Raw Socket Sender

[Guest]

I must say I'm new to these Raw sockets in C# and unfortunantly I haven't met
anyone who is a expert in them which makes trying to develop any rather
difficult.

What I've been doing is trying to create some sort of NAT Server to work as
a ADSL gateway and share internet access. Yes I know I can use ICS, No I'm
not going to. I want to learn shomething by doing this not just use a
standard out of the box solution.

Anyway, I set up my packet reciever which recieves RAW IP packets and dumps
them all onto my processing functions which change around the Source Address
and send the pack off for it's trip onto the internet. However my RAW IP
sender is not happy and I *think* it has something to do with sockets and
blocking and the idea that sends should not overlap or somthing. Anyway the
code goes something like:

sender = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
ProtocolType.IP);
sender.Blocking = true;
sender.Bind(new IPEndPoint(IPAddress.Parse(IP), port));
sender.SetSocketOption(SocketOptionLevel.IP,
SocketOptionName.HeaderIncluded, 1);
// Code to make the packet as a byte buffer and finally:
sender.SendTo(send_buf_bytes, args.totallength,
System.Net.Sockets.SocketFlags.DontRoute, new IPEndPoint(args.destination,
0));

At which point the system dies and gives me a cryptic error message saying:

An unhandled exception of type 'System.Net.Sockets.SocketException' occurred
in system.dll

Additional information: A blocking operation was interrupted by a call to
WSACancelBlockingCall

Can anyone see what I missed. I think I maybe need to turn the socket into
non-blocking by use of sender.IOControl but I have no idea what the actuall
call is or what the correct iocontrolcode would be.

Anyone got any ideas? Or does someone know that I am on the compleatly wrong
track and can suggest what I should in fact be doing?

Thanks in advance,
Kevin-John Beasley

 

[Austin Ehlers]

I must say I'm new to these Raw sockets in C# and unfortunantly I haven't met
anyone who is a expert in them which makes trying to develop any rather
difficult.

What I've been doing is trying to create some sort of NAT Server to work as
a ADSL gateway and share internet access. Yes I know I can use ICS, No I'm
not going to. I want to learn shomething by doing this not just use a
standard out of the box solution.

Anyway, I set up my packet reciever which recieves RAW IP packets and dumps
them all onto my processing functions which change around the Source Address
and send the pack off for it's trip onto the internet. However my RAW IP
sender is not happy and I *think* it has something to do with sockets and
blocking and the idea that sends should not overlap or somthing. Anyway the
code goes something like:

sender = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
ProtocolType.IP);
sender.Blocking = true;
sender.Bind(new IPEndPoint(IPAddress.Parse(IP), port));
sender.SetSocketOption(SocketOptionLevel.IP,
SocketOptionName.HeaderIncluded, 1);
// Code to make the packet as a byte buffer and finally:
sender.SendTo(send_buf_bytes, args.totallength,
System.Net.Sockets.SocketFlags.DontRoute, new IPEndPoint(args.destination,
0));

<snip>

I don't know if it's related, but XP SP2 disables most of the RAW
sockets support (see
http://blogs.msdn.com/michael_howard/archive/2004/08/12/213611.aspx ,
http://www.kayodeok.co.uk/weblog/200408/12/nmap_and_raw_sockets.html
for more info).

Check out http://www.thecodeproject.com/csharp/SendRawPacket.asp for
how to do it with an NDIS protocol driver.

Austin

 

[Guest]

Well that's a complete disaster. Surveyed Applications did they, didn't
survey enough is my response. You want a valid use of Raw Sockets. NAT. Three
letters and a RFC just blew your concept to hell. Remove RAW Sockets, who the
hell at microsoft seggested that? Whoever it was needs to be fired. This is
so typical of Microsoft, find a security issue and they kill off the thing
that lets people exploit the issue because developing some other form of
protection for affected applications is too hard. Sure people will write
Attack Tools using Raw Sockets, Take it away from Windows and they will go
use Linux anyway. You don't solve anything In fact you encourage the idjits
who write those programs because their first thought is "MS Blocked RAW
Sockets, they must have something to hide". In addition you break the
fundamental concept of TCP that ports should be visiable and can recieve or
send packets. What the hell use is an application that can recieve raw
packets but can't send them. That's like disabling the ability of people to
initiate calls on the telephone network because they could call people and
annoy them with telemarketing. The whole idea of the Operating System is to
ensure that ports that arn't bound to some propper application can't be used
as a security hole. If you want to stealth ports from the internet there is a
great tool called a firewall. People who are too stupid to use one don't
deserve to have an internet connection. Sorry maybe that's the line of
thought for XP Home but for XP Professional it's not acceptable.

So since Microsoft is so commited to developers how about we remove this
stupid feature from SP2 right now. Or maybe I should sue Microsoft for
screwing over my development project which I spent the last 12 months on.
Microsoft says C#.NET is surposed to be the future of internet applications
and here they are ripping out core components cause someone *might* use it
for "attack tools". I would have thought that after gettings it's ass kicked
for monopolising Internet Explorer microsoft would have smartened up.
Obviously not cause here they are remove more parts of Windows that
competitors can use to make Home/Small Office applications. Sounds like they
might be trying to force everyone to use ISA Server or ICS. I'm sure a lawyer
would consider that highly likely.

I guess Microsoft factored the conversion back to unix of a bunch of script
kiddies + some annoyed developers into the cost of their next release of
Windows. Maybe microsoft should change their slogan to "What Functionality
will we remove Today".

Anyway thanks for the tip Austin, some company executives head is going to
expload when I tell them we need to move ourselves down to the ethernet layer
to finalise our program for production release. The only good thing is that
MS owes us several thousand for support incidents that were due to a removed
feature that noone at the support centre conveniently knew about.
Kevin