Introduction to Raw Sockets
Download
Report
Transcript Introduction to Raw Sockets
Introduction to Raw Sockets
1
TCP/IP Stack
25
21
23
53
69
161
TCP
Port #
EGP
8
OSPF
89
Bootp
DHCP
UDP
Port #
6
17
protocol
1
67
Port
address
2
IP
address
frame
type
MAC
address
2
What can raw sockets do?
Bypass TCP/UDP layers
r Read and write ICMP and IGMP packets
r
ping, traceroute, multicast daemon
Read and write IP datagrams with an IP protocol field not
processed by the kernel
m
r
m
m
OSPF
user process versus kernel
Send and receive your own IP packets with your own IP
header using the IP_HDRINCL socket option
m can build and send TCP and UDP packets
m testing, hacking
m only superuser can create raw socket though
r You need to do all protocol processing at user-level
r
3
ICMP
(ping, etc)
RAW
User TCP
IGMP
RAW
TCP
TCP
UDP
port
port
port
ICMP
echo
timestamp
User UDP
TCP stack
port
UDP stack
port
17 UDP
6 TCP
1 ICMP
2 IGMP
89 OSPF
4
Creating a Raw Socket
int sockfd;
IPPROTO_ICMP
IPPROTO_IGMP
sockfd = socket(AF_INET, SOCK_RAW, protocol);
const int on = 1;
setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL,
&on, sizeof(on);
r Can we use bind() with raw sockets?
m rare, no concept of port
r Can we use connect() with raw sockets?
m rare, only foreign ip address
5
Raw Socket Output
Sending raw socket packets by sendto or sendmsg
If IP_HDRINCL option not set (i.e. header is not included), the
starting address of the data in sendto() specifies the first
byte following the IP header
If IP_HDRINCL option set, the starting address of data in
sendto() specifies the first byte of the IP header.
IP Header fields modified on sending by IP_HDRINCL
IP Checksum
Source Address
Packet Id
Total Length
Always filled in.
Filled in when zero.
Filled in when zero.
Always filled in.
Example: see Steven’s code under ping/send_v4.c,
ping/send_v6.c
6
Raw Socket Input
Received TCP/UDP packets are NEVER passed to raw
sockets. If needed, link layer is the place.
Receiving raw packets by recvfrom() or recvmsg()
Most ICMP packets are passed to all matching ICMP raw
sockets except a few exceptions
• ICMP echo request, timestamp request
All IGMP packets are passed to all matching raw sockets
All IP datagrams with a protocol field not processed by the
kernel (e.g. OSPF) are passed to all matching raw sockets
The entire datagram, including the IP header, is passed to
the raw socket. Fragments are assembled first.
Example: steven’s code in ping/readloop.c and
ping/proc_v4.c
7
ICMP Format
subtype
10
Ping Program
Create a raw socket to send/receive ICMP echo
request and echo reply packets
Install SIGALRM handler to process output
Sending echo request packets every t seconds
Build ICMP packets (type, code, checksum, id, seq, sending
timestamp as optional data)
Enter an infinite loop processing input
Use recvmsg() to read from the network
Parse the message and retrieve the ICMP packet
Print ICMP packet information, e.g., peer IP address, roundtrip time
Source code: Steven’s under ping/
11
Traceroute program
Create a UDP socket and bind source port
To send probe packets with increasing TTL
For each TTL value, use timer to send a probe every three
seconds, and send 3 probes in total
Create a raw socket to receive ICMP packets
If timeout, printing “ *”
If ICMP “port unreachable”, then terminate
If ICMP “TTL expired”, then printing hostname of the
router and round trip time to the router
Source code: Steven’s traceroute/
12
Limitations
Loss of Reliability
No ports
Non Standard Communications
No automatic ICMP
No Raw TCP or UDP
Must have root (or administrator) privilege
When to use
When you need to control the IP header
applications like Ping and Traceroute
not all fields can be set using the IP APIs
Network Address Translation
• Firewalls
When your application requires optimum network
speed
one level above the Link Layer
if you need reliability, you must build it into your
application
Windows and Raw Sockets
WinSock 2.0 allows windows programmers to build advanced
applications
Firewalls
• Network Address Translation
• Packet Filtering
• SYN Flood protection
Security
• IPSec support
• VPN Clients
Network Administration
• Packet Sniffers/Analyzers
• Pathway Analyzers (ping and traceroute)