1 / 13

Introduction to Raw Sockets

Introduction to Raw Sockets. TCP/IP Stack. 67 Bootp DHCP. 69. 25. 21. 23. 53. 161. TCP Port #. UDP Port #. EGP 8. OSPF 89. 6. 17. Port address. protocol. 1. 2. IP address. frame type. MAC address. What can raw sockets do?. Bypass TCP/UDP layers

kuper
Download Presentation

Introduction to Raw Sockets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Raw Sockets

  2. TCP/IP Stack 67 Bootp DHCP 69 25 21 23 53 161 TCPPort # UDPPort # EGP8 OSPF89 6 17 Port address protocol 1 2 IP address frametype MAC address

  3. What can raw sockets do? • Bypass TCP/UDP layers • Read and write ICMP and IGMP packets • ping, traceroute, multicast daemon • Read and write IP datagrams with an IP protocol field not processed by the kernel • OSPF • user process versus kernel • Send and receive your own IP packets with your own IP header using the IP_HDRINCL socket option • can build and send TCP and UDP packets • testing, hacking • only superuser can create raw socket though • You need to do all protocol processing at user-level

  4. User TCP User UDP IGMP ICMP (ping, etc) TCP TCP UDP RAW RAW port port port ICMP UDP stack TCP stack echotimestamp port 2 port 89 1 17 6 17 UDP 6 TCP 1 ICMP 2 IGMP 89 OSPF

  5. Creating a Raw Socket int sockfd; sockfd = socket(AF_INET, SOCK_RAW, protocol); • Can we use bind() with raw sockets? • rare, no concept of port • Can we use connect() with raw sockets? • rare, only foreign ip address IPPROTO_ICMP IPPROTO_IGMP const int on = 1; setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on);

  6. Raw Socket Output • Sending raw socket packets by sendto or sendmsg • If IP_HDRINCL option not set (i.e. header is not included), the starting address of the data in sendto() specifies the first byte following the IP header • If IP_HDRINCL option set, the starting address of data in sendto() specifies the first byte of the IP header. • IP Header fields modified on sending by IP_HDRINCL • IP Checksum Always filled in. • Source Address Filled in when zero. • Packet Id Filled in when zero. • Total Length Always filled in. • Example: see Steven’s code under ping/send_v4.c, ping/send_v6.c

  7. Raw Socket Input • Received TCP/UDP packets are NEVER passed to raw sockets. If needed, link layer is the place. • Receiving raw packets by recvfrom() or recvmsg() • Most ICMP packets are passed to all matching ICMP raw sockets except a few exceptions • ICMP echo request, timestamp request • All IGMP packets are passed to all matching raw sockets • All IP datagrams with a protocol field not processed by the kernel (e.g. OSPF) are passed to all matching raw sockets • The entire datagram, including the IP header, is passed to the raw socket. Fragments are assembled first. • Example: steven’s code in ping/readloop.c and ping/proc_v4.c

  8. ICMP Format subtype

  9. Create a raw socket to send/receive ICMP echo request and echo reply packets Install SIGALRM handler to process output Sending echo request packets every t seconds Build ICMP packets (type, code, checksum, id, seq, sending timestamp as optional data) Enter an infinite loop processing input Use recvmsg() to read from the network Parse the message and retrieve the ICMP packet Print ICMP packet information, e.g., peer IP address, round-trip time Source code: Steven’s under ping/ Ping Program

  10. Traceroute program • Create a UDP socket and bind source port • To send probe packets with increasing TTL • For each TTL value, use timer to send a probe every three seconds, and send 3 probes in total • Create a raw socket to receive ICMP packets • If timeout, printing “ *” • If ICMP “port unreachable”, then terminate • If ICMP “TTL expired”, then printing hostname of the router and round trip time to the router • Source code: Steven’s traceroute/

  11. Limitations • Loss of Reliability • No ports • Non Standard Communications • No automatic ICMP • No Raw TCP or UDP • Must have root (or administrator) privilege

  12. When to use • When you need to control the IP header • applications like Ping and Traceroute • not all fields can be set using the IP APIs • Network Address Translation • Firewalls • When your application requires optimum network speed • one level above the Link Layer • if you need reliability, you must build it into your application

  13. Windows and Raw Sockets • WinSock 2.0 allows windows programmers to build advanced applications • Firewalls • Network Address Translation • Packet Filtering • SYN Flood protection • Security • IPSec support • VPN Clients • Network Administration • Packet Sniffers/Analyzers • Pathway Analyzers (ping and traceroute)

More Related