In the Previous article (Link here), we looked at how Raw sockets are invoked and how Raw sockets allow an application to directly access lower layer protocols or create it’s own L4 protocol on top of the IP layer.
What does the above statement mean? We look at a diagram below (taken from the book “The Linux Programming Interface”) which will shed more light on the use of RAW sockets.
Fig Courtesy: The Linux Programming Interface – Michael Kerrisk
The raw socket as seen in the image above allows the application to skip the L4 protocol Layer. If IPPROTO_TCP is placed as the protocol in the socket API invocation for a RAW socket, then it is as good as handling the TCP layer from the application. Similarly, if IPPROTO_UDP is used as the protocol, the headers and features of the UDP protocol can be controlled by the application.
So in essence, RAW sockets provide a developer to create their own L4 layer protocol. Since the Protocol number for RAW socket is between 1-255 and some of the protocol numbers are not filled, the kernel will forward the packets via RAW socket to higher layers if the application so desires it.
In the coming articles, we will try and understand how raw sockets can be used to modify L4 or lower layer headers in application space.
Pingback: Raw sockets – an Introduction | Hitch Hiker's Guide to Learning