Hi, im trying to lern about raw sockets with my debian and c++. Tried to make a icmp and tcp packet and send it with sendto. Checked on wireshark and recognized that kernel changed my headers. So searched about stopping the kernel change the header and tried it with setsockopt, like said in at this mixter,void,ru/rawip,html tutorial, that didnt helped.
Is there any way to send a raw socket without letting the kernel overwrite the headers on the 3 layer and upper? Or do you need knowledges in kernel programming for this?
If you're using raw sockets, theoretically you should be able to send things unaltered... Since my crystal ball is still out-of-order you'll have to post your code for us to see what's going wrong with it.
Right, the kernel didn't change anything. It was a pointer mistake. This line from the tutorial didn't work:
struct tcphdr *tcph = (struct tcphdr *) datagram + sizeof(struct ip);
and it worked with :
struct tcphdr *tcph = (struct tcphdr *) (datagram + sizeof(struct ip));
Don't really get why, looks equal to me:wall:
This is pointer arithmetic, which always adds in multiples of the base type. So "ptr + 3" amounts to "position_in_bytes + sizeof(type_of_pointer)*3"
So it's the difference between adding "sizeof(struct ip)*sizeof(whatever_type_datagram_iis)" bytes and adding "sizeof(struct ip)*sizeof(struct tcphdr)" bytes.
1 Like
Thats why my tcpheader started at position 400 in the packet, instead of position 20 :D. Thanks
1 Like