advanced.html

SDK FAQ集

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html lang="en">

<head>

<title>Winsock Programmer's FAQ: Advanced Winsock Issues</title>

<link rel="Stylesheet" type="text/css" href="./faq.css">

</head>

<body bgcolor="#ffffee" text="#000000" link="#491e00" vlink="#7d2e01" alink="#da7417">


<!--  ---- Header Bar ----  -->

<table border="0" width="95%" bgcolor="#006000" cellpadding="5" cellspacing="3" align="center">
	<tr>
		<td align="left" bgcolor="#e0e0c0">
			<font size="2" face=Verdana,Arial,Helvetica>
				<b><a href="intermediate.html">&lt;&lt;</a></b>
			</font>
		</td>


		<td align="center">
			<font face=Verdana,Arial,Helvetica color="#ffffee">
				<p align=center class=bigger3><b>
				Winsock Programmer's FAQ<br>
				Section 4: Advanced Winsock Issues<br>
				</b></p>
			</font>	
		</td>

		<td align="right" bgcolor="#e0e0c0">
			<font size="2" face=Verdana,Arial,Helvetica>
				<b><a href="resources/index.html">&gt;&gt;</a></b>
			</font>
		</td>
	</tr>
</table>


<!--  ---- Body Table ----  -->

<table width="95%" border="0" cellpadding="10">
	<tr valign="top">
		<td>



<a name="rawsocket"></a>
<h5>4.1 - How can I open a raw data socket?</h5>

<p>Under Winsock 1.1, the SOCK_RAW socket type is optional. Some of
the non-Microsoft stacks implemented it, but these implementations are
increasingly hard to find. SOCK_RAW in Winsock 1.1 is also problematic
because the Winsock spec's writers did not try to rigorously define
what we should expect from a SOCK_RAW implementation.</p>

<p>The Winsock 2 spec gives more details about raw sockets,
and Microsoft's Winsock 2 stacks do implement some types of raw
sockets. Windows 2000 has by far the best implementation of raw
sockets; details below.</p>

<p>On all other platforms, raw socket support is fairly sparse:
Microsoft only supports raw IGMP and ICMP sockets on these platforms.
The latter allows you to <a href="examples/rawping.html">send "ping"
packets</a> in a standard way. These stacks <i>do not</i> support
raw IP or "packet capturing" from the Winsock layer. (See the next two
questions for information on <a href="#pktcapture">capturing packets</a>
and <a href="#pktheader">changing packet headers</a>.)</p>

<p>If you really must have complete raw sockets support and can't use
Windows 2000, you might think about a platform change. Most flavors of
Unix (including the free BSD flavors and Linux) have good raw socket
support.</p>

<p>Available raw sockets support in Microsoft stacks:</p>

<table align=center border=0 cellspacing=0 cellpadding=5>
	<tr align=center bgcolor="#FBFDB0">
		<td>&nbsp;</td>
		<td><b>Winsock 1.1<br>(all platforms)</b></td>
		<td><b>Win9x with<br>Winsock 2</b></td>
		<td><b>WinNT 4.0</b></td>
		<td><b>Windows 2000</b></td>
	</tr>

	<tr align=center>
		<td bgcolor="#FBFDB0"><b>Raw I[CG]MP</b></td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">Yes</td>
		<td bgcolor="#F4D7AA">Yes</td>
		<td bgcolor="#F4D7AA">Yes</td>
	</tr>

	<tr align=center>
		<td bgcolor="#FBFDB0"><b>IP_HDRINCL</b></td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">Yes</td>
	</tr>

	<tr align=center>
		<td bgcolor="#FBFDB0"><b>Raw TCP/UDP</b></td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">No</td>
		<td bgcolor="#F4D7AA">No</td>
	</tr>

	<tr align=center>
		<td><img src="./bitmaps/dot-clear.gif" alt="" width=100 height=1></td>
		<td><img src="./bitmaps/dot-clear.gif" alt="" width=100 height=1></td>
		<td><img src="./bitmaps/dot-clear.gif" alt="" width=100 height=1></td>
		<td><img src="./bitmaps/dot-clear.gif" alt="" width=100 height=1></td>
		<td><img src="./bitmaps/dot-clear.gif" alt="" width=100 height=1></td>
	</tr>
</table>

<p>Notice that raw TCP and UDP aren't possible directly under Winsock 2.
Instead, you must use IP_HDRINCL (a.k.a. raw IP) and build your own IP
<i>and</i> TCP or UDP headers.</p>




<a name="pktcapture"></a>
<h5>4.2 - How can I capture packets on a LAN with Winsock?</h5>


<p>You cannot. Winsock (at least as implemented by Microsoft) does not
allow promiscuous IP packet captures.</p>

<p>So how do Ethernet analyzers work, you ask? They talk straight to the
Transport Data Interface (TDI) or Network Device Interface Specification
(NDIS) layer. The TDI layer is just above the system's NDIS (network
driver) layer. Some of the Windows packet sniffers in the FAQ's <a
href="resources/debugging.html">debugging resources section</a> include
source, which you could pick apart to figure out how this works.</p>

<p><a href="http://www.pcausa.com/">PCAUSA</a> sells a package
that is supposed to make writing to the TDI and NDIS layers
easier. I have, however, not tried this product. They also have <a
href="http://www.pcausa.com/resources/">several FAQs</a> that talk
about various low-level network stack access methods. These FAQs also
point you to various bits of sample code, most of it from Microsoft's
various DDKs.</p>

<p>If all you want is a way to help you debug your Winsock program by
showing you what is happening on the network, the Resources section
mentioned above has links to many capable network sniffers and other
debugging tools.</p>





<a name="pktheader"></a>
<h5>4.3 - How can I change the IP or TCP header of a packet?</h5>

<p>That's only possible under Windows 2000 with Winsock, at this time.
A few IP header fields can be set with <code>setsockopt()</code> and/or
<code>ioctlsocket()</code>. One such field is TTL.</p>

<p>If that is not enough control for your application, you will have to
resort to lower-level techniques. One of these is to add a layer to the
network stack with Winsock 2's Layered Service Provider mechanism. That
mechanism is not covered in this FAQ, but there is some useful code
and documentation on the <a href="http://msdn.microsoft.com/">MSDN</a>
site and disks.</p>

<p>Another option is to do raw data I/O using the Transport
Data Interface (TDI) or the Network Driver Interface
Specification (NDIS). Further information is available in <a
href="http://www.pcausa.com/resources/">PCAUSA's FAQs</a>.</p>

<p>Also, don't rule out the option of building your application on a
platform that <i>does</i> have easy access to the packet headers. Most
Unix flavors (including Linux) offer copious tools for low-level network
I/O. For information on raw network programming on Unixlike platforms,
see Thamer Al-Herbish's <a href=" http://www.whitefang.com/rin/">Raw IP
Networking FAQ</a>.</p>





<a name="ping"></a>
<h5>4.4 - How can I "ping" another machine with Winsock?</h5>

<p>The "official" method uses the IPPROTO_ICMP raw socket type defined
by Winsock 2. All of Microsoft's Winsock 2 stacks support this. I suspect
that this also works on some non-Microsoft Winsock 1.1 stacks, but I don't
personally know of any such success. <a href="examples/rawping.html">[C++
example]</a></p>

<p>The other method uses ICMP.DLL, which is an extension specific to
Microsoft stacks. Though it works on all Windows systems as of this
writing, Microsoft discourages its use in the strongest terms possible,
claiming that the API will disappear as soon as a better method
exists. (It hasn't actually happened yet, despite several years of
threats. :) ) ICMP.DLL's main advantage is that it works under Winsock
1.1. It is, however, less flexible than the raw sockets method. <a
href="examples/dllping.html">[C++ example]</a></p>

<p>I want to point out that many programs misuse ping. Naturally it has
good uses, but it's a sign of a broken program or protocol if you find
yourself resorting to regular use of ping packets. For example, I'm
always seeing people ask about pinging when what they really want is to
<a href="newbie.html#abnormalclose">detect dropped connections</a>.</p>





<a name="fdpass"></a>
<h5>4.5 - How do I pass a socket from one process to another?</h5>

<p>This is not possible under Winsock 1.1, because it wasn't considered
sufficiently important at the time the spec was created.</p>

<p>Winsock 2 provides support for this through the
<code>WSADuplicateSocket()</code> facility. The spec describes this
method in detail, including some example code. Another interesting
source of information about this is Microsoft Knowledge Base article
<a href="http://support.microsoft.com/support/kb/articles/q150/5/23.asp">Q150523</a>, which describes how socket inheritance differs
between the various flavors of Windows.</p>

<p>Another fun feature of the Win32 API is that it allows you to give a
new process different "standard handles" (stdin, stdout and stderr) when
you create it. Article <a href="http://support.microsoft.com/support/kb/articles/q190/3/51.asp">Q190351</a> in the Microsoft Knowledge
Base addresses this. Note that this feature only allows you to do this
with a child process; you can't redirect your own standard I/O handles
to a socket. Also, the item notes that some processes may behave stangely
when you do this to them. Clearly, this functionality is not as powerful
as the Unix world's <code>dup2()</code> system call.</p>





<a name="dllsockets"></a>
<h5>4.6 - Is it possible to create sockets that map to a DLL rather than an application?</h5>

<p>Under Windows, a DLL's data is actually owned by the application
that loads the DLL. If you need the DLL to own a single socket no matter
how many processes load the DLL, you need to create a "helper process"
which will perform all Winsock operations on behalf of the DLL. Naturally
you'll need some kind of interprocess communication channel between the
DLL and the helper process.</p>

<p>Note that this issue only matters if you're using a DLL to let multiple
processes share a socket. If you only have one process using the DLL,
or if it's okay for each process to remain ignorant of the other processes
using the DLL, this issue won't matter to you.</p>





<a name="snmp"></a>
<h5>4.7 - How can I get access to the {route, ARP, interface, etc.} table?</h5>

<p>Stas Khirman and Raz Galili have written a <a
href="http://www.caip.rutgers.edu/~arni/ws2/stas.htm">great tutorial</a>
on the art of using the poorly-documented SNMP API. This API allows
you to access many "hidden" parts of the Windows networking subsystem,
including the network interface list, the route and ARP tables, the list
of connected network sockets, your Ethernet cards' hardware addresses,
etc.</p>





<a name="macaddr"></a>
<h5>4.8 - How do I get the MAC (a.k.a. hardware) address of the local Ethernet adapter?</h5>

<p>This FAQ has example code for two methods, both of which are somewhat
kludgey. The <a href="examples/getmac-netbios.html">first method</a>
involves asking the NetBIOS API for the adapter addresses. The primary
problem with this method is that it sometimes fails, depending on