I implemented a simple packet capture tool which supports Linux and macOS(BSD) in C(github: https://github.com/c-bata/xpcap ). In macOS, we need to read ethernet frames from BPF device. Each ethernet frames wrapped by BPF(Berkeley Packet Filter) payload. And it can easily find next ethernet frame because BPF header has a data length.
But in Linux, we need to read ethernet frames from RAW Socket using `recv(2)`. And the byte sequences are starts at ethernet headers because the data read from RAW Socket is not wrapped anything. But ethernet frames doesn't have data length. So I think we need to parse until L3 layer to get the length of ethernet frame data. For example, IP packet has total length. But it's a little bit complex because we need to parse all packets until we can get data length.
https://en.wikipedia.org/wiki/IPv4#Header
Another expectation is that returned data from `recv(2)` might ensure only contains one ethernet frame. But I think this is not true for some performance reasons (recv(2) is a relatively heavy). Does someone know how to split ethernet frames read from Raw Socket?
