LINUX Network Programming raw sockets

An original socket

The original socket (SOCK_RAW) is a different socket than Sock_stream, SOCK_DGRAM, which is implemented at the core of the system. However, what can the original socket do? First of all, the normal socket can not handle the ICMP, IGMP and other network messages, and Sock_raw May, second, Sock_raw can also handle special IPV4 messages, in addition, using the original socket, you can use the IP_HDRINCL socket option by the user constructs the IP header. In general, Sock_raw can handle ordinary network messages, and can handle some special protocol messages as well as manipulate the IP layer and above data.

Since Sock_raw has the above characteristics, it differs from ordinary sockets on some processing processes.

· If the IP_HDRINCL option is set, Sock_raw can manipulate IP header data (that is, the user needs to populate the IP header and above the payload); otherwise sock_raw cannot manipulate IP header data

· The port has no meaning for Sock_raw

· If the BIND function is used to bind the IP, then if IP_HDRINCL is not set, the source IP address is populated with this IP, and if bind is not called, the source IP address is set to the primary IP address of the outgoing interface

· If you use the Connect function to set the destination IP, you can send the message using the Send or write function without the need to use the SendTo function

· Kernel processing Flow:

· TCP, UDP packets received are not passed to any Sock_raw

· ICMP, IGMP packet packets are passed to Sock_raw

· IP messages that are not recognized by the kernel are passed to Sock_raw

· Whether the Sock_raw receives the message:

· Protocol the specified type needs to be matched or not passed to the Sock_raw

· If the source IP is bound using the BIND function, the message destination IP must match the bound IP, otherwise it will not be passed to the Sock_raw

· If the destination IP is bound using the Connect function, the message source IP must match the specified IP, otherwise it will not be passed to the Sock_raw

To sum up, the original socket processing is only the IP layer and above the data, such as the implementation of SYN flood attack, processing ping packets and so on. When you need to manipulate the underlying data, there are other ways to do it.

LINUX Network Programming raw sockets