1

I am trying to build a packet with a TCP option called user timeout. Does scapy support this? Adding options like MSS seems pretty straightforward. Here is the RFC for the option: https://www.rfc-editor.org/rfc/rfc5482#section-2

Any pointers?

Community
  • 1
  • 1
user1295872
  • 461
  • 1
  • 6
  • 16

1 Answers1

2

The documentation doesn't seem to explain any way to set an arbitrary option by number.

Digging through the code, it looks like TCPOptionsField.i2m lets you do so just by passing an int instead of a str. So, try using 28 the same places you'd use MSS. It looks like you need to compose the rest of the option field as a string—the length, then the high-order byte of the UTO+granularity, then the low-order byte.

Or just modify the code to handle it:

I think what you want is the TCPOptions tuple in scapy/layers/inet.py:

TCPOptions = (
          { 0 : ("EOL",None),
            ...
            28 : ("UserTimeout",!H)
            },
          { "EOL":0,
            ...
            "UserTimeout":28,
            } )

Then you can (hopefully) set the UTO the same way you'd set the MSS.

Either way, you're responsible for composing the 1-bit granularity and the 15-bit timeout before passing the result as an option value, but I think that's simpler than changing it to take a tuple of a bool and an int as the option value and composing it inside TCP.

Of course unless you've patched the kernel on both sides, and made sure the intervening network doesn't have any devices that bail on or strip out unknown TCP options, it's not going to be very interesting anyway.

abarnert
  • 354,177
  • 51
  • 601
  • 671
  • Thanks for digging through the code. I was hoping there would be an easier way to do this without changing scapy source code. I have a requirement where the stack on one of my devices will peek at exactly this option. I just want to make sure that works. I will try this and pray that it works. – user1295872 Oct 19 '12 at 02:31
  • Also, when you say I have to pass the value as a string, do you mean as a hex block? For example, if I wanted a timeout of 30 seconds, the hex value of my options field would be 9E (length of 4, followed by granularity bit of 0, followed by timeout of 30). So would setting the option value to '0x9E' work? – user1295872 Oct 19 '12 at 06:05
  • First, you don't have to change the scapy source code, you can just pass the option as an `int`; it just seemed like changing the source would be easier. Second, where did you get 9E? You've got an 8-bit length of 4, a 1-bit 0, and a 15-bit 30. That's 40001E. Third, no, by string I meant an actual string of bytes, like the 3-byte string `'\x40\x00\x1E'`, not the 8-byte string `'0x40001E'`. – abarnert Oct 19 '12 at 18:52