[Winpcap-users] About TCP/UDP/ICMP checksum

ZhiyuHe sanhex at gmail.com
Wed Jun 15 13:48:46 GMT 2005


David,Thanks very much for your code,it made me understand how to
handle the TCP/UDP psuedo header.
I tried to modify "int check_tcp_sum(struct sniff_ipv4_hdr *ip, struct
sniff_tcp_hdr *tcp, int len)" to "int tcp_udp_cksum(ip_header
*iph,u_char *tcp_udp_h,u_int len)",and deleted "if (len < 20)
return(-1);",then the code could handle both TCP and UDP checksum.If I
have made a declaration,could I put this code to my program?
James Garrison,mcd,I appreciate the help you have offered me,thank you
for your explanations!

On 6/14/05, David Chang <dchang at fsautomation.com> wrote:
> Here's some code that works.  It can be simplified by just sending the
> pointer to the IP packet (because that implies the TCP packet).  Also, I
> hand calculate the 2-byte integers (using shifts) to avoid endian issues
> (even though that doesn't really matter).
> 
> /*
> ** This routine checks a TCP checksum given the starting address of the
> ** TCP header and the length of data to sum.  It also needs a pseudo header
> ** which is gotten mostly from the IP header.
> **
> ** The algorithm is from RFC 1071 (Computing the Internet Checksum).
> **
> ** NOTE: There are lots of NICs that can compute the checksum on chip.
> **       Thus, if libpcap is loaded on a machine that is sending/receiving
> **       packets itself, the checksum will validate correctly going in one
> **       direction, but not the other (inbound good, outbound bad).  That's
> **       because it can sniff the packet contents BEFORE it makes it to the
> **       wire, and before the hardware can compute the checksum.  The only
> **       way to guarantee a proper checksum is to sniff packets that have
> **       already made it to the wire (e.g. a mirror port on a switch).
> */
> 
> int check_tcp_sum(struct sniff_ipv4_hdr *ip, struct sniff_tcp_hdr *tcp, int
> len)
> {
>         unsigned long sum;
>         u_char *addr, *p;
> 
>         /* TCP headers are at least 20 bytes long */
> 
>         if (len < 20)
>                 return(-1);
> 
>         /* Initialize */
> 
>         sum = 0;
> 
>         /* Sum pseudo tcp header */
> 
>         p = (u_char *) &(ip->ip_src);
>         sum += ((*p << 8) + *(p+1));
>         sum += ((*(p+2) << 8) + *(p+3));
> 
>         p = (u_char *) &(ip->ip_dst);
>         sum += ((*p << 8) + *(p+1));
>         sum += ((*(p+2) << 8) + *(p+3));
> 
>         sum += (0 + ip->ip_p);
> 
>         sum += len;
> 
>         /*  Sum real tcp header and payload */
> 
>         addr = (u_char *) tcp;
> 
>         while (len > 1)
>         {
>                 sum += ((*addr << 8) + *(addr+1));
>                 addr += 2;
>                 len -= 2;
>         }
> 
>         /*  Add left-over byte, if any */
> 
>         if (len > 0)
>                 sum += (*addr << 8);
> 
>         /*  Fold 32-bit sum to 16 bits */
> 
>         while (sum>>16)
>                 sum = (sum & 0xFFFF) + (sum >> 16);
> 
>         /* Check if sum = 0xFFFF */
> 
>         if (sum == 0xFFFF)
>                 return(0);      /* Good */
>         else
>                 return(1);      /* Bad */
> }
> 
> Hope this helps.
> 
> DC
> 
> ----- Original Message -----
> From: "ZhiyuHe" <sanhex at gmail.com>
> To: <winpcap-users at winpcap.org>
> Sent: Sunday, June 12, 2005 3:31 AM
> Subject: [Winpcap-users] About TCP/UDP/ICMP checksum
> 
> 
> > I'm writing a simple protocol analyzer for my graduation project using
> > WinPcap.This mailing list and Guy Harris has given me too much
> > help,thanks very much.
> > I should calculate the TCP/UDP checksum in my program,but it's so
> > difficult for me.I have perused <<TCP/IP Illustracted Volume 1>>
> > (Richard Stevens) and RFC1071,and have searched this topic in
> > Google,WinPcap mailing list archive,and ethereal.com,but I still can't
> > manage this.I don't understand how to process TCP/UDP psuedo
> > header,and how to calculate.I need a demonstration.
> > Thanks a lot!
> >
> > _______________________________________________
> > Winpcap-users mailing list
> > Winpcap-users at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> >
> 
>




More information about the Winpcap-users mailing list