;  /* Physical layer protocol */
    int             sll_ifindex;   /* Interface number */
    unsigned short  sll_hatype;    /* Header type */
    unsigned char   sll_pkttype;   /* Packet type */
    unsigned char   sll_halen;     /* Length of address */ 
    unsigned char   sll_addr[8];   /* Physical layer address */
};

sll_protocol is the standard ethernet protocol type in network order as defined in the linux/if_ether.h include file. sll_hatype is a ARP type as defined in the linux/if_arp.h include file. sll_pkttype contains the packet type. Valid types are PACKET_HOST for a packet addressed to the local host, PACKET_BROADCAST for a physical layer broadcast packet, PACKET_MULTICAST for a packet sent to a physical layer multicast address, PACKET_OTHERHOST for a packet to some other host that has been caught by a device driver in promiscuous mode, and PACKET_OUTGOING for a packet originated from the local host that is looped back to a packet socket. sll_addr and sll_halen contain the physical layer (e.g. IEEE 802.3) address and its length. The exact interpretation depends on the device.

 

SOCKET OPTIONS

Packet sockets can be used to configure physical layer multicasting and promiscuous mode. It works by calling setsockopt(2) on a packet socket for SOL_PACKET and one of the options PACKET_ADD_MEMBERSHIP to add a binding or PACKET_DROP_MEMBERSHIP to drop it. They both expect a packet_mreq structure as argument:


struct packet_mreq
{
    int             mr_ifindex;    /* interface index */
    unsigned short  mr_type;       /* action */
    unsigned short  mr_alen;       /* address length */
    unsigned char   mr_address[8]; /* physical layer address */ 
};

mr_ifindex contains the interface index for the interface whose status should be changed. The mr_type parameter specifies which action to perform. PACKET_MR_PROMISC enables receiving all packets on a shared medium - often known as ``promiscuous mode'', PACKET_MR_MULTICAST binds the socket to the physical layer multicast group specified in mr_address and mr_alen, and PACKET_MR_ALLMULTI sets the socket up to receive all multicast packets arriving at the interface.

In addition the traditional ioctls SIOCSIFFLAGS, SIOCADDMULTI, SIOCDELMULTI can be used for the same purpose.

 

IOCTLS

SIOCGSTAMP can be used to receive the time stamp of the last received packet. Argument is a struct timeval.

In addition all standard ioctls defined in netdevice(7) and socket(7) are valid on packet sockets.

 

ERROR HANDLING

Packet sockets do no error handling other than errors occurred while passing the packet to the device driver. They don't have the concept of a pending error.

 

COMPATIBILITY

In Linux 2.0, the only way to get a packet socket was by calling socket(PF_INET, SOCK_PACKET, protocol). This is still supported but strongly deprecated. The main difference between the two methods is that SOCK_PACKET uses the old struct sockaddr_pkt to specify an interface, which doesn't provide physical layer independence.


struct sockaddr_pkt
{
    unsigned short  spkt_family;
    unsigned char   spkt_device[14];
    unsigned short  spkt_protocol;
};

spkt_family contains the device type, spkt_protocol is the IEEE 802.3 protocol type as defined in <sys/if_ether.h> and spkt_device is the device name as a null terminated string, e.g. eth0.

This structure is obsolete and should not be used in new code.

 

NOTES

For portable programs it is suggested to use PF_PACKET via pcap(3); although this only covers a subset of the PF_PACKET features.

 

ERRORS

ENETDOWN
Interface is not up.

ENOTCONN
No interface address passed.

ENODEV
Unknown device name or interface index specified in interface address.

EMSGSIZE
Packet is bigger than interface MTU.

ENOBUFS
Not enough memory to allocate the packet.

EFAULT
User passed invalid memory address.

EINVAL
Invalid argument.

ENXIO
Interface address contained illegal interface index.

EPERM
User has insufficient privileges to carry out this operation.

EADDRNOTAVAIL
Unknown multicast group address passed.

ENOENT
No packet received.

 

VERSIONS

PF_PACKET is a new feature in Linux 2.2. Earlier Linux versions supported only SOCK_PACKET.

 

BUGS

glibc 2.1 does not have a define for SOL_PACKET. The suggested workaround is to use
#ifndef SOL_PACKET
#define SOL_PACKET 263
#endif
This is fixed in later glibc versions and also does not occur on libc5 systems.

Socket filters are not documented.

 

CREDITS

This man page was writen by Andi Kleen with help from Matthew Wilcox. PF_PACKET in Linux 2.2 was implemented by Alexey Kuznetsov, based on code by Alan Cox and others.

 

SEE ALSO

ip(7), socket(7), socket(2), raw(7), pcap(3)

The linux/if_ether.h include file for physical layer protocols.