When i gone through socket programming i could not clearly understand RAW_SOCKET.
My understanding is
If i open a socket with this option AF_INET , RAW_SOCKET mean's I can create my now header before AF_INET headers but finaly the data is send in the format of AF_INET protocol. Is my understanding is correct . If wrong can some explain me.
ThankYou
In every layer,packet has two disjoint sections: Header, Payload
non-Raw socket means you can just determine Transport Layer Payload. i.e it is OS task to create Transport,Network and Data Link layer headers.
Raw socket means you can determine every section of packet,either header or payload. Please note that raw socket is a general word. I categorize raw socket into: Network Socket andd Data-Link Socket (or alternativly L3 Socket and L2 Socket)
In L3 Socket you can determine header and payload of packet in network layer. For example if network layer protocol is IPv4, you can determine IPv4 header and payload. Thus you can set transport layer header/payload, ICMP header/payload, Routing Protocols headder/payload.
In L2 Socket you can set header and payload of packet in data link layer, i.e everything in packet. Thus you do everything done with L3 Socket + determine ARP header/payload, PPP header/payload, PPPOE header/payload , .... .
Now in programming:
Third parameter specify payload protocol.
RAW_SOCKET allow user to implement it's own transport layer protocol above internet (IP) level . You are responsible for creating and parsing transport level headers and logic behind it. A packet would look like:
-------------------------------------------------------------------
| Ethernet (typically) header | IP header | Your header | payload |
-------------------------------------------------------------------
EDIT: there's good description of raw sockets on Linux man page, or here if you are using Windows.
You can also use SOCK_RAW with "Packet Sockets" that will allow you to have full control over the L2 (Ethernet) and L3 (IP) layers.. meaning you can completely custom-render you packet as it comes out of a NIC..
Details here:
http://www.kernel.org/doc/man-pages/online/pages/man7/packet.7.html
http://austinmarton.wordpress.com/2011/09/14/sending-raw-ethernet-packets-from-a-specific-interface-in-c-on-linux/
It's also used for protocols like ICMP (ping), you have to know structure of ICPM packet to create it. Also kernel doesn'n modify your packets
Once the application creates RAW socket is used to send and
receive packets from source to destination those all packets are
treated as datagram on an unconnected socket
when sending IPv4 data, an application has a choice on
whether to specify the IPv4 header at the front of the outgoing
datagram for the packet.
If the IP_HDRINCL socket option is set to true for an IPv4
socket (address family of AF_INET), the application must supply the
IPv4 header in the outgoing data for send operations.
If this socket option is false (the default setting), then
the IPv4 header should not be in included the outgoing data for
send operations.
It is important to understand that some sockets of type
SOCK_RAW may receive many unexpected datagrams. For example, a PING
program may create a socket of type SOCK_RAW to send ICMP echo
requests and receive responses. While the application is expecting
ICMP echo responses, if several SOCK_RAW sockets are open on a
computer at the same time, the same datagrams may be delivered to
all the open sockets. An application must have a mechanism to
recognize and to ignore all others.
For a PING program, such a mechanism might include
inspecting the received IP header for unique identifiers in the
ICMP header (the application's process ID, for example)
TCP data cannot be sent by using raw socket
Referred from below link :
https://msdn.microsoft.com/en-us/library/windows/desktop/ms740548%28v=vs.85%29.aspx
