- This topic has 8 replies, 2 voices, and was last updated 19 years, 4 months ago by
.
-
Posts
-
Can anyone help me on how to do IP Checksum?
Based on the TCPChecksum code posted in this forum, I did the following, Is this code correct?
VOID RecalculateIPChecksum (PINTERMEDIATE_BUFFER pPacket )
{
unsigned short word16, padd = 0;
unsigned int i, sum = 0;
PUCHAR buff;
DWORD dwIpLen;
iphdr_ptr pIpHeader = (iphdr_ptr)&pPacket->m_IBuffer[sizeof(ether_header)];
dwIpLen = ntohs(pIpHeader->ip_hl);
if ( (dwIpLen/2)*2 != dwIpLen )
{
padd=1;
pPacket->m_IBuffer[dwIpLen + sizeof(ether_header)] = 0;
}
buff = (PUCHAR)pIpHeader;
pIpHeader->ip_sum = 0;
for (i=0; i< dwIpLen+padd; i=i+2){
word16 =((buff<<8)&0xFF00)+(buff[i+1]&0xFF);
sum = sum + (unsigned long)word16;
}
sum = sum + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_src.S_un.S_un_w.s_w2);
sum = sum + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w1) + ntohs(pIpHeader->ip_dst.S_un.S_un_w.s_w2);
sum = sum + (unsigned short)dwIpLen;
while (sum>>16)
sum = (sum & 0xFFFF)+(sum >> 16);
sum = ~sum;
pIpHeader->ip_sum = ntohs((unsigned short)sum);
}Personally I use this one
//
// Function recalculates IP checksum
//
VOID
RecalculateIPChecksum (
iphdr_ptr pIpHeader
)
{
unsigned short word16;
unsigned int sum = 0;
unsigned int i = 0;
PUCHAR buff;// Initialize checksum to zero
pIpHeader->ip_sum = 0;
buff = (PUCHAR)pIpHeader;// Calculate IP header checksum
for (i = 0; i < pIpHeader->ip_hl*sizeof(DWORD); i=i+2)
{
word16 = ((buff<<8)&0xFF00)+(buff[i+1]&0xFF);
sum = sum+word16;
}// keep only the last 16 bits of the 32 bit calculated sum and add the carries
while (sum>>16)
sum = (sum & 0xFFFF)+(sum >> 16);// Take the one’s complement of sum
sum = ~sum;pIpHeader->ip_sum = htons((unsigned short) sum);
}hi SerpentFly,
Can you help me??
I am trying to create the new packet based on the original (old) packet.
I am sending the new packet instead of old packet. The packet is now modified and received other side also. Now the problem is the system is sending old packets continuesly. I mean its in the loop. Can you please suggest me some thing?The following is the part of the code.
bool bModified = false;
INTERMEDIATE_BUFFER pNewPacket;
ZeroMemory(&pNewPacket,sizeof(INTERMEDIATE_BUFFER));
pNewPacket.m_IBuffer[0] = 0;
if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)
{
// Create a new packet
CreateNewPacket(&PacketBuffer, &pNewPacket, bModified);
}
if(bModified)//if its modified
{
RecalculateIPChecksum(&pNewPacket);
RecalculateTCPChecksum(&pNewPacket);
PrintPacket(&pNewPacket);
ETH_REQUEST newRequest;
ZeroMemory ( &newRequest, sizeof(ETH_REQUEST) );
newRequest.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
newRequest.EthPacket.Buffer = &pNewPacket;
if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)
{
api.SendPacketToAdapter(&newRequest);
}
else
{
api.SendPacketToMstcp(&newRequest);
}
}
else
{
PrintPacket(&PacketBuffer);
if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND)
{
api.SendPacketToAdapter(&Request);
}
else
{
api.SendPacketToMstcp(&Request);
}
}Probably you modify TCP packet and do this wrong. Destination system drops your packet and don’t send ACK for it, thats why your local stack sends packet again after some timeout.
I am not touching the ACK/SYN at all, I am modifying the ip_len and the payload only. that too, if the packet has payload then only i am modifying the packet.
Is there any way I can drop the old packet? How can I remove it from the local stack?
thank you.
Hi SerpentFly,
I found that the repetition starts after the final ack has been sent. I don’t know why its happening. for your reference, I am posting the log file here.
In the log, System-1 is the system where I am modifying the packet. and as I mentioned earlier, I am modifying only the packets with payload.System-1 –>System-2
ip_len=40
Seq:19027, ack:28986
Type = FIN ACK
Identification:14987System-2 –>System-1
ip_len=40
Seq:28986, ack:19027
Type = ACK
Identification:61538System-2 –>System-1
ip_len=40
Seq:28986, ack:19027
Type = FIN ACK
Identification:61539System-1 –>System-2
ip_len=40
Seq:19027, ack:28986
Type = ACK
Identification:14988Repetition Starts here….
System-1 –>System-2
ip_len=40
Seq:19027, ack:28986
Type = ACK
Identification:14989System-2 –>System-1
ip_len=40
Seq:28986, ack:19027
Type = ACK
Identification:61540System-1 –>System-2
ip_len=40
Seq:19027, ack:28986
Type = ACK
Identification:14990System-2 –>System-1
ip_len=40
Seq:28986, ack:19027
Type = ACK
Identification:61541
….
….I am not touching the ACK/SYN at all, I am modifying the ip_len and the payload only. that too, if the packet has payload then only i am modifying the packet.
If you change length of the TCP packet then you should modify SYN/ACK fields.
Is there any way I can drop the old packet? How can I remove it from the local stack?
Actually you already drop the original packet, but system generates it again and again (because your invalid packet is droped by remote system).
hi SerpentFly,
Will it work if change SYN/ACK only for the packet that I am modifying? If I change how the system will recognise?I have tried this too, Its not reaching the recipient.
I have also tried to change all the SYN/ACK but still doesn’t work.I will email you my code. Can you tell me where I am doing wrong?
THank you.
- You must be logged in to reply to this topic.