Re: dlil_inject_if_input
Re: dlil_inject_if_input
- Subject: Re: dlil_inject_if_input
- From: Jeff Nathan <email@hidden>
- Date: Mon, 20 Sep 2004 14:06:48 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
HI Matt, Justin,
I've been watching this silently.
I wouldn't use the nibbles for IP version and header length. To avoid
alignment problems tcpdump uses these macros:
#define IP_V(ip) (((ip)->ip_vhl & 0xf0) >> 4)
#define IP_HL(ip) ((ip)->ip_vhl & 0x0f)
you could these macros to achieve the opposite result:
#define SET_IP_V(ip, value) ((ip)->ip_vhl = (((ip)->ip_vhl & 0x0f) |
(value << 4)))
#define SET_IP_HL(ip, value) ((ip)->ip_vhl = (((ip)->ip_vhl & 0xf0) |
(value & 0x0f)))
- -Jeff
On Sep 18, 2004, at 11:26 PM, Matt Jaffa wrote:
this helps a lot,
I am using MGET now, and not using MALLOC for the mbuf to save myself
the trouble of later problems.
Now when I print out the hex values of the whole mbuf, they are all
printing out correct.
But now when I inject this mbuf into the input, the system crashes.
But if I comment out the
dlil_inject_if_input, it doesn't crash.
Is my mbuf set up wrong??
char * httpresponse = (char*)_MALLOC(180,M_FREE,M_NOWAIT);
sprintf(httpresponse,"HTTP/1.1 200 OK\r\nCache-Control: no-store,
no-cache\r\nContent-Type: text/html\r\n\r\n <HTML><BODY>This is the
block page</BODY></HTML>");
struct mbuf * testin;
MGET(testin,M_NOWAIT,M_MBUF);
struct ip newip;// = (struct ip*)_MALLOC(sizeof(struct
ip),M_FREE,M_NOWAIT);
u_char vhl = 0x45;
memcpy(&newip, &vhl,1);
newip.ip_hl = 5;
printf("ipHeader version: %d\n", ipHeader->ip_v);
printf("ipHeader hdrleng: %d\n", ipHeader->ip_hl);
printf("newipheader: %d\n", newip.ip_v);
printf("newipheader: %d\n", newip.ip_hl);
newip.ip_v = 4;//ipHeader->ip_v;
newip.ip_tos = 0;//ipHeader->ip_tos;
int data_len = strlen(httpresponse);
newip.ip_len = sizeof(struct ip) + sizeof(struct tcphdr) + data_len;
newip.ip_id = 34234;
newip.ip_off = 0x0000;
newip.ip_ttl = 35;
newip.ip_p = ipHeader->ip_p;
newip.ip_sum = 0;
memcpy(&(newip.ip_src), &(ipHeader->ip_dst), sizeof(struct
in_addr));
memcpy(&(newip.ip_dst), &(ipHeader->ip_src), sizeof(struct
in_addr));
struct tcphdr newtcp;// = (struct tcphdr*)_MALLOC(sizeof(struct
tcphdr),M_FREE,M_NOWAIT);
newtcp.th_sport = tester->th_dport;
newtcp.th_dport = tester->th_sport;
newtcp.th_ack = tester->th_seq;
newtcp.th_seq = htons(tester->th_seq +1);
newtcp.th_flags = (TH_ACK|TH_FIN|TH_PUSH);
newtcp.th_off = sizeof(struct tcphdr);
newtcp.th_x2 = 0;
newtcp.th_win = 65535;
newtcp.th_sum = 0;
newtcp.th_urp = 0;
testin->m_data += 20;
memcpy(testin->m_data,&newip,sizeof(struct ip));
testin->m_len = sizeof(struct ip);
testin->m_pkthdr.len = sizeof(struct ip);
testin->m_data += sizeof(struct ip);
memcpy(testin->m_data,&newtcp,sizeof(struct tcphdr));
testin->m_data += sizeof(struct tcphdr);
memcpy(testin->m_data,httpresponse,data_len);
testin->m_len = (sizeof(struct ip) + sizeof(struct tcphdr) +
data_len);
testin->m_pkthdr.len = (sizeof(struct ip) + sizeof(struct tcphdr) +
data_len);
testin->m_data -= (sizeof(struct ip) + sizeof(struct tcphdr));
unsigned char * test = mtod(testin, unsigned char*);
int i = 0;
while(i < testin->m_pkthdr.len) {
printf("%x ",test[i]);
i++;
}
printf("\n");
int testing = dlil_inject_if_input(testin,frame_type,ipv4ID);
printf("Here is the result: %d\n", testing);
So I have a IP header 20 bytes, and a TCP header 20 bytes, no options,
and data for the TCP, not shown is the checksum calculating, but that
is not crashing, it is the dlil_inject_if_input, it doesn't like my
mbuf.
Anyone notice anything bad? Sequence and Ack I know is wrong but
don't know how to fix it.
Any help on the mbuf injecting and the Seq and Ack would be great
thanks.
Matt
On Sep 17, 2004, at 11:39 PM, Justin Walker wrote:
On Sep 17, 2004, at 21:55, Matt Jaffa wrote:
Here is how I am formulating my IP header:
ipHeader is the ip header pulled out from the mbuf that I am not
letting out into the internet.
struct ip* newip = (struct ip*)_MALLOC(sizeof(struct
ip),M_FREE,M_NOWAIT);
Why are you using _MALLOC instead of (say) MGET? You may be asking
for trouble here, unless you are taking care of properly releasing
this storage.
newip->ip_hl = 5;
newip->ip_v = ipHeader->ip_v;
printf("ipHeader version: %d\n", ipHeader->ip_v);
printf("ipHeader hdrleng: %d\n", ipHeader->ip_hl);
printf("newipheader: %d\n", newip->ip_v);
printf("newipheader: %d\n", newip->ip_hl);
Well, what do the printf's say? FWIW, the kernel code defines
_IP_VHL, and refers to the two fields as the combined field 'ip_vhl'.
Why not print a hex dump of the first few bytes of the two IP
headers? That may provide a clue (and it avoids any funky behavior
based on bit-field operations).
newip->ip_tos = 0;
int data_len = strlen(httpresponse); // this is the
HTTP/1.1 response length of the tcp data I will inject into the
input
I assume the length of this canned response is small enough that you
don't have to worry about overflowing whatever you are using for
buffers.
newip->ip_len = sizeof(struct ip) + sizeof(struct tcphdr) +
data_len;
newip->ip_id = 34234;
newip->ip_off = 0x4000;
BTW, I would set ip_off to zero.
newip->ip_ttl = 35;
newip->ip_p = ipHeader->ip_p;
newip->ip_sum = 0;
You compute the checksum later, right?
memcpy(&(newip->ip_src), &(ipHeader->ip_dst), sizeof(struct
in_addr));
memcpy(&(newip->ip_dst), &(ipHeader->ip_src), sizeof(struct
in_addr));
For correctness, you might want to assure that the values you are
copying are in network order (since the IP stack has set it up that
way on output). For PowerPC, host order and network order are the
same, but it pays to keep this straight in your code.
despite the fact that some of the other stuff might be wrong, why
wouldn't the ip_v be the right version? The output does print out 4
like it should be.
Any number of things could be wrong. One obvious possibility is that
when you finally cons up the frame you inject, you aren't matching
the assumptions of the input processing, so that when that code looks
looks at the IP header, it's not seeing your IP header (e.g., there
should be an ethernet header, but isn't; or there is an ethernet
header, but there should not be one).
To emphasize a point above, do *not* allocate mbufs other than by
MGET (or similar call) unless you are actually obeying all the rules
for supplying your own buffers (and freeing same).
Regards,
Justin
--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics | "Weaseling out of things is
what
| separates us from the
animals.
| Well, except the weasel."
| - Homer J Simpson
*--------------------------------------
*-------------------------------*
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
- --
http://cerberus.sourcefire.com/~jeff (gpg/pgp key id 6923D3FD)
"Common sense is the collection of prejudices acquired by age
eighteen." - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFBTxw8Eqr8+Gkj0/0RAsMxAJoDyLtbbeJRDWeT3OIX1SAF86EfGwCeI7rv
nR26y0WGZHzhPv5cMEa2yi4=
=CN6I
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden