Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Raw Sockets - IP-Encapsulation

135 views
Skip to first unread message

Matthias Guentert

unread,
Sep 23, 2010, 3:41:19 PM9/23/10
to pytho...@python.org
Hello list members

I would like to create an IP tunnel using the IP protocol type 4
(socket.IPPROTO_IPIP) on a Linux host. (I also would be happy if I
could create a GRE tunnel)

The thing is, I just don't understand how I such a socket could be
created and then later on handled.

Regarding to help(socket.socke()) the constructor looks like this:

| socket([family[, type[, proto]]]) -> socket object
|
| Open a socket of the given type. The family argument specifies the
| address family; it defaults to AF_INET. The type argument specifies
| whether this is a stream (SOCK_STREAM, this is the default)
| or datagram (SOCK_DGRAM) socket. The protocol argument defaults to 0,
| specifying the default protocol. Keyword arguments are accepted.

This means to create a simple UDP socket I can do the following where
the last argument is optional.

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_IP)

So to create an IP-Encapsulation socket I would have to do this:

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_IPIP)

or for GRE this.

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_GRE)

But how can I now set the fields? How do I really encapsulate other
data (=sockets?)? Do I need a Raw socket at all? Or should this work
somehow like the following to encapsulate UDP payload?

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_IPIP)

I really would be happy if someone could help me with this and even
better could provide some examples on the usage.

Thanks in advance, Matthias

Matthias Guentert

unread,
Sep 24, 2010, 4:38:56 AM9/24/10
to pytho...@python.org

Nobody

unread,
Sep 24, 2010, 11:51:01 AM9/24/10
to
On Thu, 23 Sep 2010 21:41:19 +0200, Matthias Guentert wrote:

> I would like to create an IP tunnel using the IP protocol type 4
> (socket.IPPROTO_IPIP) on a Linux host. (I also would be happy if I
> could create a GRE tunnel)
>
> The thing is, I just don't understand how I such a socket could be
> created and then later on handled.

You don't create sockets for IPPROTO_IPIP or IPPROTO_GRE.
Outside of the kernel, those identifiers are only likely to be used for
specifying protocols when e.g. configuring packet filtering.

Tunnelling only involves user-space for configuration. Once a tunnel has
been configured, it's just a networking interface, and any traffic is
handled by the kernel.

Tunnel interfaces are manipulated using the ioctl()s in linux/if_tunnel.h.
Refer to the iproute2 source code for clues.

If for some reason you wanted perform the encapsulation or decapsulation
yourself, you would need to create a packet socket.

Alexander Gattin

unread,
Sep 27, 2010, 10:28:29 AM9/27/10
to Nobody, pytho...@python.org
Hello,

On Fri, Sep 24, 2010 at 04:51:01PM +0100, Nobody
wrote:


> On Thu, 23 Sep 2010 21:41:19 +0200, Matthias
> Guentert wrote:
> > I would like to create an IP tunnel using the
> > IP protocol type 4 (socket.IPPROTO_IPIP) on a
> > Linux host. (I also would be happy if I could
> > create a GRE tunnel)
> >
> > The thing is, I just don't understand how I
> > such a socket could be created and then later
> > on handled.
>
> You don't create sockets for IPPROTO_IPIP or
> IPPROTO_GRE. Outside of the kernel, those
> identifiers are only likely to be used for
> specifying protocols when e.g. configuring
> packet filtering.
>
> Tunnelling only involves user-space for
> configuration.

For GRE/IPIP this is true, but with /dev/tun
and /dev/tap tunnels it isn't -- userspace
program actually reads from/writes to tun/tap
device file descriptor.

--
With best regards,
xrgtn

0 new messages