Thread: Packet Filter Using Unix Sockets

  1. #1
    Registered User
    Join Date
    Dec 2003

    Packet Filter Using Unix Sockets

    As a part of my project i have to use UNIX socket programming to discard IP packets coming from a particular IP address.

    So what i did was, I created a socket as follows,

    int sockfd;
    sockfd = socket(PF_PACKET,SOCK_RAW,htons(ETH_P_ALL));
    After this i set the interface 'eth0' into promiscous mode,
    Then i get the packet as,

    the packets received by the above call are not sent to the upper layers unless a 'sendto' call is used to send to a loopback IP address. (I don't know whether this is correct or wrong)


    The packets received goes to the above layers too. Only a copy is sent to my program and not the original packet. So I am not able to discard the IP packets.

    Somebody who had the same problem please help.


    I am not creating the socket using SOCK_PACKET since it is outdated. Anyway, even if i am able to do the above using this it is ok.


  2. #2
    Join Date
    Nov 2003
    Unless the box you are putting your filter on is acting as a NAT,
    and then forwarding everything to the rest of the network, or acting as a router or a bridge, then -- packet filtering blocks packets not meant for the machine itself. Not the entire LAN.

    Packet filtering usually occurs in the kernel. Here is some source for BSD that may give you some help - assuming I understood what you want.

  3. #3
    Registered User
    Join Date
    Dec 2003
    Since the project is in the test level, there are only two computers in the network which are connected via a hub.

    To test the simple packet filtering, this is what was tried?

    Test Case :

    a UDP server runs in the system A which also runs the packet capture program.

    now when the UDP client (in system B) connects to the UDP server (system A) , I don't want the UDP server to get the request i.e., i want the packet capture program to get the request and drop it.

    Specifications of my computer :
    IBM PC
    X86 Architecture
    Platform: Red Hat Linux 8.0
    Ethernet NIC.

    Thanks for the link but it didn't take me anywhere. I have searched through my best in man pages and various sites but all they give uses BPF (Berkely Packet Filter) which I never understood.

    Some sites say the code described before but i don't know why it doesn't work.

    I am trying my best to figure it out but unfortunately .........

  4. #4
    End Of Line Hammer's Avatar
    Join Date
    Apr 2002
    The conversation continues over here
    When all else fails, read the instructions.
    If you're posting code, use code tags: [code] /* insert code here */ [/code]

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Global Variables
    By Taka in forum C Programming
    Replies: 34
    Last Post: 11-02-2007, 03:25 AM
  2. Unix sockets
    By karas in forum Linux Programming
    Replies: 8
    Last Post: 10-13-2007, 12:20 AM
  3. Packet Filter using Unix Socket
    By doraiashok in forum Networking/Device Communication
    Replies: 2
    Last Post: 12-12-2003, 08:14 AM
  4. Winsock vs Unix Sockets
    By khoxxxy in forum Networking/Device Communication
    Replies: 4
    Last Post: 08-05-2003, 05:13 AM
  5. Unix Sockets
    By prvindia in forum Linux Programming
    Replies: 5
    Last Post: 03-11-2003, 09:16 AM