int buildether(ETHERhdr *eth, FileData *pd, char *device)
{
int n;
u_int32_t eth_packetlen;
static u_int8_t *pkt;
char *ethertype;
struct libnet_link_int *l2 = NULL;
/* sanity checks */
if (pd->file_mem == NULL)
pd->file_s = 0;
eth_packetlen = LIBNET_ETH_H + pd->file_s;
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
if (libnet_init_packet(eth_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
exit(1);
}
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, eth->ether_type,
pd->file_mem, pd->file_s, pkt);
n = libnet_write_link_layer(l2, device, pkt, eth_packetlen);
#ifdef DEBUG
printf("DEBUG: eth_packetlen is %u.\n", eth_packetlen);
#endif
if (verbose == 2)
nemesis_hexdump(pkt, eth_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, eth_packetlen, HEX_RAW_DECODE);
switch(eth->ether_type)
{
case ETHERTYPE_PUP:
ethertype = "PUP";
break;
case ETHERTYPE_IP:
ethertype = "IP";
break;
case ETHERTYPE_ARP:
ethertype = "ARP";
break;
case ETHERTYPE_REVARP:
ethertype = "REVARP";
break;
case ETHERTYPE_8021Q:
ethertype = "802.1q";
break;
case ETHERTYPE_IPV6:
ethertype = "IPV6";
break;
case ETHERTYPE_PPPOEDISC:
ethertype = "PPOEDISC";
break;
case ETHERTYPE_PPPOE:
ethertype = "PPOE";
break;
default:
ethertype = NULL;
break;
}
if (verbose)
{
if (ethertype != NULL)
printf("Wrote %d byte Ethernet type %s packet through linktype "
"%s.\n", n, ethertype,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte Ethernet type %hu packet through linktype "
"%s.\n", n, eth->ether_type,
nemesis_lookup_linktype(l2->linktype));
}
libnet_destroy_packet(&pkt);
if (l2 != NULL)
libnet_close_link_interface(l2);
return (n);
}
int
libnet_close_raw6(libnet_t *l)
{
return (libnet_close_link_interface(l));
}
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd,
FileData *ipod, char *device)
{
int n;
u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0;
static u_int8_t *pkt;
static int sockfd = -1;
struct libnet_link_int *l2 = NULL;
u_int8_t link_offset = 0;
#if !defined(WIN32)
int sockbuff = IP_MAXPACKET;
#endif
if (pd->file_mem == NULL)
pd->file_s = 0;
if (ipod->file_mem == NULL)
ipod->file_s = 0;
if (got_link) /* data link layer transport */
{
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
link_offset = LIBNET_ETH_H;
}
else
{
if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
{
nemesis_device_failure(INJECTION_RAW, (const char *)NULL);
return -1;
}
#if !defined(WIN32)
if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff,
sizeof(sockbuff))) < 0)
{
fprintf(stderr, "ERROR: setsockopt() failed.\n");
return -1;
}
#endif
}
udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s +
ipod->file_s;
udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H);
#ifdef DEBUG
printf("DEBUG: UDP packet length %u.\n", udp_packetlen);
printf("DEBUG: IP options size %u.\n", ipod->file_s);
printf("DEBUG: UDP payload size %u.\n", pd->file_s);
#endif
if (libnet_init_packet(udp_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
return -1;
}
if (got_link)
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP,
NULL, 0, pkt);
libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off,
ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr,
NULL, 0, pkt + link_offset);
libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem,
pd->file_s, pkt + link_offset + LIBNET_IP_H);
if (got_ipoptions)
{
if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem,
ipod->file_s, pkt + link_offset)) == -1)
{
fprintf(stderr, "ERROR: Unable to add IP options, discarding "
"them.\n");
}
}
if (got_link)
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H +
ipod->file_s);
libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H +
pd->file_s + ipod->file_s);
if (got_link)
n = libnet_write_link_layer(l2, device, pkt, udp_packetlen);
else
n = libnet_write_ip(sockfd, pkt, udp_packetlen);
if (verbose == 2)
nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE);
if (n != udp_packetlen)
{
fprintf(stderr, "ERROR: Incomplete packet injection. Only wrote "
"%d bytes.\n", n);
}
else
{
if (verbose)
{
if (got_link)
printf("Wrote %d byte UDP packet through linktype %s.\n", n,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte UDP packet.\n", n);
}
}
libnet_destroy_packet(&pkt);
if (got_link)
libnet_close_link_interface(l2);
else
libnet_close_raw_sock(sockfd);
return n;
}
static void
RejectLayer2(ipq_packet_msg_t *m)
{
IPHdr *iph;
TCPHdr *tcph;
ICMPHdr *icmph;
EtherHdr *eh;
int proto;
int size = 0;
int payload_len = 0;
/* pointer to the device to use: according to the libnet manpage
* this should be u_char, but I get a compiler warning then.
* Making it a char fixes that. VJ. */
char *device = NULL;
/* to get the mac address of the interface when in layer2 mode */
struct ether_addr *link_addr;
u_char enet_dst[6]; /* mac addr for creating the ethernet packet. */
u_char enet_src[6]; /* mac addr for creating the ethernet packet. */
struct libnet_link_int *network = NULL; /* pointer to link interface struct */
int i = 0;
iph = (IPHdr *)(l_tcp + ETH_H);
proto = tmpP->iph->ip_proto;
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
/* set the interface. For Nat/Ip-mode the device we use to send a reset to the offender
* is the device on which the packet entered. For bridge-mode indev and outdev are always
* equal, so we use indev as well. There is one rare exception to this... if on the Snort_
* inline box a client is run that causes a reset, indev is not set but outdev. */
if(m->indev_name[0] != '\0')
device = m->indev_name;
else
device = m->outdev_name;
/* Let's initialize Libnet */
if((network = libnet_open_link_interface(device, errbuf)) == NULL)
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_open_link_interface for device %s failed: %s\n",
device, errbuf);
return;
}
/* lets get the mac addr of the interface */
if(!(link_addr = libnet_get_hwaddr(network, device, errbuf)))
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_get_hwaddr failed: %s\n",
errbuf);
return;
}
/* copy the mac: the src is set the the interface mac
* but only if the mac wasn't supplied in the configfile */
if(pv.enet_src[0] == 0 && pv.enet_src[1] == 0 && pv.enet_src[2] == 0 && pv.enet_src[3] == 0 && pv.enet_src[4] == 0 && pv.enet_src[5] == 0)
{
/* either user set mac as 00:00:00:00:00:00 or it is blank */
for(i = 0; i < 6; i++)
enet_src[i] = link_addr->ether_addr_octet[i];
}
else
{
for(i = 0; i < 6; i++)
enet_src[i] = pv.enet_src[i];
}
/* copy the mac: the old src now becomes dst */
for(i = 0; i < 6; i++)
enet_dst[i] = m->hw_addr[i];
//printf("reset src mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0],enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]);
//printf("reset dst mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0],enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]);
switch(proto)
{
case IPPROTO_TCP:
if (!tmpP->frag_flag)
{
size = ETH_H + IP_H + TCP_H;
eh = (EtherHdr *)l_tcp;
iph = (IPHdr *)(l_tcp + ETH_H);
tcph = (TCPHdr *)(l_tcp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
tcph->th_sport = tmpP->tcph->th_dport;
tcph->th_dport = tmpP->tcph->th_sport;
tcph->th_seq = tmpP->tcph->th_ack;
tcph->th_ack = htonl(ntohl(tmpP->tcph->th_seq) + 1);
//printf("Send TCP Rst in Bridge-mode.\n");
/* calculate the checksums */
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_TCP, TCP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for TCP_H");
return;
}
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for IP_H");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_tcp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
if(libnet_write_link_layer(network, device, l_tcp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_write_link_layer");
return;
}
} /* end if !tmpP->frag_flag */
break;
case IPPROTO_UDP:
if (!tmpP->frag_flag)
{
eh = (EtherHdr *)l_icmp;
iph = (IPHdr *)(l_icmp + ETH_H);
icmph = (ICMPHdr *) (l_icmp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
if ((payload_len = ntohs(tmpP->iph->ip_len) -
(IP_HLEN(tmpP->iph) << 2)) > 8)
{
payload_len = 8;
}
memcpy((char *)icmph + ICMP_UNREACH_H, tmpP->iph,
(IP_HLEN(tmpP->iph) << 2) + payload_len);
size = ETH_H + IP_H + ICMP_UNREACH_H +
(IP_HLEN(tmpP->iph) << 2) + payload_len;
iph->ip_len = htons(size);
/* calculate the checksums */
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_ICMP, size - IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_ICMP");
return;
}
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_IP");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_icmp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
//printf("Send ICMP Rst in Bridge-mode.\n");
if(libnet_write_link_layer(network, device, l_icmp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_write_link_layer");
return;
}
}
break;
} /* end switch(proto) */
/* clean up file-descriptors for the next time we call RejectLayer2 */
if((libnet_close_link_interface(network)) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"libnet_close_link_interface error\n");
}
}
int
main(int argc, char *argv[])
{
int packet_size, /* size of our packet */
payload_size, /* size of our packet */
c; /* misc */
u_long src_ip, dst_ip; /* source ip, dest ip */
u_short bport, eport; /* beginning and end ports */
u_short cport; /* current port */
u_char payload[MAX_PAYLOAD_SIZE]; /* packet payload */
u_char *packet; /* pointer to our packet buffer */
char err_buf[LIBNET_ERRBUF_SIZE]; /* error buffer */
u_char *device; /* pointer to the device to use */
struct libnet_link_int *network; /* pointer to link interface struct */
struct libnet_plist_chain plist; /* plist chain */
struct libnet_plist_chain *plist_p; /* plist chain pointer */
printf("libnet example code:\tmodule 4\n\n");
printf("packet injection interface:\tlink layer\n");
printf("packet type:\t\t\tUDP [with payload] using port list chaining\n");
plist_p = NULL;
device = NULL;
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "i:d:s:p:")) != EOF)
{
switch (c)
{
case 'd':
if (!(dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
libnet_error(LIBNET_ERR_FATAL,
"Bad destination IP address: %s\n", optarg);
}
break;
case 'i':
device = optarg;
break;
case 's':
if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
libnet_error(LIBNET_ERR_FATAL,
"Bad source IP address: %s\n", optarg);
}
break;
case 'p':
plist_p = &plist;
if (libnet_plist_chain_new(&plist_p, optarg) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "Could not build port list\n");
}
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !plist_p)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
c = argc - optind;
if (c != 1)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
memset(payload, 0, sizeof(payload));
strncpy(payload, argv[optind], strlen(argv[optind]));
/*
* Step 1: Network Initialization (interchangable with step 2).
*/
if (device == NULL)
{
struct sockaddr_in sin;
/*
* Try to locate a device.
*/
if (libnet_select_device(&sin, &device, err_buf) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", err_buf);
}
printf("device:\t\t\t\t%s\n", device);
}
if ((network = libnet_open_link_interface(device, err_buf)) == NULL)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", err_buf);
}
/*
* Get the payload from the user. Hrm. This might fail on a Sparc
* if byte alignment is off...
*/
payload_size = strlen(payload);
/*
* We're going to build a UDP packet with a payload using the
* link-layer API, so this time we need memory for a ethernet header
* as well as memory for the ICMP and IP headers and our payload.
*/
packet_size = LIBNET_IP_H + LIBNET_ETH_H + LIBNET_UDP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(LIBNET_UDP_H + payload_size,
0, /* IP tos */
242, /* IP ID */
0, /* Frag */
64, /* TTL */
IPPROTO_UDP, /* Transport protocol */
src_ip, /* Source IP */
dst_ip, /* Destination IP */
NULL, /* Pointer to payload (none) */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
{
while (!(bport > eport) && bport != 0)
{
cport = bport++;
/*
* Step 3: Packet construction (UDP header).
*/
libnet_build_udp(242, /* source port */
cport, /* dest. port */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/*
* Step 5: Packet injection.
*/
c = libnet_write_link_layer(network, device, packet, packet_size);
if (c < packet_size)
{
libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
}
else
{
printf("construction and injection completed, wrote all %d bytes, port %d\n", c, cport);
}
}
}
/*
* Shut down the interface.
*/
if (libnet_close_link_interface(network) == -1)
{
libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
}
/*
* Free packet memory.
*/
libnet_destroy_packet(&packet);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
/*
* injection_write_ip
*
* Description:
* - Write an IP packet into the wire. It can use either raw sockets
* or the wire
*
* Inputs:
* - ip_packet: the IP packet
*
* Outputs:
* - return: 0 if ok, <0 if there were problems
*
*/
int injection_write_ip (u_char *ip_packet)
{
#if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER)
int i;
u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2));
#endif
#if defined(INJECT_USING_RAW_SOCKETS)
int network;
/* network initialization */
if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
/* packet injection */
} else if ((i = libnet_write_ip (network, ip_packet, packet_size))
< packet_size) {
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
/* shut down the interface */
} else if (libnet_close_raw_sock (network) < 0) {
return WIRE_ERR_PKTD_INJECTION_CLOSE;
}
return WIRE_ERR_NONE;
#elif defined(INJECT_USING_LINK_LAYER)
char buffer[LIBNET_ETH_H+IP_MAXPACKET];
struct in_addr in;
int size = 1024;
struct libnet_link_int *network; /* pointer to link interface struct */
char *interface = NULL; /* pointer to the device to use */
struct sockaddr_in sin;
char errbuf[1024];
struct ether_addr remote_eth, *tmp_eth;
/* network initialization */
if (libnet_select_device(&sin, &interface, errbuf) == -1) {
return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS;
}
if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
/* get local ethernet address */
if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
memcpy (&local_eth, tmp_eth, 6);
debug3 ("injection_write_ip: the local ethernet address is %s\n",
ether_ntoa(&local_eth));
/* get remote ethernet address (the packet is already in network order) */
in.s_addr = *(u_int32_t*)(ip_packet+16);
/* try to get the remote MAC address from the ARP cache */
if (get_mac_address (in, buffer, size) < 0) {
/* MAC address of the IP address not in ARP cache */
/* get the gateway needed to reach the destination */
struct in_addr gw;
if (get_gateway (in, &gw) < 0) {
debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n",
inet_ntoa(in));
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* get the gateway's ethernet address */
if (get_mac_address (gw, buffer, size) < 0) {
debug3 ("injection_write_ip: can't find MAC for %s's ",
inet_ntoa(in));
debug3 ("gateway (%s)\n", inet_ntoa(gw));
/* XXX: This case means typically the destination host is in
* the same network than the source, but the destination MAC
* address is not in the local ARP cache. Getting a local
* MAC address requires implementing ARP, which we won't do
* at this moment
*/
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in));
debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer);
} else {
debug3 ("injection_write_ip: IP address %s corresponds to %s\n",
inet_ntoa(in), buffer);
}
if ((tmp_eth = ether_aton (buffer)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
memcpy (&remote_eth, tmp_eth, 6);
/* build ethernet header and use IP packet as payload */
#if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\
defined(__FreeBSD__))
libnet_build_ethernet(&(remote_eth.octet[0]),
&(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#else
libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]),
&(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#endif
memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size);
packet_size += LIBNET_ETH_H;
/* inject the packet */
if ((i = libnet_write_link_layer (network, interface, buffer,
packet_size)) < packet_size) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* shut down the interface */
(void)libnet_close_link_interface(network);
return WIRE_ERR_NONE;
#else /* INJECT_USING_LINK_LAYER */
return(0);
#endif /* INJECT_USING_LINK_LAYER */
}
int main(int argc, char *argv[])
{
// packet type (arp/udp/tcp)
char type[5];
// network device
char *device = "eth0\0";
struct libnet_link_int *link;
// Raw socket
int sock;
// error buffer
char errbuff[LIBNET_ERRBUF_SIZE];
// src and dst mac
u_char dmac[6],smac[6];
// src and dst ip
unsigned int src_ip, dst_ip;
// packet buffer
unsigned char *packet;
// packet payload
char *payload;
// payload size
int p_size;
// bytes send over the wire
int send;
// check parameter
if(argc == 1)
{
printf("Usage: %s <arp/udp/tcp>\n",argv[0]);
exit(0);
}
else
{
strcpy(type,argv[1]);
}
// Allocate memory for the payload
payload = malloc(50);
// Packets payload
strcpy(payload,"TEST LIBNET\0");
packet = NULL;
// payload size
p_size = strlen(payload);
// mac address
strcpy(smac,SMAC);
strcpy(dmac,DMAC);
// ip address in network byte order
src_ip = inet_addr(SOURCE);
dst_ip = inet_addr(DEST);
// Lookup ip addresses
src_ip = libnet_name_resolve(libnet_host_lookup(src_ip,0),0);
dst_ip = libnet_name_resolve(libnet_host_lookup(dst_ip,0),0);
// Build an ARP packet?
if(!strcmp(type,"arp"))
{
// open the network device
link = libnet_open_link_interface(device,errbuff);
// Failed?
if(link == NULL)
{
printf("Error while opening device %s!\n%s\n",device,errbuff);
exit(1);
}
printf("Using device %s\n",device);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
if(packet == NULL)
{
printf("libnet_init_packet error!\n");
exit(1);
}
// Build ethernet header
libnet_build_ethernet(dmac, // destination mac
smac, // source mac
ETHERTYPE_ARP,// ethernet packet type
NULL, // pointer to payload
0, // payload size
packet // pointer to packet buffer
);
printf("Sending ARP reply packet %s --> %s\n",SOURCE,DEST);
libnet_build_arp(ARPHRD_ETHER, // hardware type
ETHERTYPE_IP, // protocol type
ETHER_ADDR_LEN, // hardware address size
4, // protocol address size
ARPOP_REPLY, // ARP operation
smac, // source mac
(u_char *)&src_ip, // source ip
dmac, // destination mac
(u_char *)&dst_ip, // destination ip
NULL, // pointer to payload
0, // payload size
packet+LIBNET_ETH_H // pointer to packet buffer
);
// Get the packet on the wire
send = libnet_write_link_layer(link,device,packet,LIBNET_ETH_H+LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the network device
libnet_close_link_interface(link);
}
else
{
// Open a raw sock
sock = libnet_open_raw_sock(IPPROTO_RAW);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_IP_H+LIBNET_TCP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
// Build ip header
libnet_build_ip(LIBNET_TCP_H+p_size,// packet length without ip header length
0, // ip type of service
242, // ip id
0, // fragmentation bit
48, // time to live
IPPROTO_TCP, // Transport Control Protokoll
src_ip, // source ip
dst_ip, // destination ip
NULL, // pointer to ip payload
0, // ip options
packet // pointer to packet buffer
);
// Build UDP packet?
if(!strcmp(type,"udp"))
{
libnet_build_udp(ntohs(SPORT), // Source port
ntohs(DPORT), // destination port
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to packet buffer
);
printf("Sending UDP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Build TCP/IP packet per default
else
{
// Build tcp header
libnet_build_tcp(ntohs(SPORT), // source port
ntohs(DPORT), // destination port
1000000000, // acknowledge number
1000000000, // sequence number
TH_ACK, // tcp flags
1024, // window size
0, // urgent pointer
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to the packet buffer
);
printf("Sending TCP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Calculize checksum
libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// Get the packet on the wire
send = libnet_write_ip(sock,packet,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the socket
libnet_close_raw_sock(sock);
}
// free the memory
//libnet_destroy_packet(packet);
free(payload);
free(errbuff);
return 1;
}
void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) {
char errbuf[LIBNET_ERRBUF_SIZE]; /* error buffer */
struct libnet_link_int *network; /* pointer to link interface struct */
int packet_size; /* size of our packet */
int ip_size; /* size of our ip */
int udp_size; /* size of our udp */
int tcp_size; /* size of our tcp */
int c;
u_char *packet; /* pointer to our packet buffer */
/*
* Step 1: Network Initialization (interchangable with step 2).
*/
if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) {
libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf);
}
/*
* We're going to build a UDP packet with a payload using the
* link-layer API, so this time we need memory for a ethernet header
* as well as memory for the ICMP and IP headers and our payload.
*/
if (protocol == "udp") {
packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size;
ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size;
udp_size = LIBNET_UDP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(
enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
printf("\n--- Injected packet number %i on %s ---\n", count, dev2);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(
LIBNET_UDP_H + payload_size,
0, /* IP tos */
id, /* IP ID */
0, /* Frag */
ttl, /* TTL */
IPPROTO_UDP, /* Transport protocol */
inet_addr(saddr2), /* Source IP */
inet_addr(daddr2), /* Destination IP */
payload, /* Pointer to payload (none) */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
/*
* Step 3: Packet construction (UDP header).
*/
libnet_build_udp(
sport2, /* source port */
dport2, /* dest. port */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/* print packet info */
if (!hide_header) {
printf("IP header Src Addr: %s", saddr2);
printf(" Dst Addr: %s\n", daddr2);
printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl);
printf("UDP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, udp_size);
}
if (!hide_payload) {
printf("Payload (%d bytes)\n", payload_size);
print_payload(payload, payload_size);
}
}
if (protocol == "tcp") {
packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size;
ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size;
tcp_size = LIBNET_TCP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(
enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
printf("\n--- Injected packet number %i on %s ---\n", count, dev2);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(
LIBNET_TCP_H + payload_size,
0, /* IP tos */
id, /* IP ID */
0, /* Frag */
ttl, /* TTL */
IPPROTO_TCP, /* Transport protocol */
inet_addr(saddr2), /* Source IP */
inet_addr(daddr2), /* Destination IP */
payload, /* Pointer to payload */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
/*
* Step 3: Packet construction (TCP header).
*/
libnet_build_tcp(
sport2, /* source TCP port */
dport2, /* destination TCP port */
0xa1d95, /* sequence number */
0x53, /* acknowledgement number */
TH_SYN, /* control flags */
1024, /* window size */
0, /* urgent pointer */
NULL, /* payload (none) */
0, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/* print packet info */
if (!hide_header) {
printf("IP header Src Addr: %s", saddr2);
printf(" Dst Addr: %s\n", daddr2);
printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl);
printf("TCP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, tcp_size);
}
if (!hide_payload) {
printf("Payload (%d bytes)\n", payload_size);
print_payload(payload, payload_size);
}
}
/*
* Step 5: Packet injection.
*/
c = libnet_write_link_layer(network, dev2, packet, packet_size);
if (c < packet_size) {
libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
}
/*
* Shut down the interface.
*/
if (libnet_close_link_interface(network) == -1) {
libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
}
/*
* Free packet memory.
*/
libnet_destroy_packet(&packet);
printf("\n");
}
int cleanup(void) {
libnet_destroy_packet(&pkt);
libnet_close_link_interface(linkint);
}