我可以在Linux中使用原始套接字创建侦听TCP套接字吗? [英] Can I create a listening TCP socket using raw sockets in Linux?

问题描述

我想创建一个侦听TCP套接字，在它接收到来自客户端的初始SYN数据包后，可以控制它何时使用第一个SYN + ACK响应客户端.

I would like to create a listening TCP socket where I could control when it responds to the client with the first SYN+ACK after it receives the initial SYN packet from the client.

我想这样做是为了引入一些延迟或忽略一些初始的SYN数据包.目前，我可以使用iptables进行此操作，但我想知道是否可以使用OS套接字接口来完成此操作.

I want to do this to introduce some delays or ignore some initial SYN packets. I can do this using iptables at the moment, but I'm wondering if this could be done using the OS socket interface.

请注意，如果我使用普通的TCP套接字，则服务器一旦在套接字描述符上调用listen()，操作系统就会在客户端连接到它时建立连接.

Note that if I use a normal TCP socket, once the server calls listen() on the socket descriptor, the OS will establish the connection when a client connects to it.

我想知道我是否可以使用原始套接字来实现此行为.到目前为止，我所看到的有关原始套接字的所有示例都是关于主动套接字(客户端到服务器)而不是被动套接字(侦听套接字).

I am wondering then if I could use raw sockets to implement this behavior. All the examples I have seen so far about raw sockets are about active sockets (client to server) and not passive sockets (listening sockets).

推荐答案

从理论上讲，您可以在原始套接字上编写自己的TCP实现.但是内核仍会在原始套接字获得副本之前响应所有传入的TCP数据包.因此，您必须使用iptables或其他阻止内核查看您感兴趣的数据包的方法来解决此问题.

You could theoretically write your own TCP implementation over raw sockets. But the kernel will still respond to any incoming TCP packets before your raw socket gets a copy. So you'd have to work around this by using iptables or something to block the kernel from seeing the packets you're interested in.

我认为通过netfilter接口在内核模块中执行此操作会更容易(这可能是您已经在执行的操作).您还可以签出libnetfilter_queue，如果您真的想在用户空间中这样做，它可能会起作用.

I think it would be easier to do this in a kernel module via the netfilter interface (which may be what you're already doing). You could also check out libnetfilter_queue which might work if you really want to do it in userspace.

这篇关于我可以在Linux中使用原始套接字创建侦听TCP套接字吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！