introduction to rawsockets
play

Introduction to rawsockets Mathias Habltzel 29 May 2013 Mathias - PowerPoint PPT Presentation

Introduction to rawsockets Mathias Habltzel 29 May 2013 Mathias Habltzel Rawsockets 29 May 2013 1 / 34 What is rawsocket Raw sockets allow new IPv4 protocols to be implemented in user space. A raw socket receives or sends the raw


  1. Introduction to rawsockets Mathias Hablützel 29 May 2013 Mathias Hablützel Rawsockets 29 May 2013 1 / 34

  2. What is rawsocket Raw sockets allow new IPv4 protocols to be implemented in user space. A raw socket receives or sends the raw datagram not including link level headers. — raw(7) � If we want something other than UDP/TCP, like ICMPv4/6 or IGMPv4. Packet sockets are used to receive or send raw packets at the device driver (OSI Layer 2) level. They allow the user to implement protocol modules in user space on top of the physical layer. — packet(7) � If we want full controll about everything higher than the phy-layer. Mathias Hablützel Rawsockets 29 May 2013 2 / 34

  3. Not covering other operating systems or even POSIX/BSD/whatever Linux only! >2.6.* Disclaimer Not all base covered! Much is left out! Mathias Hablützel Rawsockets 29 May 2013 3 / 34

  4. When to use rawsockets ◮ IP datagrams unknown to the kernel ◮ icmpv4/6, igmpv4 ◮ full controll from layer 2 upward Mathias Hablützel Rawsockets 29 May 2013 4 / 34

  5. Let’s get started 1. create socket 2. set socket options (if needed) 3. bind name to socket, gives source "IP" basically wireing the socket to the interface 4. connect to remote IP; though rarely used but allows to use write/send instead of sendto Mathias Hablützel Rawsockets 29 May 2013 6 / 34

  6. Let’s get started rawsocket on layer 2 i n t sock_eth = 0 ; sock_eth = s o c k e t (AF_PACKET, SOCK_RAW, htons (ETH_P_ALL ) ) ; rawsocket for IPv4 protocols i n t sock_ip = 0 ; sock_ip = s o c k e t (AF_INET , SOCK_RAW, <p r o t o c o l − id >); <protocol-id> as defined in RFC 1700 under ’PROTOCOL NUMBERS’ Mathias Hablützel Rawsockets 29 May 2013 8 / 34

  7. Let’s get started — Explained socket(2) #include <sys/socket.h> sockfd = socket(int socket_family, int socket_type, int protocol); As defined in <sys/sockets.h> : Name Purpose Man page AF_UNIX, AF_LOCAL Local communication unix(7) AF_INET IPv4 & Internet protocols ip(7) AF_INET6 IPv6 Internet protocols ipv6(7) AF_IPX IPX - Novell protocols AF_NETLINK Kernel user interface device netlink(7) AF_X25 ITU-T X.25 / ISO-8208 protocol x25(7) AF_AX25 Amateur radio AX.25 protocol AF_ATMPVC Access to raw ATM PVCs AF_APPLETALK Appletalk ddp(7) AF_PACKET Low level packet interface packet(7) Mathias Hablützel Rawsockets 29 May 2013 9 / 34

  8. Let’s get started — Explained (AF_INET) ip(7) #include <sys/socket.h> sockfd = socket(AF_INET, int socket_type, int protocol); As defined in <bits/sockets.h > : Name Protocol Purpose SOCK_STREAM TCP Sequenced, reliable, connection-based SOCK_DGRAM UDP Connectionless, unreliable datagrams SOCK_RAW Raw Raw protocol interface Mathias Hablützel Rawsockets 29 May 2013 11 / 34

  9. Let’s get started — Explained (AF_INET) tcp(7) resp. udp(7) #include <sys/socket.h> #include <netinet/in.h> #include <netinet/tcp.h> /* only for SOCK_STREAM */ sockfd = socket(AF_INET, SOCK_STREAM, 0); sockfd = socket(AF_INET, SOCK_DGRAM, 0 A few notes (won’t cover this in detail): Direction Required calls outbound connect(2) inbound bind(2) , listen(2) and finally accept(2) Mathias Hablützel Rawsockets 29 May 2013 12 / 34

  10. Let’s get started — Explained (AF_PACKET) packet(7) #include <sys/socket.h> #include <netpacket/packet.h> #include <net/ethernet.h> /* for L2 */ sockfd = socket(AF_PACKET, int socket_type, int protocol); As defined in <bits/sockets.h > : Name Purpose SOCK_DGRAM cooked packets with the link level header removed SOCK_RAW raw packets including the link level header Mathias Hablützel Rawsockets 29 May 2013 14 / 34

  11. Let’s get started — Explained (AF_PACKET) packet(7) #include <sys/socket.h> #include <netpacket/packet.h> #include <net/ethernet.h> /* for L2 */ sockfd = socket(AF_PACKET, SOCK_RAW, int protocol); As defined in <linux/if_ether.h > (excerpt): Name Purpose ETH_P_IP Internet Protocol packet ETH_P_8021Q 802.1Q VLAN Extended Header ETH_P_FCOE Fibre Channel over Ethernet ETH_P_802_3 Dummy type for 802.3 frames ETH_P_ALL Every packet (be careful!!!) Pitfall! Always bear in mind that network-byte-order and host-byte-order may not necessarily be the same. Use htons(3) for this purpose: sockfd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); Mathias Hablützel Rawsockets 29 May 2013 15 / 34

  12. Socket options The only interesting option to set: rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); int one = 1; setsockopt (rawsock, IPPROTO_IP, IP_HDRINCL, &one, sizeof (one)); Pitfall! IP_HDRINCL only exists with AF_INET ! Mathias Hablützel Rawsockets 29 May 2013 17 / 34

  13. Socket options — IP_HDRINCL ◮ not set: kernel will build the IP header and prepend it ◮ set: the packet must contain the IP header ◮ IPPROTO_RAW implies enabled IP_HDRINCL ! ◮ IP Identification == 0 → kernel sets this ◮ IP options may or may not be included ◮ IP checksum ( RFC 1701 ) always calculate by kernel But YOU are responsible for checksums in higher layers! AF_PACKET requires you to calculate every checksum. Mathias Hablützel Rawsockets 29 May 2013 18 / 34

  14. Binding the socket Basically wiring the socket to an interface: get interface index c h a r ∗ i f a c e = " eth0 " ; s t r u c t i f r e q ∗ i f i n f o = m a l l o c ( s i z e o f ( s t r u c t i f r e q ) ) ; memset ( i f i n f o , 0 , s i z e o f ( s t r u c t i f r e q ) ) ; s t r n c p y ( i f i n f o − >ifr_name , i f a c e , IFNAMSIZ ) ; i o c t l ( sock_eth , SIOCGIFINDEX , i f i n f o ) ; / ∗ < − ∗ / − − − bind socket to specific interface s t r u c t s o c k a d d r _ l l s i n f o ; memset(& s i n f o , 0 , s i z e o f ( s i n f o ) ) ; s i n f o . s l l _ f a m i l y = PF_PACKET; s i n f o . s l l _ p r o t o c o l = htons (ETH_P_ALL) ; s i n f o . s l l _ i f i n d e x = i f i n f o − >i f r _ i f i n d e x ; bind ( sock , ( s t r u c t sockaddr ∗ ) &s i n f o , s i z e o f ( s t r u c t s o c k a d d r _ l l ) ) ; / ∗ < − ∗ / − Mathias Hablützel Rawsockets 29 May 2013 20 / 34

  15. Connect the socket Connect the socket to remote end (only with AF_INET → SOCK_STREAM,SOCK_DGRAM ) connect(2) #include <sys/types.h> #include <sys/socket.h> int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen); Mathias Hablützel Rawsockets 29 May 2013 22 / 34

  16. Sending /wo connect /w connect send(2 sendto(2) sendto(2) sendmsg(2) sendmsg(2) write(2) writev(2) Mathias Hablützel Rawsockets 29 May 2013 23 / 34

  17. Receiving ◮ TCP/UDP packets are never passed to a raw socket Process must listen to data link layer to list to TCP/UDP ◮ most icmp messages and all igmp messages are passed to the raw socket ◮ all IP datagrams unknown to the kernel are passed to the raw socket, only verification of IP version, IP header checksum, header length and destination address occurs ◮ fragments are first reassembled and then passed on to the raw socket Mathias Hablützel Rawsockets 29 May 2013 24 / 34

  18. Receiving Datagram gets passed to each socket as a copy, if all following conditions are true: 1. non-zero protocol specified: socket(..., ..., proto); and 2. matching protocol ID 3. locally bound IP address to raw socket must match the received datagrams address 4. if remote address was specified by connect(2) then the sender address must match in the datagram Mathias Hablützel Rawsockets 29 May 2013 25 / 34

  19. Receiving ◮ If a socket is created with a protocol := 0 and no bind(2)/connect(2) occurred, this socket will receive a copy of every datagram the kernel passes on. ◮ Every datagram passed to a raw socket will contain the entire datagram + the IPv4 header. ◮ For IPv6 only the payload will be passed on. Mathias Hablützel Rawsockets 29 May 2013 26 / 34

  20. Example: icmp_server.c sock_eth = s o c k e t (AF_PACKET, SOCK_RAW, htons (ETH_P_ALL ) ) ; / ∗ get i n t e r f a c e i n d e x ∗ / i f i n f o = m a l l o c ( s i z e o f ( s t r u c t i f r e q ) ) ; memset ( i f i n f o , 0 , s i z e o f ( s t r u c t i f r e q ) ) ; s t r n c p y ( i f i n f o − >ifr_name , i f a c e , IFNAMSIZ ) ; i o c t l ( sock_eth , SIOCGIFINDEX , i f i n f o ) ; / ∗ bind s o c k e t to s p e c i f i c i n t e r f a c e ∗ / memset(& s o c k i n f o , 0 , s i z e o f ( s o c k i n f o ) ) ; s o c k i n f o . s l l _ f a m i l y = PF_PACKET; s o c k i n f o . s l l _ p r o t o c o l = htons (ETH_P_ALL) ; s o c k i n f o . s l l _ i f i n d e x = i f i n f o − >i f r _ i f i n d e x ; bind ( sock_eth , ( s t r u c t sockaddr ∗ ) &s o c k i n f o , s i z e o f ( s t r u c t s o c k a d d r _ l l ) ) ; Mathias Hablützel Rawsockets 29 May 2013 27 / 34

Recommend


More recommend