1 introduction to raw sockets 2 ip address port address mac address tcp/ip stack 67 bootp dhcp 176 2...
Post on 26-Dec-2015
280 Views
Preview:
TRANSCRIPT
2
IP address
Port address
MAC address
TCP/IP Stack
67
Bootp
DHCP
176
2
OSPF89
53
protocol
frametype
UDPPort #
TCPPort #
1
EGP8
16125 23 6921
3
What can raw sockets do?
Bypass TCP/UDP layers Read and write ICMP and IGMP packets
ping, traceroute, multicast daemon Read and write IP datagrams with an IP protocol field
not processed by the kernel OSPF user process versus kernel
Send and receive your own IP packets with your own IP header using the IP_HDRINCL socket option can build and send TCP and UDP packets testing, hacking only superuser can create raw socket though
You need to do all protocol processing at user-level
4
User TCP
ICMP UDP stackTCP stack
6
17 UDP6 TCP1 ICMP2 IGMP
89 OSPF
TCP
port
port
TCP
port
17
UDP
port
port
RAW
2
1
89
User UDPICMP (ping, etc)
RAW
IGMP
echotimestamp
5
Creating a Raw Socket
Can we use bind() with raw sockets? rare, no concept of port
Can we use connect() with raw sockets? rare, only foreign ip address
int sockfd;
sockfd = socket(AF_INET, SOCK_RAW, protocol);
const int on = 1;
setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on);
IPPROTO_ICMPIPPROTO_IGMP
6
Raw Socket Output
Sending raw socket packets by sendto or sendmsg If IP_HDRINCL option not set (i.e. header is not included), the
starting address of the data in sendto() specifies the first byte following the IP header
If IP_HDRINCL option set, the starting address of data in sendto() specifies the first byte of the IP header.
IP Header fields modified on sending by IP_HDRINCL IP Checksum Always filled in. Source Address Filled in when zero. Packet Id Filled in when zero. Total Length Always filled in.
Example: see Steven’s code under ping/send_v4.c, ping/send_v6.c
7
Raw Socket Input
Received TCP/UDP packets are NEVER passed to raw sockets. If needed, link layer is the place.
Receiving raw packets by recvfrom() or recvmsg() Most ICMP packets are passed to all matching ICMP raw
sockets except a few exceptions• ICMP echo request, timestamp request
All IGMP packets are passed to all matching raw sockets All IP datagrams with a protocol field not processed by the
kernel (e.g. OSPF) are passed to all matching raw sockets
The entire datagram, including the IP header, is passed to the raw socket. Fragments are assembled first.
Example: steven’s code in ping/readloop.c and ping/proc_v4.c
11
Ping Program
Create a raw socket to send/receive ICMP echo request and echo reply packets
Install SIGALRM handler to process output Sending echo request packets every t seconds Build ICMP packets (type, code, checksum, id, seq,
sending timestamp as optional data) Enter an infinite loop processing input
Use recvmsg() to read from the network Parse the message and retrieve the ICMP packet Print ICMP packet information, e.g., peer IP address,
round-trip time Source code: Steven’s under ping/
12
Traceroute program
Create a UDP socket and bind source port To send probe packets with increasing TTL For each TTL value, use timer to send a probe every
three seconds, and send 3 probes in total
Create a raw socket to receive ICMP packets If timeout, printing “ *” If ICMP “port unreachable”, then terminate If ICMP “TTL expired”, then printing hostname of the
router and round trip time to the router
Source code: Steven’s traceroute/
Limitations Loss of Reliability
No ports
Non Standard Communications
No automatic ICMP
No Raw TCP or UDP
Must have root (or administrator) privilege
When to use
When you need to control the IP header applications like Ping and Traceroute not all fields can be set using the IP APIs Network Address Translation
• Firewalls
When your application requires optimum network speed one level above the Link Layer if you need reliability, you must build it into your
application
Windows and Raw Sockets
WinSock 2.0 allows windows programmers to build advanced applications Firewalls
• Network Address Translation• Packet Filtering• SYN Flood protection
Security• IPSec support• VPN Clients
Network Administration• Packet Sniffers/Analyzers• Pathway Analyzers (ping and traceroute)
top related