lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Mar 2012 10:46:30 +0530 From: "Prashant Batra (prbatra)" <prbatra@...co.com> To: "Eric Dumazet" <eric.dumazet@...il.com> Cc: <netdev@...r.kernel.org> Subject: RE: Query regarding pf_packet sockets That’s look good Thanks. -----Original Message----- From: Eric Dumazet [mailto:eric.dumazet@...il.com] Sent: Thursday, March 22, 2012 9:59 AM To: Prashant Batra (prbatra) Cc: netdev@...r.kernel.org Subject: Re: Query regarding pf_packet sockets On Thu, 2012-03-22 at 08:52 +0530, Prashant Batra (prbatra) wrote: > Hi , > > I am trying to use PF_PACKET socket along with filters applied on the socket through setsockopt, SO_ATTACH_FILTER. > Now as I create this socket, any packet coming to the kernel would be copied into the socket buffer for this socket. > > So, even if I apply the filter, first few packets would always be those which do not match the filter. > > Is there a way (some socket option), to make socket passive and active, so that I will set the socket in passive mode after creation, > and then set it as active, after I apply the filter, so that I only receive the filtered packet in user space. > > Thanks, > Prashant > 1) open PF_PACKET 2) Install a "deny all packets" filter 3) read all packets that might have been captured right before 2) 4) Install your filter This is what is done by libpcap
Powered by blists - more mailing lists