The HyperNews Linux KHG Discussion Pages

Feedback: What raw sockets are for.

Forum: The Linux Kernel Hackers' Guide
Re: Question What is SOCK_RAW and how do I use it? (arkane)
Keywords: SOCK_RAW socket
Date: Thu, 08 Aug 1996 14:59:11 GMT
From: Cameron MacKinnon <mackin@interlog.com>

Well, there are several types of sockets: TCP and UDP go over the wire formatted as TCP or UDP packets, unix-domain sockets don't generally go over the wire (they're used for interprocess communication). These are some of the built-in socket types that the kernel understands (i.e. it will handle the connection management stuff at the front of each of these packet types). Raw sockets are used to generate/receive packets of a type that the kernel doesn't explicitly support.

An easy example that you're probably familiar with is PING. Ping works by sending out an ICMP (internet control message protocol - another IP protocol distinct from TCP or UDP) echo packet. The kernel has built-in code to respond to echo/ping packets; it has to in order to comply with the TCP/IP spec. It doesn't have code to generate these packets, because it isn't required. So, rather than create another system call with associated code in the kernel to accomplish this, the "ping packet generator" is a program in user space. It formats an ICMP echo packet and sends it out over a SOCK_RAW, waiting for a response. That's why ping runs as set-uid root.