All geek questions in one place

Send / receive raw network frames

I need to write a Linux application that needs to talk to a device with a custom Ethernet type. There are many solutions, even in SO, to write such an application. The disadvantage is that root access is required (AFAIK). Issuing root privileges later may be an option, but there is a problem that the program is developed in the IDE, which I do not like to run with root privileges. In my special case, the main application is written in Python, which would mean giving root access to the entire Python interpreter. I am considering possible alternatives. For instance.

  • Writing a tiny UDP / TCP server that redirects every raw packet through TCP / UDP. This can also be written in Python. Only this tiny application requires root privileges.

  • Using socat for redirection, unfortunately, I cannot find a way to take care of only one type of Ethernet, so as not to overflow with IP packets.

  • Any other ideas?

+4
source share
1 answer

I think you only need root or CAP_NET_RAW to open the socket. Once the socket is open, you can be any user that you like.

So also:

  • The setuid helper program that opens a raw socket, binds it (if necessary), then discards its root privileges and executes the main program, keeping the socket open and passing the file descriptor number somehow (environment variable ??)?

  • Setuid helper that will pass an open file descriptor using another mechanism (e.g. unix socket)

  • A root daemon that passes such an open socket descriptor to other programs upon request

+1
source

Source: https://habr.com/ru/post/1482268/

More articles:


All Articles