0

I have a research work which requires tcp modification and I want to implement my version of TCP listen() function my idea is to use libpcap to capture all TCP SYN packet from a specific port and then use raw socket to create/send SYN/ACK and the following ACK packets

my questions are

  1. how is the traditional/regular TCP stack listen() implemented, can anyone briefly describe the mechanism?
  2. is my idea implementable? are there any tricks/barriers?
  3. are there any other libraries/source snippets which I can utilize to realize what I need?

thanks!

john.k.doe
  • 7,533
  • 2
  • 37
  • 64
misteryes
  • 2,167
  • 4
  • 32
  • 58

2 Answers2

0

If you want to know how listen() is implemented then you should just look at the source code of the implementation in a free operating system, but basically its job is to set a flag in the kernel's data structure associated with the socket so that future incoming SYN packets will get a SYN|ACK response (and to configure how many such SYNs it should answer before the application drains them from the queue using accept()).

Your idea is implementable but it's a lot of work: it amounts to implementing a TCP stack in userspace. If you just need to open and close connections for your research then you can save yourself from having to implement most of the work (including slow start, window scaling, and all the data transfer features a TCP stack is supposed to have) but it's still a big job.

One thing you will need is firewall rules to prevent the kernel from answering the incoming TCP packets so that your code can respond to them instead.

Celada
  • 21,627
  • 4
  • 64
  • 78
  • I still dont get the basic idea how the tcp stack listen() function is designed, can you detail it a bit more, thanks! – misteryes Apr 12 '13 at 15:38
  • You won't find any more detail than this: http://lxr.linux.no/#linux+v3.8.7/net/ipv4/af_inet.c#L192 – Celada Apr 12 '13 at 21:12
0

You can't do this. Libpcap doesn't give you a way to stop packets from being further processed, so every packet will still be processed by the rest of the TCP/IP stack. So, SYNs will be acknowledged, ACKs to SYN/ACKS will create TCP connections, FINs will terminate them, etc etc.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • You absolutely could do this. All you would need to do in order to prevent a tcp/ip stack from generating packets is to not configure one--that is, leave the interface turned up, but not configured. That means you would have to implement any tcp/ip stack functionality yourself, though. – Iron Savior May 14 '13 at 15:46