Re: [ethereal-dev] Ethereal capturing runts and bad packets

[guy@xxxxxxxxxx (Guy Harris)]

> The key problems seem to be making the kernel aware that bad packets should
> not be passed to higher layers.

Is there a way for a link-layer driver in Linux to tell whether it's
handling packets to SOCK_PACKET or to some other type of socket?

Or, alternatively, is there a way to have "let me see everything,
including junk", set on a per-socket basis, such that the driver could
see it?

In BPF, the drivers hand stuff to BPF by a different mechanism than they
use to hand stuff to higher-level protocols, so one could arrange, in
BSDish systems, to have BPF clients get bad packets without having to
make everything above it know that it has to throw them out; you'd
probably want an "ioctl" to say whether this particular BPF client wants
bad packets (sniffer programs would, programs using BPF to implement
their own protocols probably wouldn't).