• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: dlil_inject_if_input
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dlil_inject_if_input

  • Subject: Re: dlil_inject_if_input
  • From: "Matthew Jaffa" <email@hidden>
  • Date: Mon, 20 Sep 2004 11:12:46 -0600

Disregard this,
Justin has already replied on this.
Apparently the list server just approved of this going through since it was oversized at the time of posting it.

Matt

From: Matt Jaffa <email@hidden>
To: Justin Walker <email@hidden>
CC: darwin-kernel Dev <email@hidden>
Subject: Re: dlil_inject_if_input
Date: Sat, 18 Sep 2004 21:26:40 -0600


this helps a lot,

I am using MGET now, and not using MALLOC for the mbuf to save myself the trouble of later problems.
Now when I print out the hex values of the whole mbuf, they are all printing out correct.

But now when I inject this mbuf into the input, the system crashes. But if I comment out the
dlil_inject_if_input, it doesn't crash.

Is my mbuf set up wrong??

char * httpresponse = (char*)_MALLOC(180,M_FREE,M_NOWAIT);
sprintf(httpresponse,"HTTP/1.1 200 OK\r\nCache-Control: no-store, no-cache\r\nContent-Type: text/html\r\n\r\n <HTML><BODY>This is the block page</BODY></HTML>");

struct mbuf * testin;
			MGET(testin,M_NOWAIT,M_MBUF);

struct ip newip;// = (struct ip*)_MALLOC(sizeof(struct ip),M_FREE,M_NOWAIT);
u_char vhl = 0x45;
memcpy(&newip, &vhl,1);


			newip.ip_hl = 5;
			printf("ipHeader version: %d\n", ipHeader->ip_v);
			printf("ipHeader hdrleng: %d\n", ipHeader->ip_hl);
			printf("newipheader: %d\n", newip.ip_v);
			printf("newipheader: %d\n", newip.ip_hl);
			newip.ip_v = 4;//ipHeader->ip_v;
			newip.ip_tos = 0;//ipHeader->ip_tos;
			int data_len = strlen(httpresponse);
			newip.ip_len = sizeof(struct ip) + sizeof(struct tcphdr) + data_len;
			newip.ip_id = 34234;
			newip.ip_off = 0x0000;
			newip.ip_ttl = 35;
			newip.ip_p = ipHeader->ip_p;
			newip.ip_sum = 0;
			memcpy(&(newip.ip_src), &(ipHeader->ip_dst), sizeof(struct in_addr));
			memcpy(&(newip.ip_dst), &(ipHeader->ip_src), sizeof(struct in_addr));

struct tcphdr newtcp;// = (struct tcphdr*)_MALLOC(sizeof(struct tcphdr),M_FREE,M_NOWAIT);
newtcp.th_sport = tester->th_dport;
newtcp.th_dport = tester->th_sport;

			newtcp.th_ack = tester->th_seq;
			newtcp.th_seq = htons(tester->th_seq +1);
			newtcp.th_flags = (TH_ACK|TH_FIN|TH_PUSH);
			newtcp.th_off = sizeof(struct tcphdr);
			newtcp.th_x2 = 0;
			newtcp.th_win = 65535;
			newtcp.th_sum = 0;
			newtcp.th_urp = 0;

testin->m_data += 20;

			memcpy(testin->m_data,&newip,sizeof(struct ip));

			testin->m_len = sizeof(struct ip);
			testin->m_pkthdr.len = sizeof(struct ip);



			testin->m_data += sizeof(struct ip);
			memcpy(testin->m_data,&newtcp,sizeof(struct tcphdr));
			testin->m_data += sizeof(struct tcphdr);
			memcpy(testin->m_data,httpresponse,data_len);

testin->m_len = (sizeof(struct ip) + sizeof(struct tcphdr) + data_len);
testin->m_pkthdr.len = (sizeof(struct ip) + sizeof(struct tcphdr) + data_len);
testin->m_data -= (sizeof(struct ip) + sizeof(struct tcphdr));

			unsigned char * test = mtod(testin, unsigned char*);
			int i = 0;
			while(i < testin->m_pkthdr.len) {
				printf("%x ",test[i]);
				i++;
			}

			printf("\n");
			int testing = dlil_inject_if_input(testin,frame_type,ipv4ID);
			printf("Here is the result: %d\n", testing);

So I have a IP header 20 bytes, and a TCP header 20 bytes, no options, and data for the TCP, not shown is the checksum calculating, but that is not crashing, it is the dlil_inject_if_input, it doesn't like my mbuf.
Anyone notice anything bad? Sequence and Ack I know is wrong but don't know how to fix it.
Any help on the mbuf injecting and the Seq and Ack would be great thanks.

Matt

On Sep 17, 2004, at 11:39 PM, Justin Walker wrote:


On Sep 17, 2004, at 21:55, Matt Jaffa wrote:

Here is how I am formulating my IP header:

ipHeader is the ip header pulled out from the mbuf that I am not letting out into the internet.

struct ip* newip = (struct ip*)_MALLOC(sizeof(struct ip),M_FREE,M_NOWAIT);

Why are you using _MALLOC instead of (say) MGET? You may be asking for trouble here, unless you are taking care of properly releasing this storage.

			newip->ip_hl = 5;
			newip->ip_v = ipHeader->ip_v;
			printf("ipHeader version: %d\n", ipHeader->ip_v);
			printf("ipHeader hdrleng: %d\n", ipHeader->ip_hl);
			printf("newipheader: %d\n", newip->ip_v);
			printf("newipheader: %d\n", newip->ip_hl);

Well, what do the printf's say? FWIW, the kernel code defines _IP_VHL, and refers to the two fields as the combined field 'ip_vhl'. Why not print a hex dump of the first few bytes of the two IP headers? That may provide a clue (and it avoids any funky behavior based on bit-field operations).

newip->ip_tos = 0;
int data_len = strlen(httpresponse); // this is the HTTP/1.1 response length of the tcp data I will inject into the input

I assume the length of this canned response is small enough that you don't have to worry about overflowing whatever you are using for buffers.

			newip->ip_len = sizeof(struct ip) + sizeof(struct tcphdr) +  data_len;
			newip->ip_id = 34234;
			newip->ip_off = 0x4000;


BTW, I would set ip_off to zero.

			newip->ip_ttl = 35;
			newip->ip_p = ipHeader->ip_p;
			newip->ip_sum = 0;


You compute the checksum later, right?

memcpy(&(newip->ip_src), &(ipHeader->ip_dst), sizeof(struct in_addr));
memcpy(&(newip->ip_dst), &(ipHeader->ip_src), sizeof(struct in_addr));

For correctness, you might want to assure that the values you are copying are in network order (since the IP stack has set it up that way on output). For PowerPC, host order and network order are the same, but it pays to keep this straight in your code.

despite the fact that some of the other stuff might be wrong, why wouldn't the ip_v be the right version? The output does print out 4 like it should be.

Any number of things could be wrong. One obvious possibility is that when you finally cons up the frame you inject, you aren't matching the assumptions of the input processing, so that when that code looks looks at the IP header, it's not seeing your IP header (e.g., there should be an ethernet header, but isn't; or there is an ethernet header, but there should not be one).

To emphasize a point above, do *not* allocate mbufs other than by MGET (or similar call) unless you are actually obeying all the rules for supplying your own buffers (and freeing same).

Regards,

Justin

--
Justin C. Walker, Curmudgeon-At-Large  *
Institute for General Semantics        | "Weaseling out of things is  what
                                       |  separates us from the  animals.
                                       |  Well, except the weasel."
                                       |        - Homer J Simpson
*-------------------------------------- *-------------------------------*

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




    

  • Prev by Date:
Re: dlil_inject_if_input

    • 

  • Next by Date:
Re: dlil_inject_if_input

    • 

  • Previous by thread:
Re: dlil_inject_if_input

    • 

  • Next by thread:
handling the stack?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •