node.js websocket client can't connect to server code: 'ECONNRESET' - node.js
When I was using ws npm package, I could use the same computer to create Server and connect client to the server.
But when I use client to connect to another websocket server,
I always get the below-mentioned error. server and client are in the same intranet.
I can make sure that this server could work because I use JavaScript to connect to it.
I'm using node.js version v16.10.0
error: Error: socket hang up
at connResetException (node:internal/errors:691:14)
at Socket.socketOnEnd (node:_http_client:471:23)
at Socket.emit (node:events:402:35)
at endReadableNT (node:internal/streams/readable:1343:12)
at processTicksAndRejections (node:internal/process/task)_queues:83:21) { _queues:83:21) {
code: 'ECONNRESET'
}
Does anybody know why or have any idea?
Here is the client code
import WebSocket from 'ws';
import dotenv from 'dotenv';
dotenv.config();
const ws = new WebSocket('ws://192.168.1.111:9000');
const object = { "message": "config_get" };
const data = JSON.stringify(object);
ws.on('error', (err) => console.log('error:', err));
ws.on('open', function open() {
console.log('success');
});
ws.on('message', function incoming(message) {
console.log(`Server: ${message}`);
});
I know it's a bit late to answer to the issue you had but anyway I hope my solution might help someone or help you if you still need help and did not dump WebSocket aside !
I had the same issue as you with ws
Error: socket hang up
at connResetException (node:internal/errors:691:14)
at Socket.socketOnEnd (node:_http_client:466:23)
at Socket.emit (node:events:532:35)
at Socket.emit (node:domain:475:12)
at endReadableNT (node:internal/streams/readable:1346:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21) {
code: 'ECONNRESET'
}
for a simple code as:
const ws_session = new WebSocket(proto + '://' + data.ipAddress+":"+data.port);
ws_session.on('open', function open() {
console.log('something');
});
ws_session.on('error', function open() {
console.log('error');
});
ws_session.on('message', function message(data) {
console.log('received: %s', data);
});
I have tried nodejs-websocket and it worked fine !
var options = {extraHeaders: {"origin": "Test"}};
var ws_session = new WebSocket.connect(proto + '://' + data.ipAddress+":"+data.port + '/', options);
ws_session.on('connect', function () {
console.log("### Connected WS");
});
ws_session.on('text', function (msg) {
console.log(msg);
})
So for me the issue was mainly caused by origin field which was missing in the GET HTTP/1.1 .To have a WebSocket Client working correctly with ws just add the origin field like this:
const ws_session = new WebSocket(proto + '://' + data.ipAddress+":"+data.port + '/', {
origin:"Test"
});
A tcpdump of successful connection in case it might help.
tcpdump -i any -s 0 -v -XX -n '(host 10.181.18.224) and (port 9001)'
21:37:00.235233 IP (tos 0x0, ttl 125, id 10420, offset 0, flags [DF], proto TCP (6), length 52)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [S], cksum 0x9925 (correct), seq 4257508728, win 65500, options [mss 1310,nop,wscale 8,nop,nop,sackOK], length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0034 28b4 4000 7d06 7b14 0ab5 12e0 E..4(.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6d78 0000 0000 ...Q.A#)..mx....
0x0030: 8002 ffdc 9925 0000 0204 051e 0103 0308 .....%..........
0x0040: 0101 0402 ....
21:37:00.235267 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [S.], cksum 0x5a22 (incorrect -> 0x8999), seq 876928906, ack 4257508729, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 10], length 0
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0034 0000 4000 4006 e0c8 ac15 9051 E..4..#.#......Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8a fdc4 6d79 ....#).A4D....my
0x0030: 8012 faf0 5a22 0000 0204 05b4 0101 0402 ....Z"..........
0x0040: 0103 030a ...."
21:37:00.283778 IP (tos 0x0, ttl 125, id 10421, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xc15b (correct), ack 1, win 1028, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28b5 4000 7d06 7b1f 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6d79 3444 df8b ...Q.A#)..my4D..
0x0030: 5010 0404 c15b 0000 0000 0000 0000 P....[........
21:37:00.285814 IP (tos 0x0, ttl 125, id 10422, offset 0, flags [DF], proto TCP (6), length 206)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [P.], cksum 0x19f2 (correct), seq 1:167, ack 1, win 1028, length 166
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 00ce 28b6 4000 7d06 7a78 0ab5 12e0 E...(.#.}.zx....
0x0020: ac15 9051 ee41 2329 fdc4 6d79 3444 df8b ...Q.A#)..my4D..
0x0030: 5018 0404 19f2 0000 4745 5420 2f20 4854 P.......GET./.HT
0x0040: 5450 2f31 2e31 0d0a 486f 7374 3a20 3137 TP/1.1..Host:.17
0x0050: 322e 3231 2e31 3434 2e38 310d 0a55 7067 2.21.144.81..Upg
0x0060: 7261 6465 3a20 7765 6273 6f63 6b65 740d rade:.websocket.
0x0070: 0a43 6f6e 6e65 6374 696f 6e3a 2055 7067 .Connection:.Upg
0x0080: 7261 6465 0d0a 5365 632d 5765 6253 6f63 rade..Sec-WebSoc
0x0090: 6b65 742d 4b65 793a 2044 354d 6c68 5144 ket-Key:.D5MlhQD
0x00a0: 6d34 775a 6f6b 714c 4e74 4b45 4c4c 513d m4wZokqLNtKELLQ=
0x00b0: 3d0d 0a53 6563 2d57 6562 536f 636b 6574 =..Sec-WebSocket
0x00c0: 2d56 6572 7369 6f6e 3a20 3133 0d0a 6f72 -Version:.13..or
0x00d0: 6967 696e 3a20 5465 7374 0d0a 0d0a igin:.Test....
21:37:00.285843 IP (tos 0x0, ttl 64, id 19753, offset 0, flags [DF], proto TCP (6), length 40)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [.], cksum 0x5a16 (incorrect -> 0xc47a), ack 167, win 63, length 0
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0028 4d29 4000 4006 93ab ac15 9051 E..(M)#.#......Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8b fdc4 6e1f ....#).A4D....n.
0x0030: 5010 003f 5a16 0000 P..?Z...
21:37:00.286336 IP (tos 0x0, ttl 64, id 19754, offset 0, flags [DF], proto TCP (6), length 169)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [P.], cksum 0x5a97 (incorrect -> 0xc525), seq 1:130, ack 167, win 63, length 129
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 00a9 4d2a 4000 4006 9329 ac15 9051 E...M*#.#..)...Q
0x0020: 0ab5 12e0 2329 ee41 3444 df8b fdc4 6e1f ....#).A4D....n.
0x0030: 5018 003f 5a97 0000 4854 5450 2f31 2e31 P..?Z...HTTP/1.1
0x0040: 2031 3031 2053 7769 7463 6869 6e67 2050 .101.Switching.P
0x0050: 726f 746f 636f 6c73 0d0a 5570 6772 6164 rotocols..Upgrad
0x0060: 653a 2077 6562 736f 636b 6574 0d0a 436f e:.websocket..Co
0x0070: 6e6e 6563 7469 6f6e 3a20 5570 6772 6164 nnection:.Upgrad
0x0080: 650d 0a53 6563 2d57 6562 536f 636b 6574 e..Sec-WebSocket
0x0090: 2d41 6363 6570 743a 2064 5946 2f33 6a4b -Accept:.dYF/3jK
0x00a0: 487a 3058 496d 4c6f 616c 6532 3449 7261 Hz0XImLoale24Ira
0x00b0: 4666 3263 3d0d 0a0d 0a Ff2c=....
21:37:00.387744 IP (tos 0x0, ttl 125, id 10425, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xc034 (correct), ack 130, win 1028, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28b9 4000 7d06 7b1b 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6e1f 3444 e00c ...Q.A#)..n.4D..
0x0030: 5010 0404 c034 0000 0000 0000 0000 P....4........
21:37:00.387772 IP (tos 0x0, ttl 64, id 19755, offset 0, flags [DF], proto TCP (6), length 128)
172.21.144.81.9001 > 10.181.18.224.60993: Flags [P.], cksum 0x5a6e (incorrect -> 0xb0db), seq 130:218, ack 167, win 63, length 88
0x0000: 0004 0001 0006 00a0 a5e2 51ce 0000 0800 ..........Q.....
0x0010: 4500 0080 4d2b 4000 4006 9351 ac15 9051 E...M+#.#..Q...Q
0x0020: 0ab5 12e0 2329 ee41 3444 e00c fdc4 6e1f ....#).A4D....n.
0x0030: 5018 003f 5a6e 0000 8156 7b22 6d65 7373 P..?Zn...V{"mess
0x0040: 6167 6522 3a22 7265 6164 7922 2c22 7479 age":"ready","ty
0x0050: 7065 223a 2245 4e42 222c 226e 616d 6522 pe":"ENB","name"
0x0060: 3a22 454e 4222 2c22 7665 7273 696f 6e22 :"ENB","version"
0x0070: 3a22 3230 3231 2d30 392d 3138 222c 2274 :"2021-09-18","t
0x0080: 696d 6522 3a34 3433 3334 312e 3937 357d ime":443341.975}
21:37:00.477690 IP (tos 0x0, ttl 125, id 10427, offset 0, flags [DF], proto TCP (6), length 40)
10.181.18.224.60993 > 172.21.144.81.9001: Flags [.], cksum 0xbfdd (correct), ack 218, win 1027, length 0
0x0000: 0000 0001 0006 0008 e3ff fd90 0000 0800 ................
0x0010: 4500 0028 28bb 4000 7d06 7b19 0ab5 12e0 E..((.#.}.{.....
0x0020: ac15 9051 ee41 2329 fdc4 6e1f 3444 e064 ...Q.A#)..n.4D.d
0x0030: 5010 0403 bfdd 0000 0000 0000 0000 P.............
Related
Are there any special considerations recording 4 channels with arecord?
I am trying to record 4 channels with arecord but the last two are all zeros. I have a Behringer UMC404HD which is a 4 channel audio ADC with a USB port. I'm connecting it to machines running different flavors of linux (CentOS, Raspian, ubuntu and Pop!_OS). Only the CentOS one works correctly, giving me 4 channels; the others all seem to accept 4 channels but the last two channels are all 0s. On the PopOS machine I used arecord -l **** List of CAPTURE Hardware Devices **** card 1: Generic [HD-Audio Generic], device 0: ALC293 Analog [ALC293 Analog] Subdevices: 1/1 Subdevice #0: subdevice #0 card 2: U192k [UMC404HD 192k], device 0: USB Audio [USB Audio] Subdevices: 1/1 Subdevice #0: subdevice #0 and got this arecord --dump-hw-params -D plughw:2,0 -c 4 -r 96000 -t raw -f S32_LE | hexdump | more Recording raw data 'stdin' : Signed 32 bit Little Endian, Rate 96000 Hz, Channels 4 HW Params of device "plughw:2,0": -------------------- ACCESS: MMAP_INTERLEAVED MMAP_NONINTERLEAVED MMAP_COMPLEX RW_INTERLEAVED RW_NONINTERLEAVED FORMAT: S8 U8 S16_LE S16_BE U16_LE U16_BE S24_LE S24_BE U24_LE U24_BE S32_LE S32_BE U32_LE U32_BE FLOAT_LE FLOAT_BE FLOAT64_LE FLOAT64_BE MU_LAW A_LAW IMA_ADPCM S20_LE S20_BE U20_LE U20_BE S24_3LE S24_3BE U24_3LE U24_3BE S20_3LE S20_3BE U20_3LE U20_3BE S18_3LE S18_3BE U18_3LE U18_3BE SUBFORMAT: STD SAMPLE_BITS: [4 64] FRAME_BITS: [4 640000] CHANNELS: [1 10000] RATE: [4000 4294967295) PERIOD_TIME: [125 743039) PERIOD_SIZE: (0 3191328204) PERIOD_BYTES: (0 4294967295) PERIODS: (0 4294967295] BUFFER_TIME: [1 4294967295] BUFFER_SIZE: [1 4294967294] BUFFER_BYTES: [1 4294967295] TICK_TIME: ALL -------------------- 0000000 5600 0061 7900 1afb 0000 0000 0000 0000 0000010 1a00 0049 1c00 1b29 0000 0000 0000 0000 0000020 5300 004b e100 1b44 0000 0000 0000 0000 0000030 eb00 005b 5300 1b50 0000 0000 0000 0000 ... 0000160 f300 fff5 f000 1071 0000 0000 0000 0000 I've tried both -D hw:2,0 and -D plughw:2,0 to no avail. The CentOS works fine although the device is different: arecord -l output is arecord --dump-hw-params -D plughw:1,0 -c 4 -r 96000 -t raw -f S32_LE | hexdump | more Recording raw data 'stdin' : Signed 32 bit Little Endian, Rate 96000 Hz, Channels 4 HW Params of device "plughw:1,0": -------------------- ACCESS: MMAP_INTERLEAVED MMAP_NONINTERLEAVED MMAP_COMPLEX RW_INTERLEAVED RW_NONINTERLEAVED FORMAT: S8 U8 S16_LE S16_BE U16_LE U16_BE S24_LE S24_BE U24_LE U24_BE S32_LE S32_BE U32_LE U32_BE FLOAT_LE FLOAT_BE FLOAT64_LE FLOAT64_BE MU_LAW A_LAW IMA_ADPCM S20_LE S20_BE U20_LE U20_BE S24_3LE S24_3BE U24_3LE U24_3BE S20_3LE S20_3BE U20_3LE U20_3BE S18_3LE S18_3BE U18_3LE U18_3BE SUBFORMAT: STD SAMPLE_BITS: [4 64] FRAME_BITS: [4 640000] CHANNELS: [1 10000] RATE: [4000 4294967295) PERIOD_TIME: [125 743039) PERIOD_SIZE: (0 3191328204) PERIOD_BYTES: (0 4294967295) PERIODS: (0 4294967295] BUFFER_TIME: [1 4294967295] BUFFER_SIZE: [1 4294967294] BUFFER_BYTES: [1 4294967295] TICK_TIME: ALL -------------------- 0000000 f800 005a eb00 1b39 6300 272a 2200 0274 0000010 bc00 0073 4500 1b4e 1400 2605 2900 0235 ... From what I can tell the only difference is the output: all zeros for the last two channels in the PopOS machine and content for the last two channels in the CentOS example. (The RPI and Ubuntu machine behaved the same as the PopOS device). On a whim, I tried joining the audio group but it did not help. Thoughts? any advice on what i can try to debug this further? Thanks!
Resolved! It turns out I needed to enable all the channels using AlsaMixer. The missing channels were enabled by using F4 for capture then selecting the channel and hitting the space bar.
You can have udev run a script to automatically enable capture on all inputs and set volume. https://gitlab.com/sbyrne/umc404hd-autocapture
How to keep ^M when to create a new file?
There are ^M at the end of every line in my file target.html. ^M happens to be the way vim displays 0xD,\r\n used for a new line in windows. head -n 10 target.html > new.html vim new.html and set list for the new.html. why no ^M kept in new.html file? file target.html target.html: HTML document, ISO-8859 text, with CRLF, LF line terminators file new.html new.html: HTML document, ASCII text, with CRLF line terminators It confused me that the ending in new.html is 0d0a for every line,why no ^M displayed when to open it with my vim? xxd new.html 00000000: 3c68 746d 6c20 786d 6c6e 733a 763d 2275 <html xmlns:v="u 00000010: 726e 3a73 6368 656d 6173 2d6d 6963 726f rn:schemas-micro 00000020: 736f 6674 2d63 6f6d 3a76 6d6c 220d 0a78 soft-com:vml"..x 00000030: 6d6c 6e73 3a6f 3d22 7572 6e3a 7363 6865 mlns:o="urn:sche 00000040: 6d61 732d 6d69 6372 6f73 6f66 742d 636f mas-microsoft-co 00000050: 6d3a 6f66 6669 6365 3a6f 6666 6963 6522 m:office:office" 00000060: 0d0a 786d 6c6e 733a 773d 2275 726e 3a73 ..xmlns:w="urn:s 00000070: 6368 656d 6173 2d6d 6963 726f 736f 6674 chemas-microsoft 00000080: 2d63 6f6d 3a6f 6666 6963 653a 776f 7264 -com:office:word 00000090: 220d 0a78 6d6c 6e73 3a6d 3d22 6874 7470 "..xmlns:m="http 000000a0: 3a2f 2f73 6368 656d 6173 2e6d 6963 726f ://schemas.micro 000000b0: 736f 6674 2e63 6f6d 2f6f 6666 6963 652f soft.com/office/ 000000c0: 3230 3034 2f31 322f 6f6d 6d6c 220d 0a78 2004/12/omml"..x 000000d0: 6d6c 6e73 3d22 6874 7470 3a2f 2f77 7777 mlns="http://www 000000e0: 2e77 332e 6f72 672f 5452 2f52 4543 2d68 .w3.org/TR/REC-h 000000f0: 746d 6c34 3022 3e0d 0a0d 0a3c 6865 6164 tml40">....<head 00000100: 3e0d 0a3c 6d65 7461 2068 7474 702d 6571 >..<meta http-eq 00000110: 7569 763d 436f 6e74 656e 742d 5479 7065 uiv=Content-Type 00000120: 2063 6f6e 7465 6e74 3d22 7465 7874 2f68 content="text/h 00000130: 746d 6c3b 2063 6861 7273 6574 3d67 6232 tml; charset=gb2 00000140: 3331 3222 3e0d 0a3c 6d65 7461 206e 616d 312">..<meta nam 00000150: 653d 5072 6f67 4964 2063 6f6e 7465 6e74 e=ProgId content 00000160: 3d57 6f72 642e 446f 6375 6d65 6e74 3e0d =Word.Document>. 00000170: 0a3c 6d65 7461 206e 616d 653d 4765 6e65 .<meta name=Gene 00000180: 7261 746f 7220 636f 6e74 656e 743d 224d rator content="M 00000190: 6963 726f 736f 6674 2057 6f72 6420 3132 icrosoft Word 12 000001a0: 223e 0d0a ">.. Thank to Amadan,some line ended with only LF in my target.html.
target.html: HTML document, ISO-8859 text, with CRLF, LF line terminators This is the clue. It seems your target.html has a mix of CRLF endings and LF endings. This confuses Vim, and makes it determine that fileformat=unix and displays ^M as a character that happens to be at the end of the line. new.html: HTML document, ASCII text, with CRLF line terminators When you cut the top 10 lines, it so happens that all of them have CRLF ending. Vim happily concludes "this should be a DOS file!", sets ff=dos and doesn't display the ^M to you, as it's now part of the line terminator. Just like you can check what file thinks, you can check what Vim thinks about it using :set ff? By the way, you can find the offending line (the one that uses LF instead of CRLF) using /^M\#<!$ (where ^M is Ctrl-VEnter).
ip header changing in kernel module breaks connection
I have a kernel module, in which :
It changes the saddr field of outgoing packets and fixes it back(daddr) in incomming packets ...
I'm calculating new checksum for ip and tcp headers ...
So in client side I change ip - server side receives it(SYN packet) and sends (SYN-ACK) packet - but client side - sends (Reset) packets and trying again to process tcp handshake ...
I've seen to another kernel-module examples - dnat/snat - my code is analogical ? My be ebtables make my hooks to work incorrect ?
Interfaces:
eth0 - XXX.XXX.XXX.1
eth0:0(alias) - XXX.XXX.XXX.2
/*
Client (original ip XX.XX.XX.1) SERVER (ip YY.YY.YY.YY)
USER-SPACE app creates tcp-socket and connects to (YY.YY.YY.YY)
1)
TCP (SYN) -----------(packet ip XX.XX.XX.1-YY.YY.YY.YY[ip.sum1, tcp.sum1] )----->
NF_INET_POST_ROUTING ( ip XX.XX.XX.2-YY.YY.YY.YY[ip.sum2, tcp.sum2] )
=============================================================================>
2)
<-------TCP (SYN ACK) ------(packet ip YY.YY.YY.YY-XX.XX.XX.2[ip.sum1, tcp.sum1])
NF_INET_PRE_ROUTING ( ip YY.YY.YY.YY-XX.XX.XX.1[ip.sum2, tcp.sum2] )
<==============================================================================
3)
TCP (RST) - against TCP (ACK) - that is the question ....
=============================================================================>
*/
/* vars.c */
struct in_addr orig_addr;
struct in_addr virt_addr;
pid_t pid_to_handle;
void init_vars()
{
pid_to_handle = 0xAAAA;
inet_pton(AF_INET, "XX.XX.XX.1", &orig_addr);
inet_pton(AF_INET, "XX.XX.XX.2", &virt_addr);
}
/* init.c */
void register_handlers()
{
...
int ret;
hook_out.hooknum = NF_INET_POST_ROUTING;
hook_out.hook = process_out;
hook_out.pf = PF_INET;
hook_out.owner = THIS_MODULE;
hook_out.priority = NF_IP_PRI_LAST;
ret = nf_register_hook(&hook_out);
hook_in.hooknum = NF_INET_PRE_ROUTING;
hook_in.hook = process_in;
hook_in.pf = PF_INET;
hook_in.owner = THIS_MODULE;
hook_in.priority = NF_IP_PRI_FIRST;
ret = nf_register_hook(&hook_in);
....
}
/* out.c */
unsigned int process_out(
unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
int i;
struct iphdr *iph;
struct tcphdr *tcp_header;
....
{
if ( skb->sk ) {
if ( skb->sk ) {
struct socket * s = skb->sk->sk_socket;
if ( s ) {
struct file *f = s->file;
if ( f ) {
struct task_struct *task;
struct files_struct *files;
for_each_process(task) {
if ( task->pid == pid_to_handle ) {
task_lock(task);
files = task->files;
if ( files ) {
read_lock(&files->file_lock);
for ( i=0; i<1024; i++ ) {
if ( fcheck_files(files, i) == f ) {
iph->saddr = virt_addr.s_addr;
iph->check = 0;
ip_send_check (iph);
tcp_header->check = 0;
tcp_header->check = get_packet_checksum(
iph, tcp_header, pseudogram_out, datagram_out);
}
}
read_unlock(&files->file_lock);
}
task_unlock(task);
}
}
}
}
}
}
}
return NF_ACCEPT;
}
/* in.c */
unsigned int process_in(
unsigned int hooknum,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct iphdr *iph;
struct tcphdr *tcp_header;
...
{
if ( iphdr->daddr == virt_addr.s_addr ) {
iphdr->daddr = orig_addr.s_addr;
iph->check = 0;
iph->check = ip_fast_csum(iph, iph->ihl);
tcp_header->check = 0;
tcp_header->check = get_packet_checksum(
iph, tcp_header, pseudogram_in, datagram_in);
}
}
return NF_ACCEPT;
}
/* utils.c */
struct pseudo_header
{
u_int32_t source_address;
u_int32_t dest_address;
u_int8_t placeholder;
u_int8_t protocol;
u_int16_t tcp_length;
};
/*
Generic checksum calculation function
*/
unsigned short csum(unsigned short *ptr,int nbytes) {
register long sum;
unsigned short oddbyte;
register short answer;
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
if (nbytes == 1) {
oddbyte = 0;
*((u_char * ) & oddbyte) = *(u_char *) ptr;
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff);
sum = sum + (sum >> 16);
answer = (short) ~sum;
return (answer);
}
static char *pseudogram_out = NULL;
static char *datagram_out = NULL;
static char *pseudogram_in = NULL;
static char *datagram_in = NULL;
int get_packet_checksum(struct iphdr *ip_header, struct tcphdr *tcp_header, char *pseudogram, char *datagram)
{
if ( (pseudogram == NULL) || (datagram == NULL) )
return -1;
char source_ip[32] , *data;
memset (datagram, 0, 4096);
memset (pseudogram, 0, 4096);
memcpy(datagram, ip_header, ip_header->tot_len);
ip_header = (struct iphdr *)datagram;
tcp_header = (struct tcphdr *)(datagram + sizeof(struct iphdr));
struct sockaddr_in sin;
struct pseudo_header psh;
size_t tcp_data_len = ip_header->tot_len - sizeof(struct iphdr) - sizeof(struct tcphdr);
psh.source_address = ip_header->saddr;
psh.dest_address = ip_header->daddr;
psh.placeholder = 0;
psh.protocol = IPPROTO_TCP;
psh.tcp_length = htons(sizeof(struct tcphdr) + tcp_data_len );
int psize = sizeof(struct pseudo_header) + sizeof(struct tcphdr) + tcp_data_len;
memcpy(pseudogram , (char*) &psh , sizeof (struct pseudo_header));
memcpy(pseudogram + sizeof(struct pseudo_header) , tcp_header , sizeof(struct tcphdr) + tcp_data_len);
return csum((unsigned short*)pseudogram, psize);
}
tcpump log on server:
11:27:03.164239 IP (tos 0x0, ttl 48, id 61125, offset 0, flags [DF], proto TCP (6), length 60)
XXX.XXX.XXX.x2.33782 > YYY.YY.YYY.YYY.8999: Flags [S], cksum 0xa1cb (correct), seq 492452010, win 5840, options [mss 1448,sackOK,TS val 251503 ecr 0,nop,wscale 1], length 0
0x0000: 4500 003c eec5 4000 3006 a014 xxxx xxx2 E..<..#.0....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 a1cb 0000 0204 05a8 0402 080a ................
0x0030: 0003 d66f 0000 0000 0103 0301 ...o........
11:27:03.164394 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
YYY.YY.YYY.YYY.8999 > XXX.XXX.XXX.x2.33782: Flags [S.], cksum 0xbc10 (incorrect -> 0x597a), seq 1446351294, ack 492452011, win 28960, options [mss 1460,sackOK,TS val 842060729 ecr 251503,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 7eda yyyy yyyy E..<..#.#.~..E..
0x0010: xxxx xxx2 2327 83f6 5635 91be 1d5a 38ab .5}.#'..V5...Z8.
0x0020: a012 7120 bc10 0000 0204 05b4 0402 080a ..q.............
0x0030: 3230 d3b9 0003 d66f 0103 0307 20.....o....
11:27:04.181972 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
YYY.YY.YYY.YYY.8999 > XXX.XXX.XXX.x2.33782: Flags [S.], cksum 0xbc10 (incorrect -> 0x587b), seq 1446351294, ack 492452011, win 28960, options [mss 1460,sackOK,TS val 842060984 ecr 251503,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 7eda yyyy yyyy E..<..#.#.~..E..
0x0010: xxxx xxx2 2327 83f6 5635 91be 1d5a 38ab .5}.#'..V5...Z8.
0x0020: a012 7120 bc10 0000 0204 05b4 0402 080a ..q.............
0x0030: 3230 d4b8 0003 d66f 0103 0307 20.....o....
11:27:05.525221 IP (tos 0x0, ttl 48, id 61126, offset 0, flags [DF], proto TCP (6), length 60)
XXX.XXX.XXX.x2.33782 > YYY.YY.YYY.YYY.8999: Flags [S], cksum 0x9612 (correct), seq 492452010, win 5840, options [mss 1448,sackOK,TS val 254504 ecr 0,nop,wscale 1], length 0
0x0000: 4500 003c eec6 4000 3006 a013 xxxx xxx2 E..<..#.0....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 9612 0000 0204 05a8 0402 080a ................
0x0030: 0003 e228 0000 0000 0103 0301 ...(........
11:27:05.525319 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
YYY.YY.YYY.YYY.8999 > XXX.XXX.XXX.x2.33782: Flags [S.], cksum 0xbc10 (incorrect -> 0x572c), seq 1446351294, ack 492452011, win 28960, options [mss 1460,sackOK,TS val 842061319 ecr 251503,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 7eda yyyy yyyy E..<..#.#.~..E..
0x0010: xxxx xxx2 2327 83f6 5635 91be 1d5a 38ab .5}.#'..V5...Z8.
0x0020: a012 7120 bc10 0000 0204 05b4 0402 080a ..q.............
0x0030: 3230 d607 0003 d66f 0103 0307 20.....o....
11:27:07.541981 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
YYY.YY.YYY.YYY.8999 > XXX.XXX.XXX.x2.33782: Flags [S.], cksum 0xbc10 (incorrect -> 0x5533), seq 1446351294, ack 492452011, win 28960, options [mss 1460,sackOK,TS val 842061824 ecr 251503,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 7eda yyyy yyyy E..<..#.#.~..E..
0x0010: xxxx xxx2 2327 83f6 5635 91be 1d5a 38ab .5}.#'..V5...Z8.
0x0020: a012 7120 bc10 0000 0204 05b4 0402 080a ..q.............
0x0030: 3230 d800 0003 d66f 0103 0307 20.....o....
11:27:11.524252 IP (tos 0x0, ttl 48, id 61127, offset 0, flags [DF], proto TCP (6), length 60)
XXX.XXX.XXX.x2.33782 > YYY.YY.YYY.YYY.8999: Flags [S], cksum 0x7ea2 (correct), seq 492452010, win 5840, options [mss 1448,sackOK,TS val 260504 ecr 0,nop,wscale 1], length 0
0x0000: 4500 003c eec7 4000 3006 a012 xxxx xxx2 E..<..#.0....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 7ea2 0000 0204 05a8 0402 080a ....~...........
0x0030: 0003 f998 0000 0000 0103 0301 ............
11:27:11.524331 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
YYY.YY.YYY.YYY.8999 > XXX.XXX.XXX.x2.33782: Flags [S.], cksum 0xbc10 (incorrect -> 0x5150), seq 1446351294, ack 492452011, win 28960, options [mss 1460,sackOK,TS val 842062819 ecr 251503,nop,wscale 7], length 0
0x0000: 4500 003c 0000 4000 4006 7eda yyyy yyyy E..<..#.#.~..E..
0x0010: xxxx xxx2 2327 83f6 5635 91be 1d5a 38ab .5}.#'..V5...Z8.
0x0020: a012 7120 bc10 0000 0204 05b4 0402 080a ..q.............
0x0030: 3230 dbe3 0003 d66f 0103 0307 20.....o....
tcpdump on client:
06:27:02.370828 IP (tos 0x0, ttl 64, id 61125, offset 0, flags [DF], proto TCP (6), length 60) xxx.xxx.xxx.X2.33782 > YYY.YY.YYY.YYY.8999: S, cksum 0xa1bf (correct), 492452010:492452010(0) win 5840 <mss 1460,sackOK,timestamp 251503 0,nop,wscale 1>
0x0000: 4500 003c eec5 4000 4006 9014 xxxx xxx2 E..<..#.#....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 a1bf 0000 0204 05b4 0402 080a ................
0x0030: 0003 d66f 0000 0000 0103 0301 ...o........
06:27:03.301644 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x5986 (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842060729 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 5986 0000 0204 05a8 0402 080a ..q.Y...........
0x0030: 3230 d3b9 0003 d66f 0103 0307 20.....o....
06:27:04.318359 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x5887 (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842060984 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 5887 0000 0204 05a8 0402 080a ..q.X...........
0x0030: 3230 d4b8 0003 d66f 0103 0307 20.....o....
06:27:05.371079 IP (tos 0x0, ttl 64, id 61126, offset 0, flags [DF], proto TCP (6), length 60) xxx.xxx.xxx.X2.33782 > YYY.YY.YYY.YYY.8999: S, cksum 0x9606 (correct), 492452010:492452010(0) win 5840 <mss 1460,sackOK,timestamp 254504 0,nop,wscale 1>
0x0000: 4500 003c eec6 4000 4006 9013 xxxx xxx2 E..<..#.#....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 9606 0000 0204 05b4 0402 080a ................
0x0030: 0003 e228 0000 0000 0103 0301 ...(........
06:27:05.661863 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x5738 (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842061319 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 5738 0000 0204 05a8 0402 080a ..q.W8..........
0x0030: 3230 d607 0003 d66f 0103 0307 20.....o....
06:27:07.677895 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x553f (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842061824 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 553f 0000 0204 05a8 0402 080a ..q.U?..........
0x0030: 3230 d800 0003 d66f 0103 0307 20.....o....
06:27:11.371065 IP (tos 0x0, ttl 64, id 61127, offset 0, flags [DF], proto TCP (6), length 60) xxx.xxx.xxx.X2.33782 > YYY.YY.YYY.YYY.8999: S, cksum 0x7e96 (correct), 492452010:492452010(0) win 5840 <mss 1460,sackOK,timestamp 260504 0,nop,wscale 1>
0x0000: 4500 003c eec7 4000 4006 9012 xxxx xxx2 E..<..#.#....5}.
0x0010: yyyy yyyy 83f6 2327 1d5a 38aa 0000 0000 .E....#'.Z8.....
0x0020: a002 16d0 7e96 0000 0204 05b4 0402 080a ....~...........
0x0030: 0003 f998 0000 0000 0103 0301 ............
06:27:11.660592 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x515c (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842062819 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 515c 0000 0204 05a8 0402 080a ..q.Q\..........
0x0030: 3230 dbe3 0003 d66f 0103 0307 20.....o....
06:27:15.870063 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x4d3f (correct), 1446351294:1446351294(0) ack 492452011 win 28960 <mss 1448,sackOK,timestamp 842063872 251503,nop,wscale 7>
0x0000: 4500 003c 0000 4000 3506 89d9 yyyy yyyy E..<..#.5....E..
0x0010: xxxx xxx1 2327 83f6 5635 91be 1d5a 38ab .4}.#'..V5...Z8.
0x0020: a012 7120 4d3f 0000 0204 05a8 0402 080a ..q.M?..........
0x0030: 3230 e000 0003 d66f 0103 0307 20.....o....
06:27:24.062254 IP (tos 0x0, ttl 53, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 89d9 (->89da)!) YYY.YY.YYY.YYY.8999 > xxx.xxx.xxx.x1.33782: S, cksum 0x453f (correct), 1446351294:1446351294(0) ack 492452011
From what you say, it sounds like the problem is that you are modifying aspects of the packet outside of the TCP/IP stack. This creates a situation where the returning SYN/ACK, for example, will not be associated with any connection that the TCP/IP stack is aware of, so it will react by resetting the connection. A quick and dirty way around this is to use the IPTables firewall to prevent the system from being able to send RST packets outbound. Of course, this means that your packet-tinkering will also be prevented from sending outbound RST packets. iptables -I INPUT -p tcp --tcp-flags RST RST -j DROP
How to grep for presence of specific hex bytes in files?
My web app is displaying some bizarro output (unicode characters that shouldn't be there, etc.). The best I can reckon is that somehow I introduced a bad char somewhere in the source, but I can't figure out where. I found this answer that states I can do something like: grep -obUaP "<\x-hex pattern>" . When I copy the unicode char out of the browser and into my Bless hex editor, it tells me that the exact bytes of the char are: 15 03 01 EF BF BD 02 02 How can I format <\xhex pattern> to match the exact bytes that I need. I tried: grep -obUaP "<\x-15 03 01 EF BF BD 02 02>" . But that doesn't work. Thoughts?
Check the post again. FrOsT is not including the '<' and '>' in his actual grep command. He only used the carats to enclose an example statement. His actual statement looks like this: "\x01\x02" not: "<\x01\x02>" I have a C source file on my computer that begins with the line: #include <stdio.h> When I run grep -obUaP '\x69\x6E\x63\x6C\x75\x64\x65' io.c I get 1:include That is, the line number followed by only the string matching the pattern. You may want to run man grep and find out what all those options mean.
It may be easiest to write the pattern of hex bytes to a separate file and load that into stdin for the search.
In this example there is a file sampletext, consisting of the 256 sequential bytes and the occasional newline, and searchstring, a sequence of characters to grep for.
$ xxd sampletext
00000000: 0001 0203 0405 0607 0809 0a0b 0c0d 0e0f ................
00000010: 0a10 1112 1314 1516 1718 191a 1b1c 1d1e ................
00000020: 1f0a 2021 2223 2425 2627 2829 2a2b 2c2d .. !"#$%&'()*+,-
00000030: 2e2f 0a30 3132 3334 3536 3738 393a 3b3c ./.0123456789:;<
00000040: 3d3e 3f0a 4041 4243 4445 4647 4849 4a4b =>?.#ABCDEFGHIJK
00000050: 4c4d 4e4f 0a50 5152 5354 5556 5758 595a LMNO.PQRSTUVWXYZ
00000060: 5b5c 5d5e 5f0a 6061 6263 6465 6667 6869 [\]^_.`abcdefghi
00000070: 6a6b 6c6d 6e6f 0a70 7172 7374 7576 7778 jklmno.pqrstuvwx
00000080: 797a 7b7c 7d7e 7f0a 8081 8283 8485 8687 yz{|}~..........
00000090: 8889 8a8b 8c8d 8e8f 0a90 9192 9394 9596 ................
000000a0: 9798 999a 9b9c 9d9e 9f0a a0a1 a2a3 a4a5 ................
000000b0: a6a7 a8a9 aaab acad aeaf 0ab0 b1b2 b3b4 ................
000000c0: b5b6 b7b8 b9ba bbbc bdbe bf0a c0c1 c2c3 ................
000000d0: c4c5 c6c7 c8c9 cacb cccd cecf 0ad0 d1d2 ................
000000e0: d3d4 d5d6 d7d8 d9da dbdc ddde df0a e0e1 ................
000000f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef 0af0 ................
00000100: f1f2 f3f4 f5f6 f7f8 f9fa fbfc fdfe ff0a ................
$ xxd searchstring
00000000: 8081 8283 ....
By redirecting searchstring into stdin, grep can look for the bytes directly
$ grep -a "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 8485 8687 8889 8a8b 8c8d 8e8f ................
00000010: 0a .
$ grep -ao "$(<searchstring)" sampletext | xxd
00000000: 8081 8283 0a .....
Customize file content display based on grep pattern
A log file has lots of data and is sorted based on data and time. The size of each log may vary in size. I want to search for specific pattern in log file and if the pattern matches, it should display that particular log on the screen. Any shell commands would be appreciable. Log file example:- 07/17/2008 10:24:12.323411 >00.23 Line 441 of xx file Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200 000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8 008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF 07/17/2008 10:24:12.323549 >000.000138 Use req data 000: 0231 7564 705F 7573 7272 6571 2073 6F63 07/17/2008 10:24:12.323566 >000.000017 Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0 000: 012D .- 000: 0000 0000 000A 0002 000A 012D ...........- 0: NULNUL NULNUL NULLF NULSTX NULLF SOH - Here if I search for particular ip address 192.189.52.200. It should display whole event log correspondingly like, 07/17/2008 10:24:12.323566 >000.000017 Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0 000: 012D .- 000: 0000 0000 000A 0002 000A 012D ...........- 0: NULNUL NULNUL NULLF NULSTX NULLF -
This requires GNU AWK (gawk) because of using a regex for the record separator (RS).
#!/usr/bin/awk -f
BEGIN {
pattern = ARGV[1]
delete ARGV[1]
# could use --re-interval
d = "[0-9]"
RS = d d "/" d d "/" d d d d " " d d ":" d d ":" d d "[^\n]*\n"
}
NR > 1 && ($0 ~ pattern || rt ~ pattern) {
print rt
print $0
}
{
rt = RT # save RT for next record
}
It's not pretty, but it works.
Run it like this:
./script.awk regex logfile
Examples:
$ ./script.awk 'C0BD|012D' logfile
07/17/2008 10:24:12.323411 >00.23
Line 441 of xx file
Dest IP Address: 192.189.52.255 Source IP Address: 192.189.52.200
000: 0101 0600 4D8C 444C 0000 0000 C0BD 34C8
008: C0BD 34C9 C0BD 34C9 0000 0000 FFFF FFFF
07/17/2008 10:24:12.323566 >000.000017
Local 192.189.52.200 Port 68 : Remote 0.0.0.0 Port 0
000: 012D .-
000: 0000 0000 000A 0002 000A 012D ...........-
0: NULNUL NULNUL NULLF NULSTX NULLF SOH -
$ ./script.awk '10:24:12.323549' logfile
07/17/2008 10:24:12.323549 >000.000138
Use req data
000: 0231 7564 705F 7573 7272 6571 2073 6F63
You can use -A[n] flag with grep, where n us the number of lines after the match. e.g grep -A6 '192.189.52.200' my.log
If you have Ruby or possibility to install it, you could write a script to parse the log file and print matching entries. Here is a script that should work:
filename=ARGV[0]
regexpArg=ARGV[1]
unless filename and regexpArg
puts "Usage: #{$0} <filename> <regexp>"
exit(1)
end
dateStr='\d\d\/\d\d\/\d\d\d\d'
timeStr='[0-9:.]+'
whitespace='\s+'
regexpStr = dateStr + whitespace + timeStr + whitespace + '>[0-9.]+'
recordStart=Regexp.new(regexpStr)
records=[]
file=File.new(filename, "r")
addingToRecord = false
currentRecord = ""
file.each_line { |line|
match = recordStart.match(line)
if addingToRecord
if match
records.push(currentRecord)
currentRecord = line
else
currentRecord += line
end
else
if match
addingToRecord = true
currentRecord = line
end
end
}
file.close
regexp=Regexp.new(regexpArg)
records.each { |r|
if regexp.match(r)
puts "----------------------------------------"
puts r
puts "----------------------------------------"
end
}