/* * my_libnet_init */ my_libnet_t *my_libnet_init(char *pcapdev, char *errbuf) { #ifdef HAVE_LIBNET_1_0 return libnet_open_link_interface(pcapdev, errbuf); #else # ifdef HAVE_LIBNET_1_1 return libnet_init(LIBNET_LINK_ADV, pcapdev, errbuf); # endif #endif }
int main(int argc, char *argv[]) { int c; u_long src_ip, dst_ip; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; printf("link layer ICMP packet building/writing test\n"); src_ip = 0; dst_ip = 0; while ((c = getopt(argc, argv, "i:d:s:")) != EOF) { switch (c) { case 'd': if (!(dst_ip = libnet_name_resolve(optarg, 1))) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(1); } break; case 'i': device = optarg; break; case 's': if (!(src_ip = libnet_name_resolve(optarg, 1))) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(1); } break; default: exit(EXIT_FAILURE); } } if (!src_ip || !dst_ip || !device) { usage(argv[0]); exit(EXIT_FAILURE); } if ((l = libnet_open_link_interface(device, errbuf)) == NULL) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } c = send_icmp(l, device, src_ip, dst_ip); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
int init(void) { /* Ethernet header */ etherhdr.ether_type = ETHERTYPE_IP; /* Ethernet type IP */ memset(etherhdr.ether_shost, 0, 6); /* Ethernet source address */ memset(etherhdr.ether_dhost, 0xff, 6); /* Ethernet destination address */ /* IP header */ memset(&iphdr.ip_src.s_addr, 0, 4); /* IP source address 0.0.0.0 * (pretend to be proxy to * avoid being elected as master) */ inet_aton(MCAST_ALL_HOSTS, &iphdr.ip_dst); /* IP destination address */ iphdr.ip_tos = 0; /* IP type of services */ iphdr.ip_id = (u_int16_t)libnet_get_prand(PRu16); /* IP ID */ iphdr.ip_p = IPPROTO_IGMP; /* IP protocol IGMP */ iphdr.ip_off = 0; /* IP fragmentation offset */ iphdr.ip_ttl = 1; /* IP TTL - set to 1 purposely */ /* IGMP header */ igmphdr.igmp_type = IGMP_MEMBERSHIP_QUERY; /* IGMP type */ igmphdr.igmp_code = 0; /* IGMP code */ inet_aton(MCAST_MDNS, &igmphdr.igmp_group); /* IGMP group address */ /* Create packet */ linkint = libnet_open_link_interface(LINK_INTERFACE, errbuf); if (linkint == NULL) { return -1; } igmp_packetlen = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_IGMP_H; if (libnet_init_packet(igmp_packetlen, &pkt) == -1) { return -1; } libnet_build_ethernet(etherhdr.ether_dhost, etherhdr.ether_shost, ETHERTYPE_IP, NULL, 0, pkt); libnet_build_ip(LIBNET_IGMP_H, iphdr.ip_tos, iphdr.ip_id, iphdr.ip_off, iphdr.ip_ttl, iphdr.ip_p, iphdr.ip_src.s_addr, iphdr.ip_dst.s_addr, NULL, 0, pkt + LIBNET_ETH_H); libnet_build_igmp(igmphdr.igmp_type, igmphdr.igmp_code, igmphdr.igmp_group.s_addr, NULL, 0, pkt + LIBNET_ETH_H + LIBNET_IP_H); libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H); libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IGMP, LIBNET_IGMP_H); }
int get_hw_addr(char *device, u_char mac[6]) { struct ether_addr *mac_address; struct libnet_link_int *network; char err_buf[LIBNET_ERRBUF_SIZE]; network = libnet_open_link_interface(device, err_buf); if (!network) { fprintf(stderr, "libnet_open_link_interface: %s\n", err_buf); return -1; } mac_address = libnet_get_hwaddr(network, device, err_buf); if (!mac_address) { fprintf(stderr, "libnet_get_hwaddr: %s\n", err_buf); return -1; } memcpy(mac, mac_address->ether_addr_octet, 6); return 0; }
int main(int argc, char *argv[]) { int c; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; while ((c = getopt(argc, argv, "i:")) != EOF) { switch (c) { case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } if (!device) { fprintf(stderr, "Specify a device\n"); exit(EXIT_FAILURE); } l = libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } c = send_arp(l, device); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
int main(int argc, char **argv) { struct libnet_link_int *intf; int nconnect; struct timeval tv; unsigned char spa[4], tpa[4]; unsigned char sha[ETH_ALEN], tha[ETH_ALEN]; unsigned long tmpip; gettimeofday(&tv, NULL); srand(tv.tv_sec ^ tv.tv_usec ^ (getpid()<<15)); if(argc < 3) { printf("usage: %s <spa> <sha> <tpa> <tha>\n", argv[0]); exit(1); } if((intf = libnet_open_link_interface(INTERFACE, NULL)) == NULL) { perror("open intf"); exit(1); } tmpip = libnet_name_resolve(argv[1], 0); memcpy(spa, &tmpip, 4); tmpip = libnet_name_resolve(argv[3], 0); memcpy(tpa, &tmpip, 4); memcpy(sha, hex2eth(argv[2]), ETH_ALEN); memcpy(tha, hex2eth(argv[4]), ETH_ALEN); arp_spoof_reply(intf, spa, sha, tpa, tha); }
int main(int argc, char **argv) { struct link_int *intf; int nconnect; char *dev = DEFAULT_DEV; struct timeval tv; struct eth_pair src, dst; gettimeofday(&tv, NULL); srand(tv.tv_sec ^ tv.tv_usec ^ (getpid()<<15)); if(argc < 6) { printf("usage: %s <IP broadcast> <IP netmask> <gw ip> <gw hw> <nconnects>\n", argv[0]); exit(1); } nconnect = atoi(argv[3]); if((intf = libnet_open_link_interface(dev, NULL)) == NULL) { perror("open intf"); exit(1); } netmask = libnet_name_resolve(argv[2], 0); broadcast = libnet_name_resolve(argv[1], 0); //fill_port_table(intf, dev, broadcast, netmask, nconnect); src.ip = rand(); memcpy(src.eth, &src.ip, 4); src.ip = libnet_name_resolve("130.126.44.109", 0); memcpy(dst.eth, hex2eth(argv[4]), ETH_ALEN); dst.ip = libnet_name_resolve(argv[3], 0); write_icmpether(intf, dev, &dst, &src); }
int buildether(ETHERhdr *eth, FileData *pd, char *device) { int n; u_int32_t eth_packetlen; static u_int8_t *pkt; char *ethertype; struct libnet_link_int *l2 = NULL; /* sanity checks */ if (pd->file_mem == NULL) pd->file_s = 0; eth_packetlen = LIBNET_ETH_H + pd->file_s; if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL) { nemesis_device_failure(INJECTION_LINK, (const char *)device); return -1; } if (libnet_init_packet(eth_packetlen, &pkt) == -1) { fprintf(stderr, "ERROR: Unable to allocate packet memory.\n"); exit(1); } libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, eth->ether_type, pd->file_mem, pd->file_s, pkt); n = libnet_write_link_layer(l2, device, pkt, eth_packetlen); #ifdef DEBUG printf("DEBUG: eth_packetlen is %u.\n", eth_packetlen); #endif if (verbose == 2) nemesis_hexdump(pkt, eth_packetlen, HEX_ASCII_DECODE); if (verbose == 3) nemesis_hexdump(pkt, eth_packetlen, HEX_RAW_DECODE); switch(eth->ether_type) { case ETHERTYPE_PUP: ethertype = "PUP"; break; case ETHERTYPE_IP: ethertype = "IP"; break; case ETHERTYPE_ARP: ethertype = "ARP"; break; case ETHERTYPE_REVARP: ethertype = "REVARP"; break; case ETHERTYPE_8021Q: ethertype = "802.1q"; break; case ETHERTYPE_IPV6: ethertype = "IPV6"; break; case ETHERTYPE_PPPOEDISC: ethertype = "PPOEDISC"; break; case ETHERTYPE_PPPOE: ethertype = "PPOE"; break; default: ethertype = NULL; break; } if (verbose) { if (ethertype != NULL) printf("Wrote %d byte Ethernet type %s packet through linktype " "%s.\n", n, ethertype, nemesis_lookup_linktype(l2->linktype)); else printf("Wrote %d byte Ethernet type %hu packet through linktype " "%s.\n", n, eth->ether_type, nemesis_lookup_linktype(l2->linktype)); } libnet_destroy_packet(&pkt); if (l2 != NULL) libnet_close_link_interface(l2); return (n); }
static void RejectLayer2(ipq_packet_msg_t *m) { IPHdr *iph; TCPHdr *tcph; ICMPHdr *icmph; EtherHdr *eh; int proto; int size = 0; int payload_len = 0; /* pointer to the device to use: according to the libnet manpage * this should be u_char, but I get a compiler warning then. * Making it a char fixes that. VJ. */ char *device = NULL; /* to get the mac address of the interface when in layer2 mode */ struct ether_addr *link_addr; u_char enet_dst[6]; /* mac addr for creating the ethernet packet. */ u_char enet_src[6]; /* mac addr for creating the ethernet packet. */ struct libnet_link_int *network = NULL; /* pointer to link interface struct */ int i = 0; iph = (IPHdr *)(l_tcp + ETH_H); proto = tmpP->iph->ip_proto; iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; /* set the interface. For Nat/Ip-mode the device we use to send a reset to the offender * is the device on which the packet entered. For bridge-mode indev and outdev are always * equal, so we use indev as well. There is one rare exception to this... if on the Snort_ * inline box a client is run that causes a reset, indev is not set but outdev. */ if(m->indev_name[0] != '\0') device = m->indev_name; else device = m->outdev_name; /* Let's initialize Libnet */ if((network = libnet_open_link_interface(device, errbuf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface for device %s failed: %s\n", device, errbuf); return; } /* lets get the mac addr of the interface */ if(!(link_addr = libnet_get_hwaddr(network, device, errbuf))) { libnet_error(LIBNET_ERR_FATAL, "libnet_get_hwaddr failed: %s\n", errbuf); return; } /* copy the mac: the src is set the the interface mac * but only if the mac wasn't supplied in the configfile */ if(pv.enet_src[0] == 0 && pv.enet_src[1] == 0 && pv.enet_src[2] == 0 && pv.enet_src[3] == 0 && pv.enet_src[4] == 0 && pv.enet_src[5] == 0) { /* either user set mac as 00:00:00:00:00:00 or it is blank */ for(i = 0; i < 6; i++) enet_src[i] = link_addr->ether_addr_octet[i]; } else { for(i = 0; i < 6; i++) enet_src[i] = pv.enet_src[i]; } /* copy the mac: the old src now becomes dst */ for(i = 0; i < 6; i++) enet_dst[i] = m->hw_addr[i]; //printf("reset src mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0],enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]); //printf("reset dst mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0],enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]); switch(proto) { case IPPROTO_TCP: if (!tmpP->frag_flag) { size = ETH_H + IP_H + TCP_H; eh = (EtherHdr *)l_tcp; iph = (IPHdr *)(l_tcp + ETH_H); tcph = (TCPHdr *)(l_tcp + ETH_H + IP_H); iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; tcph->th_sport = tmpP->tcph->th_dport; tcph->th_dport = tmpP->tcph->th_sport; tcph->th_seq = tmpP->tcph->th_ack; tcph->th_ack = htonl(ntohl(tmpP->tcph->th_seq) + 1); //printf("Send TCP Rst in Bridge-mode.\n"); /* calculate the checksums */ if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_TCP, TCP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_do_checksum failed for TCP_H"); return; } if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_IP, IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_do_checksum failed for IP_H"); return; } /* build the ethernet packet */ if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_tcp) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_build_ethernet"); return; } /* finally write it to the link */ if(libnet_write_link_layer(network, device, l_tcp, size) < size) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_write_link_layer"); return; } } /* end if !tmpP->frag_flag */ break; case IPPROTO_UDP: if (!tmpP->frag_flag) { eh = (EtherHdr *)l_icmp; iph = (IPHdr *)(l_icmp + ETH_H); icmph = (ICMPHdr *) (l_icmp + ETH_H + IP_H); iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; if ((payload_len = ntohs(tmpP->iph->ip_len) - (IP_HLEN(tmpP->iph) << 2)) > 8) { payload_len = 8; } memcpy((char *)icmph + ICMP_UNREACH_H, tmpP->iph, (IP_HLEN(tmpP->iph) << 2) + payload_len); size = ETH_H + IP_H + ICMP_UNREACH_H + (IP_HLEN(tmpP->iph) << 2) + payload_len; iph->ip_len = htons(size); /* calculate the checksums */ if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_ICMP, size - IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_do_checksum failed for IPPROTO_ICMP"); return; } if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_IP, IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_do_checksum failed for IPPROTO_IP"); return; } /* build the ethernet packet */ if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_icmp) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_build_ethernet"); return; } /* finally write it to the link */ //printf("Send ICMP Rst in Bridge-mode.\n"); if(libnet_write_link_layer(network, device, l_icmp, size) < size) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_write_link_layer"); return; } } break; } /* end switch(proto) */ /* clean up file-descriptors for the next time we call RejectLayer2 */ if((libnet_close_link_interface(network)) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "libnet_close_link_interface error\n"); } }
int main(int argc, char *argv[]) { int i, c; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; struct ether_addr e; u_long ip; while ((c = getopt(argc, argv, "i:")) != EOF) { switch (c) { case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } if (!device) { fprintf(stderr, "Specify a device\n"); exit(EXIT_FAILURE); } if (argc > optind) { if ((ip = libnet_name_resolve(argv[optind], 1)) == -1) { fprintf(stderr, "Cannot resolve IP address\n"); exit(EXIT_FAILURE); } } else { fprintf(stderr, "IP address to ARP for?\n"); exit(EXIT_FAILURE); } l = libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } c = libnet_do_arp(l, device, &e, ip); if (c != -1) { for (i = 0; i < 6; i++) { printf("%x", e.ether_addr_octet[i]); if (i != 5) { printf(":"); } } printf("\n"); } return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
/* initialize an interface * Basically, do everything which must be done as root, so * the program can drop root uid later. * It puts the device in promiscuous mode if signaled and * returns an sndet_device struct, which is later used in almost any * test * - Initializes the sndet_device structure, wich must be freed later * by the application; * - Error message is returned in errbuf[]; */ struct sndet_device * sndet_init_device(char *device, int promisc, char *errbuf) { struct sndet_device *sndet_dev; char *temp; // error buffer for external calls (libnet + libpcap) char ext_errbuf[LIBNET_ERRBUF_SIZE | PCAP_ERRBUF_SIZE]; sndet_dev = malloc(sizeof(struct sndet_device)); // find the device to open // use a default (from libpcap) if the user didn't supply one if (device == NULL) { temp = pcap_lookupdev(ext_errbuf); if (temp == NULL) { snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Could not find a link interface!\n%s", ext_errbuf); SNDET_FREE(sndet_dev); return NULL; } sndet_dev->device = strndup(temp, MAX_DEVICE_NAME_LEN); } else sndet_dev->device = strndup(device, MAX_DEVICE_NAME_LEN); // open interface sndet_dev->pktdesc = pcap_open_live(device, MAX_CAPTURE_BYTES, promisc, CAPTURE_READ_TMOUT, ext_errbuf); if (!sndet_dev->pktdesc) { snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Could not open link interface!\n%s", ext_errbuf); SNDET_FREE(sndet_dev->device); SNDET_FREE(sndet_dev); return NULL; } if (pcap_lookupnet(sndet_dev->device, &(sndet_dev->network), &(sndet_dev->netmask), ext_errbuf) == -1) { snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Could not determine netmask/network of interface %s!\n%s", sndet_dev->device, ext_errbuf); SNDET_FREE(sndet_dev->device); SNDET_FREE(sndet_dev); return NULL; } // see net/bpf.h // is the datalink supported? (is that an ethernet device?) sndet_dev->datalink = pcap_datalink(sndet_dev->pktdesc); switch (sndet_dev->datalink) { case DLT_EN10MB: sndet_dev->pkt_offset = 14; break; default: snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Device %s is not supported! (not an ethernet device?)\n", sndet_dev->device); SNDET_FREE(sndet_dev->device); SNDET_FREE(sndet_dev); return NULL; } // initialize libnet interface sndet_dev->ln_int = libnet_open_link_interface(device, ext_errbuf); if (!sndet_dev->ln_int) { snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Could not open link interface!\n%s", ext_errbuf); SNDET_FREE(sndet_dev->device); SNDET_FREE(sndet_dev); return NULL; } // open a raw socket sndet_dev->rawsock = libnet_open_raw_sock(IPPROTO_RAW); if (sndet_dev->rawsock == -1) { snprintf(errbuf, LIBSNIFFDET_ERR_BUF_LEN, "Error opening raw socket\n"); SNDET_FREE(sndet_dev->device); SNDET_FREE(sndet_dev); return NULL; } return sndet_dev; }
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd, FileData *ipod, char *device) { int n; u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0; static u_int8_t *pkt; static int sockfd = -1; struct libnet_link_int *l2 = NULL; u_int8_t link_offset = 0; #if !defined(WIN32) int sockbuff = IP_MAXPACKET; #endif if (pd->file_mem == NULL) pd->file_s = 0; if (ipod->file_mem == NULL) ipod->file_s = 0; if (got_link) /* data link layer transport */ { if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL) { nemesis_device_failure(INJECTION_LINK, (const char *)device); return -1; } link_offset = LIBNET_ETH_H; } else { if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0) { nemesis_device_failure(INJECTION_RAW, (const char *)NULL); return -1; } #if !defined(WIN32) if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff, sizeof(sockbuff))) < 0) { fprintf(stderr, "ERROR: setsockopt() failed.\n"); return -1; } #endif } udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s + ipod->file_s; udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H); #ifdef DEBUG printf("DEBUG: UDP packet length %u.\n", udp_packetlen); printf("DEBUG: IP options size %u.\n", ipod->file_s); printf("DEBUG: UDP payload size %u.\n", pd->file_s); #endif if (libnet_init_packet(udp_packetlen, &pkt) == -1) { fprintf(stderr, "ERROR: Unable to allocate packet memory.\n"); return -1; } if (got_link) libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP, NULL, 0, pkt); libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off, ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr, NULL, 0, pkt + link_offset); libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem, pd->file_s, pkt + link_offset + LIBNET_IP_H); if (got_ipoptions) { if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem, ipod->file_s, pkt + link_offset)) == -1) { fprintf(stderr, "ERROR: Unable to add IP options, discarding " "them.\n"); } } if (got_link) libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H + ipod->file_s); libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H + pd->file_s + ipod->file_s); if (got_link) n = libnet_write_link_layer(l2, device, pkt, udp_packetlen); else n = libnet_write_ip(sockfd, pkt, udp_packetlen); if (verbose == 2) nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE); if (verbose == 3) nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE); if (n != udp_packetlen) { fprintf(stderr, "ERROR: Incomplete packet injection. Only wrote " "%d bytes.\n", n); } else { if (verbose) { if (got_link) printf("Wrote %d byte UDP packet through linktype %s.\n", n, nemesis_lookup_linktype(l2->linktype)); else printf("Wrote %d byte UDP packet.\n", n); } } libnet_destroy_packet(&pkt); if (got_link) libnet_close_link_interface(l2); else libnet_close_raw_sock(sockfd); return n; }
int main(int argc, char *argv[]) { extern char *optarg; extern int optind; int c, i; struct libnet_link_int *llif; char ebuf[PCAP_ERRBUF_SIZE]; u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN]; in_addr_t src, dst; u_short sport, dport; u_int32_t seq; u_char pkt[ETH_H + IP_H + TCP_H]; while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) { switch (c) { case 'v': break; case 's': Src = libnet_name_resolve(optarg, 0); break; case 'd': Dst = libnet_name_resolve(optarg, 0); break; case 'e': Tha = (u_char *)ether_aton(optarg); break; case 'x': Sport = atoi(optarg); break; case 'y': Dport = atoi(optarg); break; case 'i': Intf = optarg; break; case 'n': Repeat = atoi(optarg); break; default: usage(); } } argc -= optind; argv += optind; if (argc != 0) usage(); if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL) errx(1, "%s", ebuf); if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0) errx(1, "%s", ebuf); libnet_seed_prand(); for (i = 0; i != Repeat; i++) { gen_mac(sha); if (Tha == NULL) gen_mac(tha); else memcpy(tha, Tha, sizeof(tha)); if (Src != 0) src = Src; else src = libnet_get_prand(PRu32); if (Dst != 0) dst = Dst; else dst = libnet_get_prand(PRu32); if (Sport != 0) sport = Sport; else sport = libnet_get_prand(PRu16); if (Dport != 0) dport = Dport; else dport = libnet_get_prand(PRu16); seq = libnet_get_prand(PRu32); libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt); libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64, IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H); libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512, 0, NULL, 0, pkt + ETH_H + IP_H); libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H); libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H); if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0) errx(1, "write"); fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n", ether_ntoa((struct ether_addr *)tha), libnet_host_lookup(Src, 0), sport, libnet_host_lookup(Dst, 0), dport, seq, seq); } exit(0); }
int main(int argc, char *argv[]) { // packet type (arp/udp/tcp) char type[5]; // network device char *device = "eth0\0"; struct libnet_link_int *link; // Raw socket int sock; // error buffer char errbuff[LIBNET_ERRBUF_SIZE]; // src and dst mac u_char dmac[6],smac[6]; // src and dst ip unsigned int src_ip, dst_ip; // packet buffer unsigned char *packet; // packet payload char *payload; // payload size int p_size; // bytes send over the wire int send; // check parameter if(argc == 1) { printf("Usage: %s <arp/udp/tcp>\n",argv[0]); exit(0); } else { strcpy(type,argv[1]); } // Allocate memory for the payload payload = malloc(50); // Packets payload strcpy(payload,"TEST LIBNET\0"); packet = NULL; // payload size p_size = strlen(payload); // mac address strcpy(smac,SMAC); strcpy(dmac,DMAC); // ip address in network byte order src_ip = inet_addr(SOURCE); dst_ip = inet_addr(DEST); // Lookup ip addresses src_ip = libnet_name_resolve(libnet_host_lookup(src_ip,0),0); dst_ip = libnet_name_resolve(libnet_host_lookup(dst_ip,0),0); // Build an ARP packet? if(!strcmp(type,"arp")) { // open the network device link = libnet_open_link_interface(device,errbuff); // Failed? if(link == NULL) { printf("Error while opening device %s!\n%s\n",device,errbuff); exit(1); } printf("Using device %s\n",device); // Allocate memory for the packet if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H+p_size,&packet) == -1) { printf("libnet_init_packet error!\n%s\n", strerror(errno)); exit(1); } if(packet == NULL) { printf("libnet_init_packet error!\n"); exit(1); } // Build ethernet header libnet_build_ethernet(dmac, // destination mac smac, // source mac ETHERTYPE_ARP,// ethernet packet type NULL, // pointer to payload 0, // payload size packet // pointer to packet buffer ); printf("Sending ARP reply packet %s --> %s\n",SOURCE,DEST); libnet_build_arp(ARPHRD_ETHER, // hardware type ETHERTYPE_IP, // protocol type ETHER_ADDR_LEN, // hardware address size 4, // protocol address size ARPOP_REPLY, // ARP operation smac, // source mac (u_char *)&src_ip, // source ip dmac, // destination mac (u_char *)&dst_ip, // destination ip NULL, // pointer to payload 0, // payload size packet+LIBNET_ETH_H // pointer to packet buffer ); // Get the packet on the wire send = libnet_write_link_layer(link,device,packet,LIBNET_ETH_H+LIBNET_IP_H+LIBNET_TCP_H+p_size); // was the complete packet send over the wire? if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size) { printf("error while writing packet into the socket...\n"); } // close the network device libnet_close_link_interface(link); } else { // Open a raw sock sock = libnet_open_raw_sock(IPPROTO_RAW); // Allocate memory for the packet if(libnet_init_packet(LIBNET_IP_H+LIBNET_TCP_H+p_size,&packet) == -1) { printf("libnet_init_packet error!\n%s\n", strerror(errno)); exit(1); } // Build ip header libnet_build_ip(LIBNET_TCP_H+p_size,// packet length without ip header length 0, // ip type of service 242, // ip id 0, // fragmentation bit 48, // time to live IPPROTO_TCP, // Transport Control Protokoll src_ip, // source ip dst_ip, // destination ip NULL, // pointer to ip payload 0, // ip options packet // pointer to packet buffer ); // Build UDP packet? if(!strcmp(type,"udp")) { libnet_build_udp(ntohs(SPORT), // Source port ntohs(DPORT), // destination port payload, // pointer to packet payload p_size, // payload size packet+LIBNET_IP_H // pointer to packet buffer ); printf("Sending UDP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT); } // Build TCP/IP packet per default else { // Build tcp header libnet_build_tcp(ntohs(SPORT), // source port ntohs(DPORT), // destination port 1000000000, // acknowledge number 1000000000, // sequence number TH_ACK, // tcp flags 1024, // window size 0, // urgent pointer payload, // pointer to packet payload p_size, // payload size packet+LIBNET_IP_H // pointer to the packet buffer ); printf("Sending TCP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT); } // Calculize checksum libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_IP_H+LIBNET_TCP_H+p_size); // Get the packet on the wire send = libnet_write_ip(sock,packet,LIBNET_IP_H+LIBNET_TCP_H+p_size); // was the complete packet send over the wire? if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size) { printf("error while writing packet into the socket...\n"); } // close the socket libnet_close_raw_sock(sock); } // free the memory //libnet_destroy_packet(packet); free(payload); free(errbuff); return 1; }
int main(int argc, char *argv[]) { int packet_size, /* size of our packet */ payload_size, /* size of our packet */ c; /* misc */ u_long src_ip, dst_ip; /* source ip, dest ip */ u_short bport, eport; /* beginning and end ports */ u_short cport; /* current port */ u_char payload[MAX_PAYLOAD_SIZE]; /* packet payload */ u_char *packet; /* pointer to our packet buffer */ char err_buf[LIBNET_ERRBUF_SIZE]; /* error buffer */ u_char *device; /* pointer to the device to use */ struct libnet_link_int *network; /* pointer to link interface struct */ struct libnet_plist_chain plist; /* plist chain */ struct libnet_plist_chain *plist_p; /* plist chain pointer */ printf("libnet example code:\tmodule 4\n\n"); printf("packet injection interface:\tlink layer\n"); printf("packet type:\t\t\tUDP [with payload] using port list chaining\n"); plist_p = NULL; device = NULL; src_ip = 0; dst_ip = 0; while ((c = getopt(argc, argv, "i:d:s:p:")) != EOF) { switch (c) { case 'd': if (!(dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE))) { libnet_error(LIBNET_ERR_FATAL, "Bad destination IP address: %s\n", optarg); } break; case 'i': device = optarg; break; case 's': if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE))) { libnet_error(LIBNET_ERR_FATAL, "Bad source IP address: %s\n", optarg); } break; case 'p': plist_p = &plist; if (libnet_plist_chain_new(&plist_p, optarg) == -1) { libnet_error(LIBNET_ERR_FATAL, "Could not build port list\n"); } break; default: usage(argv[0]); exit(EXIT_FAILURE); } } if (!src_ip || !dst_ip || !plist_p) { usage(argv[0]); exit(EXIT_FAILURE); } c = argc - optind; if (c != 1) { usage(argv[0]); exit(EXIT_FAILURE); } memset(payload, 0, sizeof(payload)); strncpy(payload, argv[optind], strlen(argv[optind])); /* * Step 1: Network Initialization (interchangable with step 2). */ if (device == NULL) { struct sockaddr_in sin; /* * Try to locate a device. */ if (libnet_select_device(&sin, &device, err_buf) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", err_buf); } printf("device:\t\t\t\t%s\n", device); } if ((network = libnet_open_link_interface(device, err_buf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", err_buf); } /* * Get the payload from the user. Hrm. This might fail on a Sparc * if byte alignment is off... */ payload_size = strlen(payload); /* * We're going to build a UDP packet with a payload using the * link-layer API, so this time we need memory for a ethernet header * as well as memory for the ICMP and IP headers and our payload. */ packet_size = LIBNET_IP_H + LIBNET_ETH_H + LIBNET_UDP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); /* * Step 3: Packet construction (IP header). */ libnet_build_ip(LIBNET_UDP_H + payload_size, 0, /* IP tos */ 242, /* IP ID */ 0, /* Frag */ 64, /* TTL */ IPPROTO_UDP, /* Transport protocol */ src_ip, /* Source IP */ dst_ip, /* Destination IP */ NULL, /* Pointer to payload (none) */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ while (libnet_plist_chain_next_pair(plist_p, &bport, &eport)) { while (!(bport > eport) && bport != 0) { cport = bport++; /* * Step 3: Packet construction (UDP header). */ libnet_build_udp(242, /* source port */ cport, /* dest. port */ payload, /* payload */ payload_size, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* * Step 5: Packet injection. */ c = libnet_write_link_layer(network, device, packet, packet_size); if (c < packet_size) { libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c); } else { printf("construction and injection completed, wrote all %d bytes, port %d\n", c, cport); } } } /* * Shut down the interface. */ if (libnet_close_link_interface(network) == -1) { libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface"); } /* * Free packet memory. */ libnet_destroy_packet(&packet); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int c; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; struct ether_addr *e; u_long i; while ((c = getopt(argc, argv, "i:")) != EOF) { switch (c) { case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } if (!device) { fprintf(stderr, "Specify a device\n"); exit(EXIT_FAILURE); } l = libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } printf("Interface %s\n", device); e = libnet_get_hwaddr(l, device, errbuf); if (!e) { fprintf(stderr, "Can't get hardware address: %s\n", errbuf); exit(EXIT_FAILURE); } else { printf("MAC address: "); for (c = 0; c < 6; c++) { printf("%x", e->ether_addr_octet[c]); if (c != 5) { printf(":"); } } printf("\n"); } i = libnet_get_ipaddr(l, device, errbuf); if (!i) { fprintf(stderr, "Can't get ip address: %s\n", errbuf); exit(EXIT_FAILURE); } else { printf("IP address: "); printf("%s\n", libnet_host_lookup(ntohl(i), 0)); } exit(EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int c; u_long src_ip, dst_ip; u_short src_prt, dst_prt; u_char *cp; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; printf("link layer TCP packet building/writing test\n"); src_ip = 0; dst_ip = 0; src_prt = 0; dst_prt = 0; while ((c = getopt(argc, argv, "i:d:s:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; dst_prt = (u_short)atoi(cp); if (!(dst_ip = libnet_name_resolve(optarg, 1))) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(1); } break; case 's': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; src_prt = (u_short)atoi(cp); if (!(src_ip = libnet_name_resolve(optarg, 1))) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(1); } break; case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } if (!src_ip || !src_prt || !dst_ip || !dst_prt || !device) { usage(argv[0]); exit(EXIT_FAILURE); } if ((l = libnet_open_link_interface(device, errbuf)) == NULL) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } c = send_tcp(l, device, src_ip, src_prt, dst_ip, dst_prt); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int r; int i; int c; char ebuf[LIBNET_ERRBUF_SIZE]; struct ether_addr broadcast_ea; struct ether_addr *sea; struct ether_addr tea; struct in_addr sip, tip; uint8_t *arp_probe_packet; int sock_fd; struct ifreq ifr; char *if_name = "eth0"; struct libnet_link_int *lin; uint32_t tmp[6]; broadcast_ea.ether_addr_octet[0] = 0xFF; broadcast_ea.ether_addr_octet[1] = 0xFF; broadcast_ea.ether_addr_octet[2] = 0xFF; broadcast_ea.ether_addr_octet[3] = 0xFF; broadcast_ea.ether_addr_octet[4] = 0xFF; broadcast_ea.ether_addr_octet[5] = 0xFF; while ((c = getopt(argc, argv, "hi:")) != EOF) { switch (c) { case 'h': usage(0); case 'i': if_name = optarg; break; default: print("unknown argument: %s\n", optarg); usage(1); } } // initialize libnet link-level access to the network interface lin = libnet_open_link_interface(if_name, ebuf); if (!lin) die("libnet_open_link_interface(\"%s\"): %s\n", if_name, ebuf); // get the Ethernet address of this interface sea = libnet_get_hwaddr(lin, if_name, ebuf); if (!sea) die("libnet_get_hwaddr(\"%s\"): %s\n", if_name, ebuf); // get the IP address of this interface sock_fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); if (sock_fd < 0) die("cannot create socket: %s\n", strerror(errno)); strncpy(ifr.ifr_name, if_name, IFNAMSIZ - 1); ifr.ifr_name[IFNAMSIZ - 1] = (char)NULL; ifr.ifr_addr.sa_family = AF_INET; r = ioctl(sock_fd, SIOCGIFADDR, &ifr); if (r < 0) die("SIOCSIFADDR error: %s\n", strerror(errno)); sip = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr; close(sock_fd); for (i = optind; i < argc; i ++) { if (strncmp(argv[i], "sip=", 4) == 0) { r = inet_aton(&argv[i][4], &sip); if (r == 0) die("invalid sip\n"); } else if (strncmp(argv[i], "sea=", 4) == 0) { r = sscanf( argv[i], "sea=%X:%X:%X:%X:%X:%X", &tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5] ); sea->ether_addr_octet[0] = tmp[0]; sea->ether_addr_octet[1] = tmp[1]; sea->ether_addr_octet[2] = tmp[2]; sea->ether_addr_octet[3] = tmp[3]; sea->ether_addr_octet[4] = tmp[4]; sea->ether_addr_octet[5] = tmp[5]; if (r != 6) die("invalid sea\n"); } else if (strncmp(argv[i], "tip=", 4) == 0) { r = inet_aton(&argv[i][4], &tip); if (r == 0) die("invalid tip\n"); } else if (strncmp(argv[i], "tea=", 4) == 0) { r = sscanf( argv[i], "tea=%X:%X:%X:%X:%X:%X", &tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5] ); tea.ether_addr_octet[0] = tmp[0]; tea.ether_addr_octet[1] = tmp[1]; tea.ether_addr_octet[2] = tmp[2]; tea.ether_addr_octet[3] = tmp[3]; tea.ether_addr_octet[4] = tmp[4]; tea.ether_addr_octet[5] = tmp[5]; if (r != 6) die("invalid tea\n"); } else { die("unknown arg: %s\n", argv[i]); } } print("interface %s\n", if_name); print(" sip: %s\n", inet_ntoa(sip)); print(" sea: %02X:%02X:%02X:%02X:%02X:%02X\n", sea->ether_addr_octet[0], sea->ether_addr_octet[1], sea->ether_addr_octet[2], sea->ether_addr_octet[3], sea->ether_addr_octet[4], sea->ether_addr_octet[5] ); print(" tip: %s\n", inet_ntoa(tip)); print(" tea: %02X:%02X:%02X:%02X:%02X:%02X\n", tea.ether_addr_octet[0], tea.ether_addr_octet[1], tea.ether_addr_octet[2], tea.ether_addr_octet[3], tea.ether_addr_octet[4], tea.ether_addr_octet[5] ); // allocate memory for the ARP probe packet r = libnet_init_packet(LIBNET_ETH_H + LIBNET_ARP_H, &arp_probe_packet); if (r == -1) die("libnet_init_packet(): error\n"); // build the Ethernet header of the ARP probe packet r = libnet_build_ethernet( broadcast_ea.ether_addr_octet, sea->ether_addr_octet, ETHERTYPE_ARP, NULL, 0, // payload pointer and size arp_probe_packet ); if (r == -1) die("libnet_build_ethernet(): error\n"); // build the ARP header r = libnet_build_arp( ARPHRD_ETHER, ETHERTYPE_IP, ETH_ALEN, 4, ARPOP_REQUEST, sea->ether_addr_octet, (uint8_t *)&sip.s_addr, tea.ether_addr_octet, (uint8_t *)&tip.s_addr, NULL, 0, // payload pointer and size arp_probe_packet + LIBNET_ETH_H ); if (r == -1) die("libnet_build_arp(): error\n"); r = libnet_write_link_layer( lin, if_name, arp_probe_packet, LIBNET_ARP_H + LIBNET_ETH_H ); if (r == -1) die("libnet_write_link_layer(): error\n"); return 0; }
void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) { char errbuf[LIBNET_ERRBUF_SIZE]; /* error buffer */ struct libnet_link_int *network; /* pointer to link interface struct */ int packet_size; /* size of our packet */ int ip_size; /* size of our ip */ int udp_size; /* size of our udp */ int tcp_size; /* size of our tcp */ int c; u_char *packet; /* pointer to our packet buffer */ /* * Step 1: Network Initialization (interchangable with step 2). */ if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf); } /* * We're going to build a UDP packet with a payload using the * link-layer API, so this time we need memory for a ethernet header * as well as memory for the ICMP and IP headers and our payload. */ if (protocol == "udp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size; udp_size = LIBNET_UDP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_UDP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_UDP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload (none) */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (UDP header). */ libnet_build_udp( sport2, /* source port */ dport2, /* dest. port */ payload, /* payload */ payload_size, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("UDP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, udp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } if (protocol == "tcp") { packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size; ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size; tcp_size = LIBNET_TCP_H + payload_size; /* * Step 2: Memory Initialization (interchangable with step 1). */ if (libnet_init_packet(packet_size, &packet) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n"); } /* * Step 3: Packet construction (ethernet header). */ libnet_build_ethernet( enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, packet); printf("\n--- Injected packet number %i on %s ---\n", count, dev2); /* * Step 3: Packet construction (IP header). */ libnet_build_ip( LIBNET_TCP_H + payload_size, 0, /* IP tos */ id, /* IP ID */ 0, /* Frag */ ttl, /* TTL */ IPPROTO_TCP, /* Transport protocol */ inet_addr(saddr2), /* Source IP */ inet_addr(daddr2), /* Destination IP */ payload, /* Pointer to payload */ 0, packet + LIBNET_ETH_H); /* Packet header memory */ /* * Step 3: Packet construction (TCP header). */ libnet_build_tcp( sport2, /* source TCP port */ dport2, /* destination TCP port */ 0xa1d95, /* sequence number */ 0x53, /* acknowledgement number */ TH_SYN, /* control flags */ 1024, /* window size */ 0, /* urgent pointer */ NULL, /* payload (none) */ 0, /* payload length */ packet + LIBNET_ETH_H + LIBNET_IP_H); /* * Step 4: Packet checksums (ICMP header *AND* IP header). */ if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) { libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n"); } /* print packet info */ if (!hide_header) { printf("IP header Src Addr: %s", saddr2); printf(" Dst Addr: %s\n", daddr2); printf(" Len: %i ID: %i TTL: %i\n", ip_size, id, ttl); printf("TCP header Src port: %i Dst port: %i Len: %i\n", sport2, dport2, tcp_size); } if (!hide_payload) { printf("Payload (%d bytes)\n", payload_size); print_payload(payload, payload_size); } } /* * Step 5: Packet injection. */ c = libnet_write_link_layer(network, dev2, packet, packet_size); if (c < packet_size) { libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c); } /* * Shut down the interface. */ if (libnet_close_link_interface(network) == -1) { libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface"); } /* * Free packet memory. */ libnet_destroy_packet(&packet); printf("\n"); }
int main(int argc, char *argv[]) { int c, amount; char errbuf[256]; char *device = NULL; struct link_int *l; u_long ip; amount = 20; while ((c = getopt(argc, argv, "n:i:")) != EOF) { switch (c) { case 'i': device = optarg; break; case 'n': amount = atoi(optarg); break; default: exit(EXIT_FAILURE); } } if (!device) { usage(argv[0]); exit(EXIT_FAILURE); } if (argc <= optind) { usage(argv[0]); exit(EXIT_FAILURE); } else if ((ip = libnet_name_resolve(argv[optind], 1)) == -1) { fprintf(stderr, "Cannot resolve IP address\n"); exit(EXIT_FAILURE); } l = libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } while (amount--) { c = send_arp(l, ip, device); if (c == -1) { /* bail on the first error */ break; } } printf("\n"); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int c = -1; char errbuf[LIBNET_ERRBUF_SIZE]; char* device; char* ipaddr; char* macaddr; char* broadcast; char* netmask; u_int32_t ip; u_char src_mac[6]; LTYPE* l; int repeatcount = 1; int j; long msinterval = 1000; int flag; char pidfilenamebuf[64]; char *pidfilename = NULL; CL_SIGNAL(SIGTERM, byebye); CL_SIGINTERRUPT(SIGTERM, 1); cl_log_set_entity(SENDARPNAME); cl_log_enable_stderr(TRUE); cl_log_set_facility(LOG_USER); cl_inherit_logging_environment(0); while ((flag = getopt(argc, argv, "i:r:p:")) != EOF) { switch(flag) { case 'i': msinterval= atol(optarg); break; case 'r': repeatcount= atoi(optarg); break; case 'p': pidfilename= optarg; break; default: fprintf(stderr, "%s\n\n", print_usage); return 1; break; } } if (argc-optind != 5) { fprintf(stderr, "%s\n\n", print_usage); return 1; } /* * argv[optind+1] DEVICE dc0,eth0:0,hme0:0, * argv[optind+2] IP 192.168.195.186 * argv[optind+3] MAC ADDR 00a0cc34a878 * argv[optind+4] BROADCAST 192.168.195.186 * argv[optind+5] NETMASK ffffffffffff */ device = argv[optind]; ipaddr = argv[optind+1]; macaddr = argv[optind+2]; broadcast = argv[optind+3]; netmask = argv[optind+4]; if (!pidfilename) { if (snprintf(pidfilenamebuf, sizeof(pidfilenamebuf), "%s%s", PIDFILE_BASE, ipaddr) >= (int)sizeof(pidfilenamebuf)) { cl_log(LOG_INFO, "Pid file truncated"); return EXIT_FAILURE; } pidfilename = pidfilenamebuf; } if(write_pid_file(pidfilename) < 0) { return EXIT_FAILURE; } #if defined(HAVE_LIBNET_1_0_API) #ifdef ON_DARWIN if ((ip = libnet_name_resolve((unsigned char*)ipaddr, 1)) == -1UL) { #else if ((ip = libnet_name_resolve(ipaddr, 1)) == -1UL) { #endif cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr); unlink(pidfilename); return EXIT_FAILURE; } l = libnet_open_link_interface(device, errbuf); if (!l) { cl_log(LOG_ERR, "libnet_open_link_interface on %s: %s" , device, errbuf); unlink(pidfilename); return EXIT_FAILURE; } #elif defined(HAVE_LIBNET_1_1_API) if ((l=libnet_init(LIBNET_LINK, device, errbuf)) == NULL) { cl_log(LOG_ERR, "libnet_init failure on %s: %s", device, errbuf); unlink(pidfilename); return EXIT_FAILURE; } if ((signed)(ip = libnet_name2addr4(l, ipaddr, 1)) == -1) { cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr); unlink(pidfilename); return EXIT_FAILURE; } #else # error "Must have LIBNET API version defined." #endif if (!strcasecmp(macaddr, AUTO_MAC_ADDR)) { if (get_hw_addr(device, src_mac) < 0) { cl_log(LOG_ERR, "Cannot find mac address for %s", device); unlink(pidfilename); return EXIT_FAILURE; } } else { convert_macaddr((unsigned char *)macaddr, src_mac); } /* * We need to send both a broadcast ARP request as well as the ARP response we * were already sending. All the interesting research work for this fix was * done by Masaki Hasegawa <*****@*****.**> and his colleagues. */ for (j=0; j < repeatcount; ++j) { c = send_arp(l, ip, (unsigned char*)device, src_mac , (unsigned char*)broadcast, (unsigned char*)netmask , ARPOP_REQUEST); if (c < 0) { break; } mssleep(msinterval / 2); c = send_arp(l, ip, (unsigned char*)device, src_mac , (unsigned char *)broadcast , (unsigned char *)netmask, ARPOP_REPLY); if (c < 0) { break; } if (j != repeatcount-1) { mssleep(msinterval / 2); } } unlink(pidfilename); return c < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } void convert_macaddr (u_char *macaddr, u_char enet_src[6]) { int i, pos; u_char bits[3]; pos = 0; for (i = 0; i < 6; i++) { /* Inserted to allow old-style MAC addresses */ if (*macaddr == ':') { pos++; } bits[0] = macaddr[pos++]; bits[1] = macaddr[pos++]; bits[2] = '\0'; enet_src[i] = strtol((const char *)bits, (char **)NULL, 16); } }
/* * injection_write_ip * * Description: * - Write an IP packet into the wire. It can use either raw sockets * or the wire * * Inputs: * - ip_packet: the IP packet * * Outputs: * - return: 0 if ok, <0 if there were problems * */ int injection_write_ip (u_char *ip_packet) { #if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER) int i; u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2)); #endif #if defined(INJECT_USING_RAW_SOCKETS) int network; /* network initialization */ if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) { return WIRE_ERR_PKTD_INJECTION_OPEN; /* packet injection */ } else if ((i = libnet_write_ip (network, ip_packet, packet_size)) < packet_size) { return WIRE_ERR_PKTD_INJECTION_WRITE_IP; /* shut down the interface */ } else if (libnet_close_raw_sock (network) < 0) { return WIRE_ERR_PKTD_INJECTION_CLOSE; } return WIRE_ERR_NONE; #elif defined(INJECT_USING_LINK_LAYER) char buffer[LIBNET_ETH_H+IP_MAXPACKET]; struct in_addr in; int size = 1024; struct libnet_link_int *network; /* pointer to link interface struct */ char *interface = NULL; /* pointer to the device to use */ struct sockaddr_in sin; char errbuf[1024]; struct ether_addr remote_eth, *tmp_eth; /* network initialization */ if (libnet_select_device(&sin, &interface, errbuf) == -1) { return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS; } if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) { return WIRE_ERR_PKTD_INJECTION_OPEN; } /* get local ethernet address */ if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_OPEN; } memcpy (&local_eth, tmp_eth, 6); debug3 ("injection_write_ip: the local ethernet address is %s\n", ether_ntoa(&local_eth)); /* get remote ethernet address (the packet is already in network order) */ in.s_addr = *(u_int32_t*)(ip_packet+16); /* try to get the remote MAC address from the ARP cache */ if (get_mac_address (in, buffer, size) < 0) { /* MAC address of the IP address not in ARP cache */ /* get the gateway needed to reach the destination */ struct in_addr gw; if (get_gateway (in, &gw) < 0) { debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n", inet_ntoa(in)); (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } /* get the gateway's ethernet address */ if (get_mac_address (gw, buffer, size) < 0) { debug3 ("injection_write_ip: can't find MAC for %s's ", inet_ntoa(in)); debug3 ("gateway (%s)\n", inet_ntoa(gw)); /* XXX: This case means typically the destination host is in * the same network than the source, but the destination MAC * address is not in the local ARP cache. Getting a local * MAC address requires implementing ARP, which we won't do * at this moment */ (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in)); debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer); } else { debug3 ("injection_write_ip: IP address %s corresponds to %s\n", inet_ntoa(in), buffer); } if ((tmp_eth = ether_aton (buffer)) == NULL) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } memcpy (&remote_eth, tmp_eth, 6); /* build ethernet header and use IP packet as payload */ #if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\ defined(__FreeBSD__)) libnet_build_ethernet(&(remote_eth.octet[0]), &(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer); #else libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]), &(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer); #endif memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size); packet_size += LIBNET_ETH_H; /* inject the packet */ if ((i = libnet_write_link_layer (network, interface, buffer, packet_size)) < packet_size) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } /* shut down the interface */ (void)libnet_close_link_interface(network); return WIRE_ERR_NONE; #else /* INJECT_USING_LINK_LAYER */ return(0); #endif /* INJECT_USING_LINK_LAYER */ }
int main(int argc, char **argv) { bpf_u_int32 mask, mask2; /* subnet mask */ bpf_u_int32 net, net2; /* ip */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ pcap_t *handle; /* packet capture handle */ char filter_exp[] = "ip"; /* filter expression */ struct bpf_program fp; /* compiled filter program (expression) */ int c,num_packets = -1; /* number of packets to capture */ struct libnet_link_int *l; u_long i; /* check command-line options */ while ((c = getopt(argc, argv, "i:I:d:n:hpcf:")) != EOF) { switch (c) { case 'i': dev = optarg; dev2 = dev; break; case 'I': dev2 = optarg; break; case 'd': daddr2 = optarg; break; case 'n': num_packets = atoi(optarg); break; case 'f': strcpy(filter_exp, optarg); break; case 'h': hide_header = 1; break; case 'p': hide_payload = 1; break; case 'c': capture_only = 1; break; default: print_app_usage(argv[0]); exit(EXIT_FAILURE); } } if (dev == NULL) { print_app_usage(argv[0]); exit(EXIT_FAILURE); } /* get source ip address associated with forward device */ l = libnet_open_link_interface(dev2, errbuf); if (!l) { printf("libnet_open_link_interface: %s\n", errbuf); goto failure; } i = libnet_get_ipaddr(l, dev2, errbuf); if (!i) { printf("Can't get ip address: %s\n", errbuf); goto failure; } saddr2 = (char *)libnet_host_lookup(ntohl(i), 0); /* get network number and mask associated with capture device */ if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { printf(" Error: couldn't get netmask for interface %s\n\n", errbuf); goto failure; } /* print capture info */ printf("\n Capture from: %s\n", dev); printf(" Forward to: %s\n", dev2); printf(" Src Address: %s\n", saddr2); if (daddr2) printf(" Dst Address: %s\n", daddr2); else printf(" Dst Address: Not changed\n"); if(num_packets > 0) printf("Packets to capture: %d\n", num_packets); printf("Packet Filter: %s\n", filter_exp); printf("\n"); /* open capture device */ handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf); if (handle == NULL) { printf("\n Error: couldn't open interface %s: %s\n\n", dev, errbuf); goto failure; } /* make sure we're capturing on an Ethernet device */ if (pcap_datalink(handle) != DLT_EN10MB) { printf("\n Error: %s is not on ethernet\n\n", dev); goto failure; } /* compile the filter expression */ if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) { printf("\n Error: couldn't parse filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* apply the compiled filter */ if (pcap_setfilter(handle, &fp) == -1) { printf("\n Error: couldn't install filter %s: %s\n\n", filter_exp, pcap_geterr(handle)); goto failure; } /* now we can set our callback function */ pcap_loop(handle, num_packets, got_packet, NULL); /* cleanup */ pcap_freecode(&fp); pcap_close(handle); printf("\nCapture and forward complete.\n\n"); exit(EXIT_SUCCESS); failure: exit(EXIT_FAILURE); }