Linux下的raw Socket（原始套接字）编程

前言

本文所述代码托管在https://github.com/Wuchenwcf/MyCode/blob/master/C%2B%2B/Linux/rawSocketTest.cpp

简介

最近项目需要用到rawSocket来进行自定义IP报文的源地址。

windows从winxp sp2开始便对raw socket进行了限制。

【1】只能发送UDP包

【2】只能发送正确的UDP包

【3】不能冒充源地址，即，源地址只能填本机地址。

所以raw socket只有在Linux平台上才能发挥它本该有的功能。

注意

网上很多raw Socket的代码很坑，尤其是这个：http://www.tenouk.com/Module43a.html。看起来很正规很牛逼的样子，实际上IP报文都组错了。而且sendto函数调用错误，导致数据报只能在本地环路中收发，根本就不经过网卡，也就发不出去。博主参考了他的代码，结果卡了一天。唉。

代码

代码注释写的很清楚，看官自己看吧

#include <unistd.h>#include <stdio.h>#include <sys/socket.h>#include <netinet/ip.h>#include <netinet/udp.h>#include<memory.h>#include<stdlib.h>#include <linux/if_ether.h>#include <linux/if_packet.h> // sockaddr_ll#include<arpa/inet.h>#include<netinet/if_ether.h>#include<iomanip>#include<iostream>// The packet length#define PCKT_LEN 100//UDP的伪头部struct UDP_PSD_Header{u_int32_t src;u_int32_t des;u_int8_t  mbz;u_int8_t ptcl;u_int16_t len;};//计算校验和unsigned short csum(unsigned short *buf, int nwords){ unsigned long sum;for (sum = 0; nwords > 0; nwords--){sum += *buf++;}sum = (sum >> 16) + (sum & 0xffff);sum += (sum >> 16);return (unsigned short)(~sum);}// Source IP, source port, target IP, target port from the command line argumentsint main(int argc, char *argv[]){int sd;char buffer[PCKT_LEN] ;//查询www.chongfer.cn的DNS报文unsigned char DNS[] = { 0xd8, 0xcb , 0x01, 0x00, 0x00, 0x01, 0x00 ,0x00,0x00, 0x00, 0x00, 0x00, 0x03, 0x77, 0x77, 0x77,0x08, 0x63, 0x68, 0x6f, 0x6e, 0x67, 0x66, 0x65,0x72, 0x02, 0x63, 0x6e, 0x00, 0x00, 0x01, 0x00,0x01 };struct iphdr *ip = (struct iphdr *) buffer;struct udphdr *udp = (struct udphdr *) (buffer + sizeof(struct iphdr));// Source and destination addresses: IP and portstruct sockaddr_in sin, din;int  one = 1;const int *val = &one;//缓存清零memset(buffer, 0, PCKT_LEN);if (argc != 5){printf("- Invalid parameters!!!\n");printf("- Usage %s <source hostname/IP> <source port> <target hostname/IP> <target port>\n", argv[0]);exit(-1);}// Create a raw socket with UDP protocolsd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);if (sd < 0){perror("socket() error");// If something wrong just exitexit(-1);}elseprintf("socket() - Using SOCK_RAW socket and UDP protocol is OK.\n");//IPPROTO_TP说明用户自己填写IP报文//IP_HDRINCL表示由内核来计算IP报文的头部校验和，和填充那个IP的id if (setsockopt(sd, IPPROTO_IP, IP_HDRINCL, val, sizeof(int))){perror("setsockopt() error");exit(-1);}elseprintf("setsockopt() is OK.\n");// The source is redundant, may be used later if needed// The address familysin.sin_family = AF_INET;din.sin_family = AF_INET;// Port numberssin.sin_port = htons(atoi(argv[2]));din.sin_port = htons(atoi(argv[4]));// IP addressessin.sin_addr.s_addr = inet_addr(argv[1]);din.sin_addr.s_addr = inet_addr(argv[3]);// Fabricate the IP header or we can use the// standard header structures but assign our own values.ip->ihl = 5;ip->version = 4;//报头长度，4*32=128bit=16Bip->tos = 0; // 服务类型ip->tot_len = ((sizeof(struct iphdr) + sizeof(struct udphdr)+sizeof(DNS)));//ip->id = htons(54321);//可以不写ip->ttl = 64; // hops生存周期ip->protocol = 17; // UDPip->check = 0;// Source IP address, can use spoofed address here!!!ip->saddr = inet_addr(argv[1]);// The destination IP addressip->daddr = inet_addr(argv[3]);// Fabricate the UDP header. Source port number, redundantudp->source = htons(atoi(argv[2]));//源端口// Destination port numberudp->dest = htons(atoi(argv[4]));//目的端口udp->len = htons(sizeof(struct udphdr)+sizeof(DNS));//长度//forUDPCheckSum用来计算UDP报文的校验和用//UDP校验和需要计算 伪头部、UDP头部和数据部分char * forUDPCheckSum = new char[sizeof(UDP_PSD_Header) + sizeof(udphdr)+sizeof(DNS)+1];memset(forUDPCheckSum, 0, sizeof(UDP_PSD_Header) + sizeof(udphdr) + sizeof(DNS) + 1);UDP_PSD_Header * udp_psd_Header = (UDP_PSD_Header *)forUDPCheckSum;udp_psd_Header->src = inet_addr(argv[1]);udp_psd_Header->des = inet_addr(argv[3]);udp_psd_Header->mbz = 0;udp_psd_Header->ptcl = 17;udp_psd_Header->len = htons(sizeof(udphdr)+sizeof(DNS));memcpy(forUDPCheckSum + sizeof(UDP_PSD_Header), udp, sizeof(udphdr));memcpy(forUDPCheckSum + sizeof(UDP_PSD_Header) + sizeof(udphdr), DNS, sizeof(DNS));//ip->check = csum((unsigned short *)ip, sizeof(iphdr)/2);//可以不用算//计算UDP的校验和，因为报文长度可能为单数，所以计算的时候要补0udp->check = csum((unsigned short *)forUDPCheckSum,(sizeof(udphdr)+sizeof(UDP_PSD_Header)+sizeof(DNS)+1)/2);setuid(getpid());//如果不是root用户，需要获取权限// Send loop, send for every 2 second for 2000000 countprintf("Trying...\n");printf("Using raw socket and UDP protocol\n");printf("Using Source IP: %s port: %u, Target IP: %s port: %u.\n", argv[1], atoi(argv[2]), argv[3], atoi(argv[4]));std::cout << "Ip length:" << ip->tot_len << std::endl;int count;//将DNS报文拷贝进缓存区memcpy(buffer + sizeof(iphdr) + sizeof(udphdr), DNS, sizeof(DNS));for (count = 1; count <= 2000000; count++){if (sendto(sd, buffer, ip->tot_len, 0, (struct sockaddr *)&din, sizeof(din)) < 0)// Verify{perror("sendto() error");exit(-1);}else{printf("Count #%u - sendto() is OK.\n", count);sleep(2);}}close(sd);return 0;}

结果

在IP为93的机器上冒充那个IP为94的机器向阿里的DNS服务器114.114.114.114上发送DNS查询报文

在IP为94的机器上收到阿里DNS服务器传回来的DNS报文