Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Jan 2010 17:25:22 +0300
From:      q q <lsimakov@gmail.com>
To:        Max Laier <max@love2party.net>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Q:possibility PFIL+mbuf use for packet spawning
Message-ID:  <e78f41ed1001190625n1d98eb4dp8a6fd79830742383@mail.gmail.com>
In-Reply-To: <201001151711.23061.max@love2party.net>
References:  <e78f41ed1001150326t5df1a5bam4be5bc49492a57e5@mail.gmail.com> <201001151711.23061.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
I coded all checksum calculations code. All works ok when i just modifying
data of packets(like all T letters to Q letters)

But now i get some strange error:
packet1: TestMessage.
packet2: 2nd message

im using on first packet only next code(data is a pointer to char* from mbuf
containing strings):

TEST[0]='G';
TEST[1]='\0';
int res=m_append(*m,2,TEST);
m_fixhdr(*m);
printf("res cames from m_append:%d \n",res);
printf("new data string is %s \n",data);
iph->ip_len+=2;//modifying IP header length

Then recalculatin IP and TCP cheksums(correctly seems because network doesnt
drop packets)

And server got message:"Test Message.Qnd message" As well server reply with
ACK=25. So seems no new chars were added.
Seems like im overwriting 2nd packet. But why this happening?

Thank you :)

Yours, Qspirit.

PS sorry Max for double mail, forgot to add cc hackers.

2010/1/15 Max Laier <max@love2party.net>

> On Friday 15 January 2010 12:26:06 q q wrote:
> > I'm using pfil as packet filter for packet modifications.
> >
> > Is it possible to spawn new packets to network from pfil using mbuf?
>
> You can call into ip_output with a new mbuf to send a new packet.  See for
> example pf_send_tcp in contrib/pf/net/pf.c
>
> > Another question: im using m_append to change packet length and add
> >  data(its working, at least server got longer message) but when i
> wireshark
> >  clients packets(win machine) i see that i got acknoledge on older length
> >  not on new one. Am i missunderstanding something?
>
> Assuming you are talking about tcp packets (otherwise there wouldn't be an
> ack), you have to alter the tcp header, checksums, etc. as well.  Just
> adding
> data doesn't work.
>
> Regards,
> --
>   Max
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e78f41ed1001190625n1d98eb4dp8a6fd79830742383>