Is it possible to obtain the content of received ICMP messages via unprivileged sockets on Linux systems ?
I'm interested in knowing if it is possible to do so with UDP DGRAM sockets, TCP STREAM sockets and/or ICMP DGRAM sockets.
TCPsockets
I know that AF_INET, SOCK_STREAM,IPPROTO_TCP sockets can obtain feedback on the outcome of a connect() via return values such as ENETUNREACH, ETIMEDOUT or such. What I want is the actual entire ICMP message (the whole packet) by any means (create an other socket, ...) except sudo and setuid (no raw sockets).
UDPsockets
I know that you can set the IP_RECVERR IP_PROTO-level option to AF_INET, SOCK_DGRAM,IPPROTO_UDP sockets, but not to STREAM sockets. This option allows to call recvmsg() with the MSG_ERRQUEUE flag set in order to receive a sock_extended_err structure containing the ICMP error. Does it works default or do i have to specify which ICMP message i want to get passed (i.e.:via ICMP_FILTER socket options) ?
ICMPsockets
I also know that since ~2010, Linux systems allows AF_INET,SOCK_DGRAM,IPPROTO_ICMP sockets to send a few ICMP messages for ping purposes (I don't care about sending ICMP) and to receive some (which type/code i don't know). But it looks like it's not enabled by default and need root permission to be activated, which is forbidden. Is it possible to use those to receive ICMP messages, and which messages ?
- Additional Informations
I precise that I am asking this for Linux kernel >=2.6.x and IPv4. The ICMP messages I want to retreive are most importantly ttl-expired and if possible dest/port/host/network-unreach. I cannot run the program as root nor setuid root it, therefore RAW sockets are forbidden. I don't need to retreive the IP layer that encaspulate the ICMP messages.
