TCP/IP packet modifications

Hello, All!

I want to cut off some data from existing already established connection.
In other words I want to make something like a transparent pxoxy, so both
client and server do not know about it.

I successfully can modify data of TCP packets, without changing packet
length.
But TCP data gets corrupted and connection is broken when I try to change
packet length.

Please tell me what I am doing wrong here:

1) cut off N bytes of TCP packet
2) IP.Length = IP.Length - N
3) update IP header checksum
4) TCP.sequenceNum = TCP.sequenceNum - N
5) update TCP checksum

All actions above are made on the same packet. Do I need to modify
previous/next packets as well? How?

TCP and IP checksum is calculated correctly, I know it for sure.

Any help would be greatly appreciated.

Best regards,
Serge.

In article <d1nj9d$8kg$(E-Mail Removed)>, "serge" <(E-Mail Removed)>
wrote:

> Hello, All!
>
> I want to cut off some data from existing already established connection.
> In other words I want to make something like a transparent pxoxy, so both
> client and server do not know about it.
>
> I successfully can modify data of TCP packets, without changing packet
> length.
> But TCP data gets corrupted and connection is broken when I try to change
> packet length.
>
> Please tell me what I am doing wrong here:
>
> 1) cut off N bytes of TCP packet
> 2) IP.Length = IP.Length - N
> 3) update IP header checksum
> 4) TCP.sequenceNum = TCP.sequenceNum - N
> 5) update TCP checksum
>
> All actions above are made on the same packet. Do I need to modify
> previous/next packets as well? How?

Yes, you need to modify all the TCP packets after this. All their
sequence numbers have to be reduced by N. Otherwise, there will be a
gap in the sequence numbers -- the receiver will think that a packet was
lost and wait for it.

--
Barry Margolin, (E-Mail Removed)
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

serge wrote:
> Hello, All!
>
> I want to cut off some data from existing already established
connection.
> In other words I want to make something like a transparent pxoxy, so
both
> client and server do not know about it.
>
> I successfully can modify data of TCP packets, without changing
packet
> length.
> But TCP data gets corrupted and connection is broken when I try to
change
> packet length.
>
> Please tell me what I am doing wrong here:
>
> 1) cut off N bytes of TCP packet
> 2) IP.Length = IP.Length - N
> 3) update IP header checksum
> 4) TCP.sequenceNum = TCP.sequenceNum - N
> 5) update TCP checksum
>
> All actions above are made on the same packet. Do I need to modify
> previous/next packets as well? How?
>
> TCP and IP checksum is calculated correctly, I know it for sure.
>
> Any help would be greatly appreciated.
>
> Best regards,
> Serge.


Have you looked into Divert Sockets? That might be the way to go if you
don't want to go from scratch.

Barry Margolin <(E-Mail Removed)> writes:

> In article <d1nj9d$8kg$(E-Mail Removed)>, "serge" <(E-Mail Removed)>
> wrote:
> > Please tell me what I am doing wrong here:
> >
> > 1) cut off N bytes of TCP packet
> > 2) IP.Length = IP.Length - N
> > 3) update IP header checksum
> > 4) TCP.sequenceNum = TCP.sequenceNum - N
> > 5) update TCP checksum
> >
> > All actions above are made on the same packet. Do I need to modify
> > previous/next packets as well? How?
>
> Yes, you need to modify all the TCP packets after this. All their
> sequence numbers have to be reduced by N. Otherwise, there will be a
> gap in the sequence numbers -- the receiver will think that a packet was
> lost and wait for it.

....and _don't_ decrease the sequence number for the truncated segment
- the sequence number applies to the _first_ byte in the segment, not
the last.

BTW, there's no such thing as a TCP packet, there is only a TCP
_segment_. Do you handle IP fragmentation/reassembly correctly?
(Although this case is unlikely to arise, you should handle it
somehow.)

--KW 8-)
--
Keith Wansbrough <(E-Mail Removed)>
http://www.cl.cam.ac.uk/users/kw217/
University of Cambridge Computer Laboratory.