1

Apple doesn't allow root priviledge in iOS so I can't create a raw socket.

What I'm looking for is a way to set the flags on a UDP Header in the Fragment-Offset octet's of the header.

Does anyone know any way of doing this in iOS that doesn't require root privelidge to change the flags of the UDP Header.

Particularly I'm trying to set the Don't Fragment Flag.

xaxxon
  • 19,189
  • 5
  • 50
  • 80
NSGangster
  • 2,397
  • 12
  • 22
  • Possible duplicate of [How to set the don't fragment (DF) flag on a socket?](http://stackoverflow.com/questions/973439/how-to-set-the-dont-fragment-df-flag-on-a-socket) – xaxxon Oct 20 '16 at 05:07
  • @xaxxon its for c++ and I already tried that. The same `setsockopt` options are not available in objective-c. Do you know of a way maybe I can implement c++ code into an xcode project? – NSGangster Oct 20 '16 at 05:15
  • you can make C calls in objective c and c++. using c++ won't help you with this. – xaxxon Oct 20 '16 at 05:17
  • Just try putting in the line from that other question and if it doesn't work, post the error message you get. – xaxxon Oct 20 '16 at 05:18
  • I'm using c now for my other socket/packet operations. But the questions and answers pertaining to the question you marked as a possible duplicate only works for c++. [I'll refer you to this question](http://stackoverflow.com/questions/4415725/ip-dont-fragment-bit-on-mac-os). And that question gave me no useful answers either because the only answer to it is "If you're using tcp don't worry about it" but I'm using UDP and I do have to worry about it. – NSGangster Oct 20 '16 at 05:23
  • hrmm, hang on a second... – xaxxon Oct 20 '16 at 05:25
  • Let me pause you for a second and ask why you want to set this option. It's really only useful for network inspection. It's not a performance option if that's what you're thinking. – xaxxon Oct 20 '16 at 05:27
  • 1
    Client has terribly designed hardware/firmware. I'm trying to communicate with it (using UDP) and have wondered why it's not responding to the iPhone's udp packets the same way it responds to their android app. I inspected both packets at the bit level. The ONLY difference (besides src port and src ip) was that the android had its DF Flag set. Which makes me believe that the NIC on our client's hardware won't accept packets if it is not set. – NSGangster Oct 20 '16 at 05:30
  • what kind of hardware? Don't need model number, but just what classificaiton of hardware are we talking about – xaxxon Oct 20 '16 at 05:32
  • It's proprietary NDA stuff. But basically it acts as a udp host on a particular port, only receives packets never sends anything back to check whether a packet was successfully received, which is common with UDP. – NSGangster Oct 20 '16 at 05:35
  • are you sure the system isn't using any DHCP type magic trickery to discover stuff about who it's supposed to talk to? If this is a piece of networking equipment, there are LOTS of things that can be going on -- you would want to watch the network on device bootup to see what it's getting - specifically around the DHCP process – xaxxon Oct 20 '16 at 05:37
  • I'm about 95% sure the networking equipment ONLY accepts packets at a particular port and is udp, with the data being in a particular format. I know I'm sending it to the right port and the right format. But I'm getting access to their firmware code tomorrow. So I might be able to discover more on it then. But from what I know now, the only difference between what my app is doing and the android app is doing, is setting that one bit. – NSGangster Oct 20 '16 at 05:41
  • I've also been looking into implementing C++ into my project. It looks possible from what I can see. So I'll give that a try tomorrow and using that other answer, hopefully it will work. – NSGangster Oct 20 '16 at 05:42
  • I'm guessing, since you can't give more info, but it's possible they are sending some sort of configuration information via DHCP. – xaxxon Oct 20 '16 at 05:42
  • there is nothing about your problem that will be solved by using c++ that couldn't be done in C, which means it can be called from obj-c. Also, unrelated, I learned yesterday of something called obj-c++ which apparently allows this. – xaxxon Oct 20 '16 at 05:43
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/126180/discussion-between-nsgangster-and-xaxxon). – NSGangster Oct 20 '16 at 05:45
  • @xaxxon So I returned to this clients work. After flooding it with udp packets (about 10 packets per command). Its successfully communicating. I guess maybe one of my packets didn't get recieved it won't execute the command of the next. Pretty darn wierd behavior to get it to work. But it does look like setting the DF bit is not necessary for my use. However, I think I'll keep this question open as I'm in conversation with an apple developer now to see if they can include this option or add enhancements for raw socket operations in iOS. I'd like to post my answer once I get word from apple. – NSGangster Nov 15 '16 at 06:54
  • well, I'm glad you got it working.. even if you don't know why. – xaxxon Nov 15 '16 at 08:38
  • There is a "start" I had to send the hardware. If it didn't get that packet then it wouldn't accept the others. So basically spamming that command ensures it will start accepting my other packets. – NSGangster Nov 15 '16 at 20:34

2 Answers2

2

The relatively new Network API (since iOS 12) now allows you to set DF (among other things) without root:

https://developer.apple.com/documentation/network/2976768-nw_ip_options_set_disable_fragme?language=objc

There are several other configurable flags/settings as well, not just at the TCP and UDP layer, but also the IP layer, e.g. TTL/hops, IP version, ECN, etc.

LBC
  • 411
  • 3
  • 9
  • Thanks for the update! I was doing this awhile back (I think iOS 10 or 11) but have updated yours to be the accepted answer. :) – NSGangster Nov 03 '22 at 16:28
1

Figured this out awhile ago but forgot to post what I found. The answer is you can't really. Setting flags on the udp header requires the creation of raw sockets, which requires root priviledges, which you don't have in iOS. Thanks apple!

Luckily on my particular case I was able to my client to improve their firmware.

NSGangster
  • 2,397
  • 12
  • 22
  • Adding a comment to make this answer more prominent when searched by error message: You can certainly try to set `IP_DONTFRAG` via `setsockopt()`, but on iOS you get `NSPOSIXErrorDomain Code=42 "Protocol not available"` – Jason Campbell May 04 '21 at 08:06