Hello everybody :)
While, a friend of mine and I, were playing with SOCK_RAW socket type
(family AF_INET) on both loopback and dummy interfaces we got a strange
behaviour.
This is the scenario:
raw0 is socket(AF_INET, SOCK_RAW, IPPROTO_RAW) used to build/inject the
packet.
raw1 is socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) used to read ICMP
packet.
We send a spoofed (i.e. IP_HDRINCL is on [well, this is the default w/
SOCK_RAW, however) ICMP packet through raw0 socket;
The relevant hdr's fields are:
In ip hdr src == 1.2.3.4
dst == 127.0.0.1
In icmp hdr type == 8 (ECHO)
code == 0
id == getpid()
no data.
We read through raw1 socket, getting ICMP packet by the kernel.
Running tcpdump on lo we see obviously
1.2.3.4 icmp > 127.0.0.1 echo request
no reply (right)
But when we read through raw1 (matching the right id) we get something
like this:
1) 1.2.3.4 icmp > 127.0.0.1 echo request (sent by us)
2) 127.0.0.1 icmp > 127.0.0.1 echo reply !!!! (processed by the kernel)
Now: should we get this stuff ?! I mean the line number 2.
Any advice ?
Now we try on dummy0 iface. iface's ipaddress 192.168.1.1
same scenario.
This time running tcpdump -i dummy0 -n we get both stuff:
1.2.3.4 icmp > 192.168.1.1 echo request
192.168.1.1 icmp > 192.168.1.1 echo reply
And we get the same through raw1 socket.
Is all this right and why ? :)
I don't looked at the sources yet.
I'm sorry, but I don't have too much time right now
(but I'll do it asap).
Thanx a lot to everybody :))
bye bye
-- gg sullivan
P.S.
Have a nice day/night !
Could you CC also to sullivan@sikurezza.org and lc529863@silab.dsi.unimi.it
any answer please ?
-- Lorenzo Cavallaro `Gigi Sullivan' <sullivan@sikurezza.org> -- ITALY- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:35 EST