What do I need to build to directly access the Ethernet frame bits in the kernel level?

Question

I would like to retrieve the Ethernet Frame bits for all the Ethernet frames on the wire no matter if they are destined (MAC level) for my machine or not.

The logic for that has to be at the kernel level.

So in order to achieve this do I need to build a separate kernel module or Ethernet driver or Ethernet network interface

Note: I have just started learning Linux kernel module development for my project. I'm sorry if it is not the appropriate place to post this question.

Answer 1

For receiving frames destined to all hosts you must set your network interface in promiscuous mode.

For getting frames you can use different alternatives:

1. pcap API (library libpcap)
2. packet sockets: http://man7.org/linux/man-pages/man7/packet.7.html
3. Look at ebtables (I've never used it so I'm not sure in this point): http://linux.die.net/man/8/ebtables
4. Here netfilter is proposed: How to capture network frames in a kernel module

If you still want to hack the kernel you don't need to create a new Ethernet device driver, just write a kernel module that registers to receive frames received from the Ethernet device driver. Look at kernel file http://lxr.free-electrons.com/source/net/core/dev.c , you can begin with function:

int netif_rx(struct sk_buff *skb)

This is the one receiving frames from the device driver.