访问 TCP 标头字段(没有原始套接字 API) [英] Accessing TCP header fields (without raw socket API)

问题描述

我正在编写一个需要访问 TCP 标头字段(例如，序列号或 TCP 时间戳字段)的应用程序.

I am writing an application that needs to get access to TCP header fields, for example, a sequence number or a TCP timestamp field.

是否可以通过在套接字 API 上操作而不侦听原始套接字来获取序列号(或其他标头字段)?(我想避免过滤掉所有数据包).

Is it possible to get sequence numbers (or other header fields) by operating at the socket API without listening on a raw socket? (I want to avoid filtering out all the packets).

我正在查看 TCP_INFO，但它的信息有限.

I am looking at the TCP_INFO but it has a limited information.

例如，在调用一个recvmsg()并获得一个数据缓冲区后，是否有可能知道在该接收到的数据缓冲区中传递最后一个字节的段的序列号?

For example, after calling a recvmsg() and getting a data buffer, is it possible to know the sequence number of the segment that delivered the last byte in that received data buffer?

谢谢

推荐答案

可以尝试使用 libpcap 来抓包.该库允许使用与 Wireshark 相同的语法指定数据包过滤器，因此您可以将捕获的数据包限制为一个连接.一个缺点是你也必须以正常方式接收数据包，这有点复杂，而且是额外的性能开销.

You can try to use libpcap to capture packets. This lib allows to specify packet filter using the same syntax as in Wireshark, so you could limit captured packets to one connection only. One downside is that you would have to receive packets in normal way too, what complicated things a bit and is an additional performance overhead.

更新:您还可以打开原始套接字并使用套接字选项 SO_ATTACH_FILTER 在其上设置伯克利数据包过滤器.更多细节在这里:https://www.kernel.org/doc/Documentation/网络/过滤器.txt.但是，您也必须在代码中实现 IP 堆栈的 TCP 部分.

Update: you can also open raw socket and set Berkeley Packet Filter on it using socket option SO_ATTACH_FILTER. More details are here: https://www.kernel.org/doc/Documentation/networking/filter.txt . However you would have to implement TCP part of IP stack in your code too.

这篇关于访问 TCP 标头字段(没有原始套接字 API)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！