I am trying to simulate a TCP handshake using raw sockets. For testing, i am using server and client on the same machine. My code that uses raw sockets is a passive server that listens for SYN and respondswith SYN/ACK. However, i am not able to get the ACK back from the client. I used tcpdump to read the traces which clearly shows my packet leaving the server. This is the trace:
13:49:35.389518 IP (tos 0x0, ttl 64, id 51534, offset 0, flags [DF], proto TCP (6), length 60)
localhost.3333 > localhost.9999: Flags [S], cksum 0xfe30 (incorrect -> 0xd31d), seq 914929523, win 43690, options [mss 65495,sackOK,TS val 588877032 ecr 0,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c c94e 4000 4006 736b 7f00 0001 7f00 .<.N#.#.sk......
0x0020: 0001 0d05 270f 3688 b773 0000 0000 a002 ....'.6..s......
0x0030: aaaa fe30 0000 0204 ffd7 0402 080a 2319 ...0..........#.
0x0040: 8ce8 0000 0000 0103 0307 ..........
13:49:35.389642 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
localhost.9999 > localhost.3333: Flags [S.], cksum 0xf9cb (incorrect -> 0x9b6d), seq 584475847, ack 914929524, win 43690, options [mss 65495,sackOK,TS val 588877032 ecr 588877032,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c 0000 4000 4006 3cba 7f00 0001 7f00 .<..#.#.<.......
0x0020: 0001 270f 0d05 22d6 64c7 3688 b774 a012 ..'...".d.6..t..
0x0030: aaaa f9cb 0000 0204 ffd7 0402 080a 2319 ..............#.
0x0040: 8ce8 2319 8ce8 0103 0307 ..#.......
13:49:36.646081 IP (tos 0x0, ttl 64, id 29569, offset 0, flags [DF], proto TCP (6), length 60)
localhost.3333 > localhost.9999: Flags [S], cksum 0xfe30 (incorrect -> 0x7c87), seq 1169489315, win 43690, options [mss 65495,sackOK,TS val 588877346 ecr 0,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c 7381 4000 4006 c938 7f00 0001 7f00 .<s.#.#..8......
0x0020: 0001 0d05 270f 45b4 fda3 0000 0000 a002 ....'.E.........
0x0030: aaaa fe30 0000 0204 ffd7 0402 080a 2319 ...0..........#.
0x0040: 8e22 0000 0000 0103 0307 ."........
13:49:37.645510 IP (tos 0x0, ttl 64, id 29570, offset 0, flags [DF], proto TCP (6), length 60)
localhost.3333 > localhost.9999: Flags [S], cksum 0xfe30 (incorrect -> 0x7b8d), seq 1169489315, win 43690, options [mss 65495,sackOK,TS val 588877596 ecr 0,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c 7382 4000 4006 c937 7f00 0001 7f00 .<s.#.#..7......
0x0020: 0001 0d05 270f 45b4 fda3 0000 0000 a002 ....'.E.........
0x0030: aaaa fe30 0000 0204 ffd7 0402 080a 2319 ...0..........#.
0x0040: 8f1c 0000 0000 0103 0307 ..........
I understood that one cannot simply read the SYN packet and so i used libpcap libraries to read the SYN packets. I used iptables to filter the RST from being sent for a SYN since i have no one listening on the server end(its a raw socket). When i tried to simulate the same with basic socket functions for TCP and captured it's trace it looks exactly identical to mine except that i don't get my ACK from client. I am not sure what the problem is. Been stuck with this for ages. i am posting the code for raw socket creation:
/**
p_ip - IP header of SYN packet |
p_tcp - TCP header of SYN packet |
s_seq - seq no of SYN packet
*/
void send_syn_ack(int s_seq, struct ipheader *p_ip, struct tcpheader *p_tcp, __u8 *p_tcpopt)
{
printf("seq is: %lu\n", ntohl(s_seq));
char buffer[PKT_LEN];
struct ipheader *ip = (struct ipheader *) buffer;
struct tcpheader *tcp = (struct tcpheader *) (buffer + sizeof(struct ipheader));
struct tcp_options *tcpoptions = (struct tcp_options *) (buffer + sizeof(struct tcpheader) + sizeof(struct ipheader));
int one = 1;
const int *val = &one;
struct sockaddr_in sin;
memset(&buffer, 0, sizeof(buffer));
ip -> iph_ihl = 5;
ip -> iph_ver = 4;
ip -> iph_tos = 0;
ip -> iph_len = htons(sizeof(struct ipheader) + sizeof(struct tcpheader) + 20);
ip -> iph_ident = 0;
ip -> iph_offset = 0x40;
ip -> iph_ttl = 64;
ip -> iph_protocol = 6;
ip -> iph_chksum = 0;
ip -> iph_sourceip = p_ip -> iph_sourceip;
ip -> iph_destip = p_ip -> iph_destip;
//ip -> ip_sum = in_cksum((unsigned short *)&ip, sizeof(ip));
tcp -> tcph_srcport = p_tcp -> tcph_destport;
tcp -> tcph_destport = p_tcp -> tcph_srcport;
tcp -> tcph_seqnum = htonl(584475847);
tcp -> tcph_acknum = htonl(ntohl(p_tcp -> tcph_seqnum) + 1);
tcp -> tcph_hlen = 10;
tcp -> tcph_syn = 1;
tcp -> tcph_ack = 1;
tcp -> tcph_win = htons(43690);
//tcp -> tcph_chksum = (in_cksum_tcp( ntohl(ip -> iph_sourceip), ntohl(ip -> iph_destip), (buffer), 40));
tcp -> tcph_chksum = 0;
tcp -> tcph_urgptr = 0;
//tcp.th_sum = in_cksum_tcp(ip.ip_src.s_addr, ip.ip_dst.s_addr, (unsigned short *)&tcp, sizeof(tcp))
//ip -> iph_chksum = (in_cksum(buffer, sizeof(struct ipheader)));
ip -> iph_chksum = htons(0xfe30);
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
sin.sin_port = (tcp -> tcph_srcport);
sin.sin_addr.s_addr = (ip -> iph_sourceip);
printf("Packet Information:\n");
printf("Source: %s.%u\nDestination: %s.%u\nPacket Length: %d \n", printIP(ip -> iph_sourceip), ntohs(tcp -> tcph_srcport), printIP(ip -> iph_destip), ntohs(tcp -> tcph_destport), ntohs(ip -> iph_len));
printf("Seq No: %lu \nAck No: %lu \n", ntohl(tcp -> tcph_seqnum), ntohl(tcp -> tcph_acknum));
struct tcp_options *tmpopts = readOptions(p_tcpopt);
memcpy(tcpoptions, tmpopts, 20);
//tcp -> tcph_chksum = in_cksum_tcp(ip -> iph_sourceip, ip -> iph_destip, buffer + 20, 40);
tcp -> tcph_chksum = htons(0xfe30);
if ((sd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) {
perror("raw socket");
exit(1);
}
if(setsockopt(sd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
{
perror("ERROR: setsockopt() can't be performed!");
exit(1);
}
else
printf(">> setsockopt() is OK\n");
int sent_length;
if ((sent_length = sendto(sd, buffer, 60, 0, (struct sockaddr *)&sin, sizeof(sin))) < 0) {
perror("sendto");
exit(1);
}
else
{
printf("Sent %d bytes\n", sent_length);
}
}
I have been stuck with this problem for ages. Can some figure out the problem i need to look at?
Update:
iptables rules:
Chain INPUT (policy DROP 27 packets, 864 bytes)
pkts bytes target prot opt in out source destination
813 48600 DROP tcp -- any any anywhere anywhere tcp dpt:9999
173K 17M fail2ban-ssh tcp -- any any anywhere anywhere multiport dports ssh
3536K 720M ufw-before-logging-input all -- any any anywhere anywhere
3536K 720M ufw-before-input all -- any any anywhere anywhere
2745K 468M ufw-after-input all -- any any anywhere anywhere
55829 2150K ufw-after-logging-input all -- any any anywhere anywhere
55829 2150K ufw-reject-input all -- any any anywhere anywhere
55829 2150K ufw-track-input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- any any anywhere anywhere
0 0 ufw-before-forward all -- any any anywhere anywhere
0 0 ufw-after-forward all -- any any anywhere anywhere
0 0 ufw-after-logging-forward all -- any any anywhere anywhere
0 0 ufw-reject-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- any any anywhere anywhere tcp spt:9999flags: RST/RST
833K 1132M ufw-before-logging-output all -- any any anywhere anywhere
833K 1132M ufw-before-output all -- any any anywhere anywhere
61973 3938K ufw-after-output all -- any any anywhere anywhere
61973 3938K ufw-after-logging-output all -- any any anywhere anywhere
61973 3938K ufw-reject-output all -- any any anywhere anywhere
61973 3938K ufw-track-output all -- any any anywhere anywhere
Normal Sockets connection established trace:
13:50:13.739038 IP (tos 0x0, ttl 64, id 53527, offset 0, flags [DF], proto TCP (6), length 60)
localhost.3333 > localhost.4040: Flags [S], cksum 0xfe30 (incorrect -> 0x23fb), seq 732324684, win 43690, options [mss 65495,sackOK,TS val 588886619 ecr 0,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c d117 4000 4006 6ba2 7f00 0001 7f00 .<..#.#.k.......
0x0020: 0001 0d05 0fc8 2ba6 634c 0000 0000 a002 ......+.cL......
0x0030: aaaa fe30 0000 0204 ffd7 0402 080a 2319 ...0..........#.
0x0040: b25b 0000 0000 0103 0307 .[........
13:50:13.739050 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
localhost.4040 > localhost.3333: Flags [S.], cksum 0xfe30 (incorrect -> 0x1502), seq 2134096447, ack 732324685, win 43690, options [mss 65495,sackOK,TS val 588886619 ecr 588886619,nop,wscale 7], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c 0000 4000 4006 3cba 7f00 0001 7f00 .<..#.#.<.......
0x0020: 0001 0fc8 0d05 7f33 ba3f 2ba6 634d a012 .......3.?+.cM..
0x0030: aaaa fe30 0000 0204 ffd7 0402 080a 2319 ...0..........#.
0x0040: b25b 2319 b25b 0103 0307 .[#..[....
13:50:13.739064 IP (tos 0x0, ttl 64, id 53528, offset 0, flags [DF], proto TCP (6), length 52)
localhost.3333 > localhost.4040: Flags [.], cksum 0xfe28 (incorrect -> 0xe746), seq 1, ack 1, win 342, options [nop,nop,TS val 588886619 ecr 588886619], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 0034 d118 4000 4006 6ba9 7f00 0001 7f00 .4..#.#.k.......
0x0020: 0001 0d05 0fc8 2ba6 634d 7f33 ba40 8010 ......+.cM.3.#..
0x0030: 0156 fe28 0000 0101 080a 2319 b25b 2319 .V.(......#..[#.
0x0040: b25b .[
13:50:13.739084 IP (tos 0x0, ttl 64, id 53529, offset 0, flags [DF], proto TCP (6), length 58)
localhost.3333 > localhost.4040: Flags [P.], cksum 0xfe2e (incorrect -> 0xe76c), seq 1:7, ack 1, win 342, options [nop,nop,TS val 588886619 ecr 588886619], length 6
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003a d119 4000 4006 6ba2 7f00 0001 7f00 .:..#.#.k.......
0x0020: 0001 0d05 0fc8 2ba6 634d 7f33 ba40 8018 ......+.cM.3.#..
0x0030: 0156 fe2e 0000 0101 080a 2319 b25b 2319 .V........#..[#.
0x0040: b25b 4090 b5bc 097f .[#.....
13:50:13.739089 IP (tos 0x0, ttl 64, id 2075, offset 0, flags [DF], proto TCP (6), length 52)
localhost.4040 > localhost.3333: Flags [.], cksum 0xfe28 (incorrect -> 0xe740), seq 1, ack 7, win 342, options [nop,nop,TS val 588886619 ecr 588886619], length 0
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 0034 081b 4000 4006 34a7 7f00 0001 7f00 .4..#.#.4.......
0x0020: 0001 0fc8 0d05 7f33 ba40 2ba6 6353 8010 .......3.#+.cS..
0x0030: 0156 fe28 0000 0101 080a 2319 b25b 2319 .V.(......#..[#.
0x0040: b25b .[
Did you try to filter the packets using iptables that you are interested in? I mean, I am not sure about this problem you are having so, maybe as a hint you could use iptables to filter the packets that has the SYN flag on it and see with the counters that the packets are dropped or not.
Since you are using the Server and Client in the same computer, the packets won't go out to your NIC, but however, the packet gonna be send to the virtual loopback interface (you can find on Google "loopback iptables").
This is not how to solve the problem but, maybe it could be useful to get some hints about how to fix it. I've never used raw socket, so all I can help is with this stuff. Another point is that the port number you are trying to connect must be set to accept new connections, that means, must be "binded".
Wish you good luck.
I'm trying to guess based on the data you posted:
First, the checksum is incorrect. If you are relying on NIC calculating the checksum, it won't do it for messages going to localhost.
Second, can you show all iptables rules you are using? If you use libpcap, you should use a rule that drops TCP messages to port 9999.
Third, if the client is using AF_INET stream sockets ("normal" sockets), add the following rule:
iptables -A INPUT -p tcp --dport 9999 -j DROP
And remove the other DROP rules.
I am looking at some examples in the 1750A format webpage and some of the examples do not really make sense. I have included the 1750A format specification at the bottom of this post in case anyone isn't familiar with it.
Take this example from Table 3 of the 1750A format webpage:
.625x2^4 = 5000 00 04
In binary 5000 00 04 is 0101 0000 0000 0000 0000 0000 0000 0100
If you convert this to decimal, it does not equal 10, which is .625x2^4. Maybe I am converting it incorrectly.
Take the mantissa, 101 0000 0000 0000 0000 0000 and subtract 1 giving 100 1111 1111 1111 1111 1111. Then flip the bits, giving 011 0000 0000 0000 0000 0000. Move the decimal 4 places (since our exponent, 0100 is 4), giving us 0110.0000 0000 0000 0000 000. This equals 6.0, which is not .625x2^4.
I believe the actual value, should be 0011 0000 0000 0000 0000 0000 0000 01000 or 30000004 in hex.
Can anyone else confirm my suspicions that this value is labeled incorrectly in Table 3 of the 1750A format page above?
Thank you
As explained previously, the sign+mantissa is interpreted as a 2's-complement value between -1 and +1.
In your case, it's 0.101000000... (base-2). Which is 1/2 + 1/8 = 0.625 (base-10).
It all makes perfect sense.
Here:
0101 0000 0000 0000 0000 0000 0000 0100
you've got:
(0*20 + 1*2-1 + 0*2-2 + 1*2-3 + 0*2-4 + ... + 0*2-23) * 24 = (0.5 + 0.125) * 16 = 0.625 * 16 = 10
Just do the math.
114 void fillDoubly(int square[20][20], int n){
115
116 int i, j, k=0, l=0, counter=0, test[400]={0}, diff=n/4-1;
117
118 for(i=0;i<n;i++) //first nested for loops for part 1)
119 for(j=0;j<n;j++){
120 counter++;
121 if( i=j || j=(n-1-i) ){
122 {
123 square[i][j] = counter;
124 test[counter-1] = 1;
125 }
126 }
127 }
128
129 for(i=n-1;i>=0;i--) // for part 2)
130 for(j=n-1;j>=0;j--){
131 if(square[i][j]==0){
132 while(test[k]!=0){
133 k++;
134 }
135 test[k]=1;
136 square[i][j]=k+1;
137 }
138 }
139 }
So basically, I have to generate magic square's of order 4
i.e. the rows and columns are divisible by 4.
I was provided the algorithm which is
to traverse the array and fill in the diagonal subsets
to traverse the array backwards and fill in the rest
I've done the 4x4 array with the above code and this extends to 8x8,12x12 etc.
but I'm stuck at part 1) which is to fill in the diagonal subsets(e.g. split 8x8 into 4x4 and take that diagonal instead)...I'm not sure how to do that, only managed to fill in the diagonal itself
if( i=j || j=(n-1-i) ){
tldr, The above is the condition I use to know if it's diagonal, any suggestions how I can change the condition to know if it's the diagonal subset not diagonal?
Thanks
From what I understand from the tutorial you linked you wish to split your matrix into 16 equal submatrices, and fill take the diagonals accross these submatrices. Hence for a 8x8 matrix you want to achive:
| 0 | 1 | 2 | 3 | _
0001 0002 0000 0000 0000 0000 0007 0008 0
0009 0010 0000 0000 0000 0000 0015 0016 _
0000 0000 0019 0020 0021 0022 0000 0000 1
0000 0000 0027 0028 0029 0030 0000 0000 _
0000 0000 0035 0036 0037 0038 0000 0000 2
0000 0000 0043 0044 0045 0046 0000 0000 _
0049 0050 0000 0000 0000 0000 0055 0056 3
0057 0058 0000 0000 0000 0000 0063 0064 _
Here the submatrices are 2x2, if the matrix were 12x12, it would be subdivided into 16 submatrixes of 3x3.
If you use these submatrices as indexes with which to find the diagonal (i.e. i==j) you can use the expression:
if( (i/w)==(j/w) || (j/w)==(3-(i/w)))
Where w = n/4, which is the order of your square submatrix (for 8x8, this is 2). So i/w will state in which submatrix (0 to 3) the current matrix index i resides.
I am trying to play around with openssl base64 decoding
I have tried to do the base64 decoding using this small example code here:
// reads b64 encoded msg (pReadBuffer) and writes to pWriiteFile.
void decode(char *pReadBuffer, int pLength, char *pWriteFile)
{
char *msg = (char *)malloc(pLength);
memset(msg, 0x00, pLength);
int readbytes = -1;
printf("buffer write file %s\n", pWriteFile);
// the decode msg is written to this bio
BIO *fileWrBIO = BIO_new_file(pWriteFile, "w");
BIO *b64 = BIO_new(BIO_f_base64());
//BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
BIO *bio = BIO_new_mem_buf(pReadBuffer, pLength);
bio = BIO_push(b64, bio);
BIO_set_flags(bio,BIO_FLAGS_BASE64_NO_NL);
while ((readbytes = BIO_read(bio, msg, pLength)) > 0)
{
printf("readbytes: %d\n", readbytes);
BIO_write(fileWrBIO, msg, readbytes);
BIO_flush(fileWrBIO);
memset(msg, 0x00, sizeof(msg));
}
free(msg);
BIO_free_all(bio);
BIO_free_all(fileWrBIO);
}
Here is the hexdump of my decoded file:
0000000 6854 2065 7571 6369 206b 7262 776f 206e
0000010 6f66 2078 756a 706d 6465 6f20 6576 2072
0000020 6874 2065 6f64 2767 2073 6162 6b63 **0000**
0000030 6877 6c69 2065 6874 2065 6f64 2067 6f6c
0000040 6b6f 6465 6120 2074 6874 2065 6f66 2078
0000050 6562 6968 646e 6920 0074 6877 6c69 2065
0000060 6874 2065 6f64 2067 6f6c 6b6f 6465 6120
0000070 2074 6874 2065 6f66 2078 6562 6968 646e
0000080 6920 0074
0000083
Now if I do a base64 decode of the input file using openssl command:
openssl dgst -sha1 -binary file_in | hexdump
0000000 6854 2065 7571 6369 206b 7262 776f 206e
0000010 6f66 2078 756a 706d 6465 6f20 6576 2072
0000020 6874 2065 6f64 2767 2073 6162 6b63 6877
0000030 6c69 2065 6874 2065 6f64 2067 6f6c 6b6f
0000040 6465 6120 2074 6874 2065 6f66 2078 6562
0000050 6968 646e 6920 7774 6968 656c 7420 6568
0000060 6420 676f 6c20 6f6f 656b 2064 7461 7420
0000070 6568 6620 786f 6220 6865 6e69 2064 7469
0000080
As you can see there is an addition of 0000 (highlighted with **). How can I get rid of this in my code? Why do I see this?