int8_t
hsrp_send_packet(struct attacks *attacks)
{
libnet_ptag_t t;
int sent;
u_int16_t len;
struct hsrp_data *hsrp_data;
u_int8_t *hsrp_packet, *aux;
libnet_t *lhandler;
dlist_t *p;
struct interface_data *iface_data;
struct interface_data *iface_data2;
hsrp_data = attacks->data;
hsrp_packet = calloc(1, HSRP_PACKET_SIZE);
aux = hsrp_packet;
*aux = hsrp_data->version; aux++;
*aux = hsrp_data->opcode; aux++;
*aux = hsrp_data->state; aux++;
*aux = hsrp_data->hello_time; aux++;
*aux = hsrp_data->hold_time; aux++;
*aux = hsrp_data->priority; aux++;
*aux = hsrp_data->group; aux++;
*aux = hsrp_data->reserved; aux++;
len = strlen(hsrp_data->authdata);
memcpy((void *)aux, (void *)hsrp_data->authdata, (len < HSRP_AUTHDATA_LENGTH) ? len : HSRP_AUTHDATA_LENGTH);
/* aux += (len < HSRP_AUTHDATA_LENGTH) ? len : HSRP_AUTHDATA_LENGTH;*/
aux += 8;
(*(u_int32_t *)aux) = (u_int32_t) htonl(hsrp_data->virtual_ip);
for (p = attacks->used_ints->list; p; p = dlist_next(attacks->used_ints->list, p)) {
iface_data = (struct interface_data *) dlist_data(p);
lhandler = iface_data->libnet_handler;
t = libnet_build_udp(
hsrp_data->sport, /* source port */
hsrp_data->dport, /* destination port */
LIBNET_UDP_H + HSRP_PACKET_SIZE, /* packet size */
0, /* checksum */
hsrp_packet, /* payload */
HSRP_PACKET_SIZE, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
thread_libnet_error( "Can't build udp datagram",lhandler);
libnet_clear_packet(lhandler);
return -1;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + HSRP_PACKET_SIZE,/* length */
0x10, /* TOS */
0, /* IP ID */
0, /* IP Frag */
1, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
hsrp_data->sip, /* src ip */
hsrp_data->dip, /* destination ip */
NULL, /* payload */
0, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
thread_libnet_error("Can't build ipv4 packet",lhandler);
libnet_clear_packet(lhandler);
return -1;
}
t = libnet_build_ethernet(
hsrp_data->mac_dest, /* ethernet destination */
(attacks->mac_spoofing) ? hsrp_data->mac_source : iface_data->etheraddr,
/* ethernet source */
ETHERTYPE_IP,
NULL, /* payload */
0, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
thread_libnet_error("Can't build ethernet header",lhandler);
libnet_clear_packet(lhandler);
return -1;
}
/*
* Write it to the wire.
*/
sent = libnet_write(lhandler);
if (sent == -1) {
thread_libnet_error("libnet_write error", lhandler);
libnet_clear_packet(lhandler);
return -1;
}
libnet_clear_packet(lhandler);
protocols[PROTO_HSRP].packets_out++;
iface_data2 = interfaces_get_struct(iface_data->ifname);
iface_data2->packets_out[PROTO_HSRP]++;
}
free(hsrp_packet);
return 0;
}
char *bin_op_run(bot_t * bot, char *prog, char *options, char *input,
dlist_t * dlist_node)
{
pid_t pid = 0;
char buf[MAX_BUF_SZ + 1];
char *path = NULL;
char *str = NULL, *ptr = NULL;
dlist_t *dl_data = NULL, *dptr_data = NULL;
memdup_t *mem = NULL;
int argc = 0;
char **argv = NULL;
int pipefds1[2], pipefds2[2];
int n = 0, i = 0;
debug(NULL, "bin_op_run: Entered: %s %s %s\n", prog, options, input);
if (!bot || !_sNULL(prog))
return NULL;
if (!str_apply_is(prog, isprog))
return NULL;
if (!_sNULL(options))
options = "";
path =
str_unite_static("%s/mods/mod_bin_files/%s %s", gi->confdir, prog,
options);
argv = tokenize_str2argv(path, &argc, 0);
if (!argv)
return NULL;
for (i = 0; i < argc; i++) {
debug(NULL, "bin_op_run: %i. %s\n", i, argv[i]);
}
clean_environ();
if (pipe(pipefds1) < 0)
goto cleanup;
if (pipe(pipefds2) < 0)
goto cleanup;
pid = bot_fork_clean(bot);
if (pid < 0)
goto cleanup;
if (!pid) {
pid = getpid();
close(0);
close(1);
close(2);
close(pipefds2[0]);
dup2(pipefds2[1], 1);
dup2(pipefds2[1], 2);
close(pipefds1[1]);
close(0);
dup2(pipefds1[0], 0);
execve(argv[0], argv, environ);
bot_fork_clean_exit(bot);
return 0;
} else {
close(pipefds1[0]);
close(pipefds2[1]);
while (1) {
bz(buf);
n = read(pipefds2[0], buf, sizeof(buf) - 1);
if (n <= 0)
break;
dlist_Dinsert_after(&dl_data, memdup(buf, n));
}
}
bz(bot->txt_data_in);
strzero_bot(bot->txt_data_in);
strlcat_bot(bot->txt_data_in, bot->txt_data_out);
bot->txt_data_in_sz = strlen(bot->txt_data_in);
dlist_fornext(dl_data, dptr_data) {
if (!dptr_data)
break;
mem = (memdup_t *) dlist_data(dptr_data);
if (!mem)
continue;
//memcpy_bot(bot->txt_data_in, mem->data, mem->len);
strlcat_bot(bot->txt_data_in, mem->data);
bot->txt_data_in_sz += mem->len;
}
if (dlist_node) {
dlist_fornext(dlist_next(dlist_node), dptr_data) {
ptr = (char *)dlist_data(dptr_data);
charcat_bot(bot->txt_data_in, '|');
strlcat_bot(bot->txt_data_in, ptr);
bot->txt_data_in_sz += strlen(ptr) + 1;
}
}