Node.JS 并且原始套接字似乎不尊重源 IP
Node.JS and raw-socket doesn't seem to respect source IP
我正在测试 Node.JS 和 raw-socket 以发送自定义 packets。
它似乎工作正常,但是,它不尊重 source IP.
这是我的例子:
var buffer = Buffer.alloc(65535);
var buffer = Buffer.from([
0x06, 0x27, 0xE2, 0xF1, 0xDD, 0x1D, 0x06, 0xCC, 0x72, 0x84, 0xD7, 0x79, 0x08, 0x00, 0x45, 0x00,
0x00, 0x54, 0xA3, 0x8A, 0x40, 0x00, 0x3E, 0x01, 0x24, 0xAE, 0x64, 0x60, 0x00, 0x01, 0x08, 0x08,
0x08, 0x08, 0x08, 0x00, 0x15, 0xAF, 0x07, 0x46, 0x00, 0x01, 0x39, 0x28, 0x0A, 0x5C, 0x00, 0x00,
0x00, 0x00, 0xD5, 0xB2, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37
]);
var raw = require ("raw-socket");
var socket = raw.createSocket ({protocol: raw.Protocol.ICMP});
const decoders = require('cap').decoders;
var ret = decoders.Ethernet(buffer);
ret = decoders.IPV4(buffer, ret.offset);
offset = decoders.Ethernet(buffer).offset;
dst = ret.info.dstaddr;
var buffer = buffer.slice(ret.offset, nbytes);
var nbytes = 98;
socket.send (buffer, 0, buffer.length, dst, function (error, bytes) {
if (error) console.log (error.toString ());
});
buffer 包含 ICMP packet 和 source IP 100.96.0.1,但 tshark/wireshark 显示以下内容:
393 16.488135 76.89.22.101 -> 8.8.8.8 ICMP 100 Echo (ping) request id=0x0746, seq=1/256, ttl=64
394 16.496964 8.8.8.8 -> 76.89.22.101 ICMP 100 Echo (ping) reply id=0x0746, seq=1/256, ttl=120 (request in 393)
您必须设置 IP_HDRINCL 标志以防止内核重写 IP header。这也意味着您需要在数据包中包含 IP header,因此在调用 buffer.slice().
时使用 offset 而不是 ret.offset
更新代码如下:
var buffer = Buffer.alloc(65535);
var buffer = Buffer.from([
0x06, 0x27, 0xE2, 0xF1, 0xDD, 0x1D, 0x06, 0xCC, 0x72, 0x84, 0xD7, 0x79, 0x08, 0x00, 0x45, 0x00,
0x00, 0x54, 0xA3, 0x8A, 0x40, 0x00, 0x3E, 0x01, 0x24, 0xAE, 0x64, 0x60, 0x00, 0x01, 0x08, 0x08,
0x08, 0x08, 0x08, 0x00, 0x15, 0xAF, 0x07, 0x46, 0x00, 0x01, 0x39, 0x28, 0x0A, 0x5C, 0x00, 0x00,
0x00, 0x00, 0xD5, 0xB2, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37
]);
var raw = require ("raw-socket");
var socket = raw.createSocket ({protocol: raw.Protocol.ICMP});
const decoders = require('cap').decoders;
var ret = decoders.Ethernet(buffer);
ret = decoders.IPV4(buffer, ret.offset);
offset = decoders.Ethernet(buffer).offset;
dst = ret.info.dstaddr;
var buffer = buffer.slice(offset, nbytes);
var nbytes = 98;
socket.setOption(raw.SocketLevel.IPPROTO_IP, raw.SocketOption.IP_HDRINCL, new Buffer ([0x00, 0x00, 0x00, 0x01]), 4)
socket.send (buffer, 0, buffer.length, dst, function (error, bytes) {
if (error) console.log (error.toString ());
});
我正在测试 Node.JS 和 raw-socket 以发送自定义 packets。
它似乎工作正常,但是,它不尊重 source IP.
这是我的例子:
var buffer = Buffer.alloc(65535);
var buffer = Buffer.from([
0x06, 0x27, 0xE2, 0xF1, 0xDD, 0x1D, 0x06, 0xCC, 0x72, 0x84, 0xD7, 0x79, 0x08, 0x00, 0x45, 0x00,
0x00, 0x54, 0xA3, 0x8A, 0x40, 0x00, 0x3E, 0x01, 0x24, 0xAE, 0x64, 0x60, 0x00, 0x01, 0x08, 0x08,
0x08, 0x08, 0x08, 0x00, 0x15, 0xAF, 0x07, 0x46, 0x00, 0x01, 0x39, 0x28, 0x0A, 0x5C, 0x00, 0x00,
0x00, 0x00, 0xD5, 0xB2, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37
]);
var raw = require ("raw-socket");
var socket = raw.createSocket ({protocol: raw.Protocol.ICMP});
const decoders = require('cap').decoders;
var ret = decoders.Ethernet(buffer);
ret = decoders.IPV4(buffer, ret.offset);
offset = decoders.Ethernet(buffer).offset;
dst = ret.info.dstaddr;
var buffer = buffer.slice(ret.offset, nbytes);
var nbytes = 98;
socket.send (buffer, 0, buffer.length, dst, function (error, bytes) {
if (error) console.log (error.toString ());
});
buffer 包含 ICMP packet 和 source IP 100.96.0.1,但 tshark/wireshark 显示以下内容:
393 16.488135 76.89.22.101 -> 8.8.8.8 ICMP 100 Echo (ping) request id=0x0746, seq=1/256, ttl=64
394 16.496964 8.8.8.8 -> 76.89.22.101 ICMP 100 Echo (ping) reply id=0x0746, seq=1/256, ttl=120 (request in 393)
您必须设置 IP_HDRINCL 标志以防止内核重写 IP header。这也意味着您需要在数据包中包含 IP header,因此在调用 buffer.slice().
offset 而不是 ret.offset
更新代码如下:
var buffer = Buffer.alloc(65535);
var buffer = Buffer.from([
0x06, 0x27, 0xE2, 0xF1, 0xDD, 0x1D, 0x06, 0xCC, 0x72, 0x84, 0xD7, 0x79, 0x08, 0x00, 0x45, 0x00,
0x00, 0x54, 0xA3, 0x8A, 0x40, 0x00, 0x3E, 0x01, 0x24, 0xAE, 0x64, 0x60, 0x00, 0x01, 0x08, 0x08,
0x08, 0x08, 0x08, 0x00, 0x15, 0xAF, 0x07, 0x46, 0x00, 0x01, 0x39, 0x28, 0x0A, 0x5C, 0x00, 0x00,
0x00, 0x00, 0xD5, 0xB2, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37
]);
var raw = require ("raw-socket");
var socket = raw.createSocket ({protocol: raw.Protocol.ICMP});
const decoders = require('cap').decoders;
var ret = decoders.Ethernet(buffer);
ret = decoders.IPV4(buffer, ret.offset);
offset = decoders.Ethernet(buffer).offset;
dst = ret.info.dstaddr;
var buffer = buffer.slice(offset, nbytes);
var nbytes = 98;
socket.setOption(raw.SocketLevel.IPPROTO_IP, raw.SocketOption.IP_HDRINCL, new Buffer ([0x00, 0x00, 0x00, 0x01]), 4)
socket.send (buffer, 0, buffer.length, dst, function (error, bytes) {
if (error) console.log (error.toString ());
});