[erlang-questions] low level packet access from erlang

Garry Hodgson garry@REDACTED
Wed Jul 3 20:11:50 CEST 2013

On 06/05/2013 09:23 AM, Michael Santos wrote:
> Ask away and if you have any comments/suggestions, please let me know!
i'm happily using tun now to intercept and inspect packets, but
any that i modify get dropped as malformed when i send them.
wireshark tells me the checksums are wrong. and indeed, i
don't get what i expect from pkt:checksum():

classify( <<4:4, _IHL:4, _TypeOfService:8, _TotalLength:16,
         _Identification:16, _FlagX:1, _FlagD:1, _FlagM:1, 
         _TTL:8, ?IPPROTO_TCP:8, _HeaderCheckSum:16,
         _SrcAddr:32, _DestAddr:32, _Rest/binary>> = Raw ) ->

     { IPv4, IpPayload } = pkt:ipv4( Raw ),
     { Tcp, TcpPayload } = pkt:tcp( IpPayload ),

     TestSum = pkt:checksum( [ IPv4, Tcp, TcpPayload ] ),
     alog:debug( "classify: computed = ~b, actual = ~b", [ TestSum, 
Tcp#tcp.sum ] ),

=INFO REPORT==== 3-Jul-2013::14:04:02 ===
{log,debug,"classify: computed = 43987, actual = 52256",r3@REDACTED}

any idea what i'm doing wrong?


Garry Hodgson
AT&T Chief Security Office (CSO)

"This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."

More information about the erlang-questions mailing list