I face a problem wehre RAw Socket was in promniiscous mode and lietening to all intefaces though it was intended to listen on one Inteface .
// creation of raw socket
read_sockfd = socket( AF_PACKET , SOCK_RAW, htons(ETH_P_ALL)) ;
This stmt was success but not solving purpose
setsockopt(read_sockfd , SOL_SOCKET , SO_BINDTODEVICE , BIND_DEV , devlen+1 )
Solution
struct sockaddr_ll sa
int interfaceId =-1;
struct ifreq ifr;
memset(&sa, 0, sizeof(sa));
strncpy(ifr.ifr_name,BIND_DEV, devlen+1);
sa.sll_family = AF_PACKET;
// get interface index
interfaceId = ioctl(read_sockfd ,SIOCGIFINDEX,&ifr);
sa.sll_protocol = htons(ETH_P_ALL);
sa.sll_ifindex =ifr.ifr_ifindex
bind( g_frame_read_sockfd , (struct sockaddr*) &sa, sizeof(sa));
Thing is we have to explicitly bind raw socket to socket address structure(with proper interface index )
Man page clearly says
By default all packets of the specified protocol type are passed to a packet socket. To only get packets from a specific interface use bind(2) specifying an address in a struct sockaddr_ll to bind the
packet socket to an interface. Only the sll_protocol and the sll_ifindex address fields are used for purposes of binding.
------------------------------------------
tcpdump -d vlan and ip
tcpdump -dd vlan and \(ip or arp \)
tcpdump -d ether src 00:80:42:1B:1D:94 and vlan and \(ip or arp \)
tcpdump -d not ether src 00:80:42:1B:1D:94 and vlan and \(ip or arp \)
