使用C的TCP套接字中的人为延迟,用于竞争条件开发
[英]Artificial delay in TCP socket with C, for race condition exploitation
问题描述
I am trying to introduce an artificial delay in a TCP socket server implemented in C. 
我试图在用C实现的TCP套接字服务器中引入人为延迟。
The idea is for it to take a while for a client to connect to the server on purpose. 这样做的想法是,客户端需要一段时间才能有目的地连接到服务器。
To implement this, I tried instead of simply using a blocking accept() to receive connections, polling for a waiting connection and then sleep() ing before accept() ing. 为了实现这一点,我尝试了一些方法,而不是简单地使用阻塞的accept()来接收连接,先轮询等待的连接,然后在accept()之前先进行sleep() 。
However, it seems as though data is written to some other buffer anyway, and the only effect is that it takes the sleep() delay for my program to read from the buffer. 但是,好像数据还是被写入其他缓冲区,唯一的效果是我的程序需要从该缓冲区读取sleep()延迟。 Meanwhile the client has happily connected and sent the data already. 同时客户端已经愉快地连接并发送了数据。
Am I going about this the right way? 我要这样做正确吗? Possibly relevant information: both client and server are connecting via loopback interface on the same virtual machine (VMWare Player). 可能相关的信息:客户端和服务器都通过环回接口在同一虚拟机(VMWare Player)上进行连接。
My client code: 我的客户代码:
printf("Connecting to %s:18211 .. ", host); fflush(stdout);
fd = socket(AF_INET, SOCK_STREAM, 0);
memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = inet_addr(host);
sin.sin_port = htons(18211);
if(connect(fd, (void *)&sin, sizeof(struct sockaddr_in)) == -1) {
printf("Unable to connect to host %s\n", host);
exit(EXIT_FAILURE);
}
#define HITHERE ".oO Oo.\n"
if(write(fd, HITHERE, strlen(HITHERE)) == -1) {
printf("Unable to write banner to host %s\n", host);
exit(EXIT_FAILURE);
}
#undef HITHERE
printf("Connected!\nSending file .. "); fflush(stdout);
ffd = open(file, O_RDONLY);
if(ffd == -1) {
printf("Damn. Unable to open file\n");
exit(EXIT_FAILURE);
}
Server code: 服务器代码:
I tried doing a socket poll() and then sleeping before accept() here, but whilst data was received there was no delay in the client. 我尝试执行套接字poll() ,然后在此处的accept()之前休眠,但是虽然接收到数据,但客户端没有延迟。
2 个解决方案
解决方案1
4 已采纳 2014-03-07 17:06:24
The TCP handshake (SYN, SYN/ACK, ACK) happens before you get notified, at the OS level, and the client is free to send data immediately. TCP握手(SYN,SYN / ACK,ACK)发生在您收到通知之前,在OS级别,并且客户端可以立即自由发送数据。 accept() is just a server side thing giving you a fd for that specific connection. accept()只是服务器端的事情,它为您提供了该特定连接的fd。
If you want to delay establishing the connection, you should probably do in in your firewall. 如果要延迟建立连接,则可能应该在防火墙中进行。
解决方案2
1 2014-03-07 17:10:31
I second the firewall idea, eg some delay for ACKs in iptables. 我赞同防火墙的想法,例如,iptables中的ACK会有一些延迟。 Another thing to try might be setting the listen() backlog to 0 or something very small. 另一尝试可能是将listen()待办事项设置为0或很小的值。 However IIRC (though Im unsure) Linux does not set it to the number you give listen() so youll have to experiment to see how large it is. 但是,IIRC(尽管不确定)Linux并未将其设置为您给listen()的数字,因此您必须尝试看看它的大小。 See how many clients connect before you call accept() and then add one more to be "exploited". 在调用accept()之前,先查看有多少个客户端连接,然后再添加一个客户端以进行“利用”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.