UDP Source IP Spoofing
1,562 views
Skip to first unread message
yank...@gmail.com
Feb 29, 2016, 9:37:42 AM2/29/16
to golang-nuts
Hi all,
I'm trying to send some UDP packets and spoof the source IP.
I'm using syscall.Socket(syscall.AF_INET, syscall.SOCK_RAW, syscall.IPPROTO_RAW) to initialize my socket and setting syscall.IP_HDRINCL with SetsockoptInt
If I leave the UDP header empty (first 8 bytes after the IP header), it works fine. Using TCPDUMP I can see that the packet is going out with the spoofed IP. But if I set the UDP header's attributes then the IP spoofing doesn't work and it uses my machine's IP address. I'm not sure what I'm doing wrong. It looks like the IP header's source is getting reset? Some help would be appreciated.
Here is the code I'm using:
This are two packets sent and analyzed with sudo tcpdump -X -s0 protochain 17 -n
The first packet I commented lines 30, 31 and 32 (the UDP header is blank)
The second packet I uncommented lines 30, 31 and 32.
06:49:34.641328 IP 1.2.3.4.0 > 172.16.21.19.8888: truncated-udplength 0
0x0000: 4500 0031 3039 0000 0011 c55a 0102 0304 E..109.....Z....
0x0010: ac10 1513 0000 22b8 0000 0000 5445 5354 ......".....TEST
0x0020: 494e 472d 4f4e 452d 5457 4f2d 5448 5245 ING-ONE-TWO-THRE
0x0030: 45 E
06:48:23.909551 IP 172.16.20.198.0 > 172.16.21.19.8888: UDP, length 21
0x0000: 4500 0031 3039 0000 0011 088a ac10 14c6 E..109..........
0x0010: ac10 1513 0000 22b8 001d 0000 5445 5354 ......".....TEST
0x0020: 494e 472d 4f4e 452d 5457 4f2d 5448 5245 ING-ONE-TWO-THRE
0x0030: 45 E
I'm using:
go version go1.5.1 linux/amd64
Ubuntu 14.04
Running code under root
Thanks!
Jérôme LAFORGE
Feb 29, 2016, 11:05:09 AM2/29/16
to golang-nuts, yank...@gmail.com
Hello,
I've done similar thing for DHCPv4 Injector (https://github.com/jerome-laforge/ClientInjector) with gopacket (https://github.com/google/gopacket). gopacket uses libpcap with cgo. And it works like a charm.
There are several examples that can surely help you (https://github.com/google/gopacket/tree/master/examples)
Hope, that helps.
I've done similar thing for DHCPv4 Injector (https://github.com/jerome-laforge/ClientInjector) with gopacket (https://github.com/google/gopacket). gopacket uses libpcap with cgo. And it works like a charm.
There are several examples that can surely help you (https://github.com/google/gopacket/tree/master/examples)
Hope, that helps.
Yanko Bolanos
Feb 29, 2016, 5:07:26 PM2/29/16
to golang-nuts, yank...@gmail.com
Thanks Jerome!
Mikio Hara
Mar 1, 2016, 10:25:57 PM3/1/16
to Yanko Bolanos, golang-nuts
On Tue, Mar 1, 2016 at 4:58 AM, Yanko Bolanos <yank...@gmail.com> wrote:
> Cool I'll take a look at it, but I think I rather have it in pure go... I'm
> just starting to wonder if this is really just a bug, it seems odd the
> source IP would change if I insert the UDP header.
i suppose that it's because of your circumstances. in general vanilla
> Cool I'll take a look at it, but I think I rather have it in pure go... I'm
> just starting to wonder if this is really just a bug, it seems odd the
> source IP would change if I insert the UDP header.
kernels never interfere in raw ipv4 packet transmission unless it's
clearly wrong. fwiw, you can use ipv4 package for udp over ipv4
transmission: https://github.com/mikioh/-stdyng/blob/master/cmd/rudpsndr/main.go
Yanko Sanchez Bolaños
Mar 2, 2016, 12:06:26 AM3/2/16
to Mikio Hara, golang-nuts
Yeah, I'm starting to believe this isn't go, but the kernel. I wrote the same in python and got the same results. I just find it amusing that it only seems to "correct" the source IP when I add any data to the UDP header.
Reply all
Reply to author
Forward
0 new messages