使用原始套接字实现ping操作
目录
IPv4中使用ICMP协议的头结构
ICMP头结构
IPv4头结构
协议字段可设置的选项
使用原始套接字实现ICMP协议,达到网络状态检测目的。
我们经常用ping来判断一个特定的主机是否处于活动状态,并且是否可以通过网络访问到。通过生成一个ICMP回应请求(Echo Request),并将其定向之打算查询的目标主机,便可知道自己是否能成功地访问到那台机器。当然,这样做并不能担保一个套接字客户机能与那个主机上的某个进程顺利地建立连接(远程主机进程套接字也许没有进入监听模式)。
Ping成功,只能证明一件事情:远程主机的网络层可对网络事件作出响应!
//展示如何创建一个特殊的套接字,为了实现ICMP包的收发,以及如何通过IP_OPTIONS套接字选项,来实现记录路由选项
#define WIN32_LEAN_AND_MEAN
#include
#include
#include
#include
#pragma comment(lib,"ws2_32.lib")
#define IP_RECORD_ROUTE 0x7
//IPv4 头结构(默认是20字节)
typedef struct _iphdr
{
unsigned int h_len : 4; //报头长度 4byte
unsigned int version : 4; //版本 4byte
unsigned char tos; //服务类型 8byte
unsigned short totol_len; //总长度 16byte
unsigned short ident; //唯一标识 16byte
unsigned short ftag_and_flags; //标志+片偏移 16byte
unsigned char ttl; //生存周期 8byte
unsigned char proto; //协议(TCP、UDP,etc...) 8byte
unsigned short checksum; //头部检验和 16byte
unsigned int sourceIP; //源IP地址
unsigned int destIP; //目的IP地址
}IPHeader;
//#define ICMP_ECHO 8
#define ICMP_ECHO 8
#define ICMP_ECHOREPLY 0
#define ICMP_MIN 8 //ICMP结构最小就是8字节(type+code+校验和)
//ICMP头结构
typedef struct _icmphdr
{
BYTE i_type; //8位ICMP消息类型,可分为查询或错误两类
BYTE i_code; //8位根据消息类型具体定义的类型
USHORT i_cksum; //16位的校验和,对ICMP头内容的一个补余求和
USHORT i_id;
USHORT i_seq;
ULONG timestamp; //this is not the standard header,but we reserve space for time
}ICMPHeader;
//IP option header--user with socket option IP_OPTIONS
typedef struct _ipoptionhdr
{
unsigned char code; //option type
unsigned char len; //length of option hdr
unsigned char ptr; //offset into options
unsigned long addr[9]; //List of IP addrs
}IpOptionHeader;
//默认情况下windows的ping发送的数据包的大小为32byte,最大能够发送65500byte
#define DEF_PAKCET_SIZE 32 //default packet size
#define MAX_PACKET 1024 //max icmp packet size
#define MAX_IP_HDR_SIZE 60 //IPv4头部如果是带选项的,那么头部大小就是20+40=60字节
//填充ICMP请求的各种字段
void FillICMPData(char* icmp_data, int datasize)
{
ICMPHeader *icmp_hdr = NULL;
char *datapart = NULL;
icmp_hdr = (ICMPHeader*)icmp_data;
icmp_hdr->i_type = ICMP_ECHO; //icmp消息类型为查询消息
icmp_hdr->i_code = ICMP_ECHOREPLY; //code为回应回复
icmp_hdr->i_cksum = 0;
icmp_hdr->i_id = (USHORT)GetCurrentProcessId(); //用以标识只接受当前进程发出的ICMP查询回复消息
icmp_hdr->i_seq = 0; //发出的ICMP消息的序号
datapart = icmp_data + sizeof(ICMPHeader);
//ICMP数据部分默认设置数据
memset(datapart, 'E', datasize - sizeof(ICMPHeader));
}
//计算ICMP头部的校验和字段
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum = 0;
while (size > 1)
{
cksum += *buffer++;
size -= sizeof(USHORT);
}
if (size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16);
return (USHORT)(~cksum);
}
//IPv4数据包中的IPv4选项结构(如果使用路由选项那么就是存放的达到主机所经过的路由IP)
void DecodeIPOptions(char *buf, int bytes)
{
IpOptionHeader *ipopt = NULL;
IN_ADDR inaddr;
int i;
HOSTENT *host = NULL;
ipopt = (IpOptionHeader*)(buf + 20);
printf("RR: ");
for (i = 0; i < (ipopt->ptr / 4) - 1; i++)
{
inaddr.S_un.S_addr = ipopt->addr[i];
if (i != 0)
printf(" ");
host = gethostbyaddr((char*)&inaddr.S_un.S_addr, sizeof(inaddr.S_un.S_addr), AF_INET);
if (host)
printf("(%-15s)%s\n", inet_ntoa(inaddr), host->h_name);
else
printf("(%-15s)\n", inet_ntoa(inaddr));
}
}
void DecodeICMPHeader(char* buf, int bytes,struct sockaddr_in *from)
{
IPHeader *iphdr = NULL;
ICMPHeader *icmphdr = NULL;
unsigned short iphdrlen;
DWORD tick;
static int icmpcount = 0;
iphdr = (IPHeader*)buf;
//将IPv4首部长度字段乘以4得出IPv4首部以字节为单位的大小
iphdrlen = iphdr->h_len * 4; //IP头结构一行是4字节,共有5行,所以一共有20字节
tick = GetTickCount(); //返回系统启动以来经过的毫秒数,如果系统运行超过49.7天后将归0
if(iphdrlen == MAX_IP_HDR_SIZE && (!icmpcount)) //看有没有IPv4选项
DecodeIPOptions(buf, bytes);
//如果接收的数据包小于IP头部+最小ICMP结构,那么就是有问题的
if (bytes < iphdrlen + ICMP_MIN)
{
printf("Too few bytes from %s\n", inet_ntoa(from->sin_addr));
}
//icmp报文在IP报文的结构中的位置为:IP的头部大小+接收到的数据的大小之后的位置,就是icmp头指针的位置
icmphdr = (ICMPHeader*)(buf + iphdrlen);
if (icmphdr->i_type != ICMP_ECHOREPLY)
{
printf("nonecho! type:%d\tcode=%d\n", icmphdr->i_type,icmphdr->i_code);
return;
}
if (icmphdr->i_id != (USHORT)GetCurrentProcessId())
{
printf("someont else's packet!\n");
return;
}
printf("%d bytes from %s,", bytes, inet_ntoa(from->sin_addr));
printf("icmp_seq = %d,", icmphdr->i_seq);
printf("time:%d ms\n", tick - icmphdr->timestamp);
icmpcount++;
}
/*
GetLastError() //返回调用线程的最后错误代码
WSAGetLastError() //返回此线程最后一次失败的Windows套接字错误的代码
*/
int main(int argc, char** argv)
{
WSADATA wsaData;
SOCKET sockRaw = INVALID_SOCKET;
struct sockaddr_in dest, from;
int bread, fromlen = sizeof(from), timeout = 1000, ret;
char *icmp_data = NULL, *recvbuf = NULL;
unsigned int addr = 0;
USHORT seq_no = 0;
struct hostent *hp = NULL;
IpOptionHeader ipopt;
int datasize = DEF_PAKCET_SIZE;
//char* ipdest = "172.18.101.121";
char* ipdest = "192.168.18.128";
//char* ipdest = "192.168.0.107";
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
{
printf("WSAStartup() failed:%d\n", GetLastError());
system("pause");
return -1;
}
sockRaw = WSASocket(AF_INET, SOCK_RAW, IPPROTO_ICMP, NULL, 0, WSA_FLAG_OVERLAPPED);
if (sockRaw == INVALID_SOCKET)
{
printf("WSASocket() failed:%d\n", GetLastError());
system("pause");
return -1;
}
//是否使用路由
BOOL bRecordRoute = TRUE;
if (bRecordRoute)
{
// Setup the IP option header to go out on every ICMP packet
memset(&ipopt, 0, sizeof(ipopt));
ipopt.code = IP_RECORD_ROUTE; // Record route option
ipopt.ptr = 4; // Point to the first addr offset
ipopt.len = 39; // Length of option header
//使用IP_OPTIONS套接字选项,使用了记录路由IP选项,当我们的ICMP包抵达路由器时,它的IP地址便能自动添加到IP选项头内
//具体插入位置取决于事先在IP选项内设好的偏移量字段,每次遇到一个路由器向其中加入自己的IP地址时,这个偏移量距离都会
//自动递增4(因为IPv4地址的长度就是4字节)
ret = setsockopt(sockRaw, IPPROTO_IP, IP_OPTIONS, (char *)&ipopt, sizeof(ipopt));
if (ret == SOCKET_ERROR)
{
printf("setsockopt(IP_OPTIONS) failed: %d \n", WSAGetLastError());
system("pause");
return -1;
}
}
bread = setsockopt(sockRaw, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout, sizeof(timeout));
if (bread == SOCKET_ERROR)
{
printf("setsocketopt(SO_RECVTIMEO) failed:%d\n",WSAGetLastError());
system("pause");
return -1;
}
timeout = 1000;
bread = setsockopt(sockRaw, SOL_SOCKET, SO_SNDTIMEO, (char*)&timeout, sizeof(timeout));
if (bread == SOCKET_ERROR)
{
printf("setsockopt(SO_SNDTIMEO) failed:%d\n",WSAGetLastError());
system("pause");
return -1;
}
//设置访问的目的主机
memset(&dest, 0, sizeof(dest));
dest.sin_family = AF_INET;
if ((dest.sin_addr.S_un.S_addr = inet_addr(ipdest)) == INADDR_NONE)
{
if ((hp = gethostbyname(ipdest)) != NULL)
{
memcpy(&(dest.sin_addr),hp->h_addr, hp->h_length);
dest.sin_family = hp->h_addrtype;
printf("dest.sin_addr=%s\n",inet_ntoa(dest.sin_addr));
}
else
{
printf("gethostbyname() failed:%d\n",WSAGetLastError());
return -1;
}
}
//创建ICMP packet
datasize += sizeof(ICMPHeader);
//从堆中分配一块内存
//第一个参数:将分配的内存的堆的句柄
//第二个参数:分配的内存置为0
icmp_data = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, MAX_PACKET);
recvbuf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, MAX_PACKET);
if (icmp_data == NULL)
{
printf("HeapAlloc() failed:%d\n",GetLastError());
system("pause");
return -1;
}
memset(icmp_data, 0, MAX_PACKET);
//构造发出请求的ICMP数据包(主要是type和code两个参数)
FillICMPData(icmp_data, datasize);
//开始发送/接收 ICMP packets
while (1)
{
static int nCount = 0;
int bwrote;
//默认发送4次
if (nCount++ == 4)
break;
((ICMPHeader*)icmp_data)->i_cksum = 0;
((ICMPHeader*)icmp_data)->timestamp = GetTickCount();
((ICMPHeader*)icmp_data)->i_seq = seq_no++;
//检验和必须计算的正确,如果检验和错误,直接发送失败
((ICMPHeader*)icmp_data)->i_cksum = checksum((USHORT*)icmp_data, datasize);
bwrote = sendto(sockRaw, icmp_data, datasize, 0, (struct sockaddr*)&dest, sizeof(dest));
if (bwrote == SOCKET_ERROR)
{
if (WSAGetLastError() == WSAETIMEDOUT)
{
printf("timed out\n");
continue;
}
printf("sendto() failed:%d\n",WSAGetLastError());
system("pause");
return -1;
}
if (bwrote < datasize)
{
printf("wrote %d bytes\n",bwrote);
}
//收到的一个IPv4数据包(IP头+ICMP数据包)
bread = recvfrom(sockRaw, recvbuf, MAX_PACKET, 0, (struct sockaddr*)&from, &fromlen);
if (bread == SOCKET_ERROR)
{
if (WSAGetLastError() == WSAETIMEDOUT)
{
printf("timed out\n");
continue;
}
printf("recvfrom() failed:%d\n",WSAGetLastError());
system("pause");
return -1;
}
DecodeICMPHeader(recvbuf, bread, &from);
Sleep(1000);
}
HeapFree(GetProcessHeap(), 0, recvbuf);
HeapFree(GetProcessHeap(), 0, icmp_data);
closesocket(sockRaw);
WSACleanup();
system("pause");
return 0;
} IPv4中使用ICMP协议的头结构
ICMP头结构
Internet控制消息协议(ICMP)是便于不同主机间传递简单消息的一种机制。大多数ICMP消息都用于判断主机间通信时发生的一些错误,而其他的ICMP消息用于对主机的查询。
ICMP协议采用的是IP地址机制,ICMP消息本身就是封装在IP数据报内的一种协议。
ICMP协议是IP协议的重要补充,主要用于检测网络的连接
| 8位ICMP类型 |
8位ICMP代码 |
16位ICMP检验和 |
| ICMP具体内容(取决于类型和代码) |
||
IPv4头结构
版本:通常是4
头长度:头长度是指32位字节一共有多少个(或者说有多少行)
服务类型(type of service,tos):可参考IP_TOS套接字选项
总长度:IP头+数据总长度字节
id:一个独一无二值,对发出的每个IP包唯一性的标定,通常进行递增这个值
标志和分段偏移字段:仅在IP包需要分割为较小的包时才会用到
生存周期(Time to live,ttl):用于限制数据包最多可穿越多少个路由器。每遇到一个路由器对这个包进行转发的时候,TTL的值都会递减1,。一旦TTL变为0,便会将这个包丢弃。
协议:协议字段用于对进入的数据包组装。采用了IP定址机制到的某些有效协议包括TCP,UDP,IGMP,ICMP等
校验和:对整个IP头进行16位1的求余总和结果。注意:仅针对头进行,不针对实际的数据。
源IP地址:
目标IP地址:
IP选项:该字段是一个长度不定的字段,包含了某些可选的信息,通常与IP安全或路由选择有关。
协议字段可设置的选项
