3

I'm trying to implement a UDP traceroute solution in Python 2.6, but I'm having trouble understanding why I need root privileges to perform the same-ish action as the traceroute utility that comes with my operating system.

The environment that this code will run in will very doubtfully have root privileges, so is it more likely that I will have to forego a python implementation and write something to parse the output of the OS traceroute in UDP mode? Or is there something I'm missing about opening a socket configured like self.rx = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP). It seems that socket.SOCK_RAW is inaccessible without root privileges which is effectively preventing me from consuming the data I need to implement this in python.

jooks
  • 1,247
  • 10
  • 17
  • Are you sure you need raw-socket privileges to open a UDP socket? Raw sockets are why you need root access to perform ICMP traces using `traceroute`. – chepner Jun 10 '13 at 15:59
  • 2
    @chepner that was my first thought too. However, you do need a raw-socket to listen for incoming ICMP `TIME_EXCEEDED` telegrams with the TTL reaches 0... – djf Jun 10 '13 at 16:07
  • Right, so am I stuck for using Python as the solution and better off just writing something to consume the os `traceroute` output? I would rather not depend on the `traceroute` command, though as I'm not even sure if it's standard in all distibutions. – jooks Jun 10 '13 at 16:54
  • http://stackoverflow.com/a/3414737/344333 May contain the solution for this, I'm trying it now. – jooks Jun 10 '13 at 17:03
  • Nope. It throws an exception for 'Protocol not supported' if I try to do ICMP with SOCK_DGRAM – jooks Jun 10 '13 at 17:07
  • 1
    Related: [Raw sockets need root priviliege](http://stackoverflow.com/questions/4404860/raw-sockets-need-root-priviliege) – Aya Jun 10 '13 at 19:04
  • Thanks, that clarifies it for me. – jooks Jun 11 '13 at 13:49

1 Answers1

0

The conclusion I've come to is that I'm restricted to parsing the output of the traceroute using subprocess. traceroute is able to overcome the root-requirement by using setuid for portions of the code effectively allowing that portion of the code to run as root. Since I cannot establish those rights without root privileges I'm forced to rely on the existence of traceroute since that is the more probable of the two situations.

jooks
  • 1,247
  • 10
  • 17