raw sockets and UDP broadcast : a strange phenomenon

Hello,

I noticed something which seems to me strange regarding
raw sockets and broadcasts:

I ran a short program which created a simple raw socket with
UDP protocol. It achieves this by calling:
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);

(full code is below, it is a very short program)
Then I called recv(), I noticed that I get many packets.
Looking in a sniffer, and using IP_PKTINFO socket option, I found out
that
the packets I get are broadcast UDP packets.
When I change the protocol type to other types instead of UDP, for
example IPPROTO_IP/
IPPROTO_ICMP/IPPROTO_RAW, by:
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
or
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
or
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
I don't see traffic **at all**. I mean recv() does not get any
packets.

Looking further into the sniff, I see that these broadcasts are
for example from a DHCP daemon. (bootstrap protocol).
What I don't understand is why at all these packets are received
by recv() of a raw packet (even if the protocol is IPPROTO_UDP)?
these packets, which I see in the sniffer, are, as far as I
understand, UDP broadcast packets,
and have **nothing** to do with raw packets at all!

Any ideas?
Here is the full short program:
// raw_server.c

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/socket.h>
#include <sys/poll.h>
#include <netinet/icmp6.h>
#include <netinet/ip_icmp.h>
#include <netinet/in.h>
#include <netinet/ip6.h>
#include <netdb.h>
#include <errno.h>
#include <locale.h>
#include <sys/utsname.h>
#include <linux/types.h>
#include <linux/errqueue.h>
#include <sys/types.h>

#define MAX_BUF 1024

int main(int argc, char **argv)
{
int sd;
int i;
int res;
char buf[MAX_BUF];

//sd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
//sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
// sd = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP);
sd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);

if (sd<0)
perror("socket");
while (1)
{
res = recv(sd,buf, sizeof(buf),0);
if (res<0)
perror("recv");
else
printf("res=%d recv ok\n",res);
}
}
Regards,
MR

On Jul 21, 7:24 am, "markr...@gmail.com" <markr... DeleteThis @gmail.com> wrote:

> What I don't understand is why at all these packets are received
> by recv() of a raw packet (even if the protocol is IPPROTO_UDP)?
> these packets, which I see in the sniffer, are, as far as I
> understand, UDP broadcast packets,
> and have **nothing** to do with raw packets at all!

You seem to have an incorrect conceptual understanding of what raw
means. Raw simply means not processed by the kernel. A UDP packet, if
unprocessed by the kernel, is also raw. There is not some special type
of packet data that reflects a raw packet -- if there was, you
couldn't use the raw interface to create UDP packets at all.

Or perhaps I'm misunderstanding you. Since you can create UDP
broadcast packets with a raw socket, why would you say that UDP
broadcast packets "have nothing to do with raw packets at all"?

DS