Login/Register
set socket option is why so important for a socket (IP_HDRINCL) In ICMP request?
Asked Answered
Solved csocketskernelicmpsetsockopt
G

1

6

I am new to socket programming

I saw a ICMP request program , in that they used setsockopt to a socket

int on = 1;

setsockopt(s, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on))

but even if I do not use this statement, the program runs correctly. Why is it so important to mention to the kernel this socket including the IP structure?

Gwenore answered 1/3, 2014 at 16:19 Comment(0)
S
11

The IP_HDRINCL option does the following (from the man page):

The IPv4 layer generates an IP header when sending a packet unless the IP_HDRINCL socket option is enabled on the socket. When it is enabled, the packet must contain an IP header. For receiving the IP header is always included in the packet.

Presumably your program is constructing an IP header. If you remove this option, it will use the kernel's IP header. Whether that 'works' or not depends on what your program does. Perhaps under some circumstances it wants to customise the IP header and with this removed that will not work.

If you post the rest of the program or tell us a bit about it, we might be able to help.

Swath answered 1/3, 2014 at 16:29 Comment(4)
www.lainoox.com/tag/icmp-echo-request/‎Gwenore
That gives me a 404, but things issuing icmp echo requests often what to set TTL and DF in the IP header (apart from other things), all of which require the header to be written manually.Swath
but when i see it in wireshark the TTL and DF is 255 and 0 accordingly (because maybe the default TTL and DF will work for my case )and try the URL in google or simply remove the last backslash in it,Gwenore
The link you posted is for a smurf attack. This works by setting the source address to the IP address of the victim (source address spoofing), as the repliers will send packets back to that address, amplifying the attack. Removing the socket option concerned will mean that the source address is set to the source address of the egress interface on the attacker's own host (i.e. stop the source address spoofing working), which will have the effect of making the attacker attack himself rather than the victim - on many views a good outcome.Swath

© 2022 - 2024 — McMap. All rights reserved.