Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    TCP raw socket - Kernel replies first


    I'm a linux newbie. I have created a Python script that creates a raw socket on Suse 9.3. The script waits to receive a TCP SYN packet from the network. Once this is received, it sends out a SYN ACK. The script seems to work fine but unfortunately, the Linux kernel sends out a RST ACK before the Python script can send out the SYN ACK.

    I have tried enabling/disabling the firewall but unfortunately that didn't work. Can anyone point me in the right direction as to why kernel is processing the packet before the Python script?

    Any help is much appreciated. Thanks.

  2. #2
    For those interested, it seems that incoming packets will always be passed through the kernels IP stack before being passed to a RAW socket for processing.

    Essentially you need to configure the Linux firewall to somehow send the packets directly to the listening application/script. I'm sure this is possible but I didn't have trime to do it. I tried to configuring iptables rules but, unfortunately I couldn't find a solution.

    I managed to stumble across "divert sockets". These sockets allow you to divert incoming packets away from the kernels IP stack, directly to a listening program. They require the firewall to be configured with a rule for the specific port(s) that will cause a divert to the program. Divert sockets require an update to the kernel code. This can be done on Suse Linux.

    These divert sockets are actually available as a FreeBSD port, which is what I used in the end. They proved to be very handy. One firewall rule and a change to the socket type and it worked!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts