libtins icon indicating copy to clipboard operation
libtins copied to clipboard

Published 20 hours ago verified publisher icon mfontanini

PacketSender::send_l3() on Windows

Open gvanem opened this issue 8 years ago • 1 comments

While using the portscan program on Windows-10, I'm always getting a WSAEINVAL in the sendto() call. E.g. when doing portscan.exe 10.0.0.1 22 (my dd-Wrt router do have an open SSH port), I get this trace:

Sniffing on interface: {3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}
Sending SYNs...
  * 0.099 sec: src/packet_sender.cpp(268) (Tins::PacketSender::open_l3_socket+145):
    socket (AF_INET, SOCK_RAW, IPPROTO_TCP) --> 464.
  * 0.100 sec: src/packet_sender.cpp(280) (Tins::PacketSender::open_l3_socket+273):
    setsockopt (464, IPPROTO_IP, IP_HDRINCL, 1, 4) --> No error.
  * 0.101 sec: src/packet_sender.cpp(440) (Tins::PacketSender::send_l3+137):
    sendto (464, 0x03A2E0F0, 40, 0, 10.0.0.1:0) --> WSAEINVAL (10022).
    0000: 45 00 00 28 00 01 00 00 80 06 26 C5 0A 00 00 0A E..(....Ç.&┼....
    0010: 0A 00 00 01 05 39 00 16 00 00 00 00 00 00 00 00 .....9..........
    0020: 50 02 7F A6 16 E3 00 00                         P..ª.π..

After further testing, I figured the Winsock doesn't support "raw" operations on a socket created with a IPPROTO_TCP protocol [1]; it should be IPPROTO_RAW instead. So AFAICS, the mappings in types_[] should account for this. With this patch:

@@ -105,8 +105,13 @@
   ether_socket_(INVALID_RAW_SOCKET),
 #endif
   _timeout(recv_timeout), timeout_usec_(usec), default_iface_(iface) {
+#if defined(_WIN32)
+    types_[IP_TCP_SOCKET] = IPPROTO_RAW;
+    types_[IP_UDP_SOCKET] = IPPROTO_RAW;
+#else
     types_[IP_TCP_SOCKET] = IPPROTO_TCP;
     types_[IP_UDP_SOCKET] = IPPROTO_UDP;
+#endif
     types_[IP_RAW_SOCKET] = IPPROTO_RAW;

it works much better (no WSAEINVAL). But it seems from tcpdump that portscan is sending the SYNs with a eth-destination == eth-source!

[1] the socket (AF_INET, SOCK_RAW, socktype) call in PacketSender::open_l3_socket().

gvanem avatar Feb 15 '17 12:02 gvanem

@gvanem Hi, I meet exactly same problem as you havd (10022 error when calling sendto within this library). But I tried your solution, don't work. And I confirm my system (Win 10 64bits) enabling SOCK_RAW by netsh winsock show catalog command. So maybe it's not right answer for my situation, right?

I wonder if you have any suggestions?

WorstCodeWay avatar Dec 05 '23 09:12 WorstCodeWay