Keep sending malformed TCP header using bsd/socket api in C

373 views Asked by At

long story short I'm currently experimenting with BSD/Socket C API.

I want to try to emulate a full TCP Handshake. The first thing that I have to do is send the first SYN packet to the host, in my case the router (192.168.1.1).

Here is the snippet of the code that generates the SYN packet.

https://paste.ubuntu.com/23758682/

Here is what I'm getting from wireshark when I'm running this program as

sudo ./sendsyn -h 192.168.1.1 -p 80 -i enp5s0

http://prnt.sc/dsnmgq

The code is compiled on linux x86, 64 bit with GCC

$ gcc --version
gcc (GCC) 6.2.1 20160830

I want the code to be compliant just for the x86 platform and run only on Linux. I don't care about portability that much.

Also, I'm using in gcc this flags.

gcc  -DDEBUG_MODE  -std=gnu11 -fno-strict-aliasing 
-Wall -Wextra -pedantic -Wshadow -Wpointer-arith 
-Wcast-align -Wmissing-prototypes -Wmissing-declarations 
-Winline -Wuninitialized -Wstrict-prototypes 
-Werror -Wno-variadic-macros

So be aware that when compiling I'm turning off the -fno-strict-aliasing rules.

The problems

Why the tcp header dosen't show as tcp header in wireshark?

Previously I tried sending the packet as a struct like

typedef struct packet_t {
  struct iphdr iph;
  struct tcphdr tcph;
}__attribute__((packed)) packet_t;

And now in the code I first create a uint8_t datagram and after I've filled all the information in my IP Header and TCP Header I memcpy into the datagram and then after send them over the wire.

Why the ip header flags are not set to 0x4000(don't fragment) ?

Can anyone provide a solution to my problem in a snippet along with some good explanations?

1

There are 1 answers

0
hoenir On BEST ANSWER

I found a solution to my problem.

iph.frag_off = 0x4000;

this line should be

iph.frag_off = htons(0x4000);

Because 0x4000 is 16 bit wide and all values that needs more than 8 bits to be stoder should always be transformed into network byte order(big endian).

Now this is working, see wireshark tcp syn