Original RawSockets(1)
-
Upload
sandeep-khandekar -
Category
Documents
-
view
218 -
download
0
Transcript of Original RawSockets(1)
-
8/13/2019 Original RawSockets(1)
1/18
1
Introduction to Raw Sockets
-
8/13/2019 Original RawSockets(1)
2/18
2
IPaddress
Portaddress
MACaddress
TCP/IP Stack
67
BootpDHCP
176
2
OSPF89
53
protocol
frametype
UDP
Port #
TCP
Port #
1
EGP8
16125 23 6921
-
8/13/2019 Original RawSockets(1)
3/18
3
What can raw sockets do?
Bypass TCP/UDP layers
Read and write ICMP and IGMP packets ping, traceroute, multicast daemon
Read and write IP datagrams with an IP protocol field not
processed by the kernel OSPF
user process versus kernel
Send and receive your own IP packets with your own IPheader using the IP_HDRINCL socket option
can build and send TCP and UDP packets testing, hacking only superusercan create raw socket though
You need to do all protocol processing at user-level
-
8/13/2019 Original RawSockets(1)
4/18
INTRODUCTION
Raw sockets lets us read and write ICMPv4,
ICMPv6,IGMPv4 packets.
Ex: Ping, mrouted.
Process can read and write IPV4 datagrams with
an IPV4 protocol field that is not processed by
the kernel.
-
8/13/2019 Original RawSockets(1)
5/18
5
User TCP
ICMP
UDP stackTCP stack
17 UDP6 TCP1 ICMP2 IGMP
89 OSPF
TCP
port
port
TCP
port
UDP
port
port
RAW
User UDPICMP(ping, etc)
RAW
IGMP
echotimestamp
-
8/13/2019 Original RawSockets(1)
6/18
Raw socket creation
The socket function creates a socket when the second
argument is SOCK_RAW.
Ex: int sockfd;
sockfd=socket(AF_INET, SOCK_RAW, protocol)
Protocol = IPPROTO_ICMP specified in
The IP_HDRINCL socket option can be set as follows
const ont on=1;
if ( setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &on,
sizeof(on))< 0)
-
8/13/2019 Original RawSockets(1)
7/18
Bind can be called on the raw socket, but this is rare. This function
sets only the local address. There is no concept of port with raw
socket.
Connect can be called on the raw socket but this rare. This function
sets only the foreign address, again there is no concept of port
number. Connect lets is call write or send instead of sendto.
-
8/13/2019 Original RawSockets(1)
8/18
8
Creating a Raw Socket
Can we use bind() with raw sockets? rare, no concept of port
Can we use connect() with raw sockets? rare, only foreign ip address
int sockfd;
sockfd = socket(AF_INET, SOCK_RAW, protocol);
const int on = 1;
setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL,
&on, sizeof(on);
IPPROTO_ICMP
IPPROTO_IGMP
-
8/13/2019 Original RawSockets(1)
9/18
Raw Socket Output
Socket is Governed by the following rules
Normal output is performed by calling sendto or sendmsgand specifying the destination IP address.
Write, writev or send can also be used if the socket has
been connected. IP_HDRINCL option is not set
1. Kernel will build the IP header and prepend it to the datafrom the process
2. The kernel sets the Protocol field to the IPV4 header. IP_HDRINCL option is set
1. Starting address of the data for the kernel specifies the IPHeader.
2. The Process Builds up the entire header.
-
8/13/2019 Original RawSockets(1)
10/18
Except
1. The IPV4 identification field can be set to0 which tells the kernel to set this value.
2. Kernel always calaculates and stores IPV4header checksum.
3. IP options may not be included.
4. Kernel fragments raw packets that exceedthe outgoing interface MTU.
-
8/13/2019 Original RawSockets(1)
11/18
11
Raw Socket Output
Sending raw socket packets by sendtoor sendmsg If IP_HDRINCLoption not set (i.e. header is not included), the
starting address of the data in sendto()specifies the firstbyte following the IP header
If IP_HDRINCLoption set, the starting address of data insendto()specifies the first byte of the IP header.
IP Header fields modified on sending by IP_HDRINCL IP Checksum Always filled in. Source Address Filled in when zero.
Packet Id Filled in when zero. Total Length Always filled in.
Example: see Stevens code under ping/send_v4.c,ping/send_v6.c
-
8/13/2019 Original RawSockets(1)
12/18
12
Raw Socket Input
Received TCP/UDP packets are NEVERpassed to rawsockets. If needed, link layer is the place.
Receiving raw packets by recvfrom()or recvmsg() Most ICMPpackets are passed to all matchingICMP raw
sockets except a few exceptions ICMP echo request, timestamp request All IGMPpackets are passed to all matchingraw sockets
All IP datagrams with a protocol field not processed by thekernel (e.g. OSPF) are passed to all matching raw sockets
The entire datagram, including the IP header, is passed tothe raw socket. Fragments are assembled first.
Example: stevens code in ping/readloop.candping/proc_v4.c
-
8/13/2019 Original RawSockets(1)
13/18
15
ICMP Format
subtype
-
8/13/2019 Original RawSockets(1)
14/18
16
Ping Program
Create a raw socket to send/receive ICMP echorequest and echo reply packets Install SIGALRM handler to process output
Sending echo request packets every t seconds Build ICMP packets (type, code, checksum, id, seq, sending
timestamp as optional data) Enter an infinite loop processing input
Use recvmsg() to read from the network Parse the message and retrieve the ICMP packet Print ICMP packet information, e.g., peer IP address, round-
trip time Source code: Stevens under ping/
-
8/13/2019 Original RawSockets(1)
15/18
17
Traceroute program
Create a UDP socket and bind source port To send probe packets with increasing TTL
For each TTL value, use timer to send a probe every threeseconds, and send 3 probes in total
Create a raw socket to receive ICMP packets If timeout, printing *
If ICMP port unreachable, then terminate
If ICMP TTL expired, then printing hostname of the
router and round trip time to the router Source code: Stevens traceroute/
-
8/13/2019 Original RawSockets(1)
16/18
Limitations
Loss of Reliability
No ports
Non Standard Communications
No automatic ICMP
No Raw TCP or UDP
Must have root (or administrator) privilege
-
8/13/2019 Original RawSockets(1)
17/18
When to use
When you need to control the IP header applications like Ping and Traceroute
not all fields can be set using the IP APIs
Network Address Translation
Firewalls
When your application requires optimum networkspeed one level above the Link Layer if you need reliability, you must build it into your
application
-
8/13/2019 Original RawSockets(1)
18/18
Windows and Raw Sockets
WinSock 2.0 allows windows programmers to build advancedapplications
Firewalls Network Address Translation
Packet Filtering
SYN Flood protection
Security IPSec support
VPN Clients
Network Administration
Packet Sniffers/Analyzers Pathway Analyzers (ping and traceroute)