• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Macnetworkprog Digest, Vol 6, Issue 125
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Macnetworkprog Digest, Vol 6, Issue 125

  • Subject: Re: Macnetworkprog Digest, Vol 6, Issue 125
  • From: Jan Deng <email@hidden>
  • Date: Mon, 3 Aug 2009 13:33:28 +0800
Hi Peter,

Thanks for your reply.

So you mean when in ipf_output callback, I should follow the follwing process:
mbuf_outbound_finalize();
change the ip address and port;
modify the checksum;
mbuf_inbound_modified()
mbuf_clear_csum_requested();

when in ipf_input callback, I should do these:
modify the ip address and port;
modify the checksum;
mbuf_inbound_modified();
mbuf_clear_csum_requested();    // mbuf->m_pkthdr.csum_data = 0;

right?

And my concerned issue is:
When downloading a big file, the client will send a RST packat to localproxy and the connection will be closed. And I guess it's caused by the bad checksum.
By the way, Is there any other reason can cause RST from client (browser)?

Best wishes,
jan


ref, AF_INET, packet->ipOffset);
                       // might have done m_pullup
                       packet->datagram = (u_int8_t*)mbuf_data(*packet->mbuf_ptr);
            packet->datagram = &packet->datagram[packet->ipOffset];
                       // clear csum flags
                       mbuf_inbound_modified(mbuf_ref);                // mbuf->m_pkthdr.csum_flags = 0;
                       mbuf_clear_csum_requested(mbuf_ref);    // mbuf->m_pkthdr.csum_data = 0;
                               // Convert header fields back to host byte order for further
processing


2009/8/3 <email@hidden>
Send Macnetworkprog mailing list submissions to
       email@hidden

To subscribe or unsubscribe via the World Wide Web, visit
       http://lists.apple.com/mailman/listinfo/macnetworkprog
or, via email, send a message with subject or body 'help' to
       email@hidden

You can reach the person managing the list at
       email@hidden

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Macnetworkprog digest..."


Today's Topics:

  1. Help about ip_filter, check sum always wrong (Jan Deng)
  2. Re: Help about ip_filter, check sum always wrong (Peter Sichel)


----------------------------------------------------------------------

Message: 1
Date: Sun, 2 Aug 2009 18:22:37 +0800
From: Jan Deng <email@hidden>
Subject: Help about ip_filter, check sum always wrong
To: email@hidden
Message-ID:
       <email@hidden">email@hidden>
Content-Type: text/plain; charset="iso-8859-1"

Hi all,

I have a emergency problem.

I have a local proxy and a NKE. The NKE will redirect TCP traffice to local
proxy using IP filter. And then local proxy will relay the traffic. After
local proxy receive data from server, it will write data back to browser.

The NKE use ipf_output_func to redirect the traffic. And after I modified
the ip and port, I also modify the checksum.
After local proxy receive data from server, it sent data back to browser,
and the packat will be hooked by ipf_output_func, and in the callback, the
srouce ip and port will be modified back to server's ip and port. And then I
modified the checksum too.( Strangely, this checksum is not changed
according to TCP dump)

This solution works fine on most platform. But recently, I tried PPC G4 with
10.5.7. The connection always be reset by client( such as browser ).
>From TCP dump, I can see the TCP checksum of packet from local proxy to
client( browser ) is aways wrong with number 0xb5d0.
But I have modified the checksum. why it does not work?

Here is how I modified the check sum:

ip_hdr_gen *p_ip_header = (ip_hdr_gen *) mbuf_data( *data );
struct tcphdr *p_tcp_header = (struct tcphdr *)( (void *)p_ip_header +
payloadOffset );

p_ip_header->ip.ip_sum = 0;
p_ip_header->ip.ip_sum = calcCsum();

p_tcp_header->th_sum = 0;
p_tcp_header->th_sum = calcTCPCsum();

Should I do any other thing? I find that the checksum is different from the
value I set to TCP dump.
Can anyone help me?

Thanks very much!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.apple.com/mailman/private/macnetworkprog/attachments/20090802/d58b6f1a/attachment.html

------------------------------

Message: 2
Date: Sun, 2 Aug 2009 14:09:37 -0400
From: Peter Sichel <email@hidden>
Subject: Re: Help about ip_filter, check sum always wrong
To: MacNetworkProg Mac Network <email@hidden>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes

On Aug 2, 2009, at 6:22 AM, Jan Deng wrote:

> I have a emergency problem.

> This solution works fine on most platform. But recently, I tried PPC
> G4 with 10.5.7. The connection always be reset by client( such as
> browser ).
> From TCP dump, I can see the TCP checksum of packet from local proxy
> to client( browser ) is aways wrong with number 0xb5d0.


Some machines do hardware checksum computation in the device driver,
so for outbound packets, it is important that you "finalize" the mbuf
before you attempt to modify it.

For inbound packets, the ip input processing may believe the driver
has computed the checksum based on the mbuf flags.

The whole sequence looks something like this:

               if (packet->direction == kDirectionInbound) {
                       mbuf_inbound_modified(mbuf_ref);                // mbuf->m_pkthdr.csum_flags = 0;
                       mbuf_clear_csum_requested(mbuf_ref);    // mbuf->m_pkthdr.csum_data = 0;
               }
               else {
                               // Convert header fields back to network byte order for
mbuf_outbound_finalize checksum computation
                               KFT_htonPacket(packet, kOptionFinalize);
                       mbuf_outbound_finalize(mbuf_ref, AF_INET, packet->ipOffset);
                       // might have done m_pullup
                       packet->datagram = (u_int8_t*)mbuf_data(*packet->mbuf_ptr);
            packet->datagram = &packet->datagram[packet->ipOffset];
                       // clear csum flags
                       mbuf_inbound_modified(mbuf_ref);                // mbuf->m_pkthdr.csum_flags = 0;
                       mbuf_clear_csum_requested(mbuf_ref);    // mbuf->m_pkthdr.csum_data = 0;
                               // Convert header fields back to host byte order for further
processing
                               KFT_ntohPacket(packet, kOptionFinalize);


I hope this helps.

- Peter Sichel
  Sustainable Softworks



------------------------------

_______________________________________________
Macnetworkprog mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/macnetworkprog

End of Macnetworkprog Digest, Vol 6, Issue 125
**********************************************

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: Help about ip_filter, check sum always wrong
  • Next by Date: luanchd bonjour service advertising
  • Previous by thread: Re: Help about ip_filter, check sum always wrong
  • Next by thread: luanchd bonjour service advertising
  • Index(es):
    • Date
    • Thread