Re: Error in send, while using IP_HDRINCL

---

• From: "sudesh Sawant" <sudesh Sawant@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 12 Aug 2005 17:57:02 -0700

---

We are facing problems in sending and receiving
data on raw socket. We can't receive data through raw sockets on win 2k
Advanced Servermachine's (We found it documented on MS site.
http://support.microsoft.com/?kbid=890856 We could not obtain a update for
it.). We also can't send data through raw socket with header included option
'on' on win xp machines having service pack2.
Weird problem is, we can send data through raw sockets with header included
option
'on' on win xp machines having service pack 1, but we can't receive data
through raw sockets.
Also sending data through raw sockets with header included option 'on' is
possible on win 2k machines. We are able to send data if header included
option is switched 'off' on win xp sp2 machines. But it adds an extra ip+udp
header. Need to find other socket options to be set
along with header included option.

Actually we want to spoof address for purpose of developing simulators. We
want to keep the implementation simple. hence we are making use of raw socket

Which OS do we try on?

How much problems do we run into? It is good that microsoft tries to make
the lifes of hacker miserable, but a hacker anyways would not use a raw
socket when he can try more exploits with other stuff. Just this makes our
lives worst!!

We now have to use winpcap may be?

Could anybody give a definitive answer on this? Which OS should we work on?

- Sudesh Sawant


"Arkady Frenkel" wrote:

> In such case report that bug to MSFT , due to
> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#EIAA
> that sould work if you are correctly done all
> Arkady
>
> "Rajat" <Rajat@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:00D8521B-A4ED-40D3-908F-911CC03B4186@xxxxxxxxxxxxxxxx
> > No but I have checked this thing, the source IP in packet is same as the
> > host
> > IP. But its not working for XP machines having SP 2 installed, but for SP
> > 1,
> > its working fine.
> >
> > "Arkady Frenkel" wrote:
> >
> >> That forbidden for TCP , for UDP that forbidden only if source IP not
> >> equal
> >> to host IP.
> >> Arkady
> >>
> >> "Rajat" <Rajat@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:EFCC3810-D6FB-49D0-998C-2881F35BE872@xxxxxxxxxxxxxxxx
> >> >
> >> > But I have heard that, RAW socket "send" functionality is forbidden in
> >> > Service Pack 2, due to avoide DOS attack.
> >> >
> >> > "Arkady Frenkel" wrote:
> >> >
> >> >> Due to MSDN :
> >> >> WSAEINTR
> >> >> 10004
> >> >> Interrupted function call.
> >> >> A blocking operation was interrupted by a call to
> >> >> WSACancelBlockingCall
> >> >>
> >> >>
> >> >> Arkady
> >> >>
> >> >> "Rajat" <Rajat@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> news:0F628081-26F4-4976-AD0D-08089CA67326@xxxxxxxxxxxxxxxx
> >> >> > Hi all,
> >> >> >
> >> >> > I am using IP_HDRINCL option to bypass network and trnasport layer
> >> >> > headrs,
> >> >> > and use my own, using
> >> >> >
> >> >> > RAW udp socket. Here is the code for that,
> >> >> >
> >> >> > /* Create datagram UDP socket. */
> >> >> > udp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
> >> >> >
> >> >> > int optval = 1; /* Flag value to be set. */
> >> >> >
> >> >> > err_code = setsockopt(udp_socket,
> >> >> > IPPROTO_IP,
> >> >> > IP_HDRINCL,
> >> >> > (const char FAR *)&optval,
> >> >> > sizeof(int));
> >> >> >
> >> >> > Then after perpending UDP and IP headers, while sending as,
> >> >> >
> >> >> > /* Send the probe packet to the destination. */
> >> >> > bytes_sent = sendto(udp_socket,
> >> >> > (const char*)probe_pkt_buff,
> >> >> > 28 + packet_size,
> >> >> > 0,
> >> >> > (SOCKADDR*)&dest_addr,
> >> >> > sizeof(SOCKADDR_IN));
> >> >> >
> >> >> > I am getting error code : 10004.
> >> >> >
> >> >> > Could anybody point out on this situation. Any comment would be
> >> >> > appriciated.
> >> >> >
> >> >> > Regards,
> >> >> > Rajat.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
.

---

• Follow-Ups:
  • Re: Error in send, while using IP_HDRINCL
    • From: Arkady Frenkel

• Prev by Date: Re: How can I tell when a remote TCP connection is closed?
• Next by Date: Re: How can I tell when a remote TCP connection is closed?
• Previous by thread: Reading data from a network stream
• Next by thread: Re: Error in send, while using IP_HDRINCL
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Error in send, while using IP_HDRINCL ... We can't receive data through raw sockets on win 2k ... We also can't send data through raw socket with header included ... > 'on' on win xp machines having service pack 1, ... >> that sould work if you are correctly done all ... (microsoft.public.win32.programmer.networks) Re: XP SP2 raw tcp ... > get filtered (if they are RAW IP with TCP set as protocol in IP HEADER)? ... all raw sockets get filtered if TCP is set as the ... (microsoft.public.win32.programmer.networks) Re: raw sockets: question about sending IP + UDP header ... > the UDP datagram through a raw socket client to a UDP socket server. ... > to test if my IP header and IP checksum is correct plus of course my UDP ... There's a chapter on Raw Sockets in Unix Network Programming, ... (comp.unix.programmer) Re: Changing TTL of incoming packets? ... Arkady ... > Just play with raw sockets and change TTL field in IP header, ... > RFC791 where it is but be aware that dummy header have to be changed too, ... (microsoft.public.win32.programmer.networks) Re: broadcast with unbound adapter ... That only to check what are parameters send on higher layer (DHCP client) ... Arkady Frenkel a écrit: ... I get this using a classical UDP socket, ... you mentioned about the application not only applies to RAW Sockets, ... (microsoft.public.win32.programmer.networks)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)