Hi there,
While experimenting with libnetng on mac os x, I found several issues
regarding the system. However, for some of them, I cant say if it
comes from a stupid bug I made or from the kernel/libc.
* getnameinfo()
why does it always fails ???
* sending RAW packets
I spent almost all yesterday's afternoon to find that one!
If the "total len" field contained in the IP header is not correct,
the sendto() function returns an error.
normal : ./ip4 -m raw4 -s 1.2.3.4 -d 5.6.7.8
Wrote 28 bytes IP packet; check the wire.
buggy len : ./ip4 -m raw4 -s 1.2.3.4 -d 5.6.7.8
Write error: libnet_raw_write_bytes(): -1/28 bytes
written (Invalid argument)
The "bug" is hard coded just before writting the packet.
--- libnet_build_ip.c 2004-08-19 11:43:15.000000000 +0200
+++ libnet_build_ip_bugged.c 2004-08-19 11:41:35.000000000 +0200
@@ -125,7 +125,7 @@
htons(libnet_packet_current_size(pkt, pbuf)));
*/
- ip_hdr->ip_len = htons(libnet_packet_current_size(pkt, pbuf));
+ ip_hdr->ip_len = htons(libnet_packet_current_size(pkt, pbuf))+1;
UPDATE_PBUF_CHECKSUM(l, pbuf, (ip_hdr->ip_hl)*4, IPPROTO_IP);
Under Linux for instance, you can put whatever value you wish, it is
overwritten by the kernel.
* MAC spoofing
We already had troubles with that under Mac OS X, but finally we got
it working. Currently (I mean in ng), it is no more working :-( I did
not test with the stable 1.1 API.
* Ether leak (low security but fun)
Some years ago, a bug was found in many etherenet drivers. It appears
they did not clean the memory when padding ethernet packet. Hence, you
you retrieve piece of kernel memory in any packet. It seems still
possible on my iBookG4. For instance, I found a begining of an html
document (<!docty...). AFAIK, it should be 0 padded.
So, if there is a Mac guru araound, or someone who knows such a guy,
who can answer to my question that would be very nice :)
Fred Raynal
