1 Introduction to Raw Sockets

2 IP address Port address MAC address TCP/IP Stack 67 Bootp DHCP OSPF protocol frame type UDP Port # TCP Port # 1 EGP

3 What can raw sockets do? r Bypass TCP/UDP layers r Read and write ICMP and IGMP packets m ping, traceroute, multicast daemon r Read and write IP datagrams with an IP protocol field not processed by the kernel m OSPF m user process versus kernel r Send and receive your own IP packets with your own IP header using the IP_HDRINCL socket option m can build and send TCP and UDP packets m testing, hacking m only superuser can create raw socket though r You need to do all protocol processing at user-level

4 User TCP ICMP UDP stack TCP stack 6 17 UDP 6 TCP 1 ICMP 2 IGMP 89 OSPF TCP port TCP port 17 UDP port RAW User UDP ICMP (ping, etc) RAW IGMP echo timestamp

5 Creating a Raw Socket r Can we use bind() with raw sockets? m rare, no concept of port r Can we use connect() with raw sockets? m rare, only foreign ip address int sockfd; sockfd = socket(AF_INET, SOCK_RAW, protocol); const int on = 1; setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on); IPPROTO_ICMP IPPROTO_IGMP

6 Raw Socket Output  Sending raw socket packets by sendto or sendmsg  If IP_HDRINCL option not set ( i.e. header is not included ), the starting address of the data in sendto() specifies the first byte following the IP header  If IP_HDRINCL option set, the starting address of data in sendto() specifies the first byte of the IP header. r IP Header fields modified on sending by IP_HDRINCL m IP Checksum Always filled in. m Source Address Filled in when zero. m Packet Id Filled in when zero. m Total Length Always filled in.  Example: see Steven’s code under ping/send_v4.c, ping/send_v6.c

7 Raw Socket Input r Received TCP/UDP packets are NEVER passed to raw sockets. If needed, link layer is the place.  Receiving raw packets by recvfrom() or recvmsg() m Most ICMP packets are passed to all matching ICMP raw sockets except a few exceptions ICMP echo request, timestamp request m All IGMP packets are passed to all matching raw sockets m All IP datagrams with a protocol field not processed by the kernel (e.g. OSPF) are passed to all matching raw sockets r The entire datagram, including the IP header, is passed to the raw socket. Fragments are assembled first.  Example: steven’s code in ping/readloop.c and ping/proc_v4.c

8 Scatter read and gather write Vectored IO  Send and receive from one or more buffers with a single function call #include readv(int fd, const struct iovec *iov, int iovcnt); writev(int fd, const struct iovec *iov, int iovcnt); struct iovec { void *iov_base; /* addr. Of buffer */ size_t iov_len; /* size of buffer */ }

9 sendmsg and recvmsg most general of all the IO functions recvmsg(int sock, struct msghdr *msg, int flags); sendmsg(int sock, struct msghdr *msg, int flags); struct msghdr { void *msg_name; /* address if socket is unconnected */ socklen_t msg_namelen; /* size of above */ struct iovec *msg_iov; int msg_iovlen; void *msg_control; /* ancillary data */ socklen_t msg_controllen; int msg_flags; /* returned status by recvmsg */ } MSG_TRUNC MSG_CTRUNC. MSG_EOR (end of record) MSG_OOB scatter gather read/write buffer MSG_PEEK MSG_WAITALL

10 ICMP Format subtype

11 Ping Program r Create a raw socket to send/receive ICMP echo request and echo reply packets r Install SIGALRM handler to process output m Sending echo request packets every t seconds m Build ICMP packets (type, code, checksum, id, seq, sending timestamp as optional data) r Enter an infinite loop processing input m Use recvmsg() to read from the network m Parse the message and retrieve the ICMP packet m Print ICMP packet information, e.g., peer IP address, round- trip time r Source code: Steven’s under ping/

12 Traceroute program r Create a UDP socket and bind source port m To send probe packets with increasing TTL m For each TTL value, use timer to send a probe every three seconds, and send 3 probes in total r Create a raw socket to receive ICMP packets m If timeout, printing “ *” m If ICMP “port unreachable”, then terminate m If ICMP “TTL expired”, then printing hostname of the router and round trip time to the router r Source code: Steven’s traceroute/

Limitations r Loss of Reliability r No ports r Non Standard Communications r No automatic ICMP r No Raw TCP or UDP r Must have root (or administrator) privilege

When to use r When you need to control the IP header m applications like Ping and Traceroute m not all fields can be set using the IP APIs m Network Address Translation Firewalls r When your application requires optimum network speed m one level above the Link Layer m if you need reliability, you must build it into your application

Windows and Raw Sockets r WinSock 2.0 allows windows programmers to build advanced applications m Firewalls Network Address Translation Packet Filtering SYN Flood protection m Security IPSec support VPN Clients m Network Administration Packet Sniffers/Analyzers Pathway Analyzers (ping and traceroute)