About Linux RAW socket programming

The most authoritative book on Linux network programming is the <<unix network programming >>, but there are some things you might not understand when reading this book, or if you want to know what it is, then I suggest you look at the implementation of the network protocol stack.

The function prototype is an int socket (int domain, int type, int protocol);

where domain af_inet, af_unit is more commonly used, respectively, to create INET domain sockets and UNIX domain sockets, UNIX sockets associated with the file. Normally 80% sockets are af_inet. There's a lot of talk here.

Type field original socket is Sock_raw

Protocol field The field that is already occupied by other protocols cannot be used, and the system remains unused.

When an IP packet is received, the IP Layer Header Pelagic Protocol field is viewed during the submission to the L4 layer, and if TCP UDP ICMP is sent to the TCP UDP ICMP processing function. If the corresponding handler function cannot be found (it should be said that the corresponding struct proto is not found), Then the corresponding packet is sent to the original socket, but not every raw socket accepts such a packet, must meet three requirements: (from the <<unix Network programming >>)

1. The upper layer protocol field of the IP packet header must be the same as the third field when the socket is created.

2. Bind was used when the original socket was created (essentially to bind the IP address), the destination address in the IP packet must be the same as the socket bound address

3. If the sending data is using SendTo then the destination address in sendto must be the same as the address of the socket.

Here's where the original socket's sent and accepted data starts (refer to the previous Linux C ping implementation article)

The first byte after the IP header is sent is the start of the send.

Receive full IP packets including IP header when receiving

One might ask if there is a way to get TCP UDP data

The answer is of course there is

At this point you need the original IP socket. Now let's talk about the difference between the original socket and the original IP. From the name of the original socket, the original data is the IP payload (L4 layer), the original IP socket original L2 load (L3 layer), so at the time of sending, the original socket only need to send the full L4 layer content. When the original IP socket is sent, it needs to send the complete L3 layer content, and most of its IP header needs to be specified by itself.

At the time of acceptance, the original socket accepts the full IP layer, the original IP socket receives the complete L2 layer content, so you go out of the Ethernet head, IP layer head, L4 head, then the rest is TCP or UDP data.

About Linux RAW socket programming