Home Explore Help
Sign In
cbocovic
/
slitheen
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 9c98735413
Branches Tags
slitheen
/
server
/
relay.c

relay.c 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455 
  1. #include <stdio.h>
    2. 

  2. #include <stdlib.h>
    3. 

  3. #include <stdint.h>
    4. 

  4. #include <regex.h>
    5. 

  5. #include <sys/socket.h>
    6. 

  6. #include <sys/types.h>
    7. 

  7. #include <netinet/in.h>
    8. 

  8. #include <netdb.h>
    9. 

  9. #include <unistd.h>
    10. 

  10. #include "relay.h"
    11. 

  11. #include "slitheen.h"
    12. 

  12. #include "flow.h"
    13. 

  13. #include "crypto.h"
    14. 

  14. 

  15. 

  16. int replace_packet(flow *f, struct packet_info *info){
    17. 

  17. 

  18. 	if (info->tcp_hdr == NULL){
    19. 

  19. 		return 0;
    20. 

  20. 	}
    21. 

  21. 

  22. #ifdef DEBUG
    23. 

  23. 	fprintf(stderr,"Flow: %d > %d (%s)\n", info->ip_hdr->src.s_addr, info->ip_hdr->dst.s_addr, (info->ip_hdr->src.s_addr != f->src_ip.s_addr)? "incoming":"outgoing");
    24. 

  24. 	fprintf(stderr,"ID number: %u\n", htonl(info->ip_hdr->id));
    25. 

  25. 	fprintf(stderr,"Sequence number: %u\n", htonl(info->tcp_hdr->sequence_num));
    26. 

  26. 	fprintf(stderr,"Acknowledgement number: %u\n", htonl(info->tcp_hdr->ack_num));
    27. 

  27. #endif
    28. 

  28. 

  29. 	if(info->app_data_len <= 0){
    30. 

  30. 		return 0;
    31. 

  31. 	}
    32. 

  32. 

  33. 	/* if outgoing, decrypt and look at header */
    34. 

  34. 	if(info->ip_hdr->src.s_addr == f->src_ip.s_addr){
    35. 

  35. 		read_header(f, info);
    36. 

  36. 		return 0;
    37. 

  37. 	} else {
    38. 

  38. 

  39. #ifdef DEBUG
    40. 

  40. 		printf("Current sequence number: %d\n", f->seq_num);
    41. 

  41. 		printf("Received sequence number: %d\n", htonl(tcp_hdr->sequence_num));
    42. 

  42. #endif
    43. 

  43. 

  44. 		uint32_t offset = htonl(info->tcp_hdr->sequence_num) - f->seq_num;
    45. 

  45. 		if(offset == 0)
    46. 

  46. 			f->seq_num += info->app_data_len;
    47. 

  47. 		/* if incoming, replace with data from queue */
    48. 

  48. 		//if(htonl(tcp_hdr->sequence_num) >= f->seq_num){
    49. 

  49. 			replace_contents(f, offset, info);
    50. 

  50. 		//}//TODO: need to do something about replaying packets (maybe store previously sent data??
    51. 

  51. 

  52. 

  53. #ifdef DEBUG //TODO: fix
    54. 

  54. 		uint8_t *p = (uint8_t *) info->tcp_hdr;
    55. 

  55. 		fprintf(stdout, "ip hdr length: %d\n", htons(info->ip_hdr->len));
    56. 

  56. 		fprintf(stdout, "Injecting the following packet:\n");
    57. 

  57. 		for(int i=0; i< htons(info->ip_hdr->len); i++){
    58. 

  58. 			fprintf(stdout, "%02x ", p[i]);
    59. 

  59. 		}
    60. 

  60. 		fprintf(stdout, "\n");
    61. 

  61. 		fflush(stdout);
    62. 

  62. #endif
    63. 

  63. 

  64. 	}
    65. 

  65. 	return 0;
    66. 

  66. 

  67. }
    68. 

  68. 

  69. int read_header(flow *f, struct packet_info *info){
    70. 

  70. 	uint8_t *p = info->app_data;
    71. 

  71. 

  72. 	if (info->tcp_hdr == NULL){
    73. 

  73. 		return 0;
    74. 

  74. 	}
    75. 

  75. 

  76. 	struct record_header *record_hdr = (struct record_header*) p;
    77. 

  77. 	uint32_t record_length = RECORD_LEN(record_hdr);
    78. 

  78. 

  79. 	uint8_t *decrypted_data = calloc(1, info->app_data_len);
    80. 

  80. 

  81. 	p+= RECORD_HEADER_LEN;
    82. 

  82. 

  83. 	memcpy(decrypted_data, p, record_length);
    84. 

  84. 

  85. 	if(!encrypt(f, decrypted_data, decrypted_data, record_length, 0, record_hdr->type, 0)){
    86. 

  86. 		fprintf(stdout,"decryption failed\n");
    87. 

  87. 		return 0;
    88. 

  88. 	}
    89. 

  89. 

  90. 	if(record_hdr->type == 0x15){
    91. 

  91. 		printf("received alert\n");
    92. 

  92. 		for(int i=0; i<record_length; i++){
    93. 

  93. 			printf("%02x ", decrypted_data[i]);
    94. 

  94. 		}
    95. 

  95. 		fflush(stdout);
    96. 

  96. 	}
    97. 

  97. 

  98. 	/* search through decrypted data for x-ignore */
    99. 

  99. 	regex_t r;
    100. 

  100. 	const char *regex_text = "x-ignore";
    101. 

  101. 	const char *match = (char *) decrypted_data;
    102. 

  102. 	if(regcomp(&r, regex_text, REG_EXTENDED|REG_NEWLINE)){
    103. 

  103. 		printf("could not compile regex\n");
    104. 

  104. 		return 0;
    105. 

  105. 	}
    106. 

  106. 

  107. 	regmatch_t m;
    108. 

  108. 	if(regexec(&r, match, 1, &m, 0)){
    109. 

  109. 		return 0;
    110. 

  110. 	} 
    111. 

  111. 	uint8_t *message = decrypted_data;
    112. 

  112. 	//remove escape characters
    113. 

  113. 	for(int i=m.rm_eo+2; i< strlen(match); i++){
    114. 

  114. 		if(match[i] != '\\'){
    115. 

  115. 			*(message++) = match[i];
    116. 

  116. 		} else if (match[i+1] == 'r') {
    117. 

  117. 			*(message++) = '\r';
    118. 

  118. 			i++;
    119. 

  119. 		} else if (match[i+1] == 'n') {
    120. 

  120. 			*(message++) = '\n';
    121. 

  121. 			i++;
    122. 

  122. 		}
    123. 

  123. 	}
    124. 

  124. 	*message = '\0';
    125. 

  125. 	message = decrypted_data;
    126. 

  126. 

  127. 	regex_t r2;
    128. 

  128. 	const char *regex_text2 = "host";
    129. 

  129. 	const char *match2 = (char *) decrypted_data;
    130. 

  130. 	regmatch_t m2;
    131. 

  131. 	if(regcomp(&r2, regex_text2, REG_EXTENDED|REG_NEWLINE)){
    132. 

  132. 		printf("could not compile regex\n");
    133. 

  133. 		return 0;
    134. 

  134. 	}
    135. 

  135. 	if(regexec(&r2, match2, 1, &m2, 0)){
    136. 

  136. 		printf("no host found\n");
    137. 

  137. 		return 0;
    138. 

  138. 	}
    139. 

  139. 	uint8_t server[50];
    140. 

  140. 	for(int i=m2.rm_eo+2; i< strlen(match2); i++){
    141. 

  141. 		if(match2[i] != '\n'){
    142. 

  142. 			server[i-m2.rm_eo-2] = match2[i];
    143. 

  143. 		} else {
    144. 

  144. 			server[i-m2.rm_eo-2] = '\0';
    145. 

  145. 			break;
    146. 

  146. 		}
    147. 

  147. 	}
    148. 

  148. 

  149. 	/* Send GET request to site */
    150. 

  150. 	printf("sending request to site: %s\n", server);
    151. 

  151. 

  152. 	struct hostent *host;
    153. 

  153. 	host = gethostbyname((const char *) server);
    154. 

  154. 

  155. 	if(host == NULL){
    156. 

  156. 		printf("gethostbyname failed\n");
    157. 

  157. 		return 0;
    158. 

  158. 	}
    159. 

  159. 

  160. 	int32_t handle = socket(AF_INET, SOCK_STREAM, 0);
    161. 

  161. 	if(handle < 0){
    162. 

  162. 		printf("error: constructing socket failed\n");
    163. 

  163. 		return 0;
    164. 

  164. 	}
    165. 

  165. 	
    166. 

  166. 	struct sockaddr_in dest;
    167. 

  167. 	dest.sin_family = AF_INET;
    168. 

  168. 	dest.sin_port = htons(80);
    169. 

  169. 	dest.sin_addr = *((struct in_addr *) host->h_addr);
    170. 

  170. 	bzero (&(dest.sin_zero), 8);
    171. 

  171. 	
    172. 

  172. 	int32_t error = connect (handle, (struct sockaddr *) &dest, sizeof (struct sockaddr));
    173. 

  173. 	
    174. 

  174. 	if(error <0){
    175. 

  175. 		printf("error connecting\n");
    176. 

  176. 		return 0;
    177. 

  177. 	}
    178. 

  178. 	int32_t bytes_sent = send(handle, message, strlen((const char *) message), 0);
    179. 

  179. 	if( bytes_sent < 0){
    180. 

  180. 		printf("error sending request\n");
    181. 

  181. 		close(handle);
    182. 

  182. 		return 0;
    183. 

  183. 	} else if (bytes_sent < strlen((const char *) message)){
    184. 

  184. 		close(handle);
    185. 

  185. 		return 0;
    186. 

  186. 	}
    187. 

  187. 

  188. 	
    189. 

  189. 	int32_t bytes_read;
    190. 

  190. 	for(int i=0; i<3; i++){
    191. 

  191. 		uint8_t *buf = calloc(1, BUFSIZ);
    192. 

  192. 		bytes_read = recv(handle, buf, BUFSIZ, 0);
    193. 

  193. 		if(bytes_read <= 0) break;
    194. 

  194. 

  195. 		//make a new queue block
    196. 

  196. 		queue_block *new_block = calloc(1, sizeof(queue_block));
    197. 

  197. 		new_block->len = bytes_read;
    198. 

  198. 		new_block->offset = 0;
    199. 

  199. 		new_block->data = buf;
    200. 

  200. 		new_block->next = NULL;
    201. 

  201. 		if(f->censored_queue == NULL)
    202. 

  202. 			f->censored_queue = new_block;
    203. 

  203. 		else{
    204. 

  204. 			queue_block *last = f->censored_queue;
    205. 

  205. 			while(last->next != NULL)
    206. 

  206. 				last = last->next;
    207. 

  207. 			last->next = new_block;
    208. 

  208. 		}
    209. 

  209. 	}
    210. 

  210. 

  211. 	close(handle);
    212. 

  212. 

  213. 	return 0;
    214. 

  214. 

  215. }
    216. 

  216. 

  217. /** Replaces downstream record contents with data from the
    218. 

  218.  *  censored queue, padding with garbage bytes if no more
    219. 

  219.  *  censored data exists.
    220. 

  220.  *
    221. 

  221.  *  Inputs: 
    222. 

  222.  *  	f: the tagged flow
    223. 

  223.  *  	data: a pointer to the received packet's application
    224. 

  224.  *  		data
    225. 

  225.  *  	data_len: the length of the	packet's application data
    226. 

  226.  *  	offset: if the packet is misordered, the number of
    227. 

  227.  *  		application-level bytes in missing packets
    228. 

  228.  *
    229. 

  229.  *  Output:
    230. 

  230.  *  	Returns 0 on sucess 
    231. 

  231.  */
    232. 

  232. int replace_contents(flow *f, int32_t offset, struct packet_info *info){
    233. 

  233. 

  234. 	uint8_t *p = info->app_data;
    235. 

  235. 

  236. 	int32_t tmp_len = info->app_data_len;
    237. 

  237. 

  238. 	//step 1: replace record contents
    239. 

  239. 	//note: encrypted message will be original message size + EVP_GCM_TLS_EXPLICIT_IV_LEN + 16 byte pad
    240. 

  240. 	//first check to see if there's anything in the outbox
    241. 

  241. 	if(f->outbox_len > 0){
    242. 

  242. 

  243. #ifdef DEBUG
    244. 

  244. 		if(f->outbox_len < info->app_data_len){
    245. 

  245. 			printf("Next record:\n");
    246. 

  246. 			for(int i=0; i< RECORD_HEADER_LEN; i++){
    247. 

  247. 				printf("%02x ", p[f->outbox_len+i]);
    248. 

  248. 			}
    249. 

  249. 			printf("\n");
    250. 

  250. 		} else {
    251. 

  251. 			printf("Outbox takes up entire packet\n");
    252. 

  252. 		}
    253. 

  253. #endif
    254. 

  254. 

  255. 		if(tmp_len >= f->outbox_len){
    256. 

  256. 			memcpy(p, f->outbox, f->outbox_len);
    257. 

  257. 

  258. 			p += f->outbox_len;
    259. 

  259. 			tmp_len -= f->outbox_len;
    260. 

  260. 			f->outbox_len = 0;
    261. 

  261. 			free(f->outbox);
    262. 

  262. 		} else {
    263. 

  263. 			memcpy(p, f->outbox, tmp_len);
    264. 

  264. 			uint8_t *tmp = calloc(1, f->outbox_len - tmp_len);
    265. 

  265. 			f->outbox_len -= tmp_len;
    266. 

  266. 			memcpy(tmp, f->outbox + tmp_len, f->outbox_len);
    267. 

  267. 			free(f->outbox);
    268. 

  268. 			f->outbox = tmp;
    269. 

  269. 			tmp_len -= tmp_len;
    270. 

  270. 		}
    271. 

  271. 	}
    272. 

  272. 

  273. 	while(tmp_len > 0){
    274. 

  274. 

  275. 		struct record_header *record_hdr = (struct record_header*) p;
    276. 

  276. 		uint32_t record_length = RECORD_LEN(record_hdr);
    277. 

  277. 

  278. #ifdef DEBUG
    279. 

  279. 		fprintf(stdout, "Record:\n");
    280. 

  280. 		for(int i=0; i< RECORD_HEADER_LEN; i++){
    281. 

  281. 			printf("%02x ", p[i]);
    282. 

  282. 		}
    283. 

  283. 		printf("\n");
    284. 

  284. #endif
    285. 

  285. 

  286. 		p += RECORD_HEADER_LEN;
    287. 

  287. 		if(record_hdr->type != 0x17){
    288. 

  288. 			//TODO: might need to decrypt and re-encrypt
    289. 

  289. 			printf("received non-application data\n");
    290. 

  290. 			tmp_len -= (record_length+ RECORD_HEADER_LEN);
    291. 

  291. 			p += record_length;
    292. 

  292. 			continue;
    293. 

  293. 		}
    294. 

  294. 

  295. 		uint8_t *new_record = calloc(1, record_length);
    296. 

  296. 		memcpy(new_record, p, record_length);
    297. 

  297. 		uint8_t *tmp_p = new_record;
    298. 

  298. 

  299. 		tmp_p += EVP_GCM_TLS_EXPLICIT_IV_LEN;
    300. 

  300. 		
    301. 

  301. 		struct slitheen_header *sl_hdr = (struct slitheen_header *) tmp_p;
    302. 

  302. 		sl_hdr->marker = 0x01;
    303. 

  303. 		sl_hdr->version = 0x01;
    304. 

  304. 		sl_hdr->len = 0x00;
    305. 

  305. 		int32_t remaining = record_length - (SLITHEEN_HEADER_LEN
    306. 

  306. 				+ EVP_GCM_TLS_EXPLICIT_IV_LEN + 16);
    307. 

  307. 		tmp_p += SLITHEEN_HEADER_LEN;
    308. 

  308. 		//Fill as much as we can from the censored_queue
    309. 

  309. 		while((remaining > 0) && f->censored_queue != NULL){
    310. 

  310. 			int32_t block_length = f->censored_queue->len;
    311. 

  311. 			int32_t offset = f->censored_queue->offset;
    312. 

  312. 

  313. #ifdef DEBUG
    314. 

  314. 			printf("Censored queue is at %p.\n", f->censored_queue);
    315. 

  315. 			printf("This block as %d bytes left\n", block_length - offset);
    316. 

  316. 			printf("We need %d bytes\n", remaining);
    317. 

  317. #endif
    318. 

  318. 			
    319. 

  319. 			if(block_length > offset + remaining){
    320. 

  320. 				//use part of the block, update offset
    321. 

  321. 				memcpy(tmp_p, f->censored_queue->data+offset, remaining);
    322. 

  322. 				f->censored_queue->offset += remaining;
    323. 

  323. 				tmp_p += remaining;
    324. 

  324. 				sl_hdr->len += remaining;
    325. 

  325. 				remaining -= remaining;
    326. 

  326. 			} else {
    327. 

  327. 				//use all of the block and free it
    328. 

  328. 				memcpy(tmp_p, f->censored_queue->data+offset, block_length - offset);
    329. 

  329. 

  330. 				free(f->censored_queue->data);
    331. 

  331. 				f->censored_queue = f->censored_queue->next;
    332. 

  332. 

  333. 				tmp_p += (block_length - offset);
    334. 

  334. 				sl_hdr->len += (block_length - offset);
    335. 

  335. 				remaining -= (block_length - offset);
    336. 

  336. 			}
    337. 

  337. 		}
    338. 

  338. 		sl_hdr->len = htons(sl_hdr->len);
    339. 

  339. 		//now, if we need more data, fill with garbage
    340. 

  340. 		if(remaining >0 ){
    341. 

  341. 			//TODO: note, we may also be receiving misordered packets. Take Ian's suggestion into account here
    342. 

  342. 			memset(tmp_p, 'A', remaining);
    343. 

  343. 		}
    344. 

  344. 

  345. 		tmp_p = new_record;
    346. 

  346. 

  347. #ifdef DEBUG
    348. 

  348. 		fprintf(stdout, "copied %d data and %d garbage bytes\n", ntohs(sl_hdr->len), remaining);
    349. 

  349. 		printf("Slitheen header\n");
    350. 

  350. 		for(int i=0; i<4; i++)
    351. 

  351. 			printf("%02x ", tmp_p[EVP_GCM_TLS_EXPLICIT_IV_LEN+i]);
    352. 

  352. 		printf("\n");
    353. 

  353. #endif
    354. 

  354. 

  355. 		//step 3: encrypt new record
    356. 

  356. 		int32_t success;
    357. 

  357. 		if((success = encrypt(f, tmp_p, tmp_p, record_length-16, 1, 0x17, 1))< 0){
    358. 

  358. 			fprintf(stdout,"encryption failed\n");
    359. 

  359. 			return 0;
    360. 

  360. 		}
    361. 

  361. 

  362. 		//copy new record into packet
    363. 

  363. 		if(record_length +RECORD_HEADER_LEN > tmp_len){
    364. 

  364. 			//We have a partial record
    365. 

  365. 			memcpy(p, new_record, tmp_len - RECORD_HEADER_LEN);
    366. 

  366. 			f->outbox_len = record_length - (tmp_len - RECORD_HEADER_LEN);
    367. 

  367. 			//save left-overs in outbox
    368. 

  368. 			f->outbox = calloc(1, f->outbox_len);
    369. 

  369. 			memcpy(f->outbox, new_record + (tmp_len - RECORD_HEADER_LEN),
    370. 

  370. 					f->outbox_len);
    371. 

  371. 			free(new_record);
    372. 

  372. 		} else {
    373. 

  373. 			memcpy(p, new_record, record_length);
    374. 

  374. 			free(new_record);
    375. 

  375. 		}
    376. 

  376. 

  377. #ifdef DEBUG
    378. 

  378. 		//check to see if next record still exists
    379. 

  379. 		if(info->app_data_len > record_length + RECORD_HEADER_LEN){
    380. 

  380. 			printf("Next record:\n");
    381. 

  381. 			for(int i=0; i< RECORD_HEADER_LEN; i++){
    382. 

  382. 				printf("%02x ", p[record_length+i]);
    383. 

  383. 			}
    384. 

  384. 			printf("\n");
    385. 

  385. 		} else {
    386. 

  386. 			printf("No extra record: %d <= %d + %d\n", data_len, record_length, RECORD_HEADER_LEN);
    387. 

  387. 		}
    388. 

  388. #endif
    389. 

  389. 

  390. 		tmp_len -= record_length+ RECORD_HEADER_LEN;
    391. 

  391. 		p += record_length;
    392. 

  392. 

  393. 	}
    394. 

  394. 	//step 4: recompute TCP checksum
    395. 

  395. 	tcp_checksum(info);
    396. 

  396. 

  397. 	return 0;
    398. 

  398. }
    399. 

  399. 

  400. /** Computes the TCP checksum of the data according to RFC 793
    401. 

  401.  *  sum all 16-bit words in the segment, padd the last word if
    402. 

  402.  *  needed
    403. 

  403.  *
    404. 

  404.  *  there is a pseudo-header prefixed to the segment and
    405. 

  405.  *  included in the checksum:
    406. 

  406.  *
    407. 

  407.  *         +--------+--------+--------+--------+
    408. 

  408.  *         |           Source Address          |
    409. 

  409.  *         +--------+--------+--------+--------+
    410. 

  410.  *         |         Destination Address       |
    411. 

  411.  *         +--------+--------+--------+--------+
    412. 

  412.  *         |  zero  |  PTCL  |    TCP Length   |
    413. 

  413.  *         +--------+--------+--------+--------+
    414. 

  414.  */
    415. 

  415. uint16_t tcp_checksum(struct packet_info *info){
    416. 

  416. 

  417. 	uint16_t tcp_length = info->app_data_len + info->size_tcp_hdr;
    418. 

  418. 	struct in_addr src = info->ip_hdr->src;
    419. 

  419. 	struct in_addr dst = info->ip_hdr->dst;
    420. 

  420. 	uint8_t proto = IPPROTO_TCP;
    421. 

  421. 

  422. 	//set the checksum to zero
    423. 

  423. 	info->tcp_hdr->chksum = 0;
    424. 

  424. 	
    425. 

  425. 	//sum pseudoheader
    426. 

  426. 	uint32_t sum = (ntohl(src.s_addr)) >> 16;
    427. 

  427. 	sum += (ntohl(src.s_addr)) &0xFFFF;
    428. 

  428. 	sum += (ntohl(dst.s_addr)) >> 16;
    429. 

  429. 	sum += (ntohl(dst.s_addr)) & 0xFFFF;
    430. 

  430. 	sum += proto;
    431. 

  431. 	sum += tcp_length;
    432. 

  432. 

  433. 	//sum tcp header (with zero-d checksum)
    434. 

  434. 	uint8_t *p = (uint8_t *) info->tcp_hdr;
    435. 

  435. 	for(int i=0; i < info->size_tcp_hdr; i+=2){
    436. 

  436. 		sum += (uint16_t) ((p[i] << 8) + p[i+1]);
    437. 

  437. 	}
    438. 

  438. 

  439. 	//now sum the application data
    440. 

  440. 	p = info->app_data;
    441. 

  441. 	for(int i=0; i< info->app_data_len-1; i+=2){
    442. 

  442. 		sum += (uint16_t) ((p[i] << 8) + p[i+1]);
    443. 

  443. 	}
    444. 

  444. 	if(info->app_data_len %2 != 0){
    445. 

  445. 		sum += (uint16_t) (p[info->app_data_len - 1]) << 8;
    446. 

  446. 	}
    447. 

  447. 	//now add most significant to last significant bits
    448. 

  448. 	sum = (sum >> 16) + (sum & 0xFFFF);
    449. 

  449. 	//now subtract from 0xFF
    450. 

  450. 	sum = 0xFFFF - sum;
    451. 

  451. 

  452. 	//set chksum to calculated value
    453. 

  453. 	info->tcp_hdr->chksum = ntohs(sum);
    454. 

  454. 	return (uint16_t) sum;
    455. 

  455. }
    456.