Linux: SOCK_PACKET and PF_PACKET

There are two methods of receiving packets from the datalink layer under Linux. The original method, which is more widely available but less flexible, is to create a socket of type SOCK_PACKET. The newer method, which introduces more filtering and performance features, is to create a socket of family PF_PACKET. To do either, we must have sufficient privileges (similar to creating a raw socket), and the third argument to socket must be a nonzero value specifying the Ethernet frame type. When using PF_PACKET sockets, the second argument to socket can be SOCK_DGRAM, for "cooked" packets with the link-layer header removed, or SOCK_RAW, for the complete link-layer packet. SOCK_PACKET sockets only return the complete link layer packet. For example, to receive all frames from the datalink, we write

fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));        /* newer systems*/

or

fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));      /* older systems*/

This would return frames for all protocols that the datalink receives.

If we wanted only IPv4 frames, the call would be

fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));          /* newer systems */

or

fd = socket(AF_INET, SOCK_PACKET, htons(ETH_P_IP));         /* older systems */

/**
* @send_arp.c
* @This software is intended to be used as a example to show how to send and receive arp request with Linux * PF_PACKET interface
* @Author：jiayi,http://www.jiayii.com
**/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/ioctl.h>
#include <netinet/in.h>
#include <net/if.h>
#include <sys/types.h>
#include <asm/types.h>
#include <features.h>           /* 需要里面的 glibc 版本号 */
#if __GLIBC__ >= 2 && __GLIBC_MINOR >= 1
#include <netpacket/packet.h>
#include <net/ethernet.h>       /* 链路层（L2）协议 */
#else
#include <asm/types.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>     /* 链路层协议 */
#endif
#include <netinet/if_ether.h>

#define INLEN 4
#define MAC_BCAST_ADDR  (uint8_t *) "\xff\xff\xff\xff\xff\xff"

void usage_quit(char *arg0);
int get_ifi(char *dev, char *mac, int macln, struct in_addr *lc_addr,
            int ipln);
void prmac(u_char * ptr);

int main(int argc, char **argv)
{
    if (argc != 2)
        usage_quit(argv[0]);

    int reqfd, recvfd, salen, n;
    u_char *mac;
    char recv_buf[120], rep_addr[16];
    struct in_addr lc_addr, req_addr;
    struct sockaddr_ll reqsa, repsa;
    struct arp_pkt {
        struct ether_header eh;
        struct ether_arp ea;
        u_char padding[18];
    } req;

    bzero(&reqsa, sizeof(reqsa));
    reqsa.sll_family = PF_PACKET;
    reqsa.sll_ifindex = if_nametoindex("wlan0");

    if ((reqfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_RARP))) < 0)
    {
        perror("Socket error");
        exit(1);
    }

    mac = (char *) malloc(ETH_ALEN);
    bzero(&req, sizeof(req));

    if (get_ifi("wlan0", mac, ETH_ALEN, &lc_addr, INLEN))
    {
        fprintf(stderr, "Error: Get host’s information failed\n");
        exit(0);
    }

    /* 填写以太网头部 */
    memcpy(req.eh.ether_dhost, MAC_BCAST_ADDR, ETH_ALEN);
    memcpy(req.eh.ether_shost, mac, ETH_ALEN);
    req.eh.ether_type = htons(ETHERTYPE_ARP);

    /* 填写arp数据 */
    req.ea.arp_hrd = htons(ARPHRD_ETHER);
    req.ea.arp_pro = htons(ETHERTYPE_IP);
    req.ea.arp_hln = ETH_ALEN;
    req.ea.arp_pln = INLEN;
    req.ea.arp_op = htons(ARPOP_REQUEST);
    memcpy(req.ea.arp_sha, mac, ETH_ALEN);
    memcpy(req.ea.arp_spa, &lc_addr, INLEN);
    inet_aton(argv[1], req.ea.arp_tpa);

    if ((n =
         sendto(reqfd, &req, sizeof(req), 0, (struct sockaddr *) &reqsa,
                sizeof(reqsa))) <= 0)
    {
        perror("Sendto error");
        exit(1);
    }
    printf("Broadcast arp request of %s, %d bytes be sent\n\n", argv[1],
           n);

    recvfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP));
    bzero(recv_buf, sizeof(recv_buf));
    bzero(&repsa, sizeof(repsa));
    salen = sizeof(struct sockaddr_ll);

    while (1)
    {
        if ((n =
             recvfrom(recvfd, recv_buf, sizeof(req), 0,
                      (struct sockaddr *) &repsa, &salen)) <= 0)
        {
            perror("Recvfrom error");
            exit(1);
        }

        if (ntohs(*(__be16 *) (recv_buf + 20)) == 2
            && !memcmp(req.ea.arp_tpa, recv_buf + 28, 4))
        {
            printf("Response from %s, %d bytes received\n", argv[1], n);
            printf("        Peer IP is: %s\n",
                   inet_ntop(AF_INET, (struct in_addr *) (recv_buf + 28),
                             rep_addr, 1024));
            prmac((u_char *) (recv_buf + 22));  //prmac( (u_char *)(recv_buf + 6) );
            break;
        }
    }

    free(mac);
}

int get_ifi(char *dev, char *mac, int macln, struct in_addr *lc_addr,
            int ipln)
{
    int reqfd, n;
    struct ifreq macreq;

    reqfd = socket(AF_INET, SOCK_DGRAM, 0);
    strcpy(macreq.ifr_name, dev);

    /* 获取本地接口MAC地址 */
    if (ioctl(reqfd, SIOCGIFHWADDR, &macreq) != 0)
        return 1;
    memcpy(mac, macreq.ifr_hwaddr.sa_data, macln);

    /* 获取本地接口IP地址 */
    if (ioctl(reqfd, SIOCGIFADDR, &macreq) != 0)
        return 1;
    memcpy(lc_addr, &((struct sockaddr_in *) (&macreq.ifr_addr))->sin_addr,
           ipln);

    return 0;
}

void prmac(u_char * ptr)
{
    printf("        Peer MAC is: %02x:%02x:%02x:%02x:%02x:%02x\n", *ptr,
           *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4), *(ptr + 5));
}

void usage_quit(char *arg0)
{
    fprintf(stderr, "Usage: %s <query_IP>\n", arg0);
    exit(1);
}