Raw Sockets
Raw Sockets
Raw Sockets
SOCKETS
INTRODUCTION:
Raw sockets, are those that bypass the TCP and IP layers and pass the
ICMPv4, (Internet Control Message Protocol), IGMPv4 ()Internet Group
Management Protocol – used with multicasting) and ICMPv6 packets directly to
the link layers.
This allows the application to build ICMP and IGMP entirely as user processes
instead of putting more code into the kernel. Examples are route discovery
daemon which processes router advertisement and router solicitation are built this
way.
With raw sockets a process can read and write IPv4 datagram with IPv4 protocol
filed ( an 8 bit filed in IPv4 packet) that is not processed by the kernel. Most
kernels process datagrams containing values of 1 (ICMP), 2 (IGMP), 6 (TCP),
and 17 (UDP). But values like 89 (OSPF) routing protocol does not use TCP or
UDP but uses IP directly by setting the protocol field to 89.
With raw sockets, a process can build its own IPv4 header using the
IP_HDRINCL socket option
RAW SOCKET CREATION
1. To create raw sockets, the second argument in socket function SOCK_RAW.
And the third argument is nonzero (normally) as shown below:
Int sockfd;
Sockfd = socket (AF_INET, SOCK_RAW, protocol);
In this the protocol is th one of the constants defined by IPPROTO_XXX which is
done by including <netinet/in.h> header. For example IPPROO_ICMP. Only
super user can create raw socket.
2. The IP-HDRINCL socket option can be set to: const int ON =1;
if (setsocketopt(sockfd, IPPROTO_IP, IP_HDRINCL, &ON, soze0f(ON))
<0) error
3. Bind may not be called on raw sockets. If called, it sets the local IP address and
not the port number as there is no concept of port number with raw sockets. With
regard to output, calling bind sets the IP address that will be used for datagrams
sent on the raw socket (only if IP_HDRINCL socket option is not set). If bind is
not called, the kernel sets the source IP address of the outgoing interface.
4. connect can be call on the raw socket but this is also rare. This function sets
only the foreign address and again there is no concept of port number. With
regard to output, calling connect lets us call write or send instead of sendto, since
the destination IP address is already specified.
Raw Socket Output:
The output of raw socket is governed by the following rules:
• Normal output is performed by calling sendto or sendmsg and specifying
the destination IP address. IN case the socket has been
connected, write and send functions can be used.
• If the IP_HDRINCL option is not set, the IP header will be built by the
kernal and it will be prepend it to the data.
• If IP_HDRINCL is set, the header format will remain the same and the
process builds the entire IP header except the IPv4 identification field
which is set to 0 by the kernel
• The kernel fragments the raw packets that exceed the outgoing interface.
IPv6 Differences:
• All fields in the protocol headers sent or received on a raw IPv6 sockets are
in network byte order.
• There ae no option fields in IPv6 format. Almost all fields in an IPv6
header and all extension headers (Optional header that follow have their
own length field. There is a separate fragmentation header.) are available to
the application through socket options.
• Checksum are handled differently.
IPv6_CHECKSUM Socket option
• In case of ICMPv4, the checksum is calculated by the application. Whereas
in the application it is done by the kernel.
Raw Socket Input:
The question to be answered in this is which received IP datagrams does the
kernel pass to raw sockets.
• Received TCP and UDP packets are never passed to a raw socket.
• Most ICMP packets are passed to a raw socket after the kernel has finished
processing the ICMP message. BSD derived implementations pass all
received ICMP raw sockets other than echo requests, timestamp request and
address mask request. These three ICMP messages are processed entirely
by the kernel.
• All IGMP packets are passed to a raw sockets, after the kernel has finished
processing the IGMP message.
• All IP datagram with a protocol field that kernel does not understand are
passed to a raw socket. The only kernel processing done on these packets is
the minimal verification of some IP header field: IP version, IPv4 Header
checksum, header length and the destination IP address.
• If the datagram arrives in fragments, nothing is passed to a raw sockets
until all fragments have arrived and have been reassembled.
When kernel has to pass IP datagram, it should satisfy all the three tests given
below:
• If a nonzero protocol is specified when the raw socket is created (third
argument to socket), then the received datagram‘s protocol field must
match this value or the datagram is not delivered.
• IF a local IP address is bound to the raw socket by bind, then the
destination IP address of the received datagram must match this bound
address or the datagram is not delivered.
• IF foreign IP address was specified for the raw socket by connect, then the
source IP address of the received datagram must match this connected
address or datagram is not delivered.
If a raw socket is created with protocol of 0, and neither bind or connect is called,
then that socket receives a copy of every raw datagram that kernel passes to raw
sockets.
When a received datagram is passed to a raw IPv4 socket, the entire datagram,
including the IP header, is passed to the process.
ICMPv6 Type Filtering:
A raw ICMPv6 is a superset of ICMPv4, ARP and IGMP and hence the socket
can receive many more packets compared to ICMPv4 socket. To reduce the
number of packets passed form kernet ot the application , an application specific
filter is provided A filter is declared with a data type of struct icmp_filter which
is defined by including <netinet/icmp6.h> header. The current filter for a raw
socket is set and fetched using setsockopt and getsockopt with a level
of IPPROTO_ICMPv6 and optname
Ping Program:
In this ICMP echo request is sent to some IP address and that the node responds
with an ICMP echo reply. These two ICMP messages are supported under IPv4
and IPv6. Following figure shows the format of the ICMP messages.