0

In regard to using ICMP raw socket like in this example

sd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);

There's some important question I didn't find an answer anywhere in the documentation. As far as I understand the ICMP protocol is implemented on kernel level ((by %SystemRoot%\System32\Drivers\Tcpip.sys driver windows) .

So how this kernel logic interacts with the raw user space socket willing to send and receive the ICMP packets defined as in example above?

Is ICMP logic canceled since RAW socket is open and OS gives the application full control of ICMP? Or they are working in parallel (inevitably creating the mess on the network). Can I tell OS which ICMP packets I would like to handle exactly?

Answers for both linux and windows are welcome.

Boris
  • 1,311
  • 13
  • 39

1 Answers1

0

By using the raw socket with IPPROTO_ICMP you only get copies of the ICMP packets which arrive at your host (see How to receive ICMP request in C with raw sockets). The ICMP-logic in the network stack is still alive and will handle ICMP-messages.

So you just need to pick the ICMP packets of your interest after you received them (e.g. with the corresponding ID in the ICMP header). In the receive buffer you get filled by calling recv() you also get the complete IP header.

Under Linux there is even a socket option (ICMP_FILTER) with which you can set a receive-filter for different ICMP packets.

MarcusS
  • 176
  • 2
  • 10
  • Thanks ! Is there any way to inform kernel to not handle specific packets and just pass them to raw socket? – Boris Feb 06 '18 at 09:35
  • Assuming you are only concerned about ICMP echos, then you can disable all responses from the kernel via modifying `sysctl.conf` with `net.ipv4.icmp_echo_ignore_all=1`. Read about other ICMP options [here](https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt) – Liam Kelly Feb 06 '18 at 17:51