/*
* my_libnet_init
*/
my_libnet_t *my_libnet_init(char *pcapdev, char *errbuf) {
#ifdef HAVE_LIBNET_1_0
return libnet_open_link_interface(pcapdev, errbuf);
#else
# ifdef HAVE_LIBNET_1_1
return libnet_init(LIBNET_LINK_ADV, pcapdev, errbuf);
# endif
#endif
}
int
main(int argc, char *argv[])
{
int c;
u_long src_ip, dst_ip;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
printf("link layer ICMP packet building/writing test\n");
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "i:d:s:")) != EOF)
{
switch (c)
{
case 'd':
if (!(dst_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 'i':
device = optarg;
break;
case 's':
if (!(src_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !device)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
if ((l = libnet_open_link_interface(device, errbuf)) == NULL)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
c = send_icmp(l, device, src_ip, dst_ip);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int init(void) {
/* Ethernet header */
etherhdr.ether_type = ETHERTYPE_IP; /* Ethernet type IP */
memset(etherhdr.ether_shost, 0, 6); /* Ethernet source address */
memset(etherhdr.ether_dhost, 0xff, 6); /* Ethernet destination address */
/* IP header */
memset(&iphdr.ip_src.s_addr, 0, 4); /* IP source address 0.0.0.0
* (pretend to be proxy to
* avoid being elected as master) */
inet_aton(MCAST_ALL_HOSTS, &iphdr.ip_dst); /* IP destination address */
iphdr.ip_tos = 0; /* IP type of services */
iphdr.ip_id = (u_int16_t)libnet_get_prand(PRu16); /* IP ID */
iphdr.ip_p = IPPROTO_IGMP; /* IP protocol IGMP */
iphdr.ip_off = 0; /* IP fragmentation offset */
iphdr.ip_ttl = 1; /* IP TTL - set to 1 purposely */
/* IGMP header */
igmphdr.igmp_type = IGMP_MEMBERSHIP_QUERY; /* IGMP type */
igmphdr.igmp_code = 0; /* IGMP code */
inet_aton(MCAST_MDNS, &igmphdr.igmp_group); /* IGMP group address */
/* Create packet */
linkint = libnet_open_link_interface(LINK_INTERFACE, errbuf);
if (linkint == NULL) {
return -1;
}
igmp_packetlen = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_IGMP_H;
if (libnet_init_packet(igmp_packetlen, &pkt) == -1) {
return -1;
}
libnet_build_ethernet(etherhdr.ether_dhost, etherhdr.ether_shost,
ETHERTYPE_IP, NULL, 0, pkt);
libnet_build_ip(LIBNET_IGMP_H, iphdr.ip_tos, iphdr.ip_id, iphdr.ip_off,
iphdr.ip_ttl, iphdr.ip_p, iphdr.ip_src.s_addr, iphdr.ip_dst.s_addr,
NULL, 0, pkt + LIBNET_ETH_H);
libnet_build_igmp(igmphdr.igmp_type, igmphdr.igmp_code,
igmphdr.igmp_group.s_addr, NULL, 0,
pkt + LIBNET_ETH_H + LIBNET_IP_H);
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H);
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IGMP, LIBNET_IGMP_H);
}
int
get_hw_addr(char *device, u_char mac[6])
{
struct ether_addr *mac_address;
struct libnet_link_int *network;
char err_buf[LIBNET_ERRBUF_SIZE];
network = libnet_open_link_interface(device, err_buf);
if (!network) {
fprintf(stderr, "libnet_open_link_interface: %s\n", err_buf);
return -1;
}
mac_address = libnet_get_hwaddr(network, device, err_buf);
if (!mac_address) {
fprintf(stderr, "libnet_get_hwaddr: %s\n", err_buf);
return -1;
}
memcpy(mac, mac_address->ether_addr_octet, 6);
return 0;
}
int
main(int argc, char *argv[])
{
int c;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
fprintf(stderr, "Specify a device\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
c = send_arp(l, device);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int main(int argc, char **argv)
{
struct libnet_link_int *intf;
int nconnect;
struct timeval tv;
unsigned char spa[4], tpa[4];
unsigned char sha[ETH_ALEN], tha[ETH_ALEN];
unsigned long tmpip;
gettimeofday(&tv, NULL);
srand(tv.tv_sec ^ tv.tv_usec ^ (getpid()<<15));
if(argc < 3)
{
printf("usage: %s <spa> <sha> <tpa> <tha>\n", argv[0]);
exit(1);
}
if((intf = libnet_open_link_interface(INTERFACE, NULL)) == NULL)
{
perror("open intf");
exit(1);
}
tmpip = libnet_name_resolve(argv[1], 0);
memcpy(spa, &tmpip, 4);
tmpip = libnet_name_resolve(argv[3], 0);
memcpy(tpa, &tmpip, 4);
memcpy(sha, hex2eth(argv[2]), ETH_ALEN);
memcpy(tha, hex2eth(argv[4]), ETH_ALEN);
arp_spoof_reply(intf, spa, sha, tpa, tha);
}
int main(int argc, char **argv)
{
struct link_int *intf;
int nconnect;
char *dev = DEFAULT_DEV;
struct timeval tv;
struct eth_pair src, dst;
gettimeofday(&tv, NULL);
srand(tv.tv_sec ^ tv.tv_usec ^ (getpid()<<15));
if(argc < 6)
{
printf("usage: %s <IP broadcast> <IP netmask> <gw ip> <gw hw> <nconnects>\n", argv[0]);
exit(1);
}
nconnect = atoi(argv[3]);
if((intf = libnet_open_link_interface(dev, NULL)) == NULL)
{
perror("open intf");
exit(1);
}
netmask = libnet_name_resolve(argv[2], 0);
broadcast = libnet_name_resolve(argv[1], 0);
//fill_port_table(intf, dev, broadcast, netmask, nconnect);
src.ip = rand();
memcpy(src.eth, &src.ip, 4);
src.ip = libnet_name_resolve("130.126.44.109", 0);
memcpy(dst.eth, hex2eth(argv[4]), ETH_ALEN);
dst.ip = libnet_name_resolve(argv[3], 0);
write_icmpether(intf, dev, &dst, &src);
}
int buildether(ETHERhdr *eth, FileData *pd, char *device)
{
int n;
u_int32_t eth_packetlen;
static u_int8_t *pkt;
char *ethertype;
struct libnet_link_int *l2 = NULL;
/* sanity checks */
if (pd->file_mem == NULL)
pd->file_s = 0;
eth_packetlen = LIBNET_ETH_H + pd->file_s;
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
if (libnet_init_packet(eth_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
exit(1);
}
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, eth->ether_type,
pd->file_mem, pd->file_s, pkt);
n = libnet_write_link_layer(l2, device, pkt, eth_packetlen);
#ifdef DEBUG
printf("DEBUG: eth_packetlen is %u.\n", eth_packetlen);
#endif
if (verbose == 2)
nemesis_hexdump(pkt, eth_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, eth_packetlen, HEX_RAW_DECODE);
switch(eth->ether_type)
{
case ETHERTYPE_PUP:
ethertype = "PUP";
break;
case ETHERTYPE_IP:
ethertype = "IP";
break;
case ETHERTYPE_ARP:
ethertype = "ARP";
break;
case ETHERTYPE_REVARP:
ethertype = "REVARP";
break;
case ETHERTYPE_8021Q:
ethertype = "802.1q";
break;
case ETHERTYPE_IPV6:
ethertype = "IPV6";
break;
case ETHERTYPE_PPPOEDISC:
ethertype = "PPOEDISC";
break;
case ETHERTYPE_PPPOE:
ethertype = "PPOE";
break;
default:
ethertype = NULL;
break;
}
if (verbose)
{
if (ethertype != NULL)
printf("Wrote %d byte Ethernet type %s packet through linktype "
"%s.\n", n, ethertype,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte Ethernet type %hu packet through linktype "
"%s.\n", n, eth->ether_type,
nemesis_lookup_linktype(l2->linktype));
}
libnet_destroy_packet(&pkt);
if (l2 != NULL)
libnet_close_link_interface(l2);
return (n);
}
static void
RejectLayer2(ipq_packet_msg_t *m)
{
IPHdr *iph;
TCPHdr *tcph;
ICMPHdr *icmph;
EtherHdr *eh;
int proto;
int size = 0;
int payload_len = 0;
/* pointer to the device to use: according to the libnet manpage
* this should be u_char, but I get a compiler warning then.
* Making it a char fixes that. VJ. */
char *device = NULL;
/* to get the mac address of the interface when in layer2 mode */
struct ether_addr *link_addr;
u_char enet_dst[6]; /* mac addr for creating the ethernet packet. */
u_char enet_src[6]; /* mac addr for creating the ethernet packet. */
struct libnet_link_int *network = NULL; /* pointer to link interface struct */
int i = 0;
iph = (IPHdr *)(l_tcp + ETH_H);
proto = tmpP->iph->ip_proto;
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
/* set the interface. For Nat/Ip-mode the device we use to send a reset to the offender
* is the device on which the packet entered. For bridge-mode indev and outdev are always
* equal, so we use indev as well. There is one rare exception to this... if on the Snort_
* inline box a client is run that causes a reset, indev is not set but outdev. */
if(m->indev_name[0] != '\0')
device = m->indev_name;
else
device = m->outdev_name;
/* Let's initialize Libnet */
if((network = libnet_open_link_interface(device, errbuf)) == NULL)
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_open_link_interface for device %s failed: %s\n",
device, errbuf);
return;
}
/* lets get the mac addr of the interface */
if(!(link_addr = libnet_get_hwaddr(network, device, errbuf)))
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_get_hwaddr failed: %s\n",
errbuf);
return;
}
/* copy the mac: the src is set the the interface mac
* but only if the mac wasn't supplied in the configfile */
if(pv.enet_src[0] == 0 && pv.enet_src[1] == 0 && pv.enet_src[2] == 0 && pv.enet_src[3] == 0 && pv.enet_src[4] == 0 && pv.enet_src[5] == 0)
{
/* either user set mac as 00:00:00:00:00:00 or it is blank */
for(i = 0; i < 6; i++)
enet_src[i] = link_addr->ether_addr_octet[i];
}
else
{
for(i = 0; i < 6; i++)
enet_src[i] = pv.enet_src[i];
}
/* copy the mac: the old src now becomes dst */
for(i = 0; i < 6; i++)
enet_dst[i] = m->hw_addr[i];
//printf("reset src mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0],enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]);
//printf("reset dst mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0],enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]);
switch(proto)
{
case IPPROTO_TCP:
if (!tmpP->frag_flag)
{
size = ETH_H + IP_H + TCP_H;
eh = (EtherHdr *)l_tcp;
iph = (IPHdr *)(l_tcp + ETH_H);
tcph = (TCPHdr *)(l_tcp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
tcph->th_sport = tmpP->tcph->th_dport;
tcph->th_dport = tmpP->tcph->th_sport;
tcph->th_seq = tmpP->tcph->th_ack;
tcph->th_ack = htonl(ntohl(tmpP->tcph->th_seq) + 1);
//printf("Send TCP Rst in Bridge-mode.\n");
/* calculate the checksums */
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_TCP, TCP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for TCP_H");
return;
}
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for IP_H");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_tcp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
if(libnet_write_link_layer(network, device, l_tcp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_write_link_layer");
return;
}
} /* end if !tmpP->frag_flag */
break;
case IPPROTO_UDP:
if (!tmpP->frag_flag)
{
eh = (EtherHdr *)l_icmp;
iph = (IPHdr *)(l_icmp + ETH_H);
icmph = (ICMPHdr *) (l_icmp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
if ((payload_len = ntohs(tmpP->iph->ip_len) -
(IP_HLEN(tmpP->iph) << 2)) > 8)
{
payload_len = 8;
}
memcpy((char *)icmph + ICMP_UNREACH_H, tmpP->iph,
(IP_HLEN(tmpP->iph) << 2) + payload_len);
size = ETH_H + IP_H + ICMP_UNREACH_H +
(IP_HLEN(tmpP->iph) << 2) + payload_len;
iph->ip_len = htons(size);
/* calculate the checksums */
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_ICMP, size - IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_ICMP");
return;
}
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_IP");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_icmp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
//printf("Send ICMP Rst in Bridge-mode.\n");
if(libnet_write_link_layer(network, device, l_icmp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_write_link_layer");
return;
}
}
break;
} /* end switch(proto) */
/* clean up file-descriptors for the next time we call RejectLayer2 */
if((libnet_close_link_interface(network)) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"libnet_close_link_interface error\n");
}
}
int
main(int argc, char *argv[])
{
int i, c;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
struct ether_addr e;
u_long ip;
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
fprintf(stderr, "Specify a device\n");
exit(EXIT_FAILURE);
}
if (argc > optind)
{
if ((ip = libnet_name_resolve(argv[optind], 1)) == -1)
{
fprintf(stderr, "Cannot resolve IP address\n");
exit(EXIT_FAILURE);
}
}
else
{
fprintf(stderr, "IP address to ARP for?\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
c = libnet_do_arp(l, device, &e, ip);
if (c != -1)
{
for (i = 0; i < 6; i++)
{
printf("%x", e.ether_addr_octet[i]);
if (i != 5)
{
printf(":");
}
}
printf("\n");
}
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
/* initialize an interface
* Basically, do everything which must be done as root, so
* the program can drop root uid later.
* It puts the device in promiscuous mode if signaled and
* returns an sndet_device struct, which is later used in almost any
* test
* - Initializes the sndet_device structure, wich must be freed later
* by the application;
* - Error message is returned in errbuf[];
*/
struct sndet_device * sndet_init_device(char *device, int promisc, char *errbuf)
{
struct sndet_device *sndet_dev;
char *temp;
// error buffer for external calls (libnet + libpcap)
char ext_errbuf[LIBNET_ERRBUF_SIZE | PCAP_ERRBUF_SIZE];
sndet_dev = malloc(sizeof(struct sndet_device));
// find the device to open
// use a default (from libpcap) if the user didn't supply one
if (device == NULL) {
temp = pcap_lookupdev(ext_errbuf);
if (temp == NULL) {
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN,
"Could not find a link interface!\n%s", ext_errbuf);
SNDET_FREE(sndet_dev);
return NULL;
}
sndet_dev->device = strndup(temp, MAX_DEVICE_NAME_LEN);
}
else
sndet_dev->device = strndup(device, MAX_DEVICE_NAME_LEN);
// open interface
sndet_dev->pktdesc = pcap_open_live(device, MAX_CAPTURE_BYTES,
promisc, CAPTURE_READ_TMOUT, ext_errbuf);
if (!sndet_dev->pktdesc) {
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN,
"Could not open link interface!\n%s", ext_errbuf);
SNDET_FREE(sndet_dev->device);
SNDET_FREE(sndet_dev);
return NULL;
}
if (pcap_lookupnet(sndet_dev->device, &(sndet_dev->network),
&(sndet_dev->netmask), ext_errbuf) == -1)
{
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN,
"Could not determine netmask/network of interface %s!\n%s",
sndet_dev->device, ext_errbuf);
SNDET_FREE(sndet_dev->device);
SNDET_FREE(sndet_dev);
return NULL;
}
// see net/bpf.h
// is the datalink supported? (is that an ethernet device?)
sndet_dev->datalink = pcap_datalink(sndet_dev->pktdesc);
switch (sndet_dev->datalink) {
case DLT_EN10MB:
sndet_dev->pkt_offset = 14;
break;
default:
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN,
"Device %s is not supported! (not an ethernet device?)\n",
sndet_dev->device);
SNDET_FREE(sndet_dev->device);
SNDET_FREE(sndet_dev);
return NULL;
}
// initialize libnet interface
sndet_dev->ln_int = libnet_open_link_interface(device, ext_errbuf);
if (!sndet_dev->ln_int) {
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN,
"Could not open link interface!\n%s", ext_errbuf);
SNDET_FREE(sndet_dev->device);
SNDET_FREE(sndet_dev);
return NULL;
}
// open a raw socket
sndet_dev->rawsock = libnet_open_raw_sock(IPPROTO_RAW);
if (sndet_dev->rawsock == -1) {
snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Error opening raw socket\n");
SNDET_FREE(sndet_dev->device);
SNDET_FREE(sndet_dev);
return NULL;
}
return sndet_dev;
}
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd,
FileData *ipod, char *device)
{
int n;
u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0;
static u_int8_t *pkt;
static int sockfd = -1;
struct libnet_link_int *l2 = NULL;
u_int8_t link_offset = 0;
#if !defined(WIN32)
int sockbuff = IP_MAXPACKET;
#endif
if (pd->file_mem == NULL)
pd->file_s = 0;
if (ipod->file_mem == NULL)
ipod->file_s = 0;
if (got_link) /* data link layer transport */
{
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
link_offset = LIBNET_ETH_H;
}
else
{
if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
{
nemesis_device_failure(INJECTION_RAW, (const char *)NULL);
return -1;
}
#if !defined(WIN32)
if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff,
sizeof(sockbuff))) < 0)
{
fprintf(stderr, "ERROR: setsockopt() failed.\n");
return -1;
}
#endif
}
udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s +
ipod->file_s;
udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H);
#ifdef DEBUG
printf("DEBUG: UDP packet length %u.\n", udp_packetlen);
printf("DEBUG: IP options size %u.\n", ipod->file_s);
printf("DEBUG: UDP payload size %u.\n", pd->file_s);
#endif
if (libnet_init_packet(udp_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
return -1;
}
if (got_link)
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP,
NULL, 0, pkt);
libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off,
ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr,
NULL, 0, pkt + link_offset);
libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem,
pd->file_s, pkt + link_offset + LIBNET_IP_H);
if (got_ipoptions)
{
if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem,
ipod->file_s, pkt + link_offset)) == -1)
{
fprintf(stderr, "ERROR: Unable to add IP options, discarding "
"them.\n");
}
}
if (got_link)
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H +
ipod->file_s);
libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H +
pd->file_s + ipod->file_s);
if (got_link)
n = libnet_write_link_layer(l2, device, pkt, udp_packetlen);
else
n = libnet_write_ip(sockfd, pkt, udp_packetlen);
if (verbose == 2)
nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE);
if (n != udp_packetlen)
{
fprintf(stderr, "ERROR: Incomplete packet injection. Only wrote "
"%d bytes.\n", n);
}
else
{
if (verbose)
{
if (got_link)
printf("Wrote %d byte UDP packet through linktype %s.\n", n,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte UDP packet.\n", n);
}
}
libnet_destroy_packet(&pkt);
if (got_link)
libnet_close_link_interface(l2);
else
libnet_close_raw_sock(sockfd);
return n;
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c, i;
struct libnet_link_int *llif;
char ebuf[PCAP_ERRBUF_SIZE];
u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN];
in_addr_t src, dst;
u_short sport, dport;
u_int32_t seq;
u_char pkt[ETH_H + IP_H + TCP_H];
while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) {
switch (c) {
case 'v':
break;
case 's':
Src = libnet_name_resolve(optarg, 0);
break;
case 'd':
Dst = libnet_name_resolve(optarg, 0);
break;
case 'e':
Tha = (u_char *)ether_aton(optarg);
break;
case 'x':
Sport = atoi(optarg);
break;
case 'y':
Dport = atoi(optarg);
break;
case 'i':
Intf = optarg;
break;
case 'n':
Repeat = atoi(optarg);
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0)
errx(1, "%s", ebuf);
libnet_seed_prand();
for (i = 0; i != Repeat; i++) {
gen_mac(sha);
if (Tha == NULL) gen_mac(tha);
else memcpy(tha, Tha, sizeof(tha));
if (Src != 0) src = Src;
else src = libnet_get_prand(PRu32);
if (Dst != 0) dst = Dst;
else dst = libnet_get_prand(PRu32);
if (Sport != 0) sport = Sport;
else sport = libnet_get_prand(PRu16);
if (Dport != 0) dport = Dport;
else dport = libnet_get_prand(PRu16);
seq = libnet_get_prand(PRu32);
libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
0, NULL, 0, pkt + ETH_H + IP_H);
libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H);
libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H);
if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0)
errx(1, "write");
fprintf(stderr, "%s ",
ether_ntoa((struct ether_addr *)sha));
fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n",
ether_ntoa((struct ether_addr *)tha),
libnet_host_lookup(Src, 0), sport,
libnet_host_lookup(Dst, 0), dport, seq, seq);
}
exit(0);
}
int main(int argc, char *argv[])
{
// packet type (arp/udp/tcp)
char type[5];
// network device
char *device = "eth0\0";
struct libnet_link_int *link;
// Raw socket
int sock;
// error buffer
char errbuff[LIBNET_ERRBUF_SIZE];
// src and dst mac
u_char dmac[6],smac[6];
// src and dst ip
unsigned int src_ip, dst_ip;
// packet buffer
unsigned char *packet;
// packet payload
char *payload;
// payload size
int p_size;
// bytes send over the wire
int send;
// check parameter
if(argc == 1)
{
printf("Usage: %s <arp/udp/tcp>\n",argv[0]);
exit(0);
}
else
{
strcpy(type,argv[1]);
}
// Allocate memory for the payload
payload = malloc(50);
// Packets payload
strcpy(payload,"TEST LIBNET\0");
packet = NULL;
// payload size
p_size = strlen(payload);
// mac address
strcpy(smac,SMAC);
strcpy(dmac,DMAC);
// ip address in network byte order
src_ip = inet_addr(SOURCE);
dst_ip = inet_addr(DEST);
// Lookup ip addresses
src_ip = libnet_name_resolve(libnet_host_lookup(src_ip,0),0);
dst_ip = libnet_name_resolve(libnet_host_lookup(dst_ip,0),0);
// Build an ARP packet?
if(!strcmp(type,"arp"))
{
// open the network device
link = libnet_open_link_interface(device,errbuff);
// Failed?
if(link == NULL)
{
printf("Error while opening device %s!\n%s\n",device,errbuff);
exit(1);
}
printf("Using device %s\n",device);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
if(packet == NULL)
{
printf("libnet_init_packet error!\n");
exit(1);
}
// Build ethernet header
libnet_build_ethernet(dmac, // destination mac
smac, // source mac
ETHERTYPE_ARP,// ethernet packet type
NULL, // pointer to payload
0, // payload size
packet // pointer to packet buffer
);
printf("Sending ARP reply packet %s --> %s\n",SOURCE,DEST);
libnet_build_arp(ARPHRD_ETHER, // hardware type
ETHERTYPE_IP, // protocol type
ETHER_ADDR_LEN, // hardware address size
4, // protocol address size
ARPOP_REPLY, // ARP operation
smac, // source mac
(u_char *)&src_ip, // source ip
dmac, // destination mac
(u_char *)&dst_ip, // destination ip
NULL, // pointer to payload
0, // payload size
packet+LIBNET_ETH_H // pointer to packet buffer
);
// Get the packet on the wire
send = libnet_write_link_layer(link,device,packet,LIBNET_ETH_H+LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the network device
libnet_close_link_interface(link);
}
else
{
// Open a raw sock
sock = libnet_open_raw_sock(IPPROTO_RAW);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_IP_H+LIBNET_TCP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
// Build ip header
libnet_build_ip(LIBNET_TCP_H+p_size,// packet length without ip header length
0, // ip type of service
242, // ip id
0, // fragmentation bit
48, // time to live
IPPROTO_TCP, // Transport Control Protokoll
src_ip, // source ip
dst_ip, // destination ip
NULL, // pointer to ip payload
0, // ip options
packet // pointer to packet buffer
);
// Build UDP packet?
if(!strcmp(type,"udp"))
{
libnet_build_udp(ntohs(SPORT), // Source port
ntohs(DPORT), // destination port
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to packet buffer
);
printf("Sending UDP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Build TCP/IP packet per default
else
{
// Build tcp header
libnet_build_tcp(ntohs(SPORT), // source port
ntohs(DPORT), // destination port
1000000000, // acknowledge number
1000000000, // sequence number
TH_ACK, // tcp flags
1024, // window size
0, // urgent pointer
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to the packet buffer
);
printf("Sending TCP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Calculize checksum
libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// Get the packet on the wire
send = libnet_write_ip(sock,packet,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the socket
libnet_close_raw_sock(sock);
}
// free the memory
//libnet_destroy_packet(packet);
free(payload);
free(errbuff);
return 1;
}
int
main(int argc, char *argv[])
{
int packet_size, /* size of our packet */
payload_size, /* size of our packet */
c; /* misc */
u_long src_ip, dst_ip; /* source ip, dest ip */
u_short bport, eport; /* beginning and end ports */
u_short cport; /* current port */
u_char payload[MAX_PAYLOAD_SIZE]; /* packet payload */
u_char *packet; /* pointer to our packet buffer */
char err_buf[LIBNET_ERRBUF_SIZE]; /* error buffer */
u_char *device; /* pointer to the device to use */
struct libnet_link_int *network; /* pointer to link interface struct */
struct libnet_plist_chain plist; /* plist chain */
struct libnet_plist_chain *plist_p; /* plist chain pointer */
printf("libnet example code:\tmodule 4\n\n");
printf("packet injection interface:\tlink layer\n");
printf("packet type:\t\t\tUDP [with payload] using port list chaining\n");
plist_p = NULL;
device = NULL;
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "i:d:s:p:")) != EOF)
{
switch (c)
{
case 'd':
if (!(dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
libnet_error(LIBNET_ERR_FATAL,
"Bad destination IP address: %s\n", optarg);
}
break;
case 'i':
device = optarg;
break;
case 's':
if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
libnet_error(LIBNET_ERR_FATAL,
"Bad source IP address: %s\n", optarg);
}
break;
case 'p':
plist_p = &plist;
if (libnet_plist_chain_new(&plist_p, optarg) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "Could not build port list\n");
}
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !plist_p)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
c = argc - optind;
if (c != 1)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
memset(payload, 0, sizeof(payload));
strncpy(payload, argv[optind], strlen(argv[optind]));
/*
* Step 1: Network Initialization (interchangable with step 2).
*/
if (device == NULL)
{
struct sockaddr_in sin;
/*
* Try to locate a device.
*/
if (libnet_select_device(&sin, &device, err_buf) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", err_buf);
}
printf("device:\t\t\t\t%s\n", device);
}
if ((network = libnet_open_link_interface(device, err_buf)) == NULL)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", err_buf);
}
/*
* Get the payload from the user. Hrm. This might fail on a Sparc
* if byte alignment is off...
*/
payload_size = strlen(payload);
/*
* We're going to build a UDP packet with a payload using the
* link-layer API, so this time we need memory for a ethernet header
* as well as memory for the ICMP and IP headers and our payload.
*/
packet_size = LIBNET_IP_H + LIBNET_ETH_H + LIBNET_UDP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(LIBNET_UDP_H + payload_size,
0, /* IP tos */
242, /* IP ID */
0, /* Frag */
64, /* TTL */
IPPROTO_UDP, /* Transport protocol */
src_ip, /* Source IP */
dst_ip, /* Destination IP */
NULL, /* Pointer to payload (none) */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
{
while (!(bport > eport) && bport != 0)
{
cport = bport++;
/*
* Step 3: Packet construction (UDP header).
*/
libnet_build_udp(242, /* source port */
cport, /* dest. port */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1)
{
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/*
* Step 5: Packet injection.
*/
c = libnet_write_link_layer(network, device, packet, packet_size);
if (c < packet_size)
{
libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
}
else
{
printf("construction and injection completed, wrote all %d bytes, port %d\n", c, cport);
}
}
}
/*
* Shut down the interface.
*/
if (libnet_close_link_interface(network) == -1)
{
libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
}
/*
* Free packet memory.
*/
libnet_destroy_packet(&packet);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
int c;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
struct ether_addr *e;
u_long i;
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
fprintf(stderr, "Specify a device\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
printf("Interface %s\n", device);
e = libnet_get_hwaddr(l, device, errbuf);
if (!e)
{
fprintf(stderr, "Can't get hardware address: %s\n", errbuf);
exit(EXIT_FAILURE);
}
else
{
printf("MAC address: ");
for (c = 0; c < 6; c++)
{
printf("%x", e->ether_addr_octet[c]);
if (c != 5)
{
printf(":");
}
}
printf("\n");
}
i = libnet_get_ipaddr(l, device, errbuf);
if (!i)
{
fprintf(stderr, "Can't get ip address: %s\n", errbuf);
exit(EXIT_FAILURE);
}
else
{
printf("IP address: ");
printf("%s\n", libnet_host_lookup(ntohl(i), 0));
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
int c;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char *cp;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
printf("link layer TCP packet building/writing test\n");
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
while ((c = getopt(argc, argv, "i:d:s:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if (!(dst_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if (!(src_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt || !device)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
if ((l = libnet_open_link_interface(device, errbuf)) == NULL)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
c = send_tcp(l, device, src_ip, src_prt, dst_ip, dst_prt);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int main(int argc, char *argv[]) {
int r;
int i;
int c;
char ebuf[LIBNET_ERRBUF_SIZE];
struct ether_addr broadcast_ea;
struct ether_addr *sea;
struct ether_addr tea;
struct in_addr sip, tip;
uint8_t *arp_probe_packet;
int sock_fd;
struct ifreq ifr;
char *if_name = "eth0";
struct libnet_link_int *lin;
uint32_t tmp[6];
broadcast_ea.ether_addr_octet[0] = 0xFF;
broadcast_ea.ether_addr_octet[1] = 0xFF;
broadcast_ea.ether_addr_octet[2] = 0xFF;
broadcast_ea.ether_addr_octet[3] = 0xFF;
broadcast_ea.ether_addr_octet[4] = 0xFF;
broadcast_ea.ether_addr_octet[5] = 0xFF;
while ((c = getopt(argc, argv, "hi:")) != EOF) {
switch (c) {
case 'h':
usage(0);
case 'i':
if_name = optarg;
break;
default:
print("unknown argument: %s\n", optarg);
usage(1);
}
}
// initialize libnet link-level access to the network interface
lin = libnet_open_link_interface(if_name, ebuf);
if (!lin) die("libnet_open_link_interface(\"%s\"): %s\n", if_name, ebuf);
// get the Ethernet address of this interface
sea = libnet_get_hwaddr(lin, if_name, ebuf);
if (!sea) die("libnet_get_hwaddr(\"%s\"): %s\n", if_name, ebuf);
// get the IP address of this interface
sock_fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sock_fd < 0) die("cannot create socket: %s\n", strerror(errno));
strncpy(ifr.ifr_name, if_name, IFNAMSIZ - 1);
ifr.ifr_name[IFNAMSIZ - 1] = (char)NULL;
ifr.ifr_addr.sa_family = AF_INET;
r = ioctl(sock_fd, SIOCGIFADDR, &ifr);
if (r < 0) die("SIOCSIFADDR error: %s\n", strerror(errno));
sip = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr;
close(sock_fd);
for (i = optind; i < argc; i ++) {
if (strncmp(argv[i], "sip=", 4) == 0) {
r = inet_aton(&argv[i][4], &sip);
if (r == 0) die("invalid sip\n");
} else if (strncmp(argv[i], "sea=", 4) == 0) {
r = sscanf(
argv[i],
"sea=%X:%X:%X:%X:%X:%X",
&tmp[0],
&tmp[1],
&tmp[2],
&tmp[3],
&tmp[4],
&tmp[5]
);
sea->ether_addr_octet[0] = tmp[0];
sea->ether_addr_octet[1] = tmp[1];
sea->ether_addr_octet[2] = tmp[2];
sea->ether_addr_octet[3] = tmp[3];
sea->ether_addr_octet[4] = tmp[4];
sea->ether_addr_octet[5] = tmp[5];
if (r != 6) die("invalid sea\n");
} else if (strncmp(argv[i], "tip=", 4) == 0) {
r = inet_aton(&argv[i][4], &tip);
if (r == 0) die("invalid tip\n");
} else if (strncmp(argv[i], "tea=", 4) == 0) {
r = sscanf(
argv[i],
"tea=%X:%X:%X:%X:%X:%X",
&tmp[0],
&tmp[1],
&tmp[2],
&tmp[3],
&tmp[4],
&tmp[5]
);
tea.ether_addr_octet[0] = tmp[0];
tea.ether_addr_octet[1] = tmp[1];
tea.ether_addr_octet[2] = tmp[2];
tea.ether_addr_octet[3] = tmp[3];
tea.ether_addr_octet[4] = tmp[4];
tea.ether_addr_octet[5] = tmp[5];
if (r != 6) die("invalid tea\n");
} else {
die("unknown arg: %s\n", argv[i]);
}
}
print("interface %s\n", if_name);
print(" sip: %s\n", inet_ntoa(sip));
print(" sea: %02X:%02X:%02X:%02X:%02X:%02X\n",
sea->ether_addr_octet[0],
sea->ether_addr_octet[1],
sea->ether_addr_octet[2],
sea->ether_addr_octet[3],
sea->ether_addr_octet[4],
sea->ether_addr_octet[5]
);
print(" tip: %s\n", inet_ntoa(tip));
print(" tea: %02X:%02X:%02X:%02X:%02X:%02X\n",
tea.ether_addr_octet[0],
tea.ether_addr_octet[1],
tea.ether_addr_octet[2],
tea.ether_addr_octet[3],
tea.ether_addr_octet[4],
tea.ether_addr_octet[5]
);
// allocate memory for the ARP probe packet
r = libnet_init_packet(LIBNET_ETH_H + LIBNET_ARP_H, &arp_probe_packet);
if (r == -1) die("libnet_init_packet(): error\n");
// build the Ethernet header of the ARP probe packet
r = libnet_build_ethernet(
broadcast_ea.ether_addr_octet,
sea->ether_addr_octet,
ETHERTYPE_ARP,
NULL, 0, // payload pointer and size
arp_probe_packet
);
if (r == -1) die("libnet_build_ethernet(): error\n");
// build the ARP header
r = libnet_build_arp(
ARPHRD_ETHER,
ETHERTYPE_IP,
ETH_ALEN,
4,
ARPOP_REQUEST,
sea->ether_addr_octet, (uint8_t *)&sip.s_addr,
tea.ether_addr_octet, (uint8_t *)&tip.s_addr,
NULL, 0, // payload pointer and size
arp_probe_packet + LIBNET_ETH_H
);
if (r == -1) die("libnet_build_arp(): error\n");
r = libnet_write_link_layer(
lin,
if_name,
arp_probe_packet,
LIBNET_ARP_H + LIBNET_ETH_H
);
if (r == -1) die("libnet_write_link_layer(): error\n");
return 0;
}
void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) {
char errbuf[LIBNET_ERRBUF_SIZE]; /* error buffer */
struct libnet_link_int *network; /* pointer to link interface struct */
int packet_size; /* size of our packet */
int ip_size; /* size of our ip */
int udp_size; /* size of our udp */
int tcp_size; /* size of our tcp */
int c;
u_char *packet; /* pointer to our packet buffer */
/*
* Step 1: Network Initialization (interchangable with step 2).
*/
if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) {
libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf);
}
/*
* We're going to build a UDP packet with a payload using the
* link-layer API, so this time we need memory for a ethernet header
* as well as memory for the ICMP and IP headers and our payload.
*/
if (protocol == "udp") {
packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size;
ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size;
udp_size = LIBNET_UDP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(
enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
printf("\n--- Injected packet number %i on %s ---\n", count, dev2);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(
LIBNET_UDP_H + payload_size,
0, /* IP tos */
id, /* IP ID */
0, /* Frag */
ttl, /* TTL */
IPPROTO_UDP, /* Transport protocol */
inet_addr(saddr2), /* Source IP */
inet_addr(daddr2), /* Destination IP */
payload, /* Pointer to payload (none) */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
/*
* Step 3: Packet construction (UDP header).
*/
libnet_build_udp(
sport2, /* source port */
dport2, /* dest. port */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/* print packet info */
if (!hide_header) {
printf("IP header Src Addr: %s", saddr2);
printf(" Dst Addr: %s\n", daddr2);
printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl);
printf("UDP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, udp_size);
}
if (!hide_payload) {
printf("Payload (%d bytes)\n", payload_size);
print_payload(payload, payload_size);
}
}
if (protocol == "tcp") {
packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size;
ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size;
tcp_size = LIBNET_TCP_H + payload_size;
/*
* Step 2: Memory Initialization (interchangable with step 1).
*/
if (libnet_init_packet(packet_size, &packet) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
}
/*
* Step 3: Packet construction (ethernet header).
*/
libnet_build_ethernet(
enet_dst,
enet_src,
ETHERTYPE_IP,
NULL,
0,
packet);
printf("\n--- Injected packet number %i on %s ---\n", count, dev2);
/*
* Step 3: Packet construction (IP header).
*/
libnet_build_ip(
LIBNET_TCP_H + payload_size,
0, /* IP tos */
id, /* IP ID */
0, /* Frag */
ttl, /* TTL */
IPPROTO_TCP, /* Transport protocol */
inet_addr(saddr2), /* Source IP */
inet_addr(daddr2), /* Destination IP */
payload, /* Pointer to payload */
0,
packet + LIBNET_ETH_H); /* Packet header memory */
/*
* Step 3: Packet construction (TCP header).
*/
libnet_build_tcp(
sport2, /* source TCP port */
dport2, /* destination TCP port */
0xa1d95, /* sequence number */
0x53, /* acknowledgement number */
TH_SYN, /* control flags */
1024, /* window size */
0, /* urgent pointer */
NULL, /* payload (none) */
0, /* payload length */
packet + LIBNET_ETH_H + LIBNET_IP_H);
/*
* Step 4: Packet checksums (ICMP header *AND* IP header).
*/
if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
}
/* print packet info */
if (!hide_header) {
printf("IP header Src Addr: %s", saddr2);
printf(" Dst Addr: %s\n", daddr2);
printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl);
printf("TCP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, tcp_size);
}
if (!hide_payload) {
printf("Payload (%d bytes)\n", payload_size);
print_payload(payload, payload_size);
}
}
/*
* Step 5: Packet injection.
*/
c = libnet_write_link_layer(network, dev2, packet, packet_size);
if (c < packet_size) {
libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
}
/*
* Shut down the interface.
*/
if (libnet_close_link_interface(network) == -1) {
libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
}
/*
* Free packet memory.
*/
libnet_destroy_packet(&packet);
printf("\n");
}
int
main(int argc, char *argv[])
{
int c, amount;
char errbuf[256];
char *device = NULL;
struct link_int *l;
u_long ip;
amount = 20;
while ((c = getopt(argc, argv, "n:i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
case 'n':
amount = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
if (argc <= optind)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
else if ((ip = libnet_name_resolve(argv[optind], 1)) == -1)
{
fprintf(stderr, "Cannot resolve IP address\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
while (amount--)
{
c = send_arp(l, ip, device);
if (c == -1)
{
/* bail on the first error */
break;
}
}
printf("\n");
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
int c = -1;
char errbuf[LIBNET_ERRBUF_SIZE];
char* device;
char* ipaddr;
char* macaddr;
char* broadcast;
char* netmask;
u_int32_t ip;
u_char src_mac[6];
LTYPE* l;
int repeatcount = 1;
int j;
long msinterval = 1000;
int flag;
char pidfilenamebuf[64];
char *pidfilename = NULL;
CL_SIGNAL(SIGTERM, byebye);
CL_SIGINTERRUPT(SIGTERM, 1);
cl_log_set_entity(SENDARPNAME);
cl_log_enable_stderr(TRUE);
cl_log_set_facility(LOG_USER);
cl_inherit_logging_environment(0);
while ((flag = getopt(argc, argv, "i:r:p:")) != EOF) {
switch(flag) {
case 'i': msinterval= atol(optarg);
break;
case 'r': repeatcount= atoi(optarg);
break;
case 'p': pidfilename= optarg;
break;
default: fprintf(stderr, "%s\n\n", print_usage);
return 1;
break;
}
}
if (argc-optind != 5) {
fprintf(stderr, "%s\n\n", print_usage);
return 1;
}
/*
* argv[optind+1] DEVICE dc0,eth0:0,hme0:0,
* argv[optind+2] IP 192.168.195.186
* argv[optind+3] MAC ADDR 00a0cc34a878
* argv[optind+4] BROADCAST 192.168.195.186
* argv[optind+5] NETMASK ffffffffffff
*/
device = argv[optind];
ipaddr = argv[optind+1];
macaddr = argv[optind+2];
broadcast = argv[optind+3];
netmask = argv[optind+4];
if (!pidfilename) {
if (snprintf(pidfilenamebuf, sizeof(pidfilenamebuf), "%s%s",
PIDFILE_BASE, ipaddr) >=
(int)sizeof(pidfilenamebuf)) {
cl_log(LOG_INFO, "Pid file truncated");
return EXIT_FAILURE;
}
pidfilename = pidfilenamebuf;
}
if(write_pid_file(pidfilename) < 0) {
return EXIT_FAILURE;
}
#if defined(HAVE_LIBNET_1_0_API)
#ifdef ON_DARWIN
if ((ip = libnet_name_resolve((unsigned char*)ipaddr, 1)) == -1UL) {
#else
if ((ip = libnet_name_resolve(ipaddr, 1)) == -1UL) {
#endif
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
l = libnet_open_link_interface(device, errbuf);
if (!l) {
cl_log(LOG_ERR, "libnet_open_link_interface on %s: %s"
, device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
#elif defined(HAVE_LIBNET_1_1_API)
if ((l=libnet_init(LIBNET_LINK, device, errbuf)) == NULL) {
cl_log(LOG_ERR, "libnet_init failure on %s: %s", device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
if ((signed)(ip = libnet_name2addr4(l, ipaddr, 1)) == -1) {
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
#else
# error "Must have LIBNET API version defined."
#endif
if (!strcasecmp(macaddr, AUTO_MAC_ADDR)) {
if (get_hw_addr(device, src_mac) < 0) {
cl_log(LOG_ERR, "Cannot find mac address for %s",
device);
unlink(pidfilename);
return EXIT_FAILURE;
}
}
else {
convert_macaddr((unsigned char *)macaddr, src_mac);
}
/*
* We need to send both a broadcast ARP request as well as the ARP response we
* were already sending. All the interesting research work for this fix was
* done by Masaki Hasegawa <*****@*****.**> and his colleagues.
*/
for (j=0; j < repeatcount; ++j) {
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char*)broadcast, (unsigned char*)netmask
, ARPOP_REQUEST);
if (c < 0) {
break;
}
mssleep(msinterval / 2);
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char *)broadcast
, (unsigned char *)netmask, ARPOP_REPLY);
if (c < 0) {
break;
}
if (j != repeatcount-1) {
mssleep(msinterval / 2);
}
}
unlink(pidfilename);
return c < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
void
convert_macaddr (u_char *macaddr, u_char enet_src[6])
{
int i, pos;
u_char bits[3];
pos = 0;
for (i = 0; i < 6; i++) {
/* Inserted to allow old-style MAC addresses */
if (*macaddr == ':') {
pos++;
}
bits[0] = macaddr[pos++];
bits[1] = macaddr[pos++];
bits[2] = '\0';
enet_src[i] = strtol((const char *)bits, (char **)NULL, 16);
}
}
/*
* injection_write_ip
*
* Description:
* - Write an IP packet into the wire. It can use either raw sockets
* or the wire
*
* Inputs:
* - ip_packet: the IP packet
*
* Outputs:
* - return: 0 if ok, <0 if there were problems
*
*/
int injection_write_ip (u_char *ip_packet)
{
#if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER)
int i;
u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2));
#endif
#if defined(INJECT_USING_RAW_SOCKETS)
int network;
/* network initialization */
if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
/* packet injection */
} else if ((i = libnet_write_ip (network, ip_packet, packet_size))
< packet_size) {
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
/* shut down the interface */
} else if (libnet_close_raw_sock (network) < 0) {
return WIRE_ERR_PKTD_INJECTION_CLOSE;
}
return WIRE_ERR_NONE;
#elif defined(INJECT_USING_LINK_LAYER)
char buffer[LIBNET_ETH_H+IP_MAXPACKET];
struct in_addr in;
int size = 1024;
struct libnet_link_int *network; /* pointer to link interface struct */
char *interface = NULL; /* pointer to the device to use */
struct sockaddr_in sin;
char errbuf[1024];
struct ether_addr remote_eth, *tmp_eth;
/* network initialization */
if (libnet_select_device(&sin, &interface, errbuf) == -1) {
return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS;
}
if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
/* get local ethernet address */
if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
memcpy (&local_eth, tmp_eth, 6);
debug3 ("injection_write_ip: the local ethernet address is %s\n",
ether_ntoa(&local_eth));
/* get remote ethernet address (the packet is already in network order) */
in.s_addr = *(u_int32_t*)(ip_packet+16);
/* try to get the remote MAC address from the ARP cache */
if (get_mac_address (in, buffer, size) < 0) {
/* MAC address of the IP address not in ARP cache */
/* get the gateway needed to reach the destination */
struct in_addr gw;
if (get_gateway (in, &gw) < 0) {
debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n",
inet_ntoa(in));
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* get the gateway's ethernet address */
if (get_mac_address (gw, buffer, size) < 0) {
debug3 ("injection_write_ip: can't find MAC for %s's ",
inet_ntoa(in));
debug3 ("gateway (%s)\n", inet_ntoa(gw));
/* XXX: This case means typically the destination host is in
* the same network than the source, but the destination MAC
* address is not in the local ARP cache. Getting a local
* MAC address requires implementing ARP, which we won't do
* at this moment
*/
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in));
debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer);
} else {
debug3 ("injection_write_ip: IP address %s corresponds to %s\n",
inet_ntoa(in), buffer);
}
if ((tmp_eth = ether_aton (buffer)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
memcpy (&remote_eth, tmp_eth, 6);
/* build ethernet header and use IP packet as payload */
#if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\
defined(__FreeBSD__))
libnet_build_ethernet(&(remote_eth.octet[0]),
&(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#else
libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]),
&(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#endif
memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size);
packet_size += LIBNET_ETH_H;
/* inject the packet */
if ((i = libnet_write_link_layer (network, interface, buffer,
packet_size)) < packet_size) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* shut down the interface */
(void)libnet_close_link_interface(network);
return WIRE_ERR_NONE;
#else /* INJECT_USING_LINK_LAYER */
return(0);
#endif /* INJECT_USING_LINK_LAYER */
}
int main(int argc, char **argv) {
bpf_u_int32 mask, mask2; /* subnet mask */
bpf_u_int32 net, net2; /* ip */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *handle; /* packet capture handle */
char filter_exp[] = "ip"; /* filter expression */
struct bpf_program fp; /* compiled filter program (expression) */
int c,num_packets = -1; /* number of packets to capture */
struct libnet_link_int *l;
u_long i;
/* check command-line options */
while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) {
switch (c) {
case 'i':
dev = optarg;
dev2 = dev;
break;
case 'I':
dev2 = optarg;
break;
case 'd':
daddr2 = optarg;
break;
case 'n':
num_packets = atoi(optarg);
break;
case 'f':
strcpy(filter_exp, optarg);
break;
case 'h':
hide_header = 1;
break;
case 'p':
hide_payload = 1;
break;
case 'c':
capture_only = 1;
break;
default:
print_app_usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (dev == NULL) {
print_app_usage(argv[0]);
exit(EXIT_FAILURE);
}
/* get source ip address associated with forward device */
l = libnet_open_link_interface(dev2, errbuf);
if (!l) {
printf("libnet_open_link_interface: %s\n", errbuf);
goto failure;
}
i = libnet_get_ipaddr(l, dev2, errbuf);
if (!i) {
printf("Can't get ip address: %s\n", errbuf);
goto failure;
}
saddr2 = (char *)libnet_host_lookup(ntohl(i), 0);
/* get network number and mask associated with capture device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
printf(" Error: couldn't get netmask for interface %s\n\n", errbuf);
goto failure;
}
/* print capture info */
printf("\n Capture from: %s\n", dev);
printf(" Forward to: %s\n", dev2);
printf(" Src Address: %s\n", saddr2);
if (daddr2) printf(" Dst Address: %s\n", daddr2);
else printf(" Dst Address: Not changed\n");
if(num_packets > 0) printf("Packets to capture: %d\n", num_packets);
printf("Packet Filter: %s\n", filter_exp);
printf("\n");
/* open capture device */
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
if (handle == NULL) {
printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf);
goto failure;
}
/* make sure we're capturing on an Ethernet device */
if (pcap_datalink(handle) != DLT_EN10MB) {
printf("\n Error: %s is not on ethernet\n\n", dev);
goto failure;
}
/* compile the filter expression */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle));
goto failure;
}
/* apply the compiled filter */
if (pcap_setfilter(handle, &fp) == -1) {
printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle));
goto failure;
}
/* now we can set our callback function */
pcap_loop(handle, num_packets, got_packet, NULL);
/* cleanup */
pcap_freecode(&fp);
pcap_close(handle);
printf("\nCapture and forward complete.\n\n");
exit(EXIT_SUCCESS);
failure:
exit(EXIT_FAILURE);
}
