[Winpcap-users] About TCP/UDP/ICMP checksum
ZhiyuHe
sanhex at gmail.com
Wed Jun 15 13:48:46 GMT 2005
David,Thanks very much for your code,it made me understand how to
handle the TCP/UDP psuedo header.
I tried to modify "int check_tcp_sum(struct sniff_ipv4_hdr *ip, struct
sniff_tcp_hdr *tcp, int len)" to "int tcp_udp_cksum(ip_header
*iph,u_char *tcp_udp_h,u_int len)",and deleted "if (len < 20)
return(-1);",then the code could handle both TCP and UDP checksum.If I
have made a declaration,could I put this code to my program?
James Garrison,mcd,I appreciate the help you have offered me,thank you
for your explanations!
On 6/14/05, David Chang <dchang at fsautomation.com> wrote:
> Here's some code that works. It can be simplified by just sending the
> pointer to the IP packet (because that implies the TCP packet). Also, I
> hand calculate the 2-byte integers (using shifts) to avoid endian issues
> (even though that doesn't really matter).
>
> /*
> ** This routine checks a TCP checksum given the starting address of the
> ** TCP header and the length of data to sum. It also needs a pseudo header
> ** which is gotten mostly from the IP header.
> **
> ** The algorithm is from RFC 1071 (Computing the Internet Checksum).
> **
> ** NOTE: There are lots of NICs that can compute the checksum on chip.
> ** Thus, if libpcap is loaded on a machine that is sending/receiving
> ** packets itself, the checksum will validate correctly going in one
> ** direction, but not the other (inbound good, outbound bad). That's
> ** because it can sniff the packet contents BEFORE it makes it to the
> ** wire, and before the hardware can compute the checksum. The only
> ** way to guarantee a proper checksum is to sniff packets that have
> ** already made it to the wire (e.g. a mirror port on a switch).
> */
>
> int check_tcp_sum(struct sniff_ipv4_hdr *ip, struct sniff_tcp_hdr *tcp, int
> len)
> {
> unsigned long sum;
> u_char *addr, *p;
>
> /* TCP headers are at least 20 bytes long */
>
> if (len < 20)
> return(-1);
>
> /* Initialize */
>
> sum = 0;
>
> /* Sum pseudo tcp header */
>
> p = (u_char *) &(ip->ip_src);
> sum += ((*p << 8) + *(p+1));
> sum += ((*(p+2) << 8) + *(p+3));
>
> p = (u_char *) &(ip->ip_dst);
> sum += ((*p << 8) + *(p+1));
> sum += ((*(p+2) << 8) + *(p+3));
>
> sum += (0 + ip->ip_p);
>
> sum += len;
>
> /* Sum real tcp header and payload */
>
> addr = (u_char *) tcp;
>
> while (len > 1)
> {
> sum += ((*addr << 8) + *(addr+1));
> addr += 2;
> len -= 2;
> }
>
> /* Add left-over byte, if any */
>
> if (len > 0)
> sum += (*addr << 8);
>
> /* Fold 32-bit sum to 16 bits */
>
> while (sum>>16)
> sum = (sum & 0xFFFF) + (sum >> 16);
>
> /* Check if sum = 0xFFFF */
>
> if (sum == 0xFFFF)
> return(0); /* Good */
> else
> return(1); /* Bad */
> }
>
> Hope this helps.
>
> DC
>
> ----- Original Message -----
> From: "ZhiyuHe" <sanhex at gmail.com>
> To: <winpcap-users at winpcap.org>
> Sent: Sunday, June 12, 2005 3:31 AM
> Subject: [Winpcap-users] About TCP/UDP/ICMP checksum
>
>
> > I'm writing a simple protocol analyzer for my graduation project using
> > WinPcap.This mailing list and Guy Harris has given me too much
> > help,thanks very much.
> > I should calculate the TCP/UDP checksum in my program,but it's so
> > difficult for me.I have perused <<TCP/IP Illustracted Volume 1>>
> > (Richard Stevens) and RFC1071,and have searched this topic in
> > Google,WinPcap mailing list archive,and ethereal.com,but I still can't
> > manage this.I don't understand how to process TCP/UDP psuedo
> > header,and how to calculate.I need a demonstration.
> > Thanks a lot!
> >
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
>
>
More information about the Winpcap-users
mailing list