Re: dlil_inject_if_input
Re: dlil_inject_if_input
- Subject: Re: dlil_inject_if_input
- From: Matt Jaffa <email@hidden>
- Date: Fri, 17 Sep 2004 22:55:57 -0600
Here is how I am formulating my IP header:
ipHeader is the ip header pulled out from the mbuf that I am not letting out into the internet.
struct ip* newip = (struct ip*)_MALLOC(struct ip),M_FREE,M_NOWAIT);
newip->ip_hl = 5;
newip->ip_v = ipHeader->ip_v;
printf("ipHeader version: %d\n", ipHeader->ip_v);
printf("ipHeader hdrleng: %d\n", ipHeader->ip_hl);
printf("newipheader: %d\n", newip->ip_v);
printf("newipheader: %d\n", newip->ip_hl);
newip->ip_tos = 0;
int data_len = strlen(httpresponse); // this is the HTTP/1.1 response length of the tcp data I will inject into the input
newip->ip_len = struct ip) + struct tcphdr) + data_len;
newip->ip_id = 34234;
newip->ip_off = 0x4000;
newip->ip_ttl = 35;
newip->ip_p = ipHeader->ip_p;
newip->ip_sum = 0;
memcpy(&(newip->ip_src), &(ipHeader->ip_dst), struct in_addr));
memcpy(&(newip->ip_dst), &(ipHeader->ip_src), struct in_addr));
despite the fact that some of the other stuff might be wrong, why wouldn't the ip_v be the right version? The output does print out 4 like it should be.
Matt
On Sep 17, 2004, at 8:41 PM, Justin Walker wrote:
On Sep 17, 2004, at 18:40, Matt Jaffa wrote:
Hi,
It seems that when I do netstat -s, I am noticing that when I try to go to a blocked site and it trys to inject my packet it increments the
bad version number in the ip section.
Ha! Nothing like good stats to point the way.
But I am properly putting in the right version number in my tcp header.
As Sherlock might say, "When you have eliminated the impossible, what remains is ...". I have to believe that you are not formatting your injected packet correctly. Perhaps if you logged the hex values of the IP header before injecting it, you could verify what is happening...
Could having a bad version number for the ip header cause it to be discarded, and why is it not accepting the value,
The point of the version number is to accomodate multiple versions of the IP header. If the system (stack) doesn't recognize the version, it can't decode the header, so it dumps it.
One way I could see this happening is if it is incorrectly matching up the right bytes to my header.
I think you should consider this as "you are incorrectly formatting the appropriate bytes of the header". I believe that you are better served by assuming that, when plugging your new code into code that has been working without a problem for a long time, the likelihood is that your code is in error. It's possible that there is a bug in the system, but that's not the way to bet.
Cheers,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | If you're not confused,
| You're not paying attention
*--------------------------------------*-------------------------------*
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden