C++

Forum

 
Problem with IP source Spoofing with Raw Socket

Paganela (2)
Hi all,

I'm trying to create packets with modified source and destination IP and ports. Well, I'm using a raw socket from <sys/socket.h> to do this. I create, everything is fine, but when I send the packet, I see with the wireshark that the source IP is not the spoofed one, but the real one.. It means that, before to send the packet, someone in the kernel is doing this change. Someone know what is doing this and how can I deactivate this?
My distribution is the Debian Sid.
The code developed is below (obvious I run as root):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
unsigned int RedirectPacketSystem::sendUdpPacket() {
	Packet *packet = InterfaceFeatures::getPacket();
	char *newPacket = (char*)malloc(sizeof(char)*packet->getPktSize());
	memcpy(newPacket, packet->getPkt(), packet->getPktSize());
	struct iphdr *ipHeader = (struct iphdr*)newPacket;
	struct udphdr *udpHeader = (struct udphdr*)(newPacket + packet->getIpv4Packet()->getIpHeaderSize());
	ipHeader->daddr = inet_addr("200.200.200.200");
	ipHeader->saddr = inet_addr("201.201.201.201");
	std::cout << ipHeader->saddr << "\n";
	udpHeader->dest = htons(200);
	udpHeader->source = htons(201);
	struct sockaddr_in sin;
	sin.sin_family = AF_INET;
	sin.sin_port = htons(200);
	sin.sin_addr.s_addr = inet_addr("200.200.200.200");
	ipHeader->check = 0x00; //calculate automatically by IP_HDRINCL option
	udpHeader->check = 0x00; //don't care
	int sd = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);
	if(sd < 0) {
		perror("Feature Redirection socket() error");
		exit(-1);
	}
	const int on = 1;
	if(setsockopt(sd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)) < 0) {
		perror("Feature Redirection setsockopt() error");
		exit(-1);
	}
	if(sendto(sd, newPacket, packet->getPktSize(), 0, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
		perror("Feature Redirection sendto() error");
		exit(-1);
	}
	close(sd);
	free(newPacket);
	return(NF_ACCEPT);
}


Thanks in advance
Pedro Paganela
elega (22)
My best guess is that you can't unless you write a kernel module and use dev_queue_xmit().
Paganela (2)
Hi, well I'm not sure, since that the objective of socket raw is to be able to change the fields inside IP header without to create a new module in the kernel.
A detailed explanation of my problem (without solution until now) is posted in:
http://www.linuxforums.org/forum/linux-networking/166941-kernel-doesnt-allow-change-source-ip.html

Thanks of the attention
Pedro Paganela
RedX (156)
Maybe that's a 'feature'? Preventing people from spoofing their source adress?
Topic archived. No new replies allowed.