• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: dlil_inject_if_input
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dlil_inject_if_input

  • Subject: Re: dlil_inject_if_input
  • From: Matt Jaffa <email@hidden>
  • Date: Fri, 17 Sep 2004 17:22:10 -0600

On Sep 17, 2004, at 3:53 PM, Justin Walker wrote:


On Sep 17, 2004, at 13:32, Matthew Jaffa wrote:

I have interecepted an outgoing HTTP request using a dlil interface filter. I return EJUSTRETURN in the dlil_if_output function to let it know to not let this packet go out, but to still think it sent it out.

The connection has been successfully set up with a SYN/SYN-ACK/ACK exchange, correct? 

	Yeah.


Now the problem is, is inserting my own HTTP/1.1 response into the input stream of the machine that made the request.
[snip]
I am doing the checksumming correct now for the ipheader and tcpheader,

If you literally mean you checksummed the tcpheader, then you have a problem: the TCP checksum covers all the TCP data.

I read on the internet that the TCP checksum is calculated with the tcphdr, pseudo header that has IP elements in it, and the TCP data. I threw all of the in a mbuf and then used in_cksum and it calculates it.


but still no results. When I call dlil_inject_if_input am I supposed to have a ethernet header on the mbuf I am injecting??? That might be the problem, but don't know.

One way to determine what the IP stack is seeing is to review the IP statistics before and after trying out a connection that should be blocked (see, e.g., the lines "discarded for bad checksums", "bad header checksums"; there are other counters that might shed light as well. This is seen with "netstat -s").


Wow never knew the -s option to this tool provided this great information, thanks.



It will help if your test network is lightly loaded so you can more easily isolate the counters that are changing due to problems in your implementation.

Also, check to see whether you see any RST packets being generated or received by your stack (apropos of Josh's comments).

Cheers,

Justin

--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | It's not whether you win or lose...
| It's whether *I* win or lose.
*-------------------------------------- *-------------------------------*

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: dlil_inject_if_input

      • From: Justin Walker <email@hidden>
      • 





References: 


 >dlil_inject_if_input (From: "Matthew Jaffa" <email@hidden>)


 >Re: dlil_inject_if_input (From: Justin Walker <email@hidden>)






    

  • Prev by Date:
Re: dlil_inject_if_input

    • 

  • Next by Date:
Re: dlil_inject_if_input

    • 

  • Previous by thread:
Re: dlil_inject_if_input

    • 

  • Next by thread:
Re: dlil_inject_if_input

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •