From: Fred C. <fc...@al...> - 2009-12-03 21:07:43
|
Right - this may be the new rawsock implementation - to some extent - but the real problem is that all of this stuff is machine specific. In addition, there is no good way to test it without a lot of time and effort for each situation. The original rawsock worked on Linux quite well, but I don;t know (haven't looked at) the new code, linux has been updated since, I am on a MAC and that is completely different, and I don't know how or where the constants are defined. When dealing with low-level functions, operating systems, versions, and even subversions may differ significantly. FC On Dec 3, 2009, at 11:50 AM, Don Cohen wrote: > Fred Cohen writes: > >> Also - in trying your test script, even after recompiling clisp with >> rawsock built in, it failed... > BTW I should report success on my machine with this: > $ clisp -K full /tmp/sniffer.lisp inet 10 > >>> sudo clisp -K full /u/fc/lisp/sniffer.lsp inet 100 >> *** - UNIX error 43 (EPROTONOSUPPORT): Protocol not supported >> >>> sudo clisp -K full /u/fc/lisp/sniffer.lsp packet 100 >> *** - RAWSOCK:SOCKET: Lisp value :PACKET is not found in table >> "check_socket_domain": >> ((0 :UNSPEC) (1 :UNIX) (1 :LOCAL) (2 :INET) (3 :IMPLINK) >> (4 :PUP) (5 :CHAOS) (9 :DATAKIT) (10 :CCITT) (23 :IPX) (6 :NS) >> (7 :ISO) >> (7 :OSI) (8 :ECMA) (16 :APPLETALK) (30 :INET6) (12 :DECNET) >> (13 :DLI) (14 :LAT) (15 :HYLINK) (17 :ROUTE) (11 :SNA) (33 :NETBIOS)) > Wow, that's quite a bit different from what I see: > "check_socket_domain": > ((0 :UNSPEC) (1 :UNIX) (1 :LOCAL) (2 :INET) (3 :AX25) (4 :IPX) > (5 :APPLETALK) (6 :NETROM) (7 :BRIDGE) (8 :ATMPVC) (9 :X25) > (10 :INET6) > (11 :ROSE) (12 :DECNET) (13 :NETBEUI) (14 :SECURITY) (15 :KEY) > (16 :NETLINK) (16 :ROUTE) (17 :PACKET) (18 :ASH) (19 :ECONET) > (20 :ATMSVC) (22 :SNA) (23 :IRDA) (24 :PPPOX) (25 :WANPIPE) > (31 :BLUETOOTH)) > Let me guess - you're using a mac? > >> Somehow, a demo should work across all such situations... > Clearly not this sort of demo. > >> (rawsock:socket :inet :dgram 0 #+ignore #x300)) > My man ip(7) says > > An IP socket is created by calling the socket(2) > function as > socket(AF_INET, socket_type, protocol). Valid socket types > are > SOCK_STREAM to open a tcp(7) socket, SOCK_DGRAM to open a > udp(7) > socket, or SOCK_RAW to open a raw(7) socket to access the IP > protocol > directly. protocol is the IP protocol in the IP header to be > received > or sent. The only valid values for protocol are 0 and > IPPROTO_TCP for > TCP sockets, and 0 and IPPROTO_UDP for UDP sockets. For > SOCK_RAW you > may specify a valid IANA IP protocol defined in RFC 1700 assigned > num- > bers. > Maybe it's different on your machine. > This seems to mean that your line above should be watching for udp. > When I try that I get nothing - no udp, no icmp. > When I try (rawsock:socket :inet :raw 0) I get protocol not supported > which is strange since > (rawsock:socket :inet :raw t) > *** - RAWSOCK:SOCKET: Lisp value T is not found in table > "check_socket_protocol": > ((0 :IPPROTO-IP) (41 :IPPROTO-IPV6) (1 :IPPROTO-ICMP) > (255 :IPPROTO-RAW) > (6 :IPPROTO-TCP) (17 :IPPROTO-UDP) (2 :IPPROTO-IGMP) > (4 :IPPROTO-IPIP) > On the other hand rfc 1700 (which I think is now obsolete) does say > Decimal Keyword Protocol References > ------- ------- -------- ---------- > 0 Reserved [JBP] > 1 ICMP Internet Control Message [RFC792,JBP] > 2 IGMP Internet Group Management [RFC1112,JBP] > 3 GGP Gateway-to-Gateway [RFC823,MB] > 4 IP IP in IP (encasulation) [JBP] > ... > So I think the problem is in the (0 :IPPROTO-IP) above. > > When I use > (rawsock:socket :inet :raw 1) > I do indeed see icmp and 17 shows udp. > > ------------------------------------------------------------------------------ > Join us December 9, 2009 for the Red Hat Virtual Experience, > a free event focused on virtualization and cloud computing. > Attend in-depth sessions from your desk. Your couch. Anywhere. > http://p.sf.net/sfu/redhat-sfdev2dev > _______________________________________________ > clisp-list mailing list > cli...@li... > https://lists.sourceforge.net/lists/listinfo/clisp-list > > - This communication is confidential to the parties it is intended to serve - Fred Cohen & Associates tel/fax: 925-454-0171 http://all.net/ 572 Leona Drive Livermore, CA 94550 Join http://tech.groups.yahoo.com/group/FCA-announce/join for our mailing list |
From: Fred C. <fc...@al...> - 2009-12-03 23:47:38
|
I now have the raw sockets working apparently properly under Linux using the new rawsocket version - with no apparent difference from the previous version - in Linux. However, on my OSX machine, it is relatively non-responsive. There is no obvious promiscuous mode setting on their wifi networking, and many of the protocol options and other things differ. The demonstration program does not run properly on my Linux box - even though my previous software packages using the raw socket interface seem to be working under the new version of rawsock. This seems to work reasonably well when "raw" is selected. > clisp -K full sniffer.lsp raw 100 with: (cond ((string= arg "inet") (rawsock:socket :inet :dgram 255 #+ignore 255)) ((string= arg "raw") (rawsock:socket :packet :raw #+ignore :all #x300)) (t (error "invalid socket argument ~S" arg))))) FC - This communication is confidential to the parties it is intended to serve - Fred Cohen & Associates tel/fax: 925-454-0171 http://all.net/ 572 Leona Drive Livermore, CA 94550 Join http://tech.groups.yahoo.com/group/FCA-announce/join for our mailing list |