C语言 为什么我不能在 Ubuntu 中创建原始套接字?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6826407/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why I cant create raw socket in Ubuntu?
提问by Enchantner
I'm learning how to work with raw sockets in Linux. I'm trying to create a socket like that:
我正在学习如何在 Linux 中使用原始套接字。我正在尝试创建一个这样的套接字:
if ((sd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) {
perror("socket() failed");
exit(-1);
}
But all I got after launch is:
但我在发布后得到的只是:
socket() failed: Operation not permitted
socket() 失败:不允许操作
I know that only root can create raw sockets, but if I run it with SUID bit or sudo - the problem is the same. What's wrong? The system is Ubuntu 11.04.
我知道只有 root 可以创建原始套接字,但是如果我使用 SUID 位或 sudo 运行它 - 问题是一样的。怎么了?系统是 Ubuntu 11.04。
Maybe I'm including needless headers?
也许我包含了不必要的标题?
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>
#include <sys/time.h>
#include <signal.h>
#include <unistd.h>
And I'm wondering - why SUID is useless?
我想知道 - 为什么 SUID 没用?
回答by NPE
My money on you not running your code correctly.
我的钱是你没有正确运行你的代码。
I've copied and pasted your exact code into an empty main(). I get the same error if I run it as myself, but it runs correctly under sudo. This is on Ubuntu.
我已将您的确切代码复制并粘贴到一个空的main(). 如果我自己运行它,我会得到同样的错误,但它在sudo. 这是在 Ubuntu 上。
The code:
编码:
#include <sys/socket.h>
#include <netinet/in.h>
int main()
{
int sd;
if ((sd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) {
perror("socket() failed");
return -1;
}
return 0;
}
Run as myself:
以我自己的身份运行:
aix@aix:~$ ./a.out
socket() failed: Operation not permitted
aix@aix:~$
Run as root:
以 root 身份运行:
aix@aix:~$ sudo ./a.out
aix@aix:~$
回答by tvn
according to man: Only processes with an effective user ID of 0 or the CAP_NET_RAW capability are allowed to open raw sockets
根据 man:只有有效用户 ID 为 0 或 CAP_NET_RAW 能力的进程才允许打开原始套接字
So you could run you application with sudo as was suggested below or set CAP_NET_RAW capability to it (actually you'll need CAP_NET_ADMIN too):
因此,您可以按照下面的建议使用 sudo 运行您的应用程序,或者为其设置 CAP_NET_RAW 功能(实际上您也需要 CAP_NET_ADMIN):
# setcap cap_net_raw,cap_net_admin=eip PATH_TO_YOUR_APPLICATION
Details could be found at http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt
详细信息可以在http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt找到
回答by Manoj Rana
Header will not affect it in anyway.
标题无论如何都不会影响它。
Even if you would be adding some more unnecessary files it will not affect the working of the program.
即使您要添加更多不必要的文件,它也不会影响程序的工作。
