linux用原始套接字可以分析ip包吗

1. 本文所介绍程序平台

发板：arm9-mini2440

虚拟机：Red Hat Enterprise Linux 5

发板系统内核版本：linux-2.6.32.2

2. 原始套接字概述

通情况程序设计员接触网络知识限于两类：

（1）流式套接字（SOCK_STREAM）种面向连接套接字应于TCP应用程序

（2）数据报套接字（SOCK_DGRAM）种连接套接字应于UDP应用程序

除两种基本套接字外类原始套接字种原始网络报文进行处理套接字

前面几章介绍基础套接字知识流式套接字（SOCK_STREAM）数据报套接字（SOCK_DGRAM）涵盖般应用层TCP/IP应用

原始套接字创建使用与通用套接字创建致套接字类型选项使用另SOCK_RAW使用socket函数进行函数创建完毕候要进行套接字数据格式类型指定设置套接字接收网络数据格式

创建原始套接字使用函数socket第二参数设置SOCK_RAW函数socket()创建原始套接字面代码创建AF_INET协议族原始套接字协议类型protocol

int rawsock = socket(AF_INET, SOCK_RAW, protocol)

注意：超级用户才权利创建套接字否则函数返-1并设置errnoEACCES

protocol参数：量定义in.h>面

IPPROTO_IP = 0, /* Dummy protocol for TCP. */

#define IPPROTO_IP IPPROTO_IP

IPPROTO_HOPOPTS = 0, /* IPv6 Hop-by-Hop options. */

#define IPPROTO_HOPOPTS IPPROTO_HOPOPTS

IPPROTO_ICMP = 1, /* Internet Control Message Protocol. */

#define IPPROTO_ICMP IPPROTO_ICMP

IPPROTO_IGMP = 2, /* Internet Group Management Protocol. */

#define IPPROTO_IGMP IPPROTO_IGMP

IPPROTO_IPIP = 4, /* IPIP tunnels (older KA9Q tunnels use 94). */

#define IPPROTO_IPIP IPPROTO_IPIP

IPPROTO_TCP = 6, /* Transmission Control Protocol. */

#define IPPROTO_TCP IPPROTO_TCP

IPPROTO_EGP = 8, /* Exterior Gateway Protocol. */

#define IPPROTO_EGP IPPROTO_EGP

IPPROTO_PUP = 12, /* PUP protocol. */

#define IPPROTO_PUP IPPROTO_PUP

IPPROTO_UDP = 17, /* User Datagram Protocol. */

#define IPPROTO_UDP IPPROTO_UDP

IPPROTO_IDP = 22, /* XNS IDP protocol. */

#define IPPROTO_IDP IPPROTO_IDP

IPPROTO_TP = 29, /* SO Transport Protocol Class 4. */

#define IPPROTO_TP IPPROTO_TP

IPPROTO_IPV6 = 41, /* IPv6 header. */

#define IPPROTO_IPV6 IPPROTO_IPV6

IPPROTO_ROUTING = 43, /* IPv6 routing header. */

#define IPPROTO_ROUTING IPPROTO_ROUTING

IPPROTO_FRAGMENT = 44, /* IPv6 fragmentation header. */

#define IPPROTO_FRAGMENT IPPROTO_FRAGMENT

IPPROTO_RSVP = 46, /* Reservation Protocol. */

#define IPPROTO_RSVP IPPROTO_RSVP

IPPROTO_GRE = 47, /* General Routing Encapsulation. */

#define IPPROTO_GRE IPPROTO_GRE

IPPROTO_ESP = 50, /* encapsulating security payload. */

#define IPPROTO_ESP IPPROTO_ESP

IPPROTO_AH = 51, /* authentication header. */

#define IPPROTO_AH IPPROTO_AH

IPPROTO_ICMPV6 = 58, /* ICMPv6. */

#define IPPROTO_ICMPV6 IPPROTO_ICMPV6

IPPROTO_NONE = 59, /* IPv6 no next header. */

#define IPPROTO_NONE IPPROTO_NONE

IPPROTO_DSTOPTS = 60, /* IPv6 destination options. */

#define IPPROTO_DSTOPTS IPPROTO_DSTOPTS

IPPROTO_MTP = 92, /* Multicast Transport Protocol. */

#define IPPROTO_MTP IPPROTO_MTP

IPPROTO_ENCAP = 98, /* Encapsulation Header. */

#define IPPROTO_ENCAP IPPROTO_ENCAP

IPPROTO_PIM = 103, /* Protocol Independent Multicast. */

#define IPPROTO_PIM IPPROTO_PIM

IPPROTO_COMP = 108, /* Compression Header Protocol. */

#define IPPROTO_COMP IPPROTO_COMP

IPPROTO_SCTP = 132, /* Stream Control Transmission Protocol. */

#define IPPROTO_SCTP IPPROTO_SCTP

IPPROTO_RAW = 255, /* Raw IP packets. */

#define IPPROTO_RAW IPPROTO_RAW

IPPROTO_MAX

我们常见的就是原始、tcp、udp3种套接字，主要区别: 原始套接字可以读写内核没有处理的IP数据包，而流套接字（就是TCP流）只能读取TCP协议的数据，数据包套接字只能读取UDP协议的数据。因此，如果要访问其他协议发送数据必须使用原始套接字。

---