29.8 Summary
With raw sockets, we have the capability to read and write IP datagrams that the kernel does not understand, and with access to the datalink layer, we can extend that capability to read and write any type of datalink frame, not just IP datagrams. tcpdump is probably the most commonly used program that accesses the datalink layer directly.
Different operating systems have different ways of accessing the datalink layer. We looked at the Berkeley-derived BPF, SVR4's DLPI, and the Linux SOCK_PACKET. But we can ignore all their differences and still write portable code using the freely available packet capture library, libpcap.
Writing raw datagrams can be different on different systems. The freely available libnet library hides these differences and provides an interface to output both via raw sockets and directly on the datalink.
|