这是一个针对 linux c 编程原始套接字的快速问题。如果我只想用原始套接字监听任何接口(interface),我必须实际绑定(bind)到一个 IP 地址或接口(interface)来监听流量吗?据我了解,我觉得我应该可以调用 sock();然后启动 recvfrom() 流量。也许我错了,但我见过一些不使用它的程序。
最佳答案
您是对的,您唯一需要做的就是调用 socket(),然后调用 recvfrom()。不过请注意,使用 SOCK_RAW 收听有一些限制。
If you're not using raw sockets on a "send-and-forget" basis, you will be interested in reading the reply packet(s) for your raw packet(s). The decision logic for whether a packet will be delivered to a raw socket can be enumarated as such:
TCP and UDP packets are never delivered to raw sockets, they are always handled by the kernel protocol stack.
Copies of ICMP packets are delivered to a matching raw socket. For some of the ICMP types (ICMP echo request, ICMP timestamp request, mask request) the kernel, at the same time, may wish to do some processing and generate replies.
All IGMP packets are delivered to raw sockets: e.g. OSPF packets.
All other packets destined for protocols that are not processed by a kernel subsystem are delivered to raw sockets.
The fact that you're dealing with a protocol for which reply packets are delivered to your raw socket does not necessarily mean that you'll get the reply packet. For this you may also need to consider:
setting the protocol accordingly while creating your socket via socket(2)system call. For instance, if you're sending an ICMP echo-request packet, and want to receive ICMP echo-reply, you can set the protocol argument (3rd argument) to IPPROTO_ICMP).
setting the protocol argument in socket(2) to 0, so any protocol number in the received packet header will match.
defining a local address for your socket (via e.g. bind(2)), so if the destination address matches the socket's local address, it'll be delivered to your application also.
有关更多详细信息,您可以阅读例如this .
关于c - 原始套接字监听器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13082023/