linux raw socket programming question

Question

Hi all,

I am trying to create a raw socket which send and receive message with ip/tcp header under linux. I can successfully binds to a port and receive tcp message(ie:syn) However, the message seems to be handled by the os, but not mine. I am just a reader of it(like wireshark). My raw socket binds to port 8888, and then i try to telnet to that port . In wireshark, it shows that the port 8888 reply a "rst ack" when it receive the "syn" request. In my program, it shows that it receive a new message and it doesnot reply with any message.

Any way to actually binds to that port?(prevent os handle it)

Here is part of my code, i try to cut those error checking for easy reading

sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);

int tmp = 1;
const int *val = &tmp;
setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp));

servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = htons(8888);
bind(sockfd, (struct sockaddr*)&servaddr, sizeof(servaddr));

//call recv in loop

Answer 1

Edit: In case you intend to program raw sockets, check this.

It has a few examples of how to send and receive raw packets.

In case you want to use SOCK_STREAM and SOCK_SEQPACKET connection-oriented type sockets:

You need to tell it to listen after binding to a given address:port.

int connectionQueue = 10;
if ( -1 == listen(sockfd, connectionQueue) )
{
  // Error occurred
}

Afterwards, you will need to verify the descriptor for incoming connections using select, and accept an incoming connection on either the server socket (which will lead to not accepting new connections), or a dedicated client socket.

Answer 2

man 7 raw says:

Raw sockets may tap all IP protocols in Linux, even protocols like ICMP or TCP which have a protocol module in the kernel. In this case the packets are passed to both the kernel module and the raw socket(s).

I take this to mean that you can't "do TCP" on a raw socket without interference from the kernel unless your kernel lacks TCP support -- which, of course, isn't something you want. What raw sockets are good for is implementing other IP protocols that the kernel doesn't handle, or for special applications like sending crafted ICMP packets.

Answer 3

if u wanna catch a pack and do somethink on header you should workon kernel space. first learn how to program kernel modules.then netfilter and netlink frameworks. you will have some idea to solve the problem.