I'm working on an open source where SOCK_DGRAM is used to send RTP packets.
Like this:
int sock = socket(af, SOCK_DGRAM, 0);
But i'm supposed to use the same socket as SOCK_RAW to send the UDP packets that i prepare.
Is this possible to convert the UDP socket to RAW socket?
if it is possible how it can be done?
Thanks in advance
I don't know why you said need to use same socket, otherwise, you can follow the below steps to transfer packet over RAW socket.
create the socket using SOCK_RAW.
define and populate the IP header [struct ipheader]
define and populate the UDP header [struct udphdr]
set the socket for not to use a system (kernel) provied header [setsockopt() for IP_HDRINCLas 1]
send the buffer [sendto()]
You can find some nice tutorials (and maybe some sample codes, too) here.
Related
I want to use raw sockets for packet analysis/sniffing limited to UDP. Yes I am aware of wireshark and libpcap. The scope of my analyzer is very limited and has to be implemented in C on Linux.
I know that we start with:
sd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
Then while reading, using recvfrom, we use the flag MSG_PEEK.
Questions:
Is the MSG_PEEK flag required if we use SOCK_RAW? .
If I read from this socket, will I get all incoming UDP packets on all interfaces and ports?
Does the read (with MSG_PEEK flag or otherwise) allow reading non-blocking sockets just like it would be had MSG_PEEK flag not been used? (I am using epoll). In epoll_ctl, one has to specify the fd to be monitored. Are all UDP sockets mapped to this single socket? So, if data is available on any UDP socket opened by other processes, this socket's EPOLLIN event will be triggered?
Will this reading (with MSG_PEEK or without) impact the reading of sockets in the actual program that use the packets for real applications?
I want to receive ethernet packets from socket in Linux, but only those, which have one of two custom Ethtype values.
As I know, if only 1 ethtype should be received, it's possible to specify this value while creating socket like this
int socket = socket(PF_PACKET, SOCK_RAW, htons(ETHERTYPE_CUSTOM_1);
But what if I have 2 different ethtypes? Should I use 2 sockets or write some custom filter? Or is there some any simple way?
Create two sockets, one for each ethertype. Then you can use select() or epoll() to wait for packets on either socket at the same time.
I think you should use libpcap library. You need to access bpf packer filter.
This is easy one.
Or you can use iptables rules an netfilter library. You need to set prerouting iptables rules to forward all packet to specific port and your application binding this port as listening mode and you can receive full packet.
1.
socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
The linux manual page says about this code.
In socket option, if IP_HDRINCL is set, I can make IP header. Am I right?
If it's right, above socket also let me make TCP header, too?
Then, if IP_HDRINCL is not set, what means above socket?
2.
socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
what means above code comparing to number 1 question's code?
I know IPPROTO_RAW can't receive any IP packets. And here, these sockets only can receive TCP packets, and UDP pakcets each.(Can I see IP Header, Ethernet Header also?)
But how about sending?? I don'know exactly about this.
IP_HDRINCL means: I want my data (for send and recv) to include the ip hdr. And if your data include the ip hdr, it means that the tcp hdr follows (just after the ip hdr), and finally the app's message too (the message your normally give to send ...). Without IP_HDRINCL, you have access to apps data only.
Yes, IPPROTO_TCP and IPPROTO_UDP whith SOCK_RAW are just filters as you say, for sending and receiving. Use IPPROTO_RAW to be able to send any TCP/IP packet (no filter). But to also receive packets, you need also to change AF_INET into AF_PACKET.
I'm using 2 different C programs to received fragmented packets, one using a raw socket defined as following:
_socket0 = socket( PF_PACKET, SOCK_RAW, htons(ETH_P_ALL) );
one using an UDP socket defined as following:
_socket0=socket(AF_INET, SOCK_DGRAM, 0);
The first one works fine, the second one doesn't work, I'm not able to see nothings.
Anyone can tell me the reason?
A fragment of an UDP packet is not a UDP packet, so it won't be passed to a UDP socket. UDP sockets are for reading/writing whole UDP packets, not IP packets carrying fragments of one.
I'm trying to send commands using UDP. The receiver is supposed to receive the UDP datagram and reply. However, I would like the reply to always be sent to the sender's source port. I know how to parse the the port (struct header and move the pointer to the right position...), however, I'm looking for a function that returns the whole received frame including the headers and not only the datagram/data.
What about the recvfrom() function? It allows you to grab the data and it fills a sockaddr struct from which you can find the source port of the sender.