From owner-freebsd-net@freebsd.org Wed Mar 21 20:29:53 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0617F64813 for ; Wed, 21 Mar 2018 20:29:53 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 38CDC86557 for ; Wed, 21 Mar 2018 20:29:52 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be forged)) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id w2LKTjfh091598 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 21 Mar 2018 21:29:46 +0100 (CET) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: rfg@tristatelogic.com Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id w2LKTfiG059480 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 22 Mar 2018 03:29:41 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Raw Sockets: Two Questions To: "Ronald F. Guilmette" , FreeBSD Net References: <4584.1521662628@segfault.tristatelogic.com> From: Eugene Grosbein Message-ID: <5AB2C0B1.3020709@grosbein.net> Date: Thu, 22 Mar 2018 03:29:37 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: <4584.1521662628@segfault.tristatelogic.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=2.2 required=5.0 tests=BAYES_00, LOCAL_FROM, RDNS_NONE autolearn=no autolearn_force=no version=3.4.1 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains * 1.9 RDNS_NONE Delivered to internal network by a host with no rDNS X-Spam-Level: ** X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 20:29:53 -0000 22.03.2018 3:03, Ronald F. Guilmette wrote: >> Why should you concentrate on RAW sockets? > > Well, for reasons that are completely legitimate, and that I'll > explain in detail, if anyone is seriously interested, I'd like > to check each IPv4 address within a set of about 90 or so > modest sized CIDRs and find out which ones of those have a > certain TCP port accepting connections. > > It would be (and is) trivial, of course, to just simply write a > little program to perform an ordinary TCP connect, complete > with all three parts of the TCP handshake, and then have the > program do that, individually, for each IP in the specified > CIDRs, but my opinion/impression is that this could be quite > slow. > > Obviously, it would be rather faster to just send out the SYNs, > full throttle, one per IP, and then see what SYN-ACKs come back. It does not mean you need to stick with raw sockets API. libpcap can be used too, as I've shown in previous letter. In fact, I use that code for very similar task: I send out several thousands of PPPoE service discovery frames (PADI) at full throttle (one per vlan) and then wait for responses (PADO) to come back. No raw socket (ab)used in progress :-)