Provided by: manpages-pt_20040726-2_all bug


       packet, PF_PACKET - packet interface on device level.


       #include <sys/socket.h>
       #include <features.h>    /* for the glibc version number */
       #if __GLIBC__ >= 2 && __GLIBC_MINOR >= 1
       #include <netpacket/packet.h>
       #include <net/ethernet.h>     /* the L2 protocols */
       #include <asm/types.h>
       #include <linux/if_packet.h>
       #include <linux/if_ether.h>   /* The L2 protocols */

       packet_socket = socket(PF_PACKET, int socket_type, int protocol);


       Packet  sockets  are  used to receive or send raw packets at the device
       driver (OSI Layer 2) level. They allow the user to  implement  protocol
       modules in user space on top of the physical layer.

       The  socket_type  is either SOCK_RAW for raw packets including the link
       level header or SOCK_DGRAM for  cooked  packets  with  the  link  level
       header  removed.  The  link  level header information is available in a
       common format in a sockaddr_ll.  protocol is the  IEEE  802.3  protocol
       number  in network order. See the <linux/if_ether.h> include file for a
       list of allowed protocols. When protocol  is  set  to  htons(ETH_P_ALL)
       then all protocols are received.  All incoming packets of that protocol
       type will be passed to the packet socket before they are passed to  the
       protocols implemented in the kernel.

       Only  processes  with effective uid 0 or the CAP_NET_RAW capability may
       open packet sockets.

       SOCK_RAW packets are passed to and from the device driver  without  any
       changes  in  the  packet data.  When receiving a packet, the address is
       still parsed and passed in a standard  sockaddr_ll  address  structure.
       When transmitting a packet, the user supplied buffer should contain the
       physical layer header.  That packet is then queued  unmodified  to  the
       network  driver  of  the  interface defined by the destination address.
       Some device drivers always add other headers.  SOCK_RAW is  similar  to
       but not compatible with the obsolete SOCK_PACKET of Linux 2.0.

       SOCK_DGRAM  operates on a slightly higher level. The physical header is
       removed before the packet is passed to the user.  Packets sent  through
       a  SOCK_DGRAM  packet socket get a suitable physical layer header based
       on the information in the sockaddr_ll destination address  before  they
       are queued.

       By  default  all packets of the specified protocol type are passed to a
       packet socket. To only  get  packets  from  a  specific  interface  use
       bind(2)  specifying  an  address  in  a  struct sockaddr_ll to bind the
       packet  socket  to  an  interface.  Only  the  sll_protocol   and   the
       sll_ifindex address fields are used for purposes of binding.

       The connect(2) operation is not supported on packet sockets.


       The sockaddr_ll is a device independent physical layer address.

              struct sockaddr_ll
                  unsigned short  sll_family;    /* Always AF_PACKET */
                  unsigned short  sll_protocol;  /* Physical layer protocol */
                  int             sll_ifindex;   /* Interface number */
                  unsigned short  sll_hatype;    /* Header type */
                  unsigned char   sll_pkttype;   /* Packet type */
                  unsigned char   sll_halen;     /* Length of address */
                  unsigned char   sll_addr[8];   /* Physical layer address */

       sll_protocol is the standard ethernet protocol type in network order as
       defined in the  linux/if_ether.h  include  file.   sll_ifindex  is  the
       interface  index  of  the  interface (see netdevice(2) ); 0 matches any
       interface (only legal for  binding).   sll_hatype  is  a  ARP  type  as
       defined  in  the linux/if_arp.h include file.  sll_pkttype contains the
       packet type. Valid types are PACKET_HOST for a packet addressed to  the
       local  host,  PACKET_BROADCAST  for  a physical layer broadcast packet,
       PACKET_MULTICAST for a  packet  sent  to  a  physical  layer  multicast
       address, PACKET_OTHERHOST for a packet to some other host that has been
       caught by a device driver in promiscuous mode, and PACKET_OUTGOING  for
       a packet originated from the local host that is looped back to a packet
       socket. These types  make  only  sense  for  receiving.   sll_addr  and
       sll_halen  contain the physical layer (e.g. IEEE 802.3) address and its
       length. The exact interpretation depends on the device.


       Packet sockets can be used to configure physical layer multicasting and
       promiscuous  mode. It works by calling setsockopt(2) on a packet socket
       for SOL_PACKET and one of the options PACKET_ADD_MEMBERSHIP  to  add  a
       binding  or  PACKET_DROP_MEMBERSHIP  to  drop  it.   They both expect a
       packet_mreq structure as argument:

              struct packet_mreq
                  int             mr_ifindex;    /* interface index */
                  unsigned short  mr_type;       /* action */
                  unsigned short  mr_alen;       /* address length */
                  unsigned char   mr_address[8]; /* physical layer address */

       mr_ifindex contains the interface index for the interface whose  status
       should  be  changed.   The  mr_type parameter specifies which action to
       perform.  PACKET_MR_PROMISC enables receiving all packets on  a  shared
       medium - often known as ‘‘promiscuous mode’’, PACKET_MR_MULTICAST binds
       the  socket  to  the  physical  layer  multicast  group  specified   in
       mr_address  and  mr_alen,  and PACKET_MR_ALLMULTI sets the socket up to
       receive all multicast packets arriving at the interface.

       In  addition  the  traditional   ioctls   SIOCSIFFLAGS,   SIOCADDMULTI,
       SIOCDELMULTI can be used for the same purpose.


       SIOCGSTAMP  can  be used to receive the time stamp of the last received
       packet. Argument is a struct timeval.

       In addition all standard ioctls defined in netdevice(7)  and  socket(7)
       are valid on packet sockets.


       Packet  sockets  do  no error handling other than errors occurred while
       passing the packet to the device driver. They don’t have the concept of
       a pending error.


       In  Linux  2.0,  the  only  way  to  get a packet socket was by calling
       socket(PF_INET, SOCK_PACKET, protocol).  This is  still  supported  but
       strongly  deprecated.   The  main difference between the two methods is
       that SOCK_PACKET  uses  the  old  struct  sockaddr_pkt  to  specify  an
       interface, which doesn’t provide physical layer independence.

              struct sockaddr_pkt
                  unsigned short  spkt_family;
                  unsigned char   spkt_device[14];
                  unsigned short  spkt_protocol;

       spkt_family  contains  the device type, spkt_protocol is the IEEE 802.3
       protocol type as defined in <sys/if_ether.h>  and  spkt_device  is  the
       device name as a null terminated string, e.g. eth0.

       This structure is obsolete and should not be used in new code.


       For  portable  programs  it  is suggested to use PF_PACKET via pcap(3);
       although this only covers a subset of the PF_PACKET features.

       The SOCK_DGRAM packet sockets make no attempt to create  or  parse  the
       IEEE  802.2  LLC  header  for  a IEEE 802.3 frame.  When ETH_P_802_3 is
       specified as protocol for sending the kernel creates  the  802.3  frame
       and  fills  out the length field; the user has to supply the LLC header
       to get a fully  conforming  packet.  Incoming  802.3  packets  are  not
       multiplexed on the DSAP/SSAP protocol fields; instead they are supplied
       to the user as protocol ETH_P_802_2 with the LLC header  prepended.  It
       is  thus  not  possible  to  bind  to  ETH_P_802_3; bind to ETH_P_802_2
       instead and do  the  protocol  multiplex  yourself.   The  default  for
       sending  is  the  standard Ethernet DIX encapsulation with the protocol
       filled in.

       Packet sockets are not subject to the input or output firewall  chains.


              Interface is not up.

              No interface address passed.

       ENODEV Unknown  device  name  or interface index specified in interface

              Packet is bigger than interface MTU.

              Not enough memory to allocate the packet.

       EFAULT User passed invalid memory address.

       EINVAL Invalid argument.

       ENXIO  Interface address contained illegal interface index.

       EPERM  User has insufficient privileges to carry out this operation.

              Unknown multicast group address passed.

       ENOENT No packet received.

              In addition other errors  may  be  generated  by  the  low-level


       PF_PACKET  is  a  new  feature  in  Linux  2.2.  Earlier Linux versions
       supported only SOCK_PACKET.


       glibc 2.1 does  not  have  a  define  for  SOL_PACKET.   The  suggested
       workaround is to use
              #ifndef SOL_PACKET
              #define SOL_PACKET 263
       This  is fixed in later glibc versions and also does not occur on libc5

       The IEEE 802.2/803.3 LLC handling could be considered as a bug.

       Socket filters are not documented.


       This man page was writen by Andi Kleen with help from  Matthew  Wilcox.
       PF_PACKET  in  Linux  2.2 was implemented by Alexey Kuznetsov, based on
       code by Alan Cox and others.


       ip(7), socket(7), socket(2), raw(7), pcap(3).

       RFC 894 for the standard IP Ethernet encapsulation.

       RFC 1700 for the IEEE 802.3 IP encapsulation.

       The linux/if_ether.h include file for physical layer protocols.