Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Manipulate the Linux ARP Cache in C
Top Forums Programming Manipulate the Linux ARP Cache in C Post 302343860 by semash! on Friday 14th of August 2009 12:53:38 AM
Old 08-14-2009
Manipulate the Linux ARP Cache in C
Hello,

I need help on how to "access" or manipulate the Linux ARP Cache in C, here is the description of the project i'm working in:

There are a lot of tools that analize ARP frames and send an e-mail to the sysadmin, that's easy. What i want to do is to inspect every ARP frame that arrives to my network interface and, if it "passes the tests", then, and ONLY THEN apply the changes in the ARP cache.

I'm able to analize every field of the ARP frame that i capture, but not to avoid the malicious frame to take effect over the cache because i can't stop the kernel.

So, how can i do that? how could i check the frame and if it's a valid one THEN apply it to the cache, just before the kernel does it?

Any help will be appreciated,
Thank you!
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

UBC cache vs. Metadata cache

hi, What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux? Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies

2. Solaris

ARP Cache

Dear all, We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies

3. IP Networking

how can we spoof ethernet by ARP cache poisoning on unix through a program

how can we spoof ethernet by ARP cache poisoning on unix through a program... can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies

4. Linux

Linux cache

Hi all I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies

5. Linux

getting info on Cache Size, Data Cache etc..

Hi all I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc.. Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies

6. UNIX for Advanced & Expert Users

linux memory buffers & cache usage

18:45:47 # free -m total used free shared buffers cached Mem: 96679 95909 770 0 1530 19550 -/+ buffers/cache: 74828 21851 Swap: 12287 652 11635 Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies

7. Linux

File cache /Page cache Linux

Hi All, could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4. Regards Manish (0 Replies)
Discussion started by: hmanish
0 Replies

8. Linux

Linux cache

Hi, We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server. It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies

9. Linux

Help Me: How to set ARP stale time interval on linux platform for Ipv6 interface

Hi, Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ? I have tried increasing the variable gc_stale_time but that doesnt work. Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies

10. UNIX for Dummies Questions & Answers

Clearing memory cache on Linux server

i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do? i already tested this on a backup server and everything seemed fine. but i need to know from you experts what are the worst things that can happen when i run it on a real server: ... (5 Replies)
Discussion started by: SkySmart
5 Replies

LEARN ABOUT LINUX

arp

ARP(8)							     Linux Programmer's Manual							    ARP(8)

NAME

       arp - manipulate the system ARP cache

SYNOPSIS

       arp [-vn] [-H type] [-i if] [-a] [hostname]

       arp [-v] [-i if] -d hostname [pub]

       arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]

       arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub

       arp [-v] [-H type] [-i if] -Ds hostname ifname [netmask nm] pub

       arp [-vnD] [-H type] [-i if] -f [filename]

DESCRIPTION

       Arp  manipulates  or displays the kernel's IPv4 network neighbour cache. It can add entries to the table, delete one or display the current
       content.

       ARP stands for Address Resolution Protocol, which is used to find the media access control address of a network neighbour for a given  IPv4
       Address.

MODES

       arp  with no mode specifier will print the current content of the table. It is possible to limit the number of entries printed, by specify-
       ing an hardware address type, interface name or host address.

       arp -d address will delete a ARP table entry. Root or netadmin priveledge is required to do this. The entry is found by IP  address.  If  a
       hostname is given, it will be resolved before looking up the entry in the ARP table.

       arp -s address hw_addr is used to set up a new table entry. The format of the hw_addr parameter is dependent on the hardware class, but for
       most classes one can assume that the usual presentation can be used.  For the Ethernet class, this is 6 bytes in hexadecimal, separated	by
       colons.	When adding proxy arp entries (that is those with the publish flag set a netmask may be specified to proxy arp for entire subnets.
       This is not good practice, but is supported by older kernels because it can be useful. If the temp flag is not  supplied  entries  will	be
       permanent stored into the ARP cache. To simplyfy setting up entries for one of your own network interfaces, you can use the arp -Ds address
       ifname form. In that case the hardware address is taken from the interface with the specified name.

OPTIONS

       -v, --verbose
	      Tell the user what is going on by being verbose.

       -n, --numeric
	      shows numerical addresses instead of trying to determine symbolic host, port or user names.

       -H type, --hw-type type
	      When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check  for.   The  default
	      value of this parameter is ether (i.e. hardware code 0x01 for IEEE 802.3 10Mbps Ethernet).  Other values might include network tech-
	      nologies such as ARCnet (arcnet) , PROnet (pronet) , AX.25 (ax25) and NET/ROM (netrom).

       -a     Use alternate BSD style output format (with no fixed columns).

       -D, --use-device
	      Instead of a hw_addr, the given argument is the name of an interface.  arp will use the MAC address of that interface for the  table
	      entry. This is usually the best option to set up a proxy ARP entry to yourself.

       -i If, --device If
	      Select an interface. When dumping the ARP cache only entries matching the specified interface will be printed. When setting a perma-
	      nent or temp ARP entry this interface will be associated with the entry; if this option is not used, the kernel will guess based	on
	      the routing table. For pub entries the specified interface is the interface on which ARP requests will be answered.
	      NOTE:  This  has	to  be	different  from the interface to which the IP datagrams will be routed.  NOTE: As of kernel 2.2.0 it is no
	      longer possible to set an ARP entry for an entire subnet. Linux instead does automagic proxy arp when a route exists and it is  for-
	      warding.	See  arp(7)  for details. Also the dontpub option which is available for delete and set operations cannot be used with 2.4
	      and newer kernels.

       -f filename, --file filename
	      Similar to the -s option, only this time the address info is taken from file filename.  This can be used if ARP entries for a lot of
	      hosts have to be set up.	The name of the data file is very often /etc/ethers, but this is not official. If no filename is specified
	      /etc/ethers is used as default.

	      The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address separated by whitespace.
	      Additionally the pub, temp and netmask flags can be used.

       In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation.

       As a special case for compatibility the order of the hostname and the hardware address can be exchanged.

       Each  complete  entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P
       flag.

EXSAMPLES

       /usr/sbin/arp -i eth0 -Ds 10.0.0.2 eth1 pub

       This will answer ARP requests for 10.0.0.2 on eth0 with the MAC address for eth1.

       /usr/sbin/arp -i eth1 -d 10.0.0.1

       Delete the ARP table entry for 10.0.0.1 on interface eth1. This will match published proxy ARP entries and permanent entries.

FILES

       /proc/net/arp
       /etc/networks
       /etc/hosts
       /etc/ethers

SEE ALSO

       rarp(8), route(8), ifconfig(8), netstat(8)

AUTHORS

       Fred N. van Kempen <waltje@uwalt.nl.mugnet.org>, Bernd Eckenfels <net-tools@lina.inka.de>.

net-tools							    2007-12-01								    ARP(8)
All times are GMT -4. The time now is 07:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy