Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

create SOCK_RAW socket just for sending data without any recvform()

If I create a socket whose type is SOCK_RAW only to send some data without receiving any data, is there any problem when kernel continue to receive network packets and copy its datagram to somebuffer (of application?). In other words, after the somebuffer is filled what will happened? error or ignore?

I don't know how to prevent kernel from delivering the copy of datagram to my application.

Reference http://sock-raw.org/papers/sock_raw 0x4 raw_input

After the IP layer processes a new incoming IP datagram, it calls ip_local_deliver_finish() kernel function which is responsibe for calling a registered transport protocol handler by inspecting the protocol field of the IP header (remember from above). However before it delivers the datagram to the handler, it checks every time if an application has created a raw socket with the same protocol number. If there is one or more such applications, it makes a copy of the datagram and delivers it to them as well.

like image 945
FaneadFan Avatar asked Aug 22 '12 02:08

FaneadFan


People also ask

How do you make a raw socket?

To create a raw socket, you must use the socket function and set the type field to SOCK_RAW. The protocol field can be set to any value above IP layer, such as IPPROTO_ICMP and IPPROTO_IGMP. Protocols that are not allowed are IPPROTO_UDP and IPPROTO_TCP.

What is a raw Ethernet socket?

A raw socket is used to receive raw packets. This means packets received at the Ethernet layer will directly pass to the raw socket. Stating it precisely, a raw socket bypasses the normal TCP/IP processing and sends the packets to the specific user application (see Figure 1).

What is raw socket Linux?

RAW-sockets are an additional type of Internet socket available in addition to the well known DATAGRAM- and STREAM-sockets. They do allow the user to see and manipulate the information used for transmitting the data instead of hiding these details, like it is the case with the usually used STREAM- or DATAGRAM sockets.

What is raw packets?

Raw packet is used when you dont have any, the first bytes captured are directly the IPv6 or IPv4 header. Raw IP; the packet begins with an IPv4 or IPv6 header, with the "version" field of the header indicating whether it's an IPv4 or IPv6 header.


2 Answers

You can use shutdown(2) in order to shutdown reception part of the socket. See shutdown man page

EDIT : I found that shutdown only works on connected (ie TCP) sockets. With Raw socket, there are 2 possibilities :

  • Receive data into a temporary buffer (with recv) and discard them (perhaps in an other thread)
  • If I remember well, when the socket buffer is full, incoming data are automatically discarded (and data in the buffer aren't modified), so you can set the socket reception buffer size to 0 (and increase it later if needed).

Here's how to set reception buffer size to 0 :

int opt = 0;
setsockopt(sock_fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt));

TEST

/**
 * @file raw_print_pkt.c
 * @brief 
 * @author Airead Fan <[email protected]>
 * @date 2012/08/22 12:35:22
 */

#include <stdio.h> 
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/ioctl.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>

int main(int argc, char *argv[])
{
    int s;
    ssize_t rn;                 /* receive number */
    struct sockaddr_in saddr;
    char packet[4096];
    int count;

    if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
        perror("error:");
        exit(EXIT_FAILURE);
    }

    memset(packet, 0, sizeof(packet));
    socklen_t *len = (socklen_t *)sizeof(saddr);
    int fromlen = sizeof(saddr);
    int opt = 0;

    count = 0;
    while(1) {
        if ((rn = recvfrom(s, (char *)&packet, sizeof(packet), 0,
                           (struct sockaddr *)&saddr, &fromlen)) < 0)
            perror("packet receive error:");
        if (rn == 0) {
            printf("the peer has performed an orderly shutdown\n");
            break;
        }

        printf("[%d] rn = %lu \n", count++, rn);

        if (count == 16) {
            if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)) < 0) {
                perror("setsocketopt failed");
            } else {
                fprintf(stdout, "setsocketopt successful\n");
            }
            // int shutdown(int sockfd, int how);
            /* if (shutdown(s, SHUT_RD) < 0) {
             *     perror("shutdown failed");
             * } */
        }
    }

    return 0;
}

TEST 2 (same includes):

int main(int argc, char *argv[])
{
int s;
ssize_t rn;                 /* receive number */
char packet[4096];
int count;

if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
    perror("error:");
    exit(EXIT_FAILURE);
}

memset(packet, 0, sizeof(packet));
int opt = 0;
count = 0;

//Set recv buffer size
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)) < 0) {
    perror("setsocketopt failed");
} else {
    fprintf(stdout, "setsocketopt successful\n");
}

//10 seconds countdown
int i = 10;
while(i > 0)
{
    printf("\r%d              ", i);
    fflush(stdout);
    i--;
    sleep(1);
}
printf("\n");
while(1) {
    if ((rn = recv(s, (char *)&packet, sizeof(packet), 0)) <= 0)
        perror("packet receive error:");

    printf("[%d] rn = %lu \n", count++, rn);
    }
return 0;
}

Here's how to proceed with test 2 :

First of all, set the buffer size to 4096 (or bigger if you have a lot of traffic on your network). Compile and launch. During the 10 seconds before starting receiving data, send a lot of data to the socket. After the 10 seconds, the program will receive everything you sent during the countdown.

After that, set the buffer size to 0. Proceed as previously. After the 10 seconds, the program won't receive the data you sent during the countdown. But if you send data while it's in recvfrom, it will read them normally.

like image 169
phsym Avatar answered Oct 24 '22 11:10

phsym


I don't really understand what you want! if you want just to inject some packets, it's simple:

#include<netinet/tcp.h> /* TCP header */
#include<netinet/ip.h>  /* IP header */

/* Checksum compute function */
/* source : http://www.winpcap.org/pipermail/winpcap-users/2007-July/001984.html */
unsigned short checksum(unsigned short *buffer, int size)
{
    unsigned long cksum=0;
    while(size >1)
    {
        cksum+=*buffer++;
        size -=sizeof(unsigned short);
    }
    if(size)
        cksum += *(UCHAR*)buffer;

    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >>16);
    return (unsigned short)(~cksum);
}

int main (int argc, char **argv)
{
    char packet_buffer[BUFFER_SIZE];
    struct sockaddr_in sin;     
    struct iphdr *ip_header;    /* IP header */
    struct tcphdr *tcp_header;  /* TCP header */
    int flag = 1;

    /* Creating RAW socket */
    int raw_socket = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);

    ip_header = (struct iphdr *) packet_buffer;

    tcp_header = (struct tcphdr *) (packet_buffer + sizeof (struct ip));

    sin.sin_family = AF_INET;
    sin.sin_port = htons(PORT_NUMBER);
    sin.sin_addr.s_addr = inet_addr (IP_ADDRESS);

    /* Zeroing the bbuffer */ 
    memset (packet_buffer, 0, BUFFER_SIZE);

    /* Construct your IP Header */
    ip_header->ihl = 5;
    ip_header->version = 4;
    ip_header->tos = 0;
    ip_header->tot_len = sizeof (struct ip) + sizeof (struct tcphdr);
    ip_header->id = htonl(CHOOSE_PACKET_ID);
    ip_header->frag_off = 0;
    ip_header->ttl = 255;
    ip_header->protocol = 6;    /* TCP. Change to 17 if you want UDP */
    ip_header->check = 0;
    ip_header->saddr = inet_addr (SOURCE_IP_ADDRESS_TO_SPOOF);
    ip_header->daddr = sin.sin_addr.s_addr;

    /* Construct your TCP Header */
    tcp_header->source = htons (SOURCE);
    tcp_header->dest = htons(DEST);
    tcp_header->seq = random();
    tcp_header->ack_seq = 0;
    tcp_header->doff = 0;
    tcp_header->syn = 1; 
    tcp_header->window = htonl(65535);
    tcp_header->check = 0;
    tcp_header->urg_ptr = 0;

    /* IP Checksum */
    ip_header->check = checksum((unsigned short *) packet_buffer, ip_header->tot_len >> 1);

    if (setsockopt(raw_socket, IPPROTO_IP, IP_HDRINCL, &flag, sizeof(flag)) < 0)
    {
        /* ERROR handling */
    }

    while (1)
    {
        /* Send the packet */
    if (sendto(raw_socket, packet_buffer, ip_header->tot_len, 0,  (struct sockaddr *) &sin, sizeof (sin)) < 0)
    {
        /* ERROR handling */
    }
    /* The rest of your need */
 }

 return 0;
}
like image 25
TOC Avatar answered Oct 24 '22 12:10

TOC