Check out my first novel, midnight's simulacra!
Packet sockets
Packet sockets allow a program to more directly interface with the networking stack than standard Layer 4 Berkeley sockets (e.g. AF_INET + SOCK_STREAM, AF_INET6 + SOCK_DGRAM).
Linux Packet sockets
The SOCK_PACKET socket type is strongly deprecated (see packet(7)), and thus not discussed here.
Socket type | CAP_NET_ADMIN/root required? | Zero-copy? | Layers wholly directly specified | Layers partly directly specified |
---|---|---|---|---|
PACKET_TX_MMAP-enabled PF_PACKET, SOCK_RAW | Y | Y | 2+ | 2+ |
PF_PACKET, SOCK_RAW | Y | N | 2+ | 2+ |
PF_PACKET, SOCK_DGRAM | Y | N | 3+ | 2+ |
PF_INET, SOCK_RAW, IPPROTO_RAW | Y | N | 3+ | 3+ |
IP_HDRINCL-enabled PF_INET, SOCK_RAW
(only one IP protocol per socket when protocol is other than IPPROTO_RAW) |
Y | N | 3+ | 3+ |
PF_INET, SOCK_RAW
(only one IP protocol per socket when protocol is other than IPPROTO_RAW) |
Y | N | 4+ | 3+ |
PF_INET
(only one IP protocol per socket when protocol is other than IPPROTO_RAW, and only certain IP protocols are supported at all) |
Y | N | 5+ | 3+ |
PF_PACKET
As described in packet(7), this is a packet interface at the device level (Layer 2). The protocol field is either an IEEE 802.3 protocol number (found in linux/if_ether.h or ETH_P_ALL in network byte order. The CAP_NET_RAW capability or UID 0 are requisite to open a packet socket. bind(2) can be used to select a single interface to use with the packet socket.
SOCK_RAW
Raw packets including the link-level header.
SOCK_DGRAM
Cooked packets (common, protocol-independent link-layer header in a sockaddr_ll).
AF_INET/AF_INET6
The protocol field restricts the Layer 3 protocols which will be passed to the socket; IPPROTO_RAW can set arbitrary IP protocol values, and thus implies the IP_HDRINCL socket option.
SOCK_RAW
SOCK_PACKET
Obsolete since Linux 2.0.