2

I need to receive incoming UDP packets using RAW socket, which is being opened using this code snippet:

static int fd;
char *iface;


iface = "eth0";

if ( (fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_IP))) < 0 )
{
    perror("socket");
}

if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, iface, strlen(iface)) < 0)
{
    perror("bind");
    exit(EXIT_FAILURE);
}

I send, say, 100 identical packets and try to receive and count them. I use recv(...) to do this. Only 93 packets are delivered, and then recv(...) hangs waiting for next ones. But if I run "Wireshark" (which uses libpcap) on the receiving side computer and make it listen on "eth0" to UDP packets, then my app will always catch 100 packets without any problems.

I can't understand what I'm actually doing wrong, and why does "Wireshark" influence my socket receiver as well?

P.S. I already tried to increase receive buffer size, but no success.

user5232274
  • 31
  • 3

2 Answers2

0

By default, Wireshark is setting the network interface in promiscuous mode, using libpcap: https://github.com/the-tcpdump-group/libpcap/blob/735f1f9d3318693f0096be4198d34e9ac0985777/pcap-linux.c#L3528

Try adding this setsockopt call in your code, to see if it helps.

nnn
  • 3,980
  • 1
  • 13
  • 17
0

Use libpcap instead of reinventing the wheel.

Isroel Barenboim
  • 11
  • 4
  • First, using raw sockets to receive raw packets is using the tcp stack which is implemented in the kernel, not writing the whole code from the scratch, so it's not reinventing the wheel. Second, I tried it after I saw that I didn't receive raw packets via raw sockets, but its speed is not comparable. So my converted my code back to use raw sockets. Now just trying to understand why do they not received after sending something via stream sockets. – hamidi May 01 '21 at 13:14