Can I create a listening TCP socket using raw sockets in Linux?

I would like to create a listening TCP socket where I could control when it responds to the client with the first SYN+ACK after it receives the initial SYN packet from the client.

I want to do this to introduce some 开发者_Python百科delays or ignore some initial SYN packets. I can do this using iptables at the moment, but I'm wondering if this could be done using the OS socket interface.

Note that if I use a normal TCP socket, once the server calls listen() on the socket descriptor, the OS will establish the connection when a client connects to it.

I am wondering then if I could use raw sockets to implement this behavior. All the examples I have seen so far about raw sockets are about active sockets (client to server) and not passive sockets (listening sockets).

You could theoretically write your own TCP implementation over raw sockets. But the kernel will still respond to any incoming TCP packets before your raw socket gets a copy. So you'd have to work around this by using iptables or something to block the kernel from seeing the packets you're interested in.

I think it would be easier to do this in a kernel module via the netfilter interface (which may be what you're already doing). You could also check out libnetfilter_queue which might work if you really want to do it in userspace.

Have a look at the Honeynet project, they implement low cost virtual machines with a basic IP stack to adjust the TCP protocol operation.

https://projects.honeynet.org/sebek/browser/linux-2.6/trunk/src