Difficulty finding UDP PDU?

[Philip Lee]

I'm currently doing a class project using raw sockets to send out packets. The structure of the packet follows Ethernet/802.1Q/IP/UDP/Payload. On the receiver, I'm using libtins to sniff them to examine the packet to make sure I'm receiving them correctly. I'm having trouble extracting the UDP pdu from the packet. I can get up to the IP PDU, but when trying to get the UDP (and later payload size from raw PDU after), it throws PDU not found exception.

I have this snippet of code here:

bool processRawPacket(Tins::PDU &packet){

     ...

     Tins::IP &ip = packet.rfind_pdu<Tins::IP>();

     Tins::UDP &udp = packet.rfind_pdu<Tins::UDP>();

     ...

}

Is this the correct way to get the UDP PDU? I also tried

     Tins::UDP &udp = ip.rfind_pdu<Tins::UDP>();

in case the UDP was the inner PDU, but I still get the not found exception.

The IP header info is mostly filled out with legitimate information. I can extract the src address/protocol/ID fields correctly from it. Does the IP header need a correct checksum for the UDP to be found? It is currently set to 0 to ignore.

Thanks,

Philip

[Matias Fontanini]

That should work. Can you attach a pcap file so I can try to reproduce the problem?

Thanks.

[Philip Lee]

I "fixed" my problems by rewriting the sending code using libtins as well. This was so much easier than mucking around with raw sockets. It was likely how I set up the packet, but I attached a pcap file with the raw socket sending I did in case you wanted to look at it anyways.

[Matias Fontanini]

Okay, cool. It looks like you were setting the IP total size to 20, which is the IP header size. So you were not taking into account the UDP + application layer size there.

Using libtins to craft the packets should be a lot simpler.

[Philip Lee]

Ah that makes sense. Thanks for the help!