Raw Sockets

  • Article

Send Feedback

Windows CE-based devices support raw sockets. To enhance security, only privileged applications are allowed to open raw sockets. The TCP/IP service providers may support the SOCK_RAW socket type.

Note   Raw sockets are supported only for IPv4. SOCK_RAW is not supported for IPv6 or any other protocol.

There are two types of such sockets:

  • The first type assumes a known protocol type as written in the IP header. An example of the first type of socket is ICMP.
  • The second type allows any protocol number. An example of the second type would be an experimental protocol that is not supported by the service provider.

If a service provider supports SOCK_RAW sockets for a range of protocols or installs itself over the default raw sockets protocol chain, the provider should set the PFL_HIDDEN flag when calling the WSCInstallProvider function. This flag is prevents the name of the provider from appearing in the query to WSAEnumProtocols. This is useful for the applications that are checking for protocol support.

Providers should set the PFL_Hidden flag while calling the WSCInstallProvider function.

The following rules are applied to the operations over SOCK_RAW sockets:

  • When an application sends a datagram it may or may not include the IP header at the front of the outgoing datagrams depending on the IP_HDRINCL option set for the socket. The IP_HDRINCL option can be set by calling the setsockopt (Windows Sockets) function.

    Note    If the IP_HDRINCL option set for the socket, Windows CE checks the header to ensure that the protocol field is not set to TCP. If it is, then the WSAEPROTONOSUPPORT error code is returned.

  • An application always gets the IP header at the front of each received datagram regardless of the IP_HDRINCL option.

  • Received datagrams are copied into all SOCK_RAW sockets that satisfy the following conditions:

    • The protocol number specified for the socket should match the protocol number in the IP header of the received datagram.
    • If a local IP address is defined for the socket, it should correspond to the destination address as specified in the IP header of the received datagram. An application may specify the local IP address by calling bind functions. If no local IP address is specified for the socket, the datagrams are copied into the socket regardless of the destination IP address in the IP header of the received datagram.
    • If a foreign address is defined for the socket, it should correspond to the source address as specified in the IP header of the received datagram. An application may specify the foreign IP address by calling connect functions. If no foreign IP address is specified for the socket, the datagrams are copied into the socket regardless of the source IP address in the IP header of the received datagram.

It is important to understand that SOCK_RAW sockets may get many unexpected datagrams. For example, a PING program may use SOCK_RAW sockets to send ICMP echo requests. While the application is expecting ICMP echo responses, all other ICMP messages (such as ICMP HOST_UNREACHABLE) may be delivered to this application also. Moreover, if several SOCK_RAW sockets are open on a machine at the same time, the same datagrams may be delivered to all the open sockets. An application must have a mechanism to recognize its datagram and to ignore all others. Such mechanism may include inspecting the received IP header–using unique identifiers in the ICMP header (ProcessID, for example), and so forth.

See Also

Winsock Application Development | Winsock Security

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.