Recall the declaration of a socket in C has the following signature:
int socket(int domain, int type, int protocol);
I met some reverse-engineered code where protocol = 17. Does anyone know what protocol this refers to? The net seems to be lacking of such int values; they have only the names, at best.
Protocol 17 would be UDP per IANA specifications, which is referred to at least in the Linux socket documentation. The name of the protocol should also be available via getprotoent if it’s supported by the platform.
Microsoft also uses same numbers for the protocols in socket.
Related
I'm messing with sockets in C and this protocol continues to show up, I couldn't find anything about it, so what is it used for? What's the difference between HOPOPT and IP?
Also i'm don't get why the last argument of the socket() function should be 0. According to the man page:
The protocol specifies a particular protocol to be used with the socket. Normally only a single protocol exists to support a particular socket type within a given protocol family, in which case protocol can be specified as 0. However, it is possible that many protocols may exist, in which case a particular protocol must be specified in this manner. The protocol number to use is specific to the “communication domain” in which communication is to take place; see protocols(5). See getprotoent(3) on how to map protocol name strings to protocol numbers.
As far as I understand setting the last argument to 0 will let the standard library to decide which protocol to use but in which case would one use a number other than 0?
HOPOPT is the acronym of the Hop-by-Hop IPv6 extension header. It is a header that allows to add even more options to an IPv6 packet. It is normal that IPv6 packets include this header.
socket() is the system call that BSD and others (Linux et al.) provide to create a new socket, that is the internal representation of a network connection. When creating a new socket, the desired protocol must be specified: TCP, UDP, etc., which may go over IPv4, IPv6, etc.
The paragraph that you are citing explains that one or many protocols may exist for each socket type.
If only one exists, the protocol argument must be zero. For instance, SOCK_STREAM sockets are only implemented by TCP:
int sk = socket(AF_INET, SOCK_STREAM, 0);
If more exist, than you must specify which protocol in particular you want to use. For example, the SOCK_SEQPACKET type can be implemented with the SCTP protocol:
int sk = socket(AF_INET, SOCK_SEQPACKET, IPPROTO_SCTP);
So, in conclusion:
If you want to create a socket, choose what protocol to use, for instance TCP over IPv4.
HOPOPT is totally normal in an IPv6 packet. If you see it appear in your traces, because you created an IPv6 socket (using AF_INET6), it is OK.
I'm reading and trying to get an idea of C, and I tried to program a Java chat with UDP and TCP a couple of years back, and as much as I pulled it off... I could not do it.
I want to program sockets and I'm reading tons of documentation, but there is always a part that is unclear, every kicking documentation has a flaw.
For example, there is one about
int socket(int domain, int type, int protocol);
The domain I will use is clearly AF_INET, and if I want a TCP Socket I think type should be SOCK_STREAM, but what is protocol? Documentation says it should be 0... why??? what is it?
From the man page for socket:
The protocol specifies a particular protocol to be used with the socket. Normally only a single protocol exists to support a particular socket type within a given protocol family, in which case protocol can be specified as 0. However, it is possible that many protocols may exist, in which case a particular protocol must be specified in this manner. The protocol number to use is specific to the “communication domain” in which communication is to take place; see protocols(5). See getprotoent(3) on how to map protocol name strings to protocol numbers.
According to the man page for protocols:
This file is a plain ASCII file, describing the various DARPA internet protocols that are available from the TCP/IP subsystem. It should be consulted instead of using the numbers in the ARPA include files, or, even worse, just guessing them. These numbers will occur in the protocol field of any IP header.
Each line is of the following format:
protocol number aliases ...
...
/etc/protocols The protocols definition file.
And in the /etc/protocols file on my linux box:
ip 0 IP # internet protocol, pseudo protocol number
hopopt 0 HOPOPT # hop-by-hop options for ipv6
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # internet group management protocol
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie#cs.ucl.ac.uk>
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco: for IGRP)
bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring
...
And according to the man page for getprotocol:
The getprotobyname() function returns a protoent structure for the entry from the database that matches the protocol name name. A connection is opened to the database if necessary.
...
The protoent structure is defined in as follows:
struct protoent {
char *p_name; /* official protocol name */
char **p_aliases; /* alias list */
int p_proto; /* protocol number */
}
So if you pass "ip" to getprotobyname() it would return 0 which is the number you are using anyway. But using 0 directly is always safe even if you don't know the name of the protocol.
The last protocol parameter of socket() can be used with raw packets. I will try to explain it practically.
If you are using raw sockets to get packets from TCP stack, you can control the amount of packet data you want to send/receive with this parameter.
socket (AF_INET, SOCK_RAW, IPPROTO_TCP);
Above call will give you a raw packet in which kernel will take care of the packet up to IP header. You will have to manually fill in the rest of the packet when sending it or when you will read the packet, kernel will provide the contents of TCP header as well with the data.
On the other hand:
socket (AF_INET, SOCK_RAW, IPPROTO_RAW);
Using IPPROTO_RAW, you can control the packet from IP layer upwards. i.e. kernel will provide you services up to ethernet header, rest of the packet is in your control.
There may be different protocols to support a particular socket type, so that's why you also can specify the protocol in socket(2).
From the manpage (emphasis mine):
The protocol specifies a particular protocol to be used with the
socket. Normally only a single protocol exists to support a
particular socket type within a given protocol family, in which case
protocol can be specified as 0.
However, it is possible that many protocols may exist, in which case a particular protocol must be specified in this manner.
So it is not mandatory to specify the protocol as 0. Actually 0 means that the standard library will figure out the correct protocol for you. But you could specify it as explicitly and it is perfectly valid to do so.
On Linux, you can see the available protocols by doing:
$ cat /etc/protocols
# Internet (IP) protocols
#
# Updated from http://www.iana.org/assignments/protocol-numbers and other
# sources.
# New protocols will be added on request if they have been officially
# assigned by IANA and are not historical.
# If you need a huge list of used numbers please install the nmap package.
ip 0 IP # internet protocol, pseudo protocol number
hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # Internet Group Management
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
int socket(int domain, int type, int protocol);
As per i understood,
int domain;
This parameter is used for passing the address family or protocol family. I belive that there is no major difference betweent the address family and protocol family. We are using this for specifying the address type (IPV4 or IPv6).
int type;
This parameter is used for connection type such as UDP,TCP in network layer.
int protocol;
This parameter is used for the specifying the protocol such as TCP,UDP.
and my question is
what is the difference between the 2nd and 3rd parameter? If we use the TCP protocol we will use the SOCK_STREAM , and if we use the UDP protocol we will use the SOCK_DGRAM in 2nd parameter. So why there is a need for two parameters in this case? Why not we use a single parameter instead of two?
As per the man page the protocol is the sub type of a socket, for most of types there is no sub type but some types may additional subtypes.
For example you can specify protocol number if you have type raw socket.
int fd = socket (PF_INET, SOCK_RAW, IPPROTO_TCP);
-MS
I am having this doubt in socket programming which I could not get cleared by reading the man pages.
In c the declaration of socket function is int socket(int domain, int type, int protocol);
The linux man page says that while type decides the stream that will be followed the protocol number is the one that decides the protocol being followed.
So my question is that suppose I give the type parameter as SOCK_STREAM which is reliable and add the protocol number for UDP would it give me a reliable UDP which is same as TCP but without flow control and congestion control.
Unfortunately I can't test this out as I have a single machine so there is no packet loss happening.
Could anyone clear this doubt? Thanks a lot...
UDP cannot be made reliable. Transmission of the packets is done on a "best effort" capacity, but any router/host along the chain is free to drop the packet in the garbage and NOT inform the sender that it has done so.
That's not to say you can't impose extra semantics on the sending and receiving ends to expect packets within a certain time frame and say "hey, we didn't get anything in the last X seconds". But that can't be done at the protocol level. UDP is a "dump it into the outbox and hope it gets there" protocol.
No. For an IPV4 or IPV6 protocol stack, SOCK_STREAM is going to get you TCP and the type SOCK_DGRAM is going to give you UDP. The protocol parameter is not used for either of the choices and the socket library is typically expecting a value of 0 to be specified there.
If you do this:
socket(AF_INET,SOCK_STREAM,IPPROTO_UDP):
socket() will return -1 and sett errno to
EPROTONOSUPPORT
The protocol type or the specified protocol
is not supported within this domain.
what 0 indicates in following line?
what are other flags i can use?
server = socket(AF_UNIX, SOCK_STREAM, 0)
As others have likely said, the third argument to socket is generally an int indicating the protocol. 0 indicates that the caller does not want to specify the protocol and will leave it up to the service provider.
Other than zero, another common one is IPPROTO_TCP.
Full details can be found on the man page using man 2 socket on your machine or visiting here.
From the man pages of socket:
int socket(int domain, int type, int protocol);
The protocol specifies a
particular protocol to be used with
the socket. Normally only a single
protocol
exists to support a particular socket type within a given protocol
family, in which case protocol can be
speci‐
fied as 0. However, it is possible that many protocols may
exist, in which case a particular
protocol must be
specified in this manner. The protocol number to use is specific to
the “communication domain” in which
commu‐
nication is to take place; see protocols(5). See getprotoent(3) on
how to map protocol name strings to
proto‐
col numbers.
The best thing to do here is read the man page. This document states that the third parameter is the protocol, which in this case is SOCK_STREAM but can be others.