原始套接字侦听器 [英] raw socket listener

问题描述

这是一个关于 linux c 编程原始套接字的快速问题.如果我只想用原始套接字监听任何接口，我必须实际绑定到 IP 地址或接口来监听流量吗?据我了解，我觉得我应该能够调用 sock();然后开始 recvfrom() 流量.也许我错了，但我见过一些不使用它的程序.

This is a quick question for linux c programming raw sockets. If I wanted to just listen to any interface with a raw socket, must I actually bind to an ip address or interface to listen to traffic? From what I understand, I feel like I should be able to just call sock(); and then start recvfrom() traffic. Maybe I'm wrong, but I've seen some programs that don't use it.

推荐答案

你是对的，你唯一需要做的就是调用 socket() 然后 recvfrom().不过请注意，使用 SOCK_RAW 进行监听存在一些限制.

You are right, the only thing you will need to do is call socket() and then recvfrom(). Nevertheless be aware of the fact that there are some limitations with listening using SOCK_RAW.

如果您没有在发送后忘记"的基础上使用原始套接字，您将有兴趣阅读原始数据包的回复数据包.是否将数据包传送到原始数据包的决策逻辑socket 可以这样枚举:

If you're not using raw sockets on a "send-and-forget" basis, you will be interested in reading the reply packet(s) for your raw packet(s). The decision logic for whether a packet will be delivered to a raw socket can be enumarated as such:

1. TCP 和 UDP 数据包永远不会传送到原始套接字，它们总是由内核协议栈处理.

1. TCP and UDP packets are never delivered to raw sockets, they are always handled by the kernel protocol stack.

ICMP 数据包的副本被传递到匹配的原始套接字.对于某些 ICMP 类型(ICMP 回显请求、ICMP 时间戳请求、mask request) 内核，同时，不妨做一些处理并生成回复.

Copies of ICMP packets are delivered to a matching raw socket. For some of the ICMP types (ICMP echo request, ICMP timestamp request, mask request) the kernel, at the same time, may wish to do some processing and generate replies.

所有 IGMP 数据包都被传递到原始套接字:例如OSPF 数据包.

All IGMP packets are delivered to raw sockets: e.g. OSPF packets.

所有其他发往未由内核子系统处理的协议的数据包都被传递到原始套接字.

All other packets destined for protocols that are not processed by a kernel subsystem are delivered to raw sockets.

您正在处理的协议是回复数据包的事实交付到您的原始套接字并不一定意味着您将得到回复包.为此，您可能还需要考虑:

The fact that you're dealing with a protocol for which reply packets are delivered to your raw socket does not necessarily mean that you'll get the reply packet. For this you may also need to consider:

1. 在通过 socket(2) 系统调用创建套接字时相应地设置协议.例如，如果您要发送 ICMPecho-r​​equest 包，想要接收 ICMP echo-r​​eply，可以设置IPPROTO_ICMP 的协议参数(第三个参数).

1. setting the protocol accordingly while creating your socket via socket(2)system call. For instance, if you're sending an ICMP echo-request packet, and want to receive ICMP echo-reply, you can set the protocol argument (3rd argument) to IPPROTO_ICMP).

将 socket(2) 中的协议参数设置为 0，因此接收到的数据包头中的任何协议号都会匹配.

setting the protocol argument in socket(2) to 0, so any protocol number in the received packet header will match.

为你的套接字定义一个本地地址(例如通过bind(2))，所以如果目标地址与套接字的本地地址匹配，它将是也传送到您的应用程序.

defining a local address for your socket (via e.g. bind(2)), so if the destination address matches the socket's local address, it'll be delivered to your application also.

有关更多详细信息，您可以阅读例如这个.

For more details you can read e.g. this.

这篇关于原始套接字侦听器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！