tcpdump mailing list archives
Re: Sending a packet to localhost?
From: ronnie sahlberg <ronniesahlberg () gmail com>
Date: Tue, 24 Feb 2009 08:30:52 +1100
On Tue, Feb 24, 2009 at 8:17 AM, Oliver Zheng < mailinglists+tcpdump () oliverzheng com<mailinglists%2Btcpdump () oliverzheng com>
wrote:
Thanks for the response Aaron. On Mon, Feb 23, 2009 at 11:34 AM, Aaron Turner <synfinatic () gmail com> wrote:In my experience, sending packets on eth0 causes the packet to bypass the TCP/IP stack and be sent out sight unseen. Hence, you won't be able to inject packets into a TCP stream with the target of the local host.Well that kind of sucks. =( It seems weird that an outgoing packet like this could be filtered by the kernel. What criteria does a packet like this fit for it to be filtered out? (e.g. it doesn't match a TCP connection, but obviously it does in this case.) The only thing I can think of is that the kernel uses a different incoming adapter (really low level?) than libpcap, which sounds wrong since libpcap should be operating at the lowest possible layer, right?
Do you want to send the packet to lo specifically or do you want to inject/send it to a socket endpoint attached locally? I.e. to a local ip address, be it attached to eth0 or elsewhere? You can do that using a raw socket. Well, I do that with no problem. This code is from ctdb ( http://samba.ctdb.org common/system_linux.c ) and does just that. (this is part of the ctdb "tickle-ack" and "tcp socketkiller" which ctdb uses to make sure that failover and session recoveries are as fast as possible. It does this by injecting/spoofing carefully crafted TCP packets and sending them to the locally established socket.) /* open a raw socket to send this segment from */ s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW)); if (s == -1) { DEBUG(DEBUG_CRIT,(__location__ " failed to open raw socket (%s)\n", strerror(errno))); return -1; } ret = setsockopt(s, SOL_IP, IP_HDRINCL, &one, sizeof(one)); if (ret != 0) { DEBUG(DEBUG_CRIT,(__location__ " failed to setup IP headers (%s)\n", strerror(errno))); close(s); return -1; } set_nonblocking(s); set_close_on_exec(s); ret = sendto(s, &ip4pkt, sizeof(ip4pkt), 0, &dest->ip, sizeof(dest->ip)); close(s); - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Sending a packet to localhost? Oliver Zheng (Feb 22)
- Re: Sending a packet to localhost? Tyler Littlefield (Feb 22)
- Re: Sending a packet to localhost? Oliver Zheng (Feb 23)
- Re: Sending a packet to localhost? Aaron Turner (Feb 23)
- Re: Sending a packet to localhost? Oliver Zheng (Feb 23)
- Re: Sending a packet to localhost? Aaron Turner (Feb 23)
- Re: Sending a packet to localhost? Guy Harris (Feb 23)
- Re: Sending a packet to localhost? Aaron Turner (Feb 23)
- Re: Sending a packet to localhost? Oliver Zheng (Feb 23)
- Re: Sending a packet to localhost? ronnie sahlberg (Feb 23)
- Re: Sending a packet to localhost? Oliver Zheng (Feb 23)
- Re: Sending a packet to localhost? Guy Harris (Feb 23)
- Re: Sending a packet to localhost? Tyler Littlefield (Feb 22)