使用 RAW 套接字在 Linux 上捕获传出 icmpv6 数据包
我正在尝试捕获从 Linux 主机发出的传入和传出 icmpv6 数据包。我编写了以下程序来做到这一点。在这个程序中,我们可以捕获传入的数据包,而不是传出的数据包。捕获对于 icmpv4 数据包(代码的注释部分)效果很好,但对于 icmpv6 数据包来说这是一个问题。我对使用数据包过滤(伯克利数据包过滤器)机制不感兴趣,与我下面使用的方法相比,该机制有点侵入性。你能告诉我是否还有其他东西可以用来做到这一点吗?或者 Linux 是否提供了任何其他机制来做到这一点?
int main(int argc,char *argv[])
{
char buf[500];
struct icmp6_hdr *icmpv6_hdr;
int raw_socket = socket(AF_INET, SOCK_RAW,IPPROTO_ICMPV6);
//int raw_socket = socket(AF_INET, SOCK_RAW,IPPROTO_ICMP);
if(raw_socket <=0)
{
perror("Could not create raw socket");
exit(1);
}
while(1)
{
if(recvfrom(raw_socket, buf, 500, 0,NULL,NULL)<0)
{
perror("error in recvfrom");
break;
}
else
{
icmpv6_hdr = (struct icmp6_hdr *)buf;
switch(icmpv6_hdr->icmp6_type)
{
case ND_ROUTER_SOLICIT:
printf("ND_ROUTER_SOLICIT");
break;
case ND_ROUTER_ADVERT:
printf("ND_ROUTER_ADVERT");
break;
case ND_NEIGHBOR_SOLICIT:
printf("ND_NEIGHBOR_SOLICIT");
break;
case ND_NEIGHBOR_ADVERT:
printf("ND_NEIGHBOR_ADVERT");
break;
default:
printf("icmpv6_type:%x\n",icmpv6_hdr->icmp6_type);
}
}
}
return 0;
}
I am trying to capture incoming as well as outgoing icmpv6 packets going out from a host on Linux. I have written the following program to do it. In this program we can trap the incoming packets and not the outgoing packets. Trapping works fine for icmpv4 packets (the commented part of code) but for icmpv6 packets its a problem. I am not interested in using packet filtering (Berkley Packet Filter) mechanism which is a bit intrusive as compared to the method I have used below. Can you let me know if there is something else which could be used to do this? Or does Linux provide any other mechanism to do this?
int main(int argc,char *argv[])
{
char buf[500];
struct icmp6_hdr *icmpv6_hdr;
int raw_socket = socket(AF_INET, SOCK_RAW,IPPROTO_ICMPV6);
//int raw_socket = socket(AF_INET, SOCK_RAW,IPPROTO_ICMP);
if(raw_socket <=0)
{
perror("Could not create raw socket");
exit(1);
}
while(1)
{
if(recvfrom(raw_socket, buf, 500, 0,NULL,NULL)<0)
{
perror("error in recvfrom");
break;
}
else
{
icmpv6_hdr = (struct icmp6_hdr *)buf;
switch(icmpv6_hdr->icmp6_type)
{
case ND_ROUTER_SOLICIT:
printf("ND_ROUTER_SOLICIT");
break;
case ND_ROUTER_ADVERT:
printf("ND_ROUTER_ADVERT");
break;
case ND_NEIGHBOR_SOLICIT:
printf("ND_NEIGHBOR_SOLICIT");
break;
case ND_NEIGHBOR_ADVERT:
printf("ND_NEIGHBOR_ADVERT");
break;
default:
printf("icmpv6_type:%x\n",icmpv6_hdr->icmp6_type);
}
}
}
return 0;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
有一个名为 PCAP 的库旨在捕获通过 NIC 的任何网络流量。它有一个内部过滤器,您可以配置它来匹配 icmpv6。这是 Wireshark 和 tcpdump 用于嗅探流量的库。 http://www.tcpdump.org/pcap.html
如果你不想“侵入”一定要禁用混杂模式。
There is a library which is meant to capture any network traffic passing through your NIC called PCAP. It has an internal filter you can configure to match icmpv6. This is the library that Wireshark and tcpdump use to sniff traffic. http://www.tcpdump.org/pcap.html
If you don't want to be "intrusive" be sure to disable promiscuous mode.
嗯,我只知道ICMPv6。
由于 ICMPv6 包含的消息比 ICMPv4 多得多,因此它们创建了一个过滤器 sockopt。您可以在相应的 RFC 中阅读详细信息:
https://www.rfc -editor.org/rfc/rfc2292#section-3.2
一切都在那里。基本上,您有一个结构,使用一些宏定义过滤器掩码并设置套接字选项。
当然,这只适用于 IPv6。
另外,您想像这样创建套接字:
套接字(AF_INET6、SOCK_RAW、IPPROTO_ICMPV6)
Well, I only know about ICMPv6.
Since ICMPv6 contains so much more messages than ICMPv4, they create a filter sockopt. You can read about the details in the corresponding RFC:
https://www.rfc-editor.org/rfc/rfc2292#section-3.2
It's all in there. Basically, you have a structure, define a filter mask with some macros and set the socket option.
That only works for IPv6 of course.
Also, you want to create the socket like this:
socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)