send packets with kernel routing and without kernel messing with headers
Hey everyone. Ok I'm trying to send a packet and have the kernel do the routing for me. I have completely built the specified packet and it could be TCP, UDP, ICMP, etc...just anything on top of IP. All the headers have been created except for the ethernet layer. I want to send this to a socket and have it figure out the routing (if necessary). So if the packet is outbound it'll go to the default gateway and if it's on the internal net it'll just be send directly to the specified machine. Ok so here's what I've been doing.
Code:
if((fs=socket (PF_INET, SOCK_RAW, IPPROTO_TCP))<0) bassdemon |
I'll try my best to answer some of your questions. I'll start off with the easy one. PF_INET is defined as AF_INET in linux/socket.h so it is in fact the same value. The comment above the PF_* defs is "/* Protocol families, same as address families. */".
I'm a bit confused by the rest... how can you send a packet with missing routing information and expect it to go anywhere? When you get the packet on the network what part of the header did it change? |
Hi,
An interesting tutorial on this at http://mixter.void.ru/rawip.html Also you may want to look at libnet as a more convinient alternative to SOCK_RAW Regards |
that's actually the exact tutorial i've been using to get this far. And the problems I've run into are listed above. Ok as for the missing routing information question...the only information I want the kernel to fill in is the immediate destination...the ethernet layer. It has all the other routing information it needs. All IP's and ports are filled in. I just need the kernel to decide if it needs to go to the default gateway or not. So it has all the routing information. If the gateway MAC or the target machines MAC is put in the ethernet header then it will go where it needs to go. It will get dropped on the network and the MAC addr will send it to the gateway which would route it based on the IP or it will be sent immediately to the target system.
When I do get it on the network and I don't use the setsockopt for the IP header it changes a number of fields. Using IPPROTO_UDP for example changes the protocol field in IP to UDP. So the rest of the packet is interpreted as UDP even if it's not really a UDP packet. And then it would go ahead and change some data to fill in the UDP ports as it saw fit. Yeah I didn't really want to use libnet. I've already reconstructed some of their methods. This is more for a learning exercise. I'd like to learn how to do it without relying on a library like libnet. bassdemon |
Hi,
I may be able to spend some time on your code and troubleshoot if you are willing to send it across, Regards |
hey all. thanks for all the help. Also, thanks for the offer obashir. I found the problem, though. Before I was trying this I was working on the routing myself. So those packets still had an ethernet layer already on them. I bet the socket was sending the packet properly to the kernel (hence the positive value for sendto) but with the extra 14 bytes the IP header would be fubar. So the kernel was dropping the packet on the way out. That's my hypothesis anyways. Stupid mistake. Removing the first 14 bytes (the erroneous eth layer) solved the problem.
bassdemon |
All times are GMT -5. The time now is 02:22 PM. |