1RAW(7) Linux Programmer's Manual RAW(7)
2
6 raw, SOCK_RAW - Linux IPv4 raw sockets
7
9 #include <sys/socket.h>
10 #include <netinet/in.h>
11 raw_socket = socket(PF_INET, SOCK_RAW, int protocol);
12
15 Raw sockets allow new IPv4 protocols to be implemented in user space.
16 A raw socket receives or sends the raw datagram not including link
17 level headers.
18 The IPv4 layer generates an IP header when sending a packet unless the
20 IP_HDRINCL socket option is enabled on the socket. When it is enabled,
21 the packet must contain an IP header. For receiving the IP header is
22 always included in the packet.
23 Only processes with an effective user ID of 0 or the CAP_NET_RAW capa‐
25 bility are allowed to open raw sockets.
26 All packets or errors matching the protocol number specified for the
28 raw socket are passed to this socket. For a list of the allowed proto‐
29 cols see RFC 1700 assigned numbers and getprotobyname(3).
30 A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able to
32 send any IP protocol that is specified in the passed header. Receiving
33 of all IP protocols via IPPROTO_RAW is not possible using raw sockets.
34 ┌───────────────────────────────────────────────────┐
37 │IP Header fields modified on sending by IP_HDRINCL │
38 ├──────────────────────┬────────────────────────────┤
39 │IP Checksum │Always filled in. │
40 ├──────────────────────┼────────────────────────────┤
41 │Source Address │Filled in when zero. │
42 ├──────────────────────┼────────────────────────────┤
43 │Packet Id │Filled in when zero. │
44 ├──────────────────────┼────────────────────────────┤
45 │Total Length │Always filled in. │
46 └──────────────────────┴────────────────────────────┘
47 If IP_HDRINCL is specified and the IP header has a non-zero destination
48 address then the destination address of the socket is used to route the
49 packet. When MSG_DONTROUTE is specified the destination address should
50 refer to a local interface, otherwise a routing table lookup is done
51 anyway but gatewayed routes are ignored.
52 If IP_HDRINCL isn't set then IP header options can be set on raw sock‐
54 ets with setsockopt(2); see ip(7) for more information.
55 In Linux 2.2 all IP header fields and options can be set using IP
57 socket options. This means raw sockets are usually only needed for new
58 protocols or protocols with no user interface (like ICMP).
59 When a packet is received, it is passed to any raw sockets which have
61 been bound to its protocol before it is passed to other protocol han‐
62 dlers (e.g. kernel protocol modules).
63
66 Raw sockets use the standard sockaddr_in address structure defined in
67 ip(7). The sin_port field could be used to specify the IP protocol
68 number, but it is ignored for sending in Linux 2.2 and should be always
69 set to 0 (see BUGS) For incoming packets sin_port is set to the proto‐
70 col of the packet. See the <netinet/in.h> include file for valid IP
71 protocols.
72
75 Raw socket options can be set with setsockopt(2) and read with getsock‐
76 opt(2) by passing the IPPROTO_RAW family flag.
77 ICMP_FILTER
80 Enable a special filter for raw sockets bound to the
81 IPPROTO_ICMP protocol. The value has a bit set for each ICMP
82 message type which should be filtered out. The default is to
83 filter no ICMP messages.
84 In addition all ip(7) IPPROTO_IP socket options valid for datagram
87 sockets are supported.
88
91 By default raw sockets do path MTU (Maximum Transmission Unit) discov‐
92 ery. This means the kernel will keep track of the MTU to a specific
93 target IP address and return EMSGSIZE when a raw packet write exceeds
94 it. When this happens the application should decrease the packet size.
95 Path MTU discovery can be also turned off using the IP_MTU_DISCOVER
96 socket option or the ip_no_pmtu_disc sysctl, see ip(7) for details.
97 When turned off raw sockets will fragment outgoing packets that exceed
98 the interface MTU. However disabling it is not recommended for perfor‐
99 mance and reliability reasons.
100 A raw socket can be bound to a specific local address using the bind(2)
102 call. If it isn't bound all packets with the specified IP protocol are
103 received. In addition a RAW socket can be bound to a specific network
104 device using SO_BINDTODEVICE; see socket(7).
105 An IPPROTO_RAW socket is send only. If you really want to receive all
107 IP packets use a packet(7) socket with the ETH_P_IP protocol. Note that
108 packet sockets don't reassemble IP fragments, unlike raw sockets.
109 If you want to receive all ICMP packets for a datagram socket it is
111 often better to use IP_RECVERR on that particular socket; see ip(7).
112 Raw sockets may tap all IP protocols in Linux, even protocols like ICMP
114 or TCP which have a protocol module in the kernel. In this case the
115 packets are passed to both the kernel module and the raw socket(s).
116 This should not be relied upon in portable programs, many other BSD
117 socket implementation have limitations here.
118 Linux never changes headers passed from the user (except for filling in
120 some zeroed fields as described for IP_HDRINCL). This differs from
121 many other implementations of raw sockets.
122 RAW sockets are generally rather unportable and should be avoided in
124 programs intended to be portable.
125 Sending on raw sockets should take the IP protocol from sin_port; this
127 ability was lost in Linux 2.2. The workaround is to use IP_HDRINCL.
128
131 Errors originating from the network are only passed to the user when
132 the socket is connected or the IP_RECVERR flag is enabled. For con‐
133 nected sockets only EMSGSIZE and EPROTO are passed for compatibility.
134 With IP_RECVERR all network errors are saved in the error queue.
135
137 EMSGSIZE
138 Packet too big. Either Path MTU Discovery is enabled (the
139 IP_MTU_DISCOVER socket flag) or the packet size exceeds the max‐
140 imum allowed IPv4 packet size of 64KB.
141 EACCES User tried to send to a broadcast address without having the
143 broadcast flag set on the socket.
144 EPROTO An ICMP error has arrived reporting a parameter problem.
146 EFAULT An invalid memory address was supplied.
148 EOPNOTSUPP
150 Invalid flag has been passed to a socket call (like MSG_OOB).
151 EINVAL Invalid argument.
153 EPERM The user doesn't have permission to open raw sockets. Only pro‐
155 cesses with a effective user ID of 0 or the CAP_NET_RAW
156 attribute may do that.
157
160 IP_RECVERR and ICMP_FILTER are new in Linux 2.2. They are Linux exten‐
161 sions and should not be used in portable programs.
162 Linux 2.0 enabled some bug-to-bug compatibility with BSD in the raw
164 socket code when the SO_BSDCOMPAT socket option was set — since Linux
165 2.2, this option no longer has that effect.
166
169 Transparent proxy extensions are not described.
170 When the IP_HDRINCL option is set datagrams will not be fragmented and
172 are limited to the interface MTU.
173 Setting the IP protocol for sending in sin_port got lost in Linux 2.2.
175 The protocol that the socket was bound to or that was specified in the
176 initial socket(2) call is always used.
177
180 This man page was written by Andi Kleen.
181
184 recvmsg(2), sendmsg(2), capabilities(7), ip(7), socket(7)
185 RFC 1191 for path MTU discovery.
187 RFC 791 and the <linux/ip.h> include file for the IP protocol.
189Linux Man Page 1998-10-02 RAW(7)