Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lwip是怎么做到入侵所有的tcp连接的 #3

Open
Gilfoylex opened this issue May 26, 2024 · 0 comments
Open

lwip是怎么做到入侵所有的tcp连接的 #3

Gilfoylex opened this issue May 26, 2024 · 0 comments

Comments

@Gilfoylex
Copy link

最近也在搞全局代理相关的,看了您的代码发现有些地方不是很明白

inline static tcp_pcb* tcp_listen_any() {
			auto pcb = lwip_tcp_new();
			auto any = ip_addr_any;
			lwip_tcp_bind(pcb, &any, 0);
			return lwip_tcp_listen(pcb);
		}

假如虚拟网卡地址是 192.18.0.1, 我把192.18.0.1/24网段路由到192.18.0.1,这个时候如果我用curl 192.18.0.2:9090 测试,虚拟网卡检测到 192.18.0.1 -> 192.18.0.2, 数据给到lwip处理时lwip在 ip4_input 的时候提示 ip4_input: packet not for us., 检查 ip4_input_accept函数发现lwip的判断就是目标地址不是netif的地址就不会接受这个ip包

/** Return true if the current input packet should be accepted on this netif */
static int
ip4_input_accept(struct netif *netif)
{
  LWIP_DEBUGF(IP_DEBUG, ("ip_input: iphdr->dest 0x%"X32_F" netif->ip_addr 0x%"X32_F" (0x%"X32_F", 0x%"X32_F", 0x%"X32_F")\n",
                         ip4_addr_get_u32(ip4_current_dest_addr()), ip4_addr_get_u32(netif_ip4_addr(netif)),
                         ip4_addr_get_u32(ip4_current_dest_addr()) & ip4_addr_get_u32(netif_ip4_netmask(netif)),
                         ip4_addr_get_u32(netif_ip4_addr(netif)) & ip4_addr_get_u32(netif_ip4_netmask(netif)),
                         ip4_addr_get_u32(ip4_current_dest_addr()) & ~ip4_addr_get_u32(netif_ip4_netmask(netif))));

  /* interface is up and configured? */
  if ((netif_is_up(netif)) && (!ip4_addr_isany_val(*netif_ip4_addr(netif)))) {
    /* unicast to this interface address? */
    if (ip4_addr_eq(ip4_current_dest_addr(), netif_ip4_addr(netif)) ||
        /* or broadcast on this interface network address? */
        ip4_addr_isbroadcast(ip4_current_dest_addr(), netif)
#if LWIP_NETIF_LOOPBACK && !LWIP_HAVE_LOOPIF
        || (ip4_addr_get_u32(ip4_current_dest_addr()) == PP_HTONL(IPADDR_LOOPBACK))
#endif /* LWIP_NETIF_LOOPBACK && !LWIP_HAVE_LOOPIF */
       ) {
      LWIP_DEBUGF(IP_DEBUG, ("ip4_input: packet accepted on interface %c%c\n",
                             netif->name[0], netif->name[1]));
      /* accept on this netif */
      return 1;
    }
#if LWIP_AUTOIP
    /* connections to link-local addresses must persist after changing
        the netif's address (RFC3927 ch. 1.9) */
    if (autoip_accept_packet(netif, ip4_current_dest_addr())) {
      LWIP_DEBUGF(IP_DEBUG, ("ip4_input: LLA packet accepted on interface %c%c\n",
                             netif->name[0], netif->name[1]));
      /* accept on this netif */
      return 1;
    }
#endif /* LWIP_AUTOIP */
  }
  return 0;
}

netif开启LWIP_HAVE_LOOPIF 后默认地址就是回环地址127.0.0.1, 这里代码判断确实没问题,不知道您这边是用了什么黑科技能够让lwip监听到任意其他ip地址的tcp请求?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gilfoylex