I have the following setup:
client(eth0) --- (eth2) linux bridge (eth1) --- (eth1) server
When I open a RAW socket on the linux bridge using
fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
I have the socket bound to eth2. When the client sends a packet to the server, wireshark running on the bridge reports the packet with a source mac address of client(eth0) and a destination mac address of server(eth1).
When I do a read()
, the first 6 bytes of the data read is the destination mac address, which is correctly read as server(eth1).
However when I change the statement to
fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
When I do a read()
, the first 6 bytes of the data read shows the destination mac address is linux bridge (eth2).
Why would this be? Is the kernel or ethernet card driver placing its own mac address in the buffer instead of reading off the wire with ETH_P_IP?
read()
on ETH_P_IP shows something different to what wireshark reports. – Rivi