原始套接字监听器 [英] raw socket listener

问题描述

这是Linux c编程原始套接字一个快速的问题。如果我想只听一个原始套接字任何接口，必须我实际上绑定到一个IP地址或接口来听流量？据我了解，我觉得我应该能够只是调用袜子（）;然后启动recvfrom的（）的流量。也许我错了，但我已经看到了一些程序，不使用它。

解决方案

您是对的，你需要做的唯一的事情就是调用插座（）然后 recvfrom的（）。不过要注意的事实，有使用 SOCK_RAW 。

听一些限制

  

如果你不使用发送和忘记的基础上原始套接字，你会
  有兴趣阅读的应答数据包（S）为您的原始数据包（S）。
  用于分组是否决策逻辑将被传递到一个原始
  插座可以列举例如：这样：

  
  

  

1. TCP和UDP数据包不会被传递到原始套接字，他们总是由内核协议栈处理。


  

2. ICMP数据包的副本发送到匹配的原始套接字。对于一些ICMP类型（ICMP echo请求，ICMP时间戳请求，
     掩码请求）内核，在同一时间，不妨做一些
     处理并生成回复。


  

3. 所有IGMP数据包传递到原始套接字：例如OSPF报文。


  

4. 往不是由内核子系统处理被传递到原始套接字协议的所有其它分组


  

  
  

这是你处理为其应答报文协议的事实
  被传递到你的原始套接字并不一定意味着你会
  得到的回复数据包。为此，您可能还需要考虑：

  
  

  

1. 设置相应的协议，同时创造通过插槽（2）系统调用的插座。例如，如果您发送的ICMP
     回声请求数据包，并要接受ICMP回显应答中，你可以设置
     协议参数（第三个参数）到IPPROTO_ICMP）。


  

2. 设置插座（2）0协议的说法，所以在接收到的数据包报头的协议号将匹配。


  

3. 为您插座定义的本地地址（通过例如绑定（2）），因此，如果目的地址的套接字的本地地址相匹配，这将是
     发送到您的应用程序也。


  

有关详细信息，你可以阅读例如这个。

This is a quick question for linux c programming raw sockets. If I wanted to just listen to any interface with a raw socket, must I actually bind to an ip address or interface to listen to traffic? From what I understand, I feel like I should be able to just call sock(); and then start recvfrom() traffic. Maybe I'm wrong, but I've seen some programs that don't use it.

解决方案

You are right, the only thing you will need to do is call socket() and then recvfrom(). Nevertheless be aware of the fact that there are some limitations with listening using SOCK_RAW.

If you're not using raw sockets on a "send-and-forget" basis, you will be interested in reading the reply packet(s) for your raw packet(s). The decision logic for whether a packet will be delivered to a raw socket can be enumarated as such:

1. TCP and UDP packets are never delivered to raw sockets, they are always handled by the kernel protocol stack.

2. Copies of ICMP packets are delivered to a matching raw socket. For some of the ICMP types (ICMP echo request, ICMP timestamp request, mask request) the kernel, at the same time, may wish to do some processing and generate replies.

3. All IGMP packets are delivered to raw sockets: e.g. OSPF packets.

4. All other packets destined for protocols that are not processed by a kernel subsystem are delivered to raw sockets.

The fact that you're dealing with a protocol for which reply packets are delivered to your raw socket does not necessarily mean that you'll get the reply packet. For this you may also need to consider:

1. setting the protocol accordingly while creating your socket via socket(2)system call. For instance, if you're sending an ICMP echo-request packet, and want to receive ICMP echo-reply, you can set the protocol argument (3rd argument) to IPPROTO_ICMP).

2. setting the protocol argument in socket(2) to 0, so any protocol number in the received packet header will match.

3. defining a local address for your socket (via e.g. bind(2)), so if the destination address matches the socket's local address, it'll be delivered to your application also.

For more details you can read e.g. this.

这篇关于原始套接字监听器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！