1

To produce packets with extended IP header setsockopt operation can be performed with level SOL_IP and option IP_OPTIONS:

int ipoption=0xbaadf00d;
int sockfd=socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
setsockopt(sockfd, SOL_IP, IP_OPTIONS, &ipoption, sizeof ipoption);

After making this when trying to connect TCP stack produces packets with correct extended header. Problem is how to do the same for server socket: I expect TCP server socket that answers with SYN/ACK packet with specific IP header extension in response to connect. But making same setsockopt for socket gives no effect. No matter when I call setsockopt - before listen, before accept etc. Is it possible somehow to apply IP option to server socket without switching to RAW sockets?

Mikhail Sorokhtin
  • 19
  • 1
  • On the server side, when using `accept()`, there is no way to apply per-socket options to a client socket before `accept()` has returned a new socket descriptor for it. What kind of options are you trying to set *exactly*? And what platform(s) are you targeting? On Windows, for instance, you could use `AcceptEx()` instead, which allows you to pre-allocate and configure a new `SOCKET` before it gets associated with an accepted client. But that is not portable to other platforms. – Remy Lebeau Sep 17 '18 at 20:54
  • Thanks, Remy, for your answer. Forgot to mention - I use linux kernel 4.14 running on ARMv4. Main goal is to add security extension header to all packets produced by TCP server. First packet produced by server is syn/ack, this packet is created and sent when accept is still running and no server socket is created. But I thought socket being listen should share some of it's options with socket created and returned by accept(). – Mikhail Sorokhtin Sep 17 '18 at 22:01
  • Extension Headers is a feature of IPv6 only, but your example is creating an IPv4 socket instead. Are you thinking of IPSec, or maybe E-SEC? Protocols that sit between IP and TCP. Those can't be set using `IP_OPTIONS`. Again, can you **BE SPECIFIC** about what **EXACTLY** you are trying to accomplish? – Remy Lebeau Sep 17 '18 at 22:59

0 Answers0