Steve Holden wrote:
> Fabian Deutsch wrote:
> >>--- Ursprüngliche Nachricht ---
> >>Von: Steve Holden <[EMAIL PROTECTED]>
> >>An: python-list@python.org
> >>Betreff: Re: getsockopt
> >>Datum: Fri, 16 Dec 2005 08:29:08 +0000
> >>
> >>Fabian Deutsch wrote:
> >>
> >>>Hello,
> >>>
> >>>my name is fabian and i'm a student from northern germany. right now i
> >>>try to create som kind of decapsulation of esp-udp packets using
> python.
> >>>
> >>>therefor i need to use the socket.getsockopt (SOL_IP, IP_OPTIONS, 20)
> >>>method. But al i get is some empty value. Nothin.
> >>>
> >>>Does someone know or have an working exmaple of how to use this
> method??
> >>>
> >>>The lines:
> >>>s = socket(AF_INET, SOCK_DGRAM, IPPROTO_IP)
> >>>s.bind(('',4500))
> >>>while 1: # Run until cancelled
> >>> message, client = s.recvfrom(1400) # <=256 byte datagram
> >>> hdr = s.getsockopt (SOL_IP, IP_OPTIONS, 20)
> >>> print "Client connected:", client
> >>> print "HDR:" + binascii.hexlify(hdr)
> >>>
> >>
> >>Perhaps you're getting an empty string back because no IP options are
> >>set in the received packets' headers?
> >>
> >
> > Hey,
> > you are right - i just re-read the ip (7) man - i only get the ip
> options ..
> >
> > but do you know a way of getting the whole header?
> >
> > 'cause what i'm trying to do is, to "remove" the udp-header of the
> packet i
> > recieved and sendind a new packet without the udp-header.
> > I want to do this by taking it's payload (incl. esp-hdr) and ip-header
> and
> > resending it to my system creating a new packet with the old ip-header
> and
> > payload (incl. esp-hdr) i got from the recvd packet.
> >
> > Before:
> > +--------+---------+----------+----------- - -
> > | IP HDR | UDP HDR | ESP HDR | PAYLOAD ...
> > +--------+---------+----------+----------- - -
> > After :
> > +--------+---------+----------- - -
> > | IP HDR | ESP HDR | PAYLOAD ...
> > +--------+---------+----------- - -
> >
> I'm not sure where ESP is going to come into this, or how the traffic
> you will be receiving will be generated. I suspect you may need to
> reconsider your application design a little.
>
> The only way to get hold of the IP headers is to use SOCK_RAW, which
> delivers everything that comes in from the packet driver.
>
> What is it you're actually trying to do? If you perform the
> transformation you outline in the diagrams above then the IP header will
> certainly contain the wrong protocol value for a start.
You just need the ipsec tools to generate the traffic i want to decapsulate.
setkey -c <<EOF
add HOSTA HOSTB esp-udp 11 -m tunnel -E 3des-cbc "123456789012123456789012"
spdadd HOSTA HOSTB any -P in ipsec
esp/tunnel/HOSTA-HOSTB/use;
EOF
you will get some udp-esp packets when you ping HOSTB from HOSTA.
- fabian
--
Fabian Deutsch <[EMAIL PROTECTED]>
Hinter dem Gartel 26a
D-27711 Osterholz-Scharmbeck
--
http://mail.python.org/mailman/listinfo/python-list
