Original RawSockets(1)

8/13/2019 Original RawSockets(1)

1/18

1

Introduction to Raw Sockets


2/18

2

IPaddress

Portaddress

MACaddress

TCP/IP Stack

67

BootpDHCP

176

2

OSPF89

53

protocol

frametype

UDP

Port #

TCP

Port #

1

EGP8

16125 23 6921


3/18

3

What can raw sockets do?

Bypass TCP/UDP layers

Read and write ICMP and IGMP packets ping, traceroute, multicast daemon

Read and write IP datagrams with an IP protocol field not

processed by the kernel OSPF

user process versus kernel

Send and receive your own IP packets with your own IPheader using the IP_HDRINCL socket option

can build and send TCP and UDP packets testing, hacking only superusercan create raw socket though

You need to do all protocol processing at user-level


4/18

INTRODUCTION

Raw sockets lets us read and write ICMPv4,

ICMPv6,IGMPv4 packets.

Ex: Ping, mrouted.

Process can read and write IPV4 datagrams with

an IPV4 protocol field that is not processed by

the kernel.


5/18

5

User TCP

ICMP

UDP stackTCP stack

17 UDP6 TCP1 ICMP2 IGMP

89 OSPF

TCP

port

port

TCP

port

UDP

port

port

RAW

User UDPICMP(ping, etc)

RAW

IGMP

echotimestamp


6/18

Raw socket creation

The socket function creates a socket when the second

argument is SOCK_RAW.

Ex: int sockfd;

sockfd=socket(AF_INET, SOCK_RAW, protocol)

Protocol = IPPROTO_ICMP specified in

The IP_HDRINCL socket option can be set as follows

const ont on=1;

if ( setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &on,

sizeof(on))< 0)


7/18

Bind can be called on the raw socket, but this is rare. This function

sets only the local address. There is no concept of port with raw

socket.

Connect can be called on the raw socket but this rare. This function

sets only the foreign address, again there is no concept of port

number. Connect lets is call write or send instead of sendto.


8/18

8

Creating a Raw Socket

Can we use bind() with raw sockets? rare, no concept of port

Can we use connect() with raw sockets? rare, only foreign ip address

int sockfd;

sockfd = socket(AF_INET, SOCK_RAW, protocol);

const int on = 1;

setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL,

&on, sizeof(on);

IPPROTO_ICMP

IPPROTO_IGMP


9/18

Raw Socket Output

Socket is Governed by the following rules

Normal output is performed by calling sendto or sendmsgand specifying the destination IP address.

Write, writev or send can also be used if the socket has

been connected. IP_HDRINCL option is not set

1. Kernel will build the IP header and prepend it to the datafrom the process

2. The kernel sets the Protocol field to the IPV4 header. IP_HDRINCL option is set

1. Starting address of the data for the kernel specifies the IPHeader.

2. The Process Builds up the entire header.


10/18

Except

1. The IPV4 identification field can be set to0 which tells the kernel to set this value.

2. Kernel always calaculates and stores IPV4header checksum.

3. IP options may not be included.

4. Kernel fragments raw packets that exceedthe outgoing interface MTU.


11/18

11

Raw Socket Output

Sending raw socket packets by sendtoor sendmsg If IP_HDRINCLoption not set (i.e. header is not included), the

starting address of the data in sendto()specifies the firstbyte following the IP header

If IP_HDRINCLoption set, the starting address of data insendto()specifies the first byte of the IP header.

IP Header fields modified on sending by IP_HDRINCL IP Checksum Always filled in. Source Address Filled in when zero.

Packet Id Filled in when zero. Total Length Always filled in.

Example: see Stevens code under ping/send_v4.c,ping/send_v6.c


12/18

12

Raw Socket Input

Received TCP/UDP packets are NEVERpassed to rawsockets. If needed, link layer is the place.

Receiving raw packets by recvfrom()or recvmsg() Most ICMPpackets are passed to all matchingICMP raw

sockets except a few exceptions ICMP echo request, timestamp request All IGMPpackets are passed to all matchingraw sockets

All IP datagrams with a protocol field not processed by thekernel (e.g. OSPF) are passed to all matching raw sockets

The entire datagram, including the IP header, is passed tothe raw socket. Fragments are assembled first.

Example: stevens code in ping/readloop.candping/proc_v4.c


13/18

15

ICMP Format

subtype


14/18

16

Ping Program

Create a raw socket to send/receive ICMP echorequest and echo reply packets Install SIGALRM handler to process output

Sending echo request packets every t seconds Build ICMP packets (type, code, checksum, id, seq, sending

timestamp as optional data) Enter an infinite loop processing input

Use recvmsg() to read from the network Parse the message and retrieve the ICMP packet Print ICMP packet information, e.g., peer IP address, round-

trip time Source code: Stevens under ping/


15/18

17

Traceroute program

Create a UDP socket and bind source port To send probe packets with increasing TTL

For each TTL value, use timer to send a probe every threeseconds, and send 3 probes in total

Create a raw socket to receive ICMP packets If timeout, printing *

If ICMP port unreachable, then terminate

If ICMP TTL expired, then printing hostname of the

router and round trip time to the router Source code: Stevens traceroute/


16/18

Limitations

Loss of Reliability

No ports

Non Standard Communications

No automatic ICMP

No Raw TCP or UDP

Must have root (or administrator) privilege


17/18

When to use

When you need to control the IP header applications like Ping and Traceroute

not all fields can be set using the IP APIs

Network Address Translation

Firewalls

When your application requires optimum networkspeed one level above the Link Layer if you need reliability, you must build it into your

application


18/18

Windows and Raw Sockets

WinSock 2.0 allows windows programmers to build advancedapplications

Firewalls Network Address Translation

Packet Filtering

SYN Flood protection

Security IPSec support

VPN Clients

Network Administration

Packet Sniffers/Analyzers Pathway Analyzers (ping and traceroute)

Original RawSockets(1)

Documents

Transcript of Original RawSockets(1)