1

Introduction to Raw Sockets

2

IP address

Port address

MAC address

TCP/IP Stack

67

Bootp

DHCP

176

2

OSPF89

53

protocol

frametype

UDPPort #

TCPPort #

1

EGP8

16125 23 6921

3

What can raw sockets do?

Bypass TCP/UDP layers Read and write ICMP and IGMP packets

ping, traceroute, multicast daemon Read and write IP datagrams with an IP protocol field

not processed by the kernel OSPF user process versus kernel

Send and receive your own IP packets with your own IP header using the IP_HDRINCL socket option can build and send TCP and UDP packets testing, hacking only superuser can create raw socket though

You need to do all protocol processing at user-level

4

User TCP

ICMP UDP stackTCP stack

6

17 UDP6 TCP1 ICMP2 IGMP

89 OSPF

TCP

port

port

TCP

port

17

UDP

port

port

RAW

2

1

89

User UDPICMP (ping, etc)

RAW

IGMP

echotimestamp

5

Creating a Raw Socket

Can we use bind() with raw sockets? rare, no concept of port

Can we use connect() with raw sockets? rare, only foreign ip address

int sockfd;

sockfd = socket(AF_INET, SOCK_RAW, protocol);

const int on = 1;

setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on);

IPPROTO_ICMPIPPROTO_IGMP

6

Raw Socket Output

Sending raw socket packets by sendto or sendmsg If IP_HDRINCL option not set (i.e. header is not included), the

starting address of the data in sendto() specifies the first byte following the IP header

If IP_HDRINCL option set, the starting address of data in sendto() specifies the first byte of the IP header.

IP Header fields modified on sending by IP_HDRINCL IP Checksum Always filled in. Source Address Filled in when zero. Packet Id Filled in when zero. Total Length Always filled in.

Example: see Steven’s code under ping/send_v4.c, ping/send_v6.c

7

Raw Socket Input

Received TCP/UDP packets are NEVER passed to raw sockets. If needed, link layer is the place.

Receiving raw packets by recvfrom() or recvmsg() Most ICMP packets are passed to all matching ICMP raw

sockets except a few exceptions• ICMP echo request, timestamp request

All IGMP packets are passed to all matching raw sockets All IP datagrams with a protocol field not processed by the

kernel (e.g. OSPF) are passed to all matching raw sockets

The entire datagram, including the IP header, is passed to the raw socket. Fragments are assembled first.

Example: steven’s code in ping/readloop.c and ping/proc_v4.c

10

ICMP Format

subtype

11

Ping Program

Create a raw socket to send/receive ICMP echo request and echo reply packets

Install SIGALRM handler to process output Sending echo request packets every t seconds Build ICMP packets (type, code, checksum, id, seq,

sending timestamp as optional data) Enter an infinite loop processing input

Use recvmsg() to read from the network Parse the message and retrieve the ICMP packet Print ICMP packet information, e.g., peer IP address,

round-trip time Source code: Steven’s under ping/

12

Traceroute program

Create a UDP socket and bind source port To send probe packets with increasing TTL For each TTL value, use timer to send a probe every

three seconds, and send 3 probes in total

Create a raw socket to receive ICMP packets If timeout, printing “ *” If ICMP “port unreachable”, then terminate If ICMP “TTL expired”, then printing hostname of the

router and round trip time to the router

Source code: Steven’s traceroute/

Limitations Loss of Reliability

No ports

Non Standard Communications

No automatic ICMP

No Raw TCP or UDP

Must have root (or administrator) privilege

When to use

When you need to control the IP header applications like Ping and Traceroute not all fields can be set using the IP APIs Network Address Translation

• Firewalls

When your application requires optimum network speed one level above the Link Layer if you need reliability, you must build it into your

application

Windows and Raw Sockets

WinSock 2.0 allows windows programmers to build advanced applications Firewalls

• Network Address Translation• Packet Filtering• SYN Flood protection

Security• IPSec support• VPN Clients

Network Administration• Packet Sniffers/Analyzers• Pathway Analyzers (ping and traceroute)