socket_create_pair
It took some investigation to understand the bit about raw sockets requiring root access and raw sockets being required to perform a seemingly simple "ping" on a Linux server. My source of confusion was that the regular command line "ping" utility did not require me to be root to exec it, so what was the difference? I found the answer starting with a forum posting to look up `man 7 raw` for raw sockets info which reveals:
"Only processes with an effective user ID of 0 or the CAP_NET_RAW capability are allowed to open raw sockets."
So root is not the only way; the ping utility normally works because it has suid permission. There is some interesting source code however that allows you to selectively assign the CAP_NET_RAW capability without the need for suid. Use at your own risk, this is provided for informational purposes only:
http://www.olafdietsche.de/linux/capability/
socket_create
(PHP 4 >= 4.0.7, PHP 5)
socket_create — Crée une socket
Description
resource socket_create
( int $domain
, int $type
, int $protocol
)
Crée un point de communication (une socket) et retourne une ressource de socket. Une connexion typique réseau est composée de deux sockets : une qui joue le rôle de client et l'autre celui du serveur.
Liste de paramètres
- domain
-
Le paramètre domain spécifie la famille de protocoles à utiliser par la socket.
Famille d'adresses / protocoles disponibles Domaine Description AF_INET Protocole basé sur IPv4. TCP et UDP sont les protocoles communs de cette famille de protocoles. AF_INET6 Protocole basé sur IPv6. TCP et UDP sont les protocoles communs de cette famille de protocoles. Le support a été ajouté en PHP 5.0.0. AF_UNIX Famille de protocoles locales de communication. Le rendement élevé et des moindres coûts supplémentaires lui font une grande force d'IPC (Interprocess Communication). - type
-
Le paramètre type sélectionne le type de communication à utiliser par la socket.
Types de sockets disponibles Type Description SOCK_STREAM Fournit des flux d'octets ordonnancés, fiables, full-duplex, raccordés sur la base. Un mécanisme de transmission des données "out-of-band" peut être supporté. Le protocole TCP est basé sur ce type de sockets. SOCK_DGRAM Support des datagrammes (moins de connexion, message non garanti d'une longueur maximum fixe). Le protocole UDP est basé sur ce type de sockets. SOCK_SEQPACKET Fournit un chemin de transmission de données séquentiel, fiable, connecté à la base par deux chemins pour les datagrammes de longueur maximale fixe ; un consommateur est requis pour lire la totalité d'un paquet avec chaque appel à la lecture. SOCK_RAW Fournit l'accès brut de protocole de réseau. Ce type spécial de socket peut être utilisé pour construire manuellement tout type de protocole. Une utilisation commune de ce type de sockets est le traitement des requêtes ICMP (comme le ping, traceroute, etc.). SOCK_RDM Fournit une couche fiable de datagramme qui ne garantit pas l'ordre des données. Ce type de socket est le plus susceptible de ne pas être implémenté sur votre système d'exploitation. - protocol
-
Le paramètre protocol définit le protocole spécifique pour le domaine domain à utiliser lors de communications sur une socket retournée. La valeur appropriée peut être retrouvée par son nom en utilisant la fonction getprotobyname(). Si le protocole désiré est TCP ou UDP, les constantes correspondantes SOL_TCP et SOL_UDP peuvent être utilisées.
Protocoles Communs Nom Description icmp Le protocole ICMP (Internet Control Message Protocol) est utilisé tout d'abord par les passerelles et les hôtes pour reporter les erreurs dans des communications de datagramme. La commande "ping" (présente dans les systèmes de production modernes) est un exemple d'application utilisant le protocole ICMP. udp Le protocole UDP (User Datagramm Protocol) est un protocole sans connexion, incertain avec les longueurs d'enregistrements fixes. De ce fait, UDP requiert une quantité minimum de protocole aérienne. tcp Le protocole TCP (Transmission Control Protocol) est un protocole fiable, connecté sur la base, orienté flux et full-duplex. TCP garantit que chaque paquet est reçu dans l'ordre dans lequel il a été envoyé. Si quelques paquets sont perdus pendant la communication, TCP retransmettra ces paquets tant que l'hôte destinataire ne les aura pas reçu entièrement. Pour des raisons de fiabilité et de performance, l'implémentation TCP, elle-même, décide des frontières appropriées d'octets de la couche fondamentale de communication du datagramme. Par conséquent, les applications TCP doivent autoriser la possibilité de transmission partielle d'enregistrements.
Valeurs de retour
socket_create() retourne une ressource de socket en cas de succès et FALSE sinon. Le code d'erreur généré peut être obtenu en appelant la fonction socket_last_error(). Ce code d'erreur peut être passé à la fonction socket_strerror() pour obtenir un message d'erreur humainement lisible.
Erreurs / Exceptions
Si une valeur invalide est spécifiée au paramètre domain ou au paramètre type , la fonction socket_create() prendra comme paramètres par défaut respectivement AF_INET et SOCK_STREAM et générera un message d'alerte (E_WARNING).
add a note
User Contributed Notessocket_create
skelly at keenio
16-Jun-2008 07:56
16-Jun-2008 07:56
shaun at verticalevolution dot com
01-May-2008 09:03
01-May-2008 09:03
After weeks of trying to find a PHP network client that supports TFTP and Telnet I finally break down and wrote a client library. You can find it here: http://www.verticalevolution.com/blog/index.php?/pages/PHP-Client.html
This isn't like other telnet libraries that just exec the OS's telnet, it makes and negotiates its own options. It creates the TFTP packets to send data back and forth.
alexander dot krause at ed-solutions dot de
20-Mar-2008 09:57
20-Mar-2008 09:57
On UNIX systems php needs /etc/protocols for constants like SOL_UDP and SOL_TCP.
This file was missing on my embedded platform.
Jean Charles MAMMANA
31-Jan-2008 01:54
31-Jan-2008 01:54
I've written the ping() function using socket_create() with SOCK_RAW.
(on Unix System, you need to have the root acces to execute this function)
<?php
/// start ping.inc.php ///
$g_icmp_error = "No Error";
// timeout in ms
function ping($host, $timeout)
{
$port = 0;
$datasize = 64;
global $g_icmp_error;
$g_icmp_error = "No Error";
$ident = array(ord('J'), ord('C'));
$seq = array(rand(0, 255), rand(0, 255));
$packet = '';
$packet .= chr(8); // type = 8 : request
$packet .= chr(0); // code = 0
$packet .= chr(0); // checksum init
$packet .= chr(0); // checksum init
$packet .= chr($ident[0]); // identifier
$packet .= chr($ident[1]); // identifier
$packet .= chr($seq[0]); // seq
$packet .= chr($seq[1]); // seq
for ($i = 0; $i < $datasize; $i++)
$packet .= chr(0);
$chk = icmpChecksum($packet);
$packet[2] = $chk[0]; // checksum init
$packet[3] = $chk[1]; // checksum init
$sock = socket_create(AF_INET, SOCK_RAW, getprotobyname('icmp'));
$time_start = microtime();
socket_sendto($sock, $packet, strlen($packet), 0, $host, $port);
$read = array($sock);
$write = NULL;
$except = NULL;
$select = socket_select($read, $write, $except, 0, $timeout * 1000);
if ($select === NULL)
{
$g_icmp_error = "Select Error";
socket_close($sock);
return -1;
}
elseif ($select === 0)
{
$g_icmp_error = "Timeout";
socket_close($sock);
return -1;
}
$recv = '';
$time_stop = microtime();
socket_recvfrom($sock, $recv, 65535, 0, $host, $port);
$recv = unpack('C*', $recv);
if ($recv[10] !== 1) // ICMP proto = 1
{
$g_icmp_error = "Not ICMP packet";
socket_close($sock);
return -1;
}
if ($recv[21] !== 0) // ICMP response = 0
{
$g_icmp_error = "Not ICMP response";
socket_close($sock);
return -1;
}
if ($ident[0] !== $recv[25] || $ident[1] !== $recv[26])
{
$g_icmp_error = "Bad identification number";
socket_close($sock);
return -1;
}
if ($seq[0] !== $recv[27] || $seq[1] !== $recv[28])
{
$g_icmp_error = "Bad sequence number";
socket_close($sock);
return -1;
}
$ms = ($time_stop - $time_start) * 1000;
if ($ms < 0)
{
$g_icmp_error = "Response too long";
$ms = -1;
}
socket_close($sock);
return $ms;
}
function icmpChecksum($data)
{
$bit = unpack('n*', $data);
$sum = array_sum($bit);
if (strlen($data) % 2) {
$temp = unpack('C*', $data[strlen($data) - 1]);
$sum += $temp[1];
}
$sum = ($sum >> 16) + ($sum & 0xffff);
$sum += ($sum >> 16);
return pack('n*', ~$sum);
}
function getLastIcmpError()
{
global $g_icmp_error;
return $g_icmp_error;
}
/// end ping.inc.php ///
?>
Kyle Wilson
23-Jan-2008 02:02
23-Jan-2008 02:02
to ionic and david...
I'm just taking a stab at this, but wouldn't some combination of gethostbynamel and php_uname('n') provide you with the world-facing IP address without making a system call or using expensive socket operations? Don't get me wrong, socket operations have their place, but if you just need the server IP from a cli script, socket operations seem expensive. :)
<?php
print_r(gethostbynamel(php_uname('n')));
?>
matth ingersoll
04-May-2007 07:45
04-May-2007 07:45
When running these types of sockets, typically you need to be root or else they fail (not the case with stream sockets: http://us.php.net/manual/en/function.stream-socket-server.php)
This is an example for Linux/Unix type systems to use sockets without being root. (tested on Debian and CentOS)
<?php
$user = "daemon";
$script_name = "uid"; //the name of this script
/////////////////////////////////////////////
//try creating a socket as a user other than root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user $user\n";
$uid_name = posix_getpwnam($user);
$uid_name = $uid_name['uid'];
if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You are NOT root and created a socket! This should not happen!\n";
} else {
echo "ERROR: socket_create() failed because you're not root!\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
} else {
exit("ERROR: seteuid($uid_name) failed!\n");
}
/////////////////////////////////////////////
//no try creating a socket as root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user 'root'\n";
if(posix_seteuid(0))
{
echo "SUCCESS: You are now root!\n";
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You created a socket as root and now should seteuid() to another user\n";
/////////////////////////////////////////
//now modify the socket as another user
echo "\n__________________________________________\n";
echo "Switching to user $user\n";
if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if(socket_bind($socket, 0, 8000))
{
echo "SUCCESS: socket_bind() worked as $user!\n";
} else {
echo "ERROR: Must be root to user socket_bind()\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
socket_close($socket); //hard to error check but it does close as this user
echo "SUCCESS: You closed the socket as user $user!\n";
} else {
echo "ERROR: seteuid($uid_name) failed while socket was open!\n";
}
} else {
echo "ERROR: Socket failed for some reason!\n";
}
} else {
exit("ERROR: Changing to root failed!\n");
}
?>
ionic at ionic dot de
21-Jan-2007 12:39
21-Jan-2007 12:39
To david _at* eder #do; us:
Dependent on your system, you could, at least on LINUX, use exec with "/sbin/ifconfig eth0 | awk '/inet /{ print substr($2,9) }'" (also working for non-root users), that will work a little bit faster as your PHP function.
Though, we should keep in mind that users with safe_mode enabled are more or less forced to use the socket thing. :)
jens at surefoot dot com
08-Aug-2006 02:46
08-Aug-2006 02:46
Please be aware that RAW sockets (as used for the ping example) are restricted to root accounts on *nix systems. Since web servers hardly ever run as root, they won't work on webpages.
On Windows based servers it should work regardless.
06-Jan-2006 11:36
Here's a ping function that uses sockets instead of exec(). Note: I was unable to get socket_create() to work without running from CLI as root. I've already calculated the package's checksum to simplify the code (the message is 'ping' but it doesn't actually matter).
<?php
function ping($host) {
$package = "\x08\x00\x19\x2f\x00\x00\x00\x00\x70\x69\x6e\x67";
/* create the socket, the last '1' denotes ICMP */
$socket = socket_create(AF_INET, SOCK_RAW, 1);
/* set socket receive timeout to 1 second */
socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array("sec" => 1, "usec" => 0));
/* connect to socket */
socket_connect($socket, $host, null);
/* record start time */
list($start_usec, $start_sec) = explode(" ", microtime());
$start_time = ((float) $start_usec + (float) $start_sec);
socket_send($socket, $package, strlen($package), 0);
if(@socket_read($socket, 255)) {
list($end_usec, $end_sec) = explode(" ", microtime());
$end_time = ((float) $end_usec + (float) $end_sec);
$total_time = $end_time - $start_time;
return $total_time;
} else {
return false;
}
socket_close($socket);
}
?>
kyle gibson
29-Oct-2005 02:48
29-Oct-2005 02:48
Took me about 20 minutes to figure out the proper arguments to supply for a AF_UNIX socket. Anything else, and I would get a PHP warning about the 'type' not being supported. I hope this saves someone else time.
<?php
$socket = socket_create(AF_UNIX, SOCK_STREAM, 0);
// code
?>
david at eder dot us
25-Jan-2005 08:42
25-Jan-2005 08:42
Sometimes when you are running CLI, you need to know your own ip address.
<?php
$addr = my_ip();
echo "my ip address is $addr\n";
function my_ip($dest='64.0.0.0', $port=80)
{
$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
socket_connect($socket, $dest, $port);
socket_getsockname($socket, $addr, $port);
socket_close($socket);
return $addr;
}
?>
david at eder dot us
08-Jun-2004 05:07
08-Jun-2004 05:07
Seems there aren't any examples of UDP clients out there. This is a tftp client. I hope this makes someone's life easier.
<?php
function tftp_fetch($host, $filename)
{
$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
// create the request packet
$packet = chr(0) . chr(1) . $filename . chr(0) . 'octet' . chr(0);
// UDP is connectionless, so we just send on it.
socket_sendto($socket, $packet, strlen($packet), 0x100, $host, 69);
$buffer = '';
$port = '';
$ret = '';
do
{
// $buffer and $port both come back with information for the ack
// 516 = 4 bytes for the header + 512 bytes of data
socket_recvfrom($socket, $buffer, 516, 0, $host, $port);
// add the block number from the data packet to the ack packet
$packet = chr(0) . chr(4) . substr($buffer, 2, 2);
// send ack
socket_sendto($socket, $packet, strlen($packet), 0, $host, $port);
// append the data to the return variable
// for large files this function should take a file handle as an arg
$ret .= substr($buffer, 4);
}
while(strlen($buffer) == 516); // the first non-full packet is the last.
return $ret;
}
?>
evan at coeus hyphen group dot com
15-Feb-2002 03:33
15-Feb-2002 03:33
Okay I talked with Richard a little (via e-mail). We agree that getprotobyname() and using the constants should be the same in functionality and speed, the use of one or the other is merely coding style. Personally, we both think the constants are prettier :).
The eight different protocols are the ones implemented in PHP- not the total number in existance (RFC 1340 has 98).
All we disagree on is using 0- Richard says that "accordning to the official unix/bsd sockets 0 is more than fine." I think that since 0 is a reserved number according to RFC 1320, and when used usually refers to IP, not one of it's sub-protocols (TCP, UDP, etc.)
email at NOSPAMrichard-samar dot de
13-Feb-2002 10:10
13-Feb-2002 10:10
Actually, you don't need to use
getprotobyname("tcp") but instead can use
the constants: SOL_TCP and SOL_UDP.
Here an extract of the source from
ext/sockets which should make this clear.
if ((pe = getprotobyname("tcp"))) {
REGISTER_LONG_CONSTANT("SOL_TCP", pe->p_proto,
CONST_CS | CONST_PERSISTENT);
}
Normally the third parameter can be set to 0. In the
original BSD Socket implementation the third parameter
(there are 8 different types, here only two) should be
IPPROTO_TCP or IPPROTO_UPD (or one of the 6 others ones).
These two parameters are though not warpped in PHP as
constants and therefore not available.
Please use SOL_TCP and SOL_UDP. e.g.:
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
Please be aware of the fact that UDP
and TCP can only be used with AF_INET which is: "Adress Family Internet". With UNIX Domain sockets TCP/UDP would make no sense!
best regards
-Richard-Moh Samar