void nids_killtcp_seq(struct tcp_stream *a_tcp, int seqoff)
{
if (!l)
return;
tcp_tag = libnet_build_tcp(a_tcp->addr.source, a_tcp->addr.dest,
a_tcp->client.first_data_seq +
a_tcp->server.count + a_tcp->server.urg_count +
(seqoff?(a_tcp->server.window/2):0),
0, 0x4, 32000, 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag);
ip_tag =
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64,
IPPROTO_TCP, 0, a_tcp->addr.saddr,
a_tcp->addr.daddr, 0, 0, l, ip_tag);
libnet_write(l);
tcp_tag = libnet_build_tcp(a_tcp->addr.dest, a_tcp->addr.source,
a_tcp->server.first_data_seq +
a_tcp->client.count + a_tcp->client.urg_count +
(seqoff?(a_tcp->client.window/2):0),
0, 0x4, 32000, 0,
0, LIBNET_TCP_H, NULL, 0, l, tcp_tag);
ip_tag =
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64,
IPPROTO_TCP, 0, a_tcp->addr.daddr,
a_tcp->addr.saddr, 0, 0, l, ip_tag);
libnet_write(l);
}
void
send_tcp_pkts (libnet_t * l, libnet_plist_t * plist, libnet_ptag_t tcp_tag,
u_long seq)
{
int i;
u_short bport, eport;
while (libnet_plist_chain_next_pair (plist, &bport, &eport)
&& (bport <= eport) && (bport))
for (i = bport; i <= eport; i++)
{
tcp_tag = libnet_build_tcp (libnet_get_prand (LIBNET_PRu16),
i,
seq,
libnet_get_prand (LIBNET_PRu32),
TH_SYN,
libnet_get_prand (LIBNET_PRu16),
0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag);
libnet_write (l);
usleep (1); /* kernel buffers will prevent high rate packet injection
* unless we sleep for a while (1usec is enough)
* There are cleaner ways of doing this... see libdnet
*/
}
}
static void
send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip)
{
struct libnet_icmpv4_hdr *icmp;
int len;
len = (ip->ip_hl * 4) + 8;
icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
icmp->icmp_type = ICMP_UNREACH;
icmp->icmp_code = ICMP_UNREACH_NEEDFRAG;
icmp->hun.frag.pad = 0;
icmp->hun.frag.mtu = htons(MIN_MTU);
memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len);
len += LIBNET_ICMPV4_MASK_H;
libnet_build_ipv4(LIBNET_IPV4_H + len, 4,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
(u_int8_t *) icmp, len, l, 0);
if (libnet_write(l) != len)
warn("write");
fprintf(stderr, "%s > %s: icmp: ",
libnet_addr2name4(ip->ip_dst.s_addr, 0),
libnet_addr2name4(ip->ip_src.s_addr, 0));
fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n",
libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU);
}
uint16_t buildICMP_h(libnet_t *l, uint32_t dip, uint8_t *PAYLOAD)
{
uint16_t seqn, id, bytes_w;
libnet_seed_prand(l);
id= (uint16_t)libnet_get_prand(LIBNET_PR16);
seqn =1;
icmp_t = libnet_build_icmpv4_echo(ICMP_ECHO,
0, 0, id, seqn, PAYLOAD, PAYLOAD_L, l, icmp_t);
if(icmp_t == -1)
{
fprintf(stderr,"libnet_build_ethernet() failed: %s\n",errbuf);
goto bad;
}
ip_t = libnet_autobuild_ipv4(
LIBNET_IPV4_H+LIBNET_ICMPV4_ECHO_H+PAYLOAD_L,
IPPROTO_ICMP, dip,l);
if(ip_t == -1)
{
fprintf(stderr,"libnet_autobuild_ipv4() failed: %s\n",errbuf);
goto bad;
}
bytes_w = libnet_write(l);
if(bytes_w == -1)
{
fprintf(stderr,"libnet_write() failed: %s\n",errbuf);
goto bad;
}
return 1;
bad:
return -1;
}
/*
* Inject 'normal' TCP packet
*/
int inject_tcp_packet(sess_key keyhash, u_int8_t flags, u_int16_t window)
{
// clear
libnet_clear_packet(l);
// build tcp
libnet_build_tcp(
sess_map[keyhash].tcp_sport, /* source TCP port */
sess_map[keyhash].tcp_dport, /* destination TCP port */
sess_map[keyhash].tcp_seq, /* sequence number */
sess_map[keyhash].tcp_ack, /* acknowledgement number */
flags, /* control flags */
window, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* total length */
NULL, /* payload */
0, /* payload length */
l, /* libnet context */
0 /* build new header */
);
// prepare ip packet
prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst);
// packet injection
return libnet_write(l);
}
static void
afinet_dd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options, gpointer user_data)
{
#if SYSLOG_NG_ENABLE_SPOOF_SOURCE
AFInetDestDriver *self = (AFInetDestDriver *) s;
/* NOTE: this code should probably become a LogTransport instance so that
* spoofed packets are also going through the LogWriter queue */
if (self->spoof_source && self->lnet_ctx && msg->saddr && (msg->saddr->sa.sa_family == AF_INET || msg->saddr->sa.sa_family == AF_INET6) && log_writer_opened(self->super.writer))
{
gboolean success = FALSE;
g_assert(self->super.transport_mapper->sock_type == SOCK_DGRAM);
g_static_mutex_lock(&self->lnet_lock);
if (!self->lnet_buffer)
self->lnet_buffer = g_string_sized_new(self->spoof_source_maxmsglen);
log_writer_format_log(self->super.writer, msg, self->lnet_buffer);
if (self->lnet_buffer->len > self->spoof_source_maxmsglen)
g_string_truncate(self->lnet_buffer, self->spoof_source_maxmsglen);
switch (self->super.dest_addr->sa.sa_family)
{
case AF_INET:
success = afinet_dd_construct_ipv4_packet(self, msg, self->lnet_buffer);
break;
#if SYSLOG_NG_ENABLE_IPV6
case AF_INET6:
success = afinet_dd_construct_ipv6_packet(self, msg, self->lnet_buffer);
break;
#endif
default:
g_assert_not_reached();
}
if (success)
{
if (libnet_write(self->lnet_ctx) >= 0)
{
/* we have finished processing msg */
log_msg_ack(msg, path_options, AT_PROCESSED);
log_msg_unref(msg);
g_static_mutex_unlock(&self->lnet_lock);
return;
}
else
{
msg_error("Error sending raw frame",
evt_tag_str("error", libnet_geterror(self->lnet_ctx)));
}
}
g_static_mutex_unlock(&self->lnet_lock);
}
#endif
log_dest_driver_queue_method(s, msg, path_options, user_data);
}
void tcp_answer_ack(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
{
struct libnet_ipv4_hdr *ip;
struct libnet_tcp_hdr *tcp;
u_int32_t seq, win, ack;
int len;
libnet_t *libnet;
libnet = (libnet_t *)user;
pkt += pcap_off;
len = pcap->caplen - pcap_off;
ip = (struct libnet_ipv4_hdr *)pkt;
tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2));
seq = ntohl(tcp->th_ack);
ack = ntohl(tcp->th_seq) + 1;
win = ntohs(tcp->th_win);
libnet_clear_packet(libnet);
libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
seq, ack, TH_ACK, win, 0, 0, LIBNET_TCP_H,
NULL, 0, libnet, 0);
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
libnet_get_prand(LIBNET_PRu16), 0, 64,
IPPROTO_TCP, 0, ip->ip_dst.s_addr,
ip->ip_src.s_addr, NULL, 0, libnet, 0);
if (libnet_write(libnet) < 0)
warn("writing ACK failed");
}
static void
send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip)
{
struct libnet_icmpv4_hdr *icmp;
int len;
len = (ip->ip_hl * 4) + 8;
icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
icmp->icmp_type = ICMP_SOURCEQUENCH;
icmp->icmp_code = 0;
memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len);
len += LIBNET_ICMPV4_ECHO_H;
libnet_build_ipv4(LIBNET_IPV4_H + len, 0,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
(u_int8_t *) icmp, len, l, 0);
if (libnet_write(l) != len)
warn("write");
fprintf(stderr, "%s > %s: icmp: source quench\n",
libnet_addr2name4(ip->ip_dst.s_addr, 0),
libnet_addr2name4(ip->ip_src.s_addr, 0));
}
static void
tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
{
struct libnet_ipv4_hdr *ip;
struct libnet_tcp_hdr *tcp;
char ctext[64];
u_int32_t seq, win;
int i, len;
libnet_t *l;
l = (libnet_t *)user;
pkt += pcap_off;
len = pcap->caplen - pcap_off;
ip = (struct libnet_ipv4_hdr *)pkt;
if (ip->ip_p != IPPROTO_TCP)
return;
tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2));
if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST))
return;
seq = ntohl(tcp->th_ack);
win = ntohs(tcp->th_win);
snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:",
libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE),
ntohs(tcp->th_sport),
libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE),
ntohs(tcp->th_dport));
for (i = 0; i < Opt_severity; i++) {
seq += (i * win);
libnet_clear_packet(l);
libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H,
NULL, 0, l, 0);
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
libnet_get_prand(LIBNET_PRu16), 0, 64,
IPPROTO_TCP, 0, ip->ip_dst.s_addr,
ip->ip_src.s_addr, NULL, 0, l, 0);
if (libnet_write(l) < 0)
warn("write");
fprintf(stderr, "%s R %lu:%lu(0) win 0\n",
ctext,
(unsigned long) seq,
(unsigned long) seq);
}
++kill_counter;
if (Opt_max_kill && kill_counter >= Opt_max_kill) {
pcap_breakloop(pd);
}
}
void spoof_arp(in_addr_t ipaddr, in_addr_t destip, u_int8_t *macaddr, u_int8_t *destmacaddr)
{
libnet_ptag_t arp = 0; /* ARP protocol tag */
libnet_ptag_t eth = 0; /* Ethernet protocol tag */
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
l = libnet_init(LIBNET_LINK, dev, errbuf);
if (l == NULL)
{
fprintf (stderr, "Error Opening Context: %s\n", errbuf);
exit(1);
}
arp = libnet_autobuild_arp(ARPOP_REPLY,
macaddr,
(u_int8_t *) &ipaddr,
destmacaddr,
(u_int8_t *) &destip,
l);
if (arp == -1)
{
fprintf(stderr,
"Unable to build ARP header: %s\n", libnet_geterror (l));
exit(1);
}
eth = libnet_build_ethernet(destmacaddr,
macaddr,
ETHERTYPE_ARP,
NULL,
0,
l,
eth);
if (eth == -1)
{
fprintf (stderr,
"Unable to build Ethernet header: %s\n", libnet_geterror (l));
exit (1);
}
/* write the packet */
if ((libnet_write (l)) == -1)
{
fprintf (stderr, "Unable to send packet: %s\n", libnet_geterror (l));
exit (1);
}
/* exit cleanly */
libnet_destroy (l);
}
int TCP_SF_Sender::tcpSF(unsigned int destip, unsigned short dport,unsigned int seq, unsigned int control, unsigned short IPid)
{
// TODO : now we use the fixed ethernet,we will do something to make it find ethernet by itself
char dev[DEV_MAX] ; /* set device name */
strcpy(dev,global_dev);
libnet_t *l = NULL;
libnet_ptag_t packetTag; // the tag return by some build functions
char errBuff[LIBNET_ERRBUF_SIZE] = {0};
// first is to initilize the library and create the envirnoment
l = libnet_init(LIBNET_RAW4,dev,errBuff);
if( NULL==l ){
return -1;
}
// create the tcp header
packetTag=libnet_build_tcp(
25555, // source port(fixed)
dport, // dest port
seq, // TODO : seq
0, // ack
control, // control flags
0, // window size
0, // checksum (0 for autofill)
0, // urgent pointer
LIBNET_TCP_H,// total length of the TCP packet (for checksum calculation)
NULL, // playload
0, // playload length
l, // the libnet context
0 // build a new one
);
// source ip is my IP
u_long source;
source = libnet_get_ipaddr4(l);
if( -1==int(source) ){
return -1;
}
// create the ip header
packetTag=libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H,
0,
IPid, // id
0,
60, // TTL
IPPROTO_TCP,
0,
source,
destip,
NULL,
0,
l,
0
);
// send packets
int packet_length = libnet_write(l);
// destory the session
libnet_destroy(l);
return packet_length;
}
int
send_arp(libnet_t* lntag)
{
int n;
n = libnet_write(lntag);
if (n == -1) {
cl_log(LOG_ERR, "libnet_write failed");
}
return (n);
}
/* include send_dns_query_libnet */
void
send_dns_query(void)
{
char qbuf[24], *ptr;
u_int16_t one;
int packet_size = LIBNET_UDP_H + LIBNET_DNSV4_H + 24;
static libnet_ptag_t ip_tag, udp_tag, dns_tag;
/* build query portion of DNS packet */
ptr = qbuf;
memcpy(ptr, "\001a\014root-servers\003net\000", 20);
ptr += 20;
one = htons(1);
memcpy(ptr, &one, 2); /* query type = A */
ptr += 2;
memcpy(ptr, &one, 2); /* query class = 1 (IP addr) */
/* build DNS packet */
dns_tag = libnet_build_dnsv4(
1234 /* identification */,
0x0100 /* flags: recursion desired */,
1 /* # questions */, 0 /* # answer RRs */,
0 /* # authority RRs */, 0 /* # additional RRs */,
qbuf /* query */, 24 /* length of query */, l, dns_tag);
/* build UDP header */
udp_tag = libnet_build_udp(
((struct sockaddr_in *) local)->sin_port /* source port */,
((struct sockaddr_in *) dest)->sin_port /* dest port */,
packet_size /* length */, 0 /* checksum */,
NULL /* payload */, 0 /* payload length */, l, udp_tag);
/* Since we specified the checksum as 0, libnet will automatically */
/* calculate the UDP checksum. Turn it off if the user doesn't want it. */
if (zerosum)
if (libnet_toggle_checksum(l, udp_tag, LIBNET_OFF) < 0)
err_quit("turning off checksums: %s\n", libnet_geterror(l));
/* build IP header */
/* *INDENT-OFF* */
ip_tag = libnet_build_ipv4(packet_size + LIBNET_IPV4_H /* len */,
0 /* tos */, 0 /* IP ID */, 0 /* fragment */,
TTL_OUT /* ttl */, IPPROTO_UDP /* protocol */,
0 /* checksum */,
((struct sockaddr_in *) local)->sin_addr.s_addr /* source */,
((struct sockaddr_in *) dest)->sin_addr.s_addr /* dest */,
NULL /* payload */, 0 /* payload length */, l, ip_tag);
/* *INDENT-ON* */
if (libnet_write(l) < 0)
{
err_quit("libnet_write: %s\n", libnet_geterror(l));
}
if (verbose)
printf("sent: %d bytes of data\n", packet_size);
}
/*-
-- net:write()
Write the packet (which must previously have been built up inside the context).
*/
static int lnet_write(lua_State *L)
{
libnet_t* ud = checkudata(L);
#ifdef NET_DUMP
lnet_dump(L);
#endif
int r = libnet_write(ud);
check_error(L, ud, r);
lua_pushinteger(L, r);
return 1;
}
uint16_t makeTCP(libnet_t *l, uint8_t *SA, uint8_t *DA,
uint16_t seqn, uint16_t sport, uint16_t dport,
uint32_t sip, uint32_t dip, uint8_t *PAYLOAD, int ack)
{
uint16_t tag_t, bytes_w, control;
if(ack)
control = (9<<1);
else
control = (1<<1);
tcp_t = libnet_build_tcp (
sport, dport, seqn, 0,
control, 8192, 0x0, 0,
LIBNET_TCP_H+PAYLOAD_L,
PAYLOAD,
PAYLOAD_L,
l,
tcp_t
);
if(!tcp_t)
{
fprintf(stderr,"libnet_build_tcp() failed: %s\n",errbuf);
goto bad;
}
tag_t = buildIP_h(l,
sip, dip,IPPROTO_TCP);
if(!tag_t)
{
fprintf(stderr,"libnet_build_ip() failed: %s\n",errbuf);
goto bad;
}
tag_t = buildETH_h(l,DA, SA);
if(!tag_t)
{
fprintf(stderr,"libnet_build_eth() failed: %s\n",errbuf);
goto bad;
}
bytes_w = libnet_write(l);
if(bytes_w == -1)
{
fprintf(stderr,"libnet_write() failed: %s\n",errbuf);
goto bad;
}
return (seqn=LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1);
bad:
return -1;
}
static void
afinet_dd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options)
{
#if ENABLE_SPOOF_SOURCE
AFInetDestDriver *self = (AFInetDestDriver *) s;
if (self->spoof_source && self->lnet_ctx && msg->saddr && (msg->saddr->sa.sa_family == AF_INET || msg->saddr->sa.sa_family == AF_INET6))
{
gboolean success = FALSE;
GString *msg_line = g_string_sized_new(256);
g_assert((self->super.flags & AFSOCKET_DGRAM) != 0);
log_writer_format_log((LogWriter *) self->super.writer, msg, msg_line);
switch (self->super.dest_addr->sa.sa_family)
{
case AF_INET:
success = afinet_dd_construct_ipv4_packet(self, msg, msg_line);
break;
#if ENABLE_IPV6
case AF_INET6:
success = afinet_dd_construct_ipv6_packet(self, msg, msg_line);
break;
#endif
default:
g_assert_not_reached();
}
if (success)
{
if (libnet_write(self->lnet_ctx) >= 0)
{
/* we have finished processing msg */
log_msg_ack(msg, path_options);
log_msg_unref(msg);
g_string_free(msg_line, TRUE);
return;
}
else
{
msg_error("Error sending raw frame",
evt_tag_str("error", libnet_geterror(self->lnet_ctx)),
NULL);
}
}
g_string_free(msg_line, TRUE);
}
#endif
log_pipe_forward_msg(s, msg, path_options);
}
static int
arp_send(libnet_t *l, int op, u_int8_t *sha,
in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
{
int retval;
if (sha == NULL &&
(sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
return (-1);
}
if (spa == 0) {
if ((spa = libnet_get_ipaddr4(l)) == -1)
return (-1);
}
if (tha == NULL)
tha = "\xff\xff\xff\xff\xff\xff";
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
tha, (u_int8_t *)&tpa, l);
libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
fprintf(stderr, "%s ",
ether_ntoa((struct ether_addr *)sha));
if (op == ARPOP_REQUEST) {
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
ether_ntoa((struct ether_addr *)tha),
libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE),
libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
}
else {
fprintf(stderr, "%s 0806 42: arp reply %s is-at ",
ether_ntoa((struct ether_addr *)tha),
libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
fprintf(stderr, "%s\n",
ether_ntoa((struct ether_addr *)sha));
}
retval = libnet_write(l);
char *libnetError = libnet_geterror(l);
if (strlen(libnetError) > 0) {
fprintf(stderr, "%s", libnetError);
exit(1);
}
libnet_clear_packet(l);
return retval;
}
/*-
- net:write()
Write the packet (which must previously have been built up inside the context).
*/
static int lnet_write(lua_State *L)
{
libnet_t** ud = luaL_checkudata(L, 1, L_NET_REGID);
luaL_argcheck(L, *ud, 1, "net has been destroyed");
#ifdef NET_DUMP
lnet_dump(L);
#endif
int r = libnet_write(*ud);
check_error(L, *ud, r);
lua_pushinteger(L, r);
return 1;
}
void main(int argc,char *argv[])
{
if(argc!=2)
{
printf("用法错误:需要添加目的IP参数\n");
return;
}
char error_buf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
l= libnet_init(LIBNET_LINK_ADV,NULL,error_buf);
if(l==NULL)
{
printf("libnet初始化错误:%s\n",error_buf);
libnet_destroy(l);
return;
}
u_char arp_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char arp_dha[6]={0x00,0x00,0x00,0x00,0x00,0x00};
char *arp_src_ip="192.168.1.6";
u_int arp_spa=libnet_name2addr4(l,arp_src_ip,LIBNET_RESOLVE);
char *arp_dst_ip=argv[1];
u_int arp_dpa=libnet_name2addr4(l,arp_dst_ip,LIBNET_RESOLVE);
if(libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,ARPOP_REQUEST,arp_sha,(u_int8_t *)&arp_spa,arp_dha,(u_int8_t *)&arp_dpa,NULL,0,l,0)==-1)
{
printf("构造ARP错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
u_char ether_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char ether_dha[6]={0xff,0xff,0xff,0xff,0xff,0xff};
if(libnet_build_ethernet(ether_dha,ether_sha,ETHERTYPE_ARP,NULL,0,l,0)==-1)
{
printf("构造以太错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
//libnet_diag_dump_pblock(l);
//libnet_diag_dump_context(l);
libnet_write(l);
libnet_destroy(l);
return;
}
struct packet * sender6_send_icmp(struct sender6 *s, /* {{{ */
struct libnet_in6_addr dst, uint8_t ttl,
uint8_t traffic_class, uint32_t flow_label,
uint16_t icmpsum, uint16_t icmpid, uint16_t icmpseq,
size_t padding)
{
padding += (padding % 2);
size_t cnt = padding/sizeof(uint16_t) + 1;
uint16_t *pload = malloc(cnt * sizeof(uint16_t));
if(!pload) logea(__FILE__, __LINE__, NULL);
memset(pload, 0, cnt * sizeof(uint16_t));
pload[cnt-1] = sender6_compute_icmp_payload(icmpsum, icmpid, icmpseq);
s->icmptag = libnet_build_icmpv6_echo(ICMP6_ECHO, 0,
SENDER_AUTO_CHECKSUM, icmpid, icmpseq,
(uint8_t *)pload, cnt * sizeof(uint16_t),
s->ln, s->icmptag);
free(pload);
if(s->icmptag == -1) goto out;
size_t sz = LIBNET_ICMPV6_ECHO_H + cnt*sizeof(uint16_t);
s->iptag = libnet_build_ipv6(traffic_class, flow_label,
sz, IPPROTO_ICMP6, ttl, s->ip, dst,
NULL, 0,
s->ln, s->iptag);
if(s->iptag == -1) goto out;
if(libnet_write(s->ln) < 0) goto out;
struct packet *pkt = sender6_make_packet(s);
return pkt;
out:
loge(LOG_FATAL, __FILE__, __LINE__);
logd(LOG_DEBUG, "%s %d %d error: %s\n", __func__, ttl, icmpsum,
libnet_geterror(s->ln));
libnet_clear_packet(s->ln);
s->icmptag = 0;
s->iptag = 0;
return NULL;
} /* }}} */
int broadcast_arp(uint16_t type, uint32_t addr) {
uint8_t broadcast[6];
memset(broadcast, 0xFF, 6);
bob.arp=libnet_build_arp(
ARPHRD_ETHER, /* ethernet */
ETHERTYPE_IP, /* proto for addr res */
6, /* hardware addr len */
4, /* proto addr len */
type, /* arp type */
(uint8_t *)&bob.shwaddr.octet[0], /* source */
(uint8_t *)&addr, /* ip src */
&broadcast[0], /* dst hw */
(uint8_t *)&bob.saddr, /* src ip */
NULL, /* no pl */
0, /* zero len */
bob.l, /* libnet handle */
bob.arp); /* arp id? */
if (bob.arp < 0) {
fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(bob.l));
return -1;
}
bob.eth=libnet_build_ethernet(
&broadcast[0], /* dest host hw addr */
(uint8_t *)&bob.shwaddr.octet[0], /* dest host src addr */
ETHERTYPE_ARP, /* ethernet, arp */
NULL, /* no payload */
0, /* obviously is 0 len */
bob.l, /* libnet handle */
bob.eth); /* eth id? */
if (bob.eth < 0) {
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(bob.l));
return -1;
}
if (libnet_write(bob.l) == -1) {
fprintf(stderr, "%s", libnet_geterror(bob.l));
return -1;
}
return 1;
}
int send_arp(struct myetheraddr *dst) {
printf("Sending ARP resp to: "); decode_mac((uint8_t *)&dst->octet[0]); printf("\n"); fflush(stdout);
bob.arp=libnet_build_arp(
ARPHRD_ETHER, /* ethernet follows */
ETHERTYPE_IP, /* proto for addr res */
6, /* hardware addr len */
4, /* proto addr len */
ARPOP_REPLY, /* duh */
(uint8_t *)&bob.shwaddr.octet[0], /* source */
(uint8_t *)&bob.saddr, /* ip src */
(uint8_t *)&dst->octet[0], /* dst hw */
(uint8_t *)&bob.saddr, /* src ip */
NULL, /* no pl */
0, /* zero len */
bob.l, /* libnet handle */
bob.arp); /* arp id? */
if (bob.arp < 0) {
fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(bob.l));
return -1;
}
bob.eth=libnet_build_ethernet(
(uint8_t *)&dst->octet[0], /* dest host hw addr */
(uint8_t *)&bob.shwaddr.octet[0], /* dest host src addr */
ETHERTYPE_ARP, /* ethernet, arp */
NULL, /* no payload */
0, /* obviously is 0 len */
bob.l, /* libnet handle */
bob.eth); /* eth id? */
if (bob.eth < 0) {
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(bob.l));
return -1;
}
if (libnet_write(bob.l) == -1) {
fprintf(stderr, "%s", libnet_geterror(bob.l));
return -1;
}
return 1;
}
int main(int argc, char* argv[]) {
srandomdev();
if (argc != 2) {
errx(EX_USAGE, "Usage: %s <device>", argv[0]);
}
char* dev = argv[1];
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t* context = libnet_init(LIBNET_LINK, dev, errbuf);
if (context == NULL) {
errx(EX_UNAVAILABLE, "libnet_init: %s", errbuf);
}
uint8_t buf[MAX_DHCP_SIZE];
uint16_t size = MAX_DHCP_SIZE;
build_dhcp_discover(source_mac, "lozenge", buf, &size);
libnet_ptag_t ether_tag = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t ip_tag = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t udp_tag = LIBNET_PTAG_INITIALIZER;
udp_tag = libnet_build_udp(68, 67, LIBNET_UDP_H + size,
0, buf, size,
context, udp_tag);
u_short ipid = random() & 0xffff;
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + size,
0, ipid, 0, 0xff,
IPPROTO_UDP, 0, 0, 0xffffffff,
NULL, 0, context, ip_tag);
ether_tag = libnet_build_ethernet(broadcast_mac, source_mac,
ETHERTYPE_IP, NULL, 0, context, ether_tag);
if (libnet_write(context) == -1) {
libnet_destroy(context);
errx(EX_UNAVAILABLE, "libnet_write");
}
printf("Wrote\n");
libnet_destroy(context);
return 0;
}
/*
* Inject TCP packet with payload
*/
int inject_tcp_packet(sess_key keyhash, char *payload, u_int8_t flags, u_int16_t window)
{
// clear
libnet_clear_packet(l);
// build tcp
libnet_build_tcp(
sess_map[keyhash].tcp_sport, /* source TCP port */
sess_map[keyhash].tcp_dport, /* destination TCP port */
sess_map[keyhash].tcp_seq, /* sequence number */
sess_map[keyhash].tcp_ack, /* acknowledgement number */
flags, /* control flags */
window, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H +
(payload[0]!='\0' ? strlen(payload) : 0), /* total length */
(payload[0]!='\0' ? (unsigned char *)payload : NULL), /* payload */
(payload[0]!='\0' ? strlen(payload) : 0), /* payload length */
l, /* libnet context */
0 /* build new header */
);
// prepare ip packet
if(payload[0]!='\0') {
// fragmentation
if(progopt.frag) {
prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst, strlen(payload), progopt.frag);
}
else {
prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst, strlen(payload));
}
} else {
prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst);
}
// packet injection
return libnet_write(l);
}
//===============================
//I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so
//I wouldn't have to worry about the ethernet header. But something weird happens when I
//try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to
//192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get
//70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct
//source port if that connection is already established, but using LIBNET_LINK seems to not
//have this problem. I believe it is a kernel related issue.
void TcpKill::Execute(const wxString &sIp, u_int nPort)
{
char szErrBuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip;
libnet_ptag_t tcp;
wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice");
wxString sGameHost = CONFIG(wxString, "Network/GameHost");
int nGamePort = CONFIG(int, "Network/GamePort");
shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort);
if (!pNodeInfo) {
//Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR);
return;
}
NetInfo &netInfo = Info::Get()->GetNetInfo();
//This is pretty inefficient since I constantly init libnet and destroy it. It would be better
//if we could init once and just keep changing the sequence number and destination ip.
for (u_int x = 0; x < m_nSeverity; x++) {
u_int32_t seq_out = pNodeInfo->last_sentack;
libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf);
libnet_seed_prand(pLibnet);
tcp = libnet_build_tcp(nPort, nGamePort,
seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0);
u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE);
u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE);
ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0,
src_ip, dst_ip, NULL, 0, pLibnet, 0);
libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet);
libnet_write(pLibnet);
libnet_destroy(pLibnet);
}
}
void sendEth(uint8_t* src, uint8_t* dst, uint8_t* pl, uint8_t num, libnet_t* libnet){
static libnet_ptag_t t = 0;
// 0x800 is ipv4 code for ethernet
t = libnet_build_ethernet(dst, src, 0x0800, pl, num, libnet,t);
if (t == -1){
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(libnet));
return;
}
int ec = libnet_write(libnet);
if (ec == -1){
fprintf(stderr, "Write error: %s\n", libnet_geterror(libnet));
}
else{
fprintf(stdout, "Wrote %d byte Eth packet\n", ec);
}
}
void send_syns(libnet_t *libnet, u_int32_t source_addr, u_int32_t target_addr, unsigned int port, useconds_t delay) {
libnet_seed_prand(libnet);
for(;;) {
libnet_clear_packet(libnet);
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), port,
libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32),
TH_SYN, 8192, 0, 0, LIBNET_TCP_H,
NULL, 0, libnet, 0);
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
libnet_get_prand(LIBNET_PRu16), 0, 64,
IPPROTO_TCP, 0, source_addr,
target_addr, NULL, 0, libnet, 0);
if (libnet_write(libnet) < 0)
warn("writing SYN failed");
usleep(delay);
}
}
static int
arp_send(libnet_t *l, int op,
u_int8_t *sha, in_addr_t spa,
u_int8_t *tha, in_addr_t tpa,
u_int8_t *me)
{
int retval;
if (!me) me = sha;
libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
tha, (u_int8_t *)&tpa, l);
libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0);
fprintf(stderr, "%s ",
ether_ntoa((struct ether_addr *)me));
if (op == ARPOP_REQUEST) {
fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
ether_ntoa((struct ether_addr *)tha),
libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE),
libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
}
else {
fprintf(stderr, "%s 0806 42: arp reply %s is-at ",
ether_ntoa((struct ether_addr *)tha),
libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
fprintf(stderr, "%s\n",
ether_ntoa((struct ether_addr *)sha));
}
retval = libnet_write(l);
if (retval)
fprintf(stderr, "%s", libnet_geterror(l));
libnet_clear_packet(l);
return retval;
}
int8_t
dot1x_send_raw(struct interface_data *iface, u_int8_t *payload, u_int16_t len,
u_int8_t *mac_source, u_int8_t *mac_dest)
{
libnet_ptag_t t;
int32_t sent;
t = libnet_build_ethernet(
mac_dest, /* ethernet destination */
mac_source, /* ethernet source */
ETHERTYPE_EAP, /* protocol type */
payload, /* payload */
len, /* payload size */
iface->libnet_handler, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
thread_libnet_error("Can't build Ethernet_II header",iface->libnet_handler);
libnet_clear_packet(iface->libnet_handler);
return -1;
}
sent = libnet_write(iface->libnet_handler);
if (sent == -1) {
thread_libnet_error("libnet_write error", iface->libnet_handler);
libnet_clear_packet(iface->libnet_handler);
return -1;
}
libnet_clear_packet(iface->libnet_handler);
protocols[PROTO_DOT1X].packets_out++;
iface->packets_out[PROTO_DOT1X]++;
return 0;
}
int main()
{
int c, i, seqn;
libnet_t *l;
libnet_ptag_t tcp, ip, eth;
uint8_t *payload, SA[6], DA[6];
ushort payload_s;
uint32_t src_ip, dst_ip;
uint16_t src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *enet_src;
payload_s = 10;
payload = malloc(payload_s*sizeof(uint8_t));
memset(payload,0,payload_s);
l = libnet_init(LIBNET_LINK, "nf2c0", errbuf);
if(l == NULL){
printf("libnet_init() error\n");
goto bad;
}
enet_src = libnet_get_hwaddr(l);
src_ip = libnet_get_ipaddr4(l);
dst_ip = (192) | (168<<8) | (101<<16) | (20);
//char *srcip;
//srcip = libnet_addr2name4(dst_ip,LIBNET_DONT_RESOLVE);
//printf("conversion: %s %d\n", srcip,LIBNET_IPV4_H+LIBNET_TCP_H+LIBNET_ETH_H+payload_s);
//return 0;
sprintf((char*)SA,"%02x:%02x:%02x:%02x:%02x:%02x",
(uint8_t)enet_src->ether_addr_octet[0],
(uint8_t)enet_src->ether_addr_octet[1],
(uint8_t)enet_src->ether_addr_octet[2],
(uint8_t)enet_src->ether_addr_octet[3],
(uint8_t)enet_src->ether_addr_octet[4],
(uint8_t)enet_src->ether_addr_octet[5]);
sprintf((char*)DA,"%02x:%02x:%02x:%02x:%02x:%02x",
0x0,0x4E,0x46,0x32,0x43,0x0);
src_prt = 80;
dst_prt = 1010;
//src_ip = (192) | (164<<8)| (0<<16) | (55<<24);
tcp = ip = eth = LIBNET_PTAG_INITIALIZER;
//for(i=1;i<11;i++){
for(i=0;i<10;i++){
seqn=i*(LIBNET_TCP_H+payload_s+1);
tcp = libnet_build_tcp(
src_prt,
dst_prt,
seqn,
seqn+LIBNET_TCP_H+payload_s+1,
TH_SYN | TH_ACK,
0,
0,
10,
LIBNET_TCP_H+payload_s,
payload, payload_s, l, tcp);
if(tcp ==-1){
printf("libnet_build_tcp() error\n");
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,
0,
242,
0,
64,
IPPROTO_TCP,
0,
src_ip,
dst_ip,
NULL,
0,
l,
ip);
if(ip==-1){
printf("libnet_build_ipv4() error\n");
goto bad;
}
eth = libnet_build_ethernet(
DA,
SA,
ETHERTYPE_IP,
NULL,
0,
l,
eth);
if(eth==-1){
printf("libnet_build_ethernet() error\n");
goto bad;
}
c = libnet_write(l);
if(c==-1){
printf("libnet_write() error\n");
goto bad;
}
else
printf("Wrote %d byte TCP packet.\nSeqNum: %d, ackNum: %d\n\n",c,seqn,seqn+LIBNET_TCP_H+payload_s+1);
//printf("Wrote %d byte TCP packet.\n",c);
sleep(1);
}
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
exit(EXIT_FAILURE);
}
