Raw Sockets - IP-Encapsulation

M

Matthias Guentert

Hello list members

I would like to create an IP tunnel using the IP protocol type 4
(socket.IPPROTO_IPIP) on a Linux host. (I also would be happy if I
could create a GRE tunnel)

The thing is, I just don't understand how I such a socket could be
created and then later on handled.

Regarding to help(socket.socke()) the constructor looks like this:

| socket([family[, type[, proto]]]) -> socket object
|
| Open a socket of the given type. The family argument specifies the
| address family; it defaults to AF_INET. The type argument specifies
| whether this is a stream (SOCK_STREAM, this is the default)
| or datagram (SOCK_DGRAM) socket. The protocol argument defaults to 0,
| specifying the default protocol. Keyword arguments are accepted.

This means to create a simple UDP socket I can do the following where
the last argument is optional.

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_IP)

So to create an IP-Encapsulation socket I would have to do this:

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IPIP)

or for GRE this.

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_GRE)

But how can I now set the fields? How do I really encapsulate other
data (=sockets?)? Do I need a Raw socket at all? Or should this work
somehow like the following to encapsulate UDP payload?

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_IPIP)

I really would be happy if someone could help me with this and even
better could provide some examples on the usage.

Thanks in advance, Matthias
 
N

Nobody

I would like to create an IP tunnel using the IP protocol type 4
(socket.IPPROTO_IPIP) on a Linux host. (I also would be happy if I
could create a GRE tunnel)

The thing is, I just don't understand how I such a socket could be
created and then later on handled.

You don't create sockets for IPPROTO_IPIP or IPPROTO_GRE.
Outside of the kernel, those identifiers are only likely to be used for
specifying protocols when e.g. configuring packet filtering.

Tunnelling only involves user-space for configuration. Once a tunnel has
been configured, it's just a networking interface, and any traffic is
handled by the kernel.

Tunnel interfaces are manipulated using the ioctl()s in linux/if_tunnel.h.
Refer to the iproute2 source code for clues.

If for some reason you wanted perform the encapsulation or decapsulation
yourself, you would need to create a packet socket.
 
A

Alexander Gattin

Hello,

You don't create sockets for IPPROTO_IPIP or
IPPROTO_GRE. Outside of the kernel, those
identifiers are only likely to be used for
specifying protocols when e.g. configuring
packet filtering.

Tunnelling only involves user-space for
configuration.

For GRE/IPIP this is true, but with /dev/tun
and /dev/tap tunnels it isn't -- userspace
program actually reads from/writes to tun/tap
device file descriptor.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,967
Messages
2,570,148
Members
46,694
Latest member
LetaCadwal

Latest Threads

Top