Re: Socket type not supported..

[Gigi Sullivan <sullivan () seclab com>]

Howdy to all ;)))

On Mon, Jan 18, 1999 at 04:27:19PM +0100, Juan Cespedes wrote:
> On Fri, Jan 15, 1999 at 09:25:11PM +0100, Hroi Sigurdsson wrote:
> > SOCK_PACKET seems to have been completely deprecated in 2.2.0. There's
> > not even a mention of it in any of the toplevel files in /usr/src/linux.
> > So obviously nmap/libpcap-possibly-modified needs to be fixed? Will it
> > even be fixable when using the linux packet-filter?
>
>       I don't know what does libpcap do (I don't have it handy), but
> the correct way to open a socket for sending and receiving packets in
> linux-2.1.* and linux-2.2.* is to do
>               socket(PF_PACKET, SOCK_RAW, htons(0x0800))
> instead of
>               socket(PF_INET, SOCK_PACKET, htons(0x0800))
Sorry, but I don't agree w/ ya Juan.

Doing fd = socket(PF_INET, SOCK_RAW, htons(0x0800)) and the read(fd,...);
is a Linux feature.

Ok, I know that SOCK_PACKET is a linux feature too, but the concept is 
different.

With SOCK_PACKET you're accessing the data link layer in a standard (non 
portable) way, w/ SOCK_RAW you're not accessing the data link layer, altough
unser linux it seems you do this.

You can see this by looking at the libpcap source (pcap-linux.c expecially).

> IMHO, the best option is to use the newer parameters, and if that
> fails, fall back to the old ones.

This is true, however.
I've never look at the 2.2.0 kernel source yet, but I guess that the best
way to access data link layer under linux is to try first the new method
(i.e. Linux Packet Filter syntax) then, if it fails try w/ the old ones
(i.e. SOCK_PACKET).


bye bye :)))


> -- 
> Juan Cespedes


                        -- gg sullivan


-- 
Lorenzo Cavallaro
Intesis SECURITY LAB            Phone: +39-02-671563.1
Via Settembrini, 35             Fax: +39-02-66981953
I-20124 Milano  ITALY           Email: sullivan () seclab com