According to Unix Network Programming Vol1, "Received UDP packets and received TCP packets are never passed to a raw socket. If a process wants to read IP datagrams containing UDP or TCP packets, the packets must be read at the datalink layer"...
But contrary to this, there is a IPPROTO_TCP protocol option in creating raw sockets which appears to me as serving this exact purpose. Could anyone please point out any mistakes I might be making in understanding this?
When You create a raw socket, you can specify which protocol to bind to, UDP, TCP, or ICMP using the IPPROTO_TCP,etc protocol options. However, this option only determines what type of socket you are opening and therefore what data receeived on that port will be forwarded to your application. SO if you set IPPROTO_TCP and open a raw socket on port 5000, your application will receive raw TCP packets sent to port 5000, but not raw UDP packets sent to port 5000.
Even though the packets are guaranteed to be TCP, the socket will not do any of the normal TCP processing (syn,ack, reordering, etc), you just get the raw IP packets with a chunk of binary data representing the TCP headers. With a normal TCP socket, the data you receive is the data embedded inside the TCP headers. With a Raw TCP socket, the data is still everything embedded in the link layer headers, so you will see the IP Header, followed by the TCP Header, followed by the payload data for each packet received.
For more information, check out this tutorial:
A brief programming tutorial in C for raw sockets
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With