我需要构建什么才能直接访问内核级别的以太网帧位? [英] What do I need to build to directly access the Ethernet frame bits in the kernel level?

问题描述

我想检索线路上所有以太网帧的以太网帧位，无论它们是否是为我的机器指定的(MAC级别).

I would like to retrieve the Ethernet Frame bits for all the Ethernet frames on the wire no matter if they are destined (MAC level) for my machine or not.

其逻辑必须在内核级别.

The logic for that has to be at the kernel level.

因此，为了实现这一点，我需要构建一个单独的内核模块或以太网驱动程序或以太网网络接口

So in order to achieve this do I need to build a separate kernel module or Ethernet driver or Ethernet network interface

注意:我刚刚开始为我的项目学习Linux内核模块开发.很抱歉，如果不是发布此问题的合适地点.

推荐答案

要接收发往所有主机的帧，必须将网络接口设置为混杂模式.

For receiving frames destined to all hosts you must set your network interface in promiscuous mode.

要获取帧，您可以使用其他替代方法:

For getting frames you can use different alternatives:

1. pcap API(库libpcap)
2. 数据包套接字: http://man7.org/linux/man-pages/man7/packet.7.html
3. 看看ebtables(我从没用过，所以我现在不确定):如何在内核模块

1. pcap API (library libpcap)
2. packet sockets: http://man7.org/linux/man-pages/man7/packet.7.html
3. Look at ebtables (I've never used it so I'm not sure in this point): http://linux.die.net/man/8/ebtables
4. Here netfilter is proposed: How to capture network frames in a kernel module

如果您仍然想破解内核，则无需创建新的以太网设备驱动程序，只需编写一个内核模块即可注册，以接收从以太网设备驱动程序接收到的帧.查看内核文件 http://lxr.free-electrons.com/source/net/core/dev.c ，您可以从函数开始:

If you still want to hack the kernel you don't need to create a new Ethernet device driver, just write a kernel module that registers to receive frames received from the Ethernet device driver. Look at kernel file http://lxr.free-electrons.com/source/net/core/dev.c , you can begin with function:

int netif_rx(struct sk_buff *skb)

这是从设备驱动程序接收帧的一个.

This is the one receiving frames from the device driver.

这篇关于我需要构建什么才能直接访问内核级别的以太网帧位?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！