void nids_killtcp_seq(struct tcp_stream *a_tcp, int seqoff) { if (!l) return; tcp_tag = libnet_build_tcp(a_tcp->addr.source, a_tcp->addr.dest, a_tcp->client.first_data_seq + a_tcp->server.count + a_tcp->server.urg_count + (seqoff?(a_tcp->server.window/2):0), 0, 0x4, 32000, 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag); ip_tag = libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64, IPPROTO_TCP, 0, a_tcp->addr.saddr, a_tcp->addr.daddr, 0, 0, l, ip_tag); libnet_write(l); tcp_tag = libnet_build_tcp(a_tcp->addr.dest, a_tcp->addr.source, a_tcp->server.first_data_seq + a_tcp->client.count + a_tcp->client.urg_count + (seqoff?(a_tcp->client.window/2):0), 0, 0x4, 32000, 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag); ip_tag = libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, 12345, 0, 64, IPPROTO_TCP, 0, a_tcp->addr.daddr, a_tcp->addr.saddr, 0, 0, l, ip_tag); libnet_write(l); }
void send_tcp_pkts (libnet_t * l, libnet_plist_t * plist, libnet_ptag_t tcp_tag, u_long seq) { int i; u_short bport, eport; while (libnet_plist_chain_next_pair (plist, &bport, &eport) && (bport <= eport) && (bport)) for (i = bport; i <= eport; i++) { tcp_tag = libnet_build_tcp (libnet_get_prand (LIBNET_PRu16), i, seq, libnet_get_prand (LIBNET_PRu32), TH_SYN, libnet_get_prand (LIBNET_PRu16), 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp_tag); libnet_write (l); usleep (1); /* kernel buffers will prevent high rate packet injection * unless we sleep for a while (1usec is enough) * There are cleaner ways of doing this... see libdnet */ } }
static void send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip) { struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_UNREACH; icmp->icmp_code = ICMP_UNREACH_NEEDFRAG; icmp->hun.frag.pad = 0; icmp->hun.frag.mtu = htons(MIN_MTU); memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len); len += LIBNET_ICMPV4_MASK_H; libnet_build_ipv4(LIBNET_IPV4_H + len, 4, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, (u_int8_t *) icmp, len, l, 0); if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: ", libnet_addr2name4(ip->ip_dst.s_addr, 0), libnet_addr2name4(ip->ip_src.s_addr, 0)); fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n", libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU); }
uint16_t buildICMP_h(libnet_t *l, uint32_t dip, uint8_t *PAYLOAD) { uint16_t seqn, id, bytes_w; libnet_seed_prand(l); id= (uint16_t)libnet_get_prand(LIBNET_PR16); seqn =1; icmp_t = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seqn, PAYLOAD, PAYLOAD_L, l, icmp_t); if(icmp_t == -1) { fprintf(stderr,"libnet_build_ethernet() failed: %s\n",errbuf); goto bad; } ip_t = libnet_autobuild_ipv4( LIBNET_IPV4_H+LIBNET_ICMPV4_ECHO_H+PAYLOAD_L, IPPROTO_ICMP, dip,l); if(ip_t == -1) { fprintf(stderr,"libnet_autobuild_ipv4() failed: %s\n",errbuf); goto bad; } bytes_w = libnet_write(l); if(bytes_w == -1) { fprintf(stderr,"libnet_write() failed: %s\n",errbuf); goto bad; } return 1; bad: return -1; }
/* * Inject 'normal' TCP packet */ int inject_tcp_packet(sess_key keyhash, u_int8_t flags, u_int16_t window) { // clear libnet_clear_packet(l); // build tcp libnet_build_tcp( sess_map[keyhash].tcp_sport, /* source TCP port */ sess_map[keyhash].tcp_dport, /* destination TCP port */ sess_map[keyhash].tcp_seq, /* sequence number */ sess_map[keyhash].tcp_ack, /* acknowledgement number */ flags, /* control flags */ window, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H, /* total length */ NULL, /* payload */ 0, /* payload length */ l, /* libnet context */ 0 /* build new header */ ); // prepare ip packet prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst); // packet injection return libnet_write(l); }
static void afinet_dd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options, gpointer user_data) { #if SYSLOG_NG_ENABLE_SPOOF_SOURCE AFInetDestDriver *self = (AFInetDestDriver *) s; /* NOTE: this code should probably become a LogTransport instance so that * spoofed packets are also going through the LogWriter queue */ if (self->spoof_source && self->lnet_ctx && msg->saddr && (msg->saddr->sa.sa_family == AF_INET || msg->saddr->sa.sa_family == AF_INET6) && log_writer_opened(self->super.writer)) { gboolean success = FALSE; g_assert(self->super.transport_mapper->sock_type == SOCK_DGRAM); g_static_mutex_lock(&self->lnet_lock); if (!self->lnet_buffer) self->lnet_buffer = g_string_sized_new(self->spoof_source_maxmsglen); log_writer_format_log(self->super.writer, msg, self->lnet_buffer); if (self->lnet_buffer->len > self->spoof_source_maxmsglen) g_string_truncate(self->lnet_buffer, self->spoof_source_maxmsglen); switch (self->super.dest_addr->sa.sa_family) { case AF_INET: success = afinet_dd_construct_ipv4_packet(self, msg, self->lnet_buffer); break; #if SYSLOG_NG_ENABLE_IPV6 case AF_INET6: success = afinet_dd_construct_ipv6_packet(self, msg, self->lnet_buffer); break; #endif default: g_assert_not_reached(); } if (success) { if (libnet_write(self->lnet_ctx) >= 0) { /* we have finished processing msg */ log_msg_ack(msg, path_options, AT_PROCESSED); log_msg_unref(msg); g_static_mutex_unlock(&self->lnet_lock); return; } else { msg_error("Error sending raw frame", evt_tag_str("error", libnet_geterror(self->lnet_ctx))); } } g_static_mutex_unlock(&self->lnet_lock); } #endif log_dest_driver_queue_method(s, msg, path_options, user_data); }
void tcp_answer_ack(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; u_int32_t seq, win, ack; int len; libnet_t *libnet; libnet = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; ip = (struct libnet_ipv4_hdr *)pkt; tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2)); seq = ntohl(tcp->th_ack); ack = ntohl(tcp->th_seq) + 1; win = ntohs(tcp->th_win); libnet_clear_packet(libnet); libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), seq, ack, TH_ACK, win, 0, 0, LIBNET_TCP_H, NULL, 0, libnet, 0); libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, libnet, 0); if (libnet_write(libnet) < 0) warn("writing ACK failed"); }
static void send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip) { struct libnet_icmpv4_hdr *icmp; int len; len = (ip->ip_hl * 4) + 8; icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H); icmp->icmp_type = ICMP_SOURCEQUENCH; icmp->icmp_code = 0; memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len); len += LIBNET_ICMPV4_ECHO_H; libnet_build_ipv4(LIBNET_IPV4_H + len, 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP, 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, (u_int8_t *) icmp, len, l, 0); if (libnet_write(l) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: source quench\n", libnet_addr2name4(ip->ip_dst.s_addr, 0), libnet_addr2name4(ip->ip_src.s_addr, 0)); }
static void tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt) { struct libnet_ipv4_hdr *ip; struct libnet_tcp_hdr *tcp; char ctext[64]; u_int32_t seq, win; int i, len; libnet_t *l; l = (libnet_t *)user; pkt += pcap_off; len = pcap->caplen - pcap_off; ip = (struct libnet_ipv4_hdr *)pkt; if (ip->ip_p != IPPROTO_TCP) return; tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2)); if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST)) return; seq = ntohl(tcp->th_ack); win = ntohs(tcp->th_win); snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:", libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_sport), libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE), ntohs(tcp->th_dport)); for (i = 0; i < Opt_severity; i++) { seq += (i * win); libnet_clear_packet(l); libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, l, 0); libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0); if (libnet_write(l) < 0) warn("write"); fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, (unsigned long) seq, (unsigned long) seq); } ++kill_counter; if (Opt_max_kill && kill_counter >= Opt_max_kill) { pcap_breakloop(pd); } }
void spoof_arp(in_addr_t ipaddr, in_addr_t destip, u_int8_t *macaddr, u_int8_t *destmacaddr) { libnet_ptag_t arp = 0; /* ARP protocol tag */ libnet_ptag_t eth = 0; /* Ethernet protocol tag */ libnet_t *l; char errbuf[LIBNET_ERRBUF_SIZE]; l = libnet_init(LIBNET_LINK, dev, errbuf); if (l == NULL) { fprintf (stderr, "Error Opening Context: %s\n", errbuf); exit(1); } arp = libnet_autobuild_arp(ARPOP_REPLY, macaddr, (u_int8_t *) &ipaddr, destmacaddr, (u_int8_t *) &destip, l); if (arp == -1) { fprintf(stderr, "Unable to build ARP header: %s\n", libnet_geterror (l)); exit(1); } eth = libnet_build_ethernet(destmacaddr, macaddr, ETHERTYPE_ARP, NULL, 0, l, eth); if (eth == -1) { fprintf (stderr, "Unable to build Ethernet header: %s\n", libnet_geterror (l)); exit (1); } /* write the packet */ if ((libnet_write (l)) == -1) { fprintf (stderr, "Unable to send packet: %s\n", libnet_geterror (l)); exit (1); } /* exit cleanly */ libnet_destroy (l); }
int TCP_SF_Sender::tcpSF(unsigned int destip, unsigned short dport,unsigned int seq, unsigned int control, unsigned short IPid) { // TODO : now we use the fixed ethernet,we will do something to make it find ethernet by itself char dev[DEV_MAX] ; /* set device name */ strcpy(dev,global_dev); libnet_t *l = NULL; libnet_ptag_t packetTag; // the tag return by some build functions char errBuff[LIBNET_ERRBUF_SIZE] = {0}; // first is to initilize the library and create the envirnoment l = libnet_init(LIBNET_RAW4,dev,errBuff); if( NULL==l ){ return -1; } // create the tcp header packetTag=libnet_build_tcp( 25555, // source port(fixed) dport, // dest port seq, // TODO : seq 0, // ack control, // control flags 0, // window size 0, // checksum (0 for autofill) 0, // urgent pointer LIBNET_TCP_H,// total length of the TCP packet (for checksum calculation) NULL, // playload 0, // playload length l, // the libnet context 0 // build a new one ); // source ip is my IP u_long source; source = libnet_get_ipaddr4(l); if( -1==int(source) ){ return -1; } // create the ip header packetTag=libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H, 0, IPid, // id 0, 60, // TTL IPPROTO_TCP, 0, source, destip, NULL, 0, l, 0 ); // send packets int packet_length = libnet_write(l); // destory the session libnet_destroy(l); return packet_length; }
int send_arp(libnet_t* lntag) { int n; n = libnet_write(lntag); if (n == -1) { cl_log(LOG_ERR, "libnet_write failed"); } return (n); }
/* include send_dns_query_libnet */ void send_dns_query(void) { char qbuf[24], *ptr; u_int16_t one; int packet_size = LIBNET_UDP_H + LIBNET_DNSV4_H + 24; static libnet_ptag_t ip_tag, udp_tag, dns_tag; /* build query portion of DNS packet */ ptr = qbuf; memcpy(ptr, "\001a\014root-servers\003net\000", 20); ptr += 20; one = htons(1); memcpy(ptr, &one, 2); /* query type = A */ ptr += 2; memcpy(ptr, &one, 2); /* query class = 1 (IP addr) */ /* build DNS packet */ dns_tag = libnet_build_dnsv4( 1234 /* identification */, 0x0100 /* flags: recursion desired */, 1 /* # questions */, 0 /* # answer RRs */, 0 /* # authority RRs */, 0 /* # additional RRs */, qbuf /* query */, 24 /* length of query */, l, dns_tag); /* build UDP header */ udp_tag = libnet_build_udp( ((struct sockaddr_in *) local)->sin_port /* source port */, ((struct sockaddr_in *) dest)->sin_port /* dest port */, packet_size /* length */, 0 /* checksum */, NULL /* payload */, 0 /* payload length */, l, udp_tag); /* Since we specified the checksum as 0, libnet will automatically */ /* calculate the UDP checksum. Turn it off if the user doesn't want it. */ if (zerosum) if (libnet_toggle_checksum(l, udp_tag, LIBNET_OFF) < 0) err_quit("turning off checksums: %s\n", libnet_geterror(l)); /* build IP header */ /* *INDENT-OFF* */ ip_tag = libnet_build_ipv4(packet_size + LIBNET_IPV4_H /* len */, 0 /* tos */, 0 /* IP ID */, 0 /* fragment */, TTL_OUT /* ttl */, IPPROTO_UDP /* protocol */, 0 /* checksum */, ((struct sockaddr_in *) local)->sin_addr.s_addr /* source */, ((struct sockaddr_in *) dest)->sin_addr.s_addr /* dest */, NULL /* payload */, 0 /* payload length */, l, ip_tag); /* *INDENT-ON* */ if (libnet_write(l) < 0) { err_quit("libnet_write: %s\n", libnet_geterror(l)); } if (verbose) printf("sent: %d bytes of data\n", packet_size); }
/*- -- net:write() Write the packet (which must previously have been built up inside the context). */ static int lnet_write(lua_State *L) { libnet_t* ud = checkudata(L); #ifdef NET_DUMP lnet_dump(L); #endif int r = libnet_write(ud); check_error(L, ud, r); lua_pushinteger(L, r); return 1; }
uint16_t makeTCP(libnet_t *l, uint8_t *SA, uint8_t *DA, uint16_t seqn, uint16_t sport, uint16_t dport, uint32_t sip, uint32_t dip, uint8_t *PAYLOAD, int ack) { uint16_t tag_t, bytes_w, control; if(ack) control = (9<<1); else control = (1<<1); tcp_t = libnet_build_tcp ( sport, dport, seqn, 0, control, 8192, 0x0, 0, LIBNET_TCP_H+PAYLOAD_L, PAYLOAD, PAYLOAD_L, l, tcp_t ); if(!tcp_t) { fprintf(stderr,"libnet_build_tcp() failed: %s\n",errbuf); goto bad; } tag_t = buildIP_h(l, sip, dip,IPPROTO_TCP); if(!tag_t) { fprintf(stderr,"libnet_build_ip() failed: %s\n",errbuf); goto bad; } tag_t = buildETH_h(l,DA, SA); if(!tag_t) { fprintf(stderr,"libnet_build_eth() failed: %s\n",errbuf); goto bad; } bytes_w = libnet_write(l); if(bytes_w == -1) { fprintf(stderr,"libnet_write() failed: %s\n",errbuf); goto bad; } return (seqn=LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1); bad: return -1; }
static void afinet_dd_queue(LogPipe *s, LogMessage *msg, const LogPathOptions *path_options) { #if ENABLE_SPOOF_SOURCE AFInetDestDriver *self = (AFInetDestDriver *) s; if (self->spoof_source && self->lnet_ctx && msg->saddr && (msg->saddr->sa.sa_family == AF_INET || msg->saddr->sa.sa_family == AF_INET6)) { gboolean success = FALSE; GString *msg_line = g_string_sized_new(256); g_assert((self->super.flags & AFSOCKET_DGRAM) != 0); log_writer_format_log((LogWriter *) self->super.writer, msg, msg_line); switch (self->super.dest_addr->sa.sa_family) { case AF_INET: success = afinet_dd_construct_ipv4_packet(self, msg, msg_line); break; #if ENABLE_IPV6 case AF_INET6: success = afinet_dd_construct_ipv6_packet(self, msg, msg_line); break; #endif default: g_assert_not_reached(); } if (success) { if (libnet_write(self->lnet_ctx) >= 0) { /* we have finished processing msg */ log_msg_ack(msg, path_options); log_msg_unref(msg); g_string_free(msg_line, TRUE); return; } else { msg_error("Error sending raw frame", evt_tag_str("error", libnet_geterror(self->lnet_ctx)), NULL); } } g_string_free(msg_line, TRUE); } #endif log_pipe_forward_msg(s, msg, path_options); }
static int arp_send(libnet_t *l, int op, u_int8_t *sha, in_addr_t spa, u_int8_t *tha, in_addr_t tpa) { int retval; if (sha == NULL && (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) { return (-1); } if (spa == 0) { if ((spa = libnet_get_ipaddr4(l)) == -1) return (-1); } if (tha == NULL) tha = "\xff\xff\xff\xff\xff\xff"; libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, tha, (u_int8_t *)&tpa, l); libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0); fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)sha)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", ether_ntoa((struct ether_addr *)tha), libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE), libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); } else { fprintf(stderr, "%s 0806 42: arp reply %s is-at ", ether_ntoa((struct ether_addr *)tha), libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); fprintf(stderr, "%s\n", ether_ntoa((struct ether_addr *)sha)); } retval = libnet_write(l); char *libnetError = libnet_geterror(l); if (strlen(libnetError) > 0) { fprintf(stderr, "%s", libnetError); exit(1); } libnet_clear_packet(l); return retval; }
/*- - net:write() Write the packet (which must previously have been built up inside the context). */ static int lnet_write(lua_State *L) { libnet_t** ud = luaL_checkudata(L, 1, L_NET_REGID); luaL_argcheck(L, *ud, 1, "net has been destroyed"); #ifdef NET_DUMP lnet_dump(L); #endif int r = libnet_write(*ud); check_error(L, *ud, r); lua_pushinteger(L, r); return 1; }
void main(int argc,char *argv[]) { if(argc!=2) { printf("用法错误:需要添加目的IP参数\n"); return; } char error_buf[LIBNET_ERRBUF_SIZE]; libnet_t *l; l= libnet_init(LIBNET_LINK_ADV,NULL,error_buf); if(l==NULL) { printf("libnet初始化错误:%s\n",error_buf); libnet_destroy(l); return; } u_char arp_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb}; u_char arp_dha[6]={0x00,0x00,0x00,0x00,0x00,0x00}; char *arp_src_ip="192.168.1.6"; u_int arp_spa=libnet_name2addr4(l,arp_src_ip,LIBNET_RESOLVE); char *arp_dst_ip=argv[1]; u_int arp_dpa=libnet_name2addr4(l,arp_dst_ip,LIBNET_RESOLVE); if(libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,ARPOP_REQUEST,arp_sha,(u_int8_t *)&arp_spa,arp_dha,(u_int8_t *)&arp_dpa,NULL,0,l,0)==-1) { printf("构造ARP错误:%s\n",libnet_geterror(l)); libnet_destroy(l); return; } u_char ether_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb}; u_char ether_dha[6]={0xff,0xff,0xff,0xff,0xff,0xff}; if(libnet_build_ethernet(ether_dha,ether_sha,ETHERTYPE_ARP,NULL,0,l,0)==-1) { printf("构造以太错误:%s\n",libnet_geterror(l)); libnet_destroy(l); return; } //libnet_diag_dump_pblock(l); //libnet_diag_dump_context(l); libnet_write(l); libnet_destroy(l); return; }
struct packet * sender6_send_icmp(struct sender6 *s, /* {{{ */ struct libnet_in6_addr dst, uint8_t ttl, uint8_t traffic_class, uint32_t flow_label, uint16_t icmpsum, uint16_t icmpid, uint16_t icmpseq, size_t padding) { padding += (padding % 2); size_t cnt = padding/sizeof(uint16_t) + 1; uint16_t *pload = malloc(cnt * sizeof(uint16_t)); if(!pload) logea(__FILE__, __LINE__, NULL); memset(pload, 0, cnt * sizeof(uint16_t)); pload[cnt-1] = sender6_compute_icmp_payload(icmpsum, icmpid, icmpseq); s->icmptag = libnet_build_icmpv6_echo(ICMP6_ECHO, 0, SENDER_AUTO_CHECKSUM, icmpid, icmpseq, (uint8_t *)pload, cnt * sizeof(uint16_t), s->ln, s->icmptag); free(pload); if(s->icmptag == -1) goto out; size_t sz = LIBNET_ICMPV6_ECHO_H + cnt*sizeof(uint16_t); s->iptag = libnet_build_ipv6(traffic_class, flow_label, sz, IPPROTO_ICMP6, ttl, s->ip, dst, NULL, 0, s->ln, s->iptag); if(s->iptag == -1) goto out; if(libnet_write(s->ln) < 0) goto out; struct packet *pkt = sender6_make_packet(s); return pkt; out: loge(LOG_FATAL, __FILE__, __LINE__); logd(LOG_DEBUG, "%s %d %d error: %s\n", __func__, ttl, icmpsum, libnet_geterror(s->ln)); libnet_clear_packet(s->ln); s->icmptag = 0; s->iptag = 0; return NULL; } /* }}} */
int broadcast_arp(uint16_t type, uint32_t addr) { uint8_t broadcast[6]; memset(broadcast, 0xFF, 6); bob.arp=libnet_build_arp( ARPHRD_ETHER, /* ethernet */ ETHERTYPE_IP, /* proto for addr res */ 6, /* hardware addr len */ 4, /* proto addr len */ type, /* arp type */ (uint8_t *)&bob.shwaddr.octet[0], /* source */ (uint8_t *)&addr, /* ip src */ &broadcast[0], /* dst hw */ (uint8_t *)&bob.saddr, /* src ip */ NULL, /* no pl */ 0, /* zero len */ bob.l, /* libnet handle */ bob.arp); /* arp id? */ if (bob.arp < 0) { fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(bob.l)); return -1; } bob.eth=libnet_build_ethernet( &broadcast[0], /* dest host hw addr */ (uint8_t *)&bob.shwaddr.octet[0], /* dest host src addr */ ETHERTYPE_ARP, /* ethernet, arp */ NULL, /* no payload */ 0, /* obviously is 0 len */ bob.l, /* libnet handle */ bob.eth); /* eth id? */ if (bob.eth < 0) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(bob.l)); return -1; } if (libnet_write(bob.l) == -1) { fprintf(stderr, "%s", libnet_geterror(bob.l)); return -1; } return 1; }
int send_arp(struct myetheraddr *dst) { printf("Sending ARP resp to: "); decode_mac((uint8_t *)&dst->octet[0]); printf("\n"); fflush(stdout); bob.arp=libnet_build_arp( ARPHRD_ETHER, /* ethernet follows */ ETHERTYPE_IP, /* proto for addr res */ 6, /* hardware addr len */ 4, /* proto addr len */ ARPOP_REPLY, /* duh */ (uint8_t *)&bob.shwaddr.octet[0], /* source */ (uint8_t *)&bob.saddr, /* ip src */ (uint8_t *)&dst->octet[0], /* dst hw */ (uint8_t *)&bob.saddr, /* src ip */ NULL, /* no pl */ 0, /* zero len */ bob.l, /* libnet handle */ bob.arp); /* arp id? */ if (bob.arp < 0) { fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(bob.l)); return -1; } bob.eth=libnet_build_ethernet( (uint8_t *)&dst->octet[0], /* dest host hw addr */ (uint8_t *)&bob.shwaddr.octet[0], /* dest host src addr */ ETHERTYPE_ARP, /* ethernet, arp */ NULL, /* no payload */ 0, /* obviously is 0 len */ bob.l, /* libnet handle */ bob.eth); /* eth id? */ if (bob.eth < 0) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(bob.l)); return -1; } if (libnet_write(bob.l) == -1) { fprintf(stderr, "%s", libnet_geterror(bob.l)); return -1; } return 1; }
int main(int argc, char* argv[]) { srandomdev(); if (argc != 2) { errx(EX_USAGE, "Usage: %s <device>", argv[0]); } char* dev = argv[1]; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_t* context = libnet_init(LIBNET_LINK, dev, errbuf); if (context == NULL) { errx(EX_UNAVAILABLE, "libnet_init: %s", errbuf); } uint8_t buf[MAX_DHCP_SIZE]; uint16_t size = MAX_DHCP_SIZE; build_dhcp_discover(source_mac, "lozenge", buf, &size); libnet_ptag_t ether_tag = LIBNET_PTAG_INITIALIZER; libnet_ptag_t ip_tag = LIBNET_PTAG_INITIALIZER; libnet_ptag_t udp_tag = LIBNET_PTAG_INITIALIZER; udp_tag = libnet_build_udp(68, 67, LIBNET_UDP_H + size, 0, buf, size, context, udp_tag); u_short ipid = random() & 0xffff; ip_tag = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + size, 0, ipid, 0, 0xff, IPPROTO_UDP, 0, 0, 0xffffffff, NULL, 0, context, ip_tag); ether_tag = libnet_build_ethernet(broadcast_mac, source_mac, ETHERTYPE_IP, NULL, 0, context, ether_tag); if (libnet_write(context) == -1) { libnet_destroy(context); errx(EX_UNAVAILABLE, "libnet_write"); } printf("Wrote\n"); libnet_destroy(context); return 0; }
/* * Inject TCP packet with payload */ int inject_tcp_packet(sess_key keyhash, char *payload, u_int8_t flags, u_int16_t window) { // clear libnet_clear_packet(l); // build tcp libnet_build_tcp( sess_map[keyhash].tcp_sport, /* source TCP port */ sess_map[keyhash].tcp_dport, /* destination TCP port */ sess_map[keyhash].tcp_seq, /* sequence number */ sess_map[keyhash].tcp_ack, /* acknowledgement number */ flags, /* control flags */ window, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + (payload[0]!='\0' ? strlen(payload) : 0), /* total length */ (payload[0]!='\0' ? (unsigned char *)payload : NULL), /* payload */ (payload[0]!='\0' ? strlen(payload) : 0), /* payload length */ l, /* libnet context */ 0 /* build new header */ ); // prepare ip packet if(payload[0]!='\0') { // fragmentation if(progopt.frag) { prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst, strlen(payload), progopt.frag); } else { prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst, strlen(payload)); } } else { prep_ipv4(sess_map[keyhash].ip_src, sess_map[keyhash].ip_dst); } // packet injection return libnet_write(l); }
//=============================== //I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so //I wouldn't have to worry about the ethernet header. But something weird happens when I //try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to //192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get //70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct //source port if that connection is already established, but using LIBNET_LINK seems to not //have this problem. I believe it is a kernel related issue. void TcpKill::Execute(const wxString &sIp, u_int nPort) { char szErrBuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t ip; libnet_ptag_t tcp; wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice"); wxString sGameHost = CONFIG(wxString, "Network/GameHost"); int nGamePort = CONFIG(int, "Network/GamePort"); shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort); if (!pNodeInfo) { //Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR); return; } NetInfo &netInfo = Info::Get()->GetNetInfo(); //This is pretty inefficient since I constantly init libnet and destroy it. It would be better //if we could init once and just keep changing the sequence number and destination ip. for (u_int x = 0; x < m_nSeverity; x++) { u_int32_t seq_out = pNodeInfo->last_sentack; libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf); libnet_seed_prand(pLibnet); tcp = libnet_build_tcp(nPort, nGamePort, seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0); u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE); u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE); ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, src_ip, dst_ip, NULL, 0, pLibnet, 0); libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet); libnet_write(pLibnet); libnet_destroy(pLibnet); } }
void sendEth(uint8_t* src, uint8_t* dst, uint8_t* pl, uint8_t num, libnet_t* libnet){ static libnet_ptag_t t = 0; // 0x800 is ipv4 code for ethernet t = libnet_build_ethernet(dst, src, 0x0800, pl, num, libnet,t); if (t == -1){ fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(libnet)); return; } int ec = libnet_write(libnet); if (ec == -1){ fprintf(stderr, "Write error: %s\n", libnet_geterror(libnet)); } else{ fprintf(stdout, "Wrote %d byte Eth packet\n", ec); } }
void send_syns(libnet_t *libnet, u_int32_t source_addr, u_int32_t target_addr, unsigned int port, useconds_t delay) { libnet_seed_prand(libnet); for(;;) { libnet_clear_packet(libnet); libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), port, libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), TH_SYN, 8192, 0, 0, LIBNET_TCP_H, NULL, 0, libnet, 0); libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, source_addr, target_addr, NULL, 0, libnet, 0); if (libnet_write(libnet) < 0) warn("writing SYN failed"); usleep(delay); } }
static int arp_send(libnet_t *l, int op, u_int8_t *sha, in_addr_t spa, u_int8_t *tha, in_addr_t tpa, u_int8_t *me) { int retval; if (!me) me = sha; libnet_autobuild_arp(op, sha, (u_int8_t *)&spa, tha, (u_int8_t *)&tpa, l); libnet_build_ethernet(tha, me, ETHERTYPE_ARP, NULL, 0, l, 0); fprintf(stderr, "%s ", ether_ntoa((struct ether_addr *)me)); if (op == ARPOP_REQUEST) { fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n", ether_ntoa((struct ether_addr *)tha), libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE), libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); } else { fprintf(stderr, "%s 0806 42: arp reply %s is-at ", ether_ntoa((struct ether_addr *)tha), libnet_addr2name4(spa, LIBNET_DONT_RESOLVE)); fprintf(stderr, "%s\n", ether_ntoa((struct ether_addr *)sha)); } retval = libnet_write(l); if (retval) fprintf(stderr, "%s", libnet_geterror(l)); libnet_clear_packet(l); return retval; }
int8_t dot1x_send_raw(struct interface_data *iface, u_int8_t *payload, u_int16_t len, u_int8_t *mac_source, u_int8_t *mac_dest) { libnet_ptag_t t; int32_t sent; t = libnet_build_ethernet( mac_dest, /* ethernet destination */ mac_source, /* ethernet source */ ETHERTYPE_EAP, /* protocol type */ payload, /* payload */ len, /* payload size */ iface->libnet_handler, /* libnet handle */ 0); /* libnet id */ if (t == -1) { thread_libnet_error("Can't build Ethernet_II header",iface->libnet_handler); libnet_clear_packet(iface->libnet_handler); return -1; } sent = libnet_write(iface->libnet_handler); if (sent == -1) { thread_libnet_error("libnet_write error", iface->libnet_handler); libnet_clear_packet(iface->libnet_handler); return -1; } libnet_clear_packet(iface->libnet_handler); protocols[PROTO_DOT1X].packets_out++; iface->packets_out[PROTO_DOT1X]++; return 0; }
int main() { int c, i, seqn; libnet_t *l; libnet_ptag_t tcp, ip, eth; uint8_t *payload, SA[6], DA[6]; ushort payload_s; uint32_t src_ip, dst_ip; uint16_t src_prt, dst_prt; char errbuf[LIBNET_ERRBUF_SIZE]; struct libnet_ether_addr *enet_src; payload_s = 10; payload = malloc(payload_s*sizeof(uint8_t)); memset(payload,0,payload_s); l = libnet_init(LIBNET_LINK, "nf2c0", errbuf); if(l == NULL){ printf("libnet_init() error\n"); goto bad; } enet_src = libnet_get_hwaddr(l); src_ip = libnet_get_ipaddr4(l); dst_ip = (192) | (168<<8) | (101<<16) | (20); //char *srcip; //srcip = libnet_addr2name4(dst_ip,LIBNET_DONT_RESOLVE); //printf("conversion: %s %d\n", srcip,LIBNET_IPV4_H+LIBNET_TCP_H+LIBNET_ETH_H+payload_s); //return 0; sprintf((char*)SA,"%02x:%02x:%02x:%02x:%02x:%02x", (uint8_t)enet_src->ether_addr_octet[0], (uint8_t)enet_src->ether_addr_octet[1], (uint8_t)enet_src->ether_addr_octet[2], (uint8_t)enet_src->ether_addr_octet[3], (uint8_t)enet_src->ether_addr_octet[4], (uint8_t)enet_src->ether_addr_octet[5]); sprintf((char*)DA,"%02x:%02x:%02x:%02x:%02x:%02x", 0x0,0x4E,0x46,0x32,0x43,0x0); src_prt = 80; dst_prt = 1010; //src_ip = (192) | (164<<8)| (0<<16) | (55<<24); tcp = ip = eth = LIBNET_PTAG_INITIALIZER; //for(i=1;i<11;i++){ for(i=0;i<10;i++){ seqn=i*(LIBNET_TCP_H+payload_s+1); tcp = libnet_build_tcp( src_prt, dst_prt, seqn, seqn+LIBNET_TCP_H+payload_s+1, TH_SYN | TH_ACK, 0, 0, 10, LIBNET_TCP_H+payload_s, payload, payload_s, l, tcp); if(tcp ==-1){ printf("libnet_build_tcp() error\n"); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H+LIBNET_TCP_H+payload_s, 0, 242, 0, 64, IPPROTO_TCP, 0, src_ip, dst_ip, NULL, 0, l, ip); if(ip==-1){ printf("libnet_build_ipv4() error\n"); goto bad; } eth = libnet_build_ethernet( DA, SA, ETHERTYPE_IP, NULL, 0, l, eth); if(eth==-1){ printf("libnet_build_ethernet() error\n"); goto bad; } c = libnet_write(l); if(c==-1){ printf("libnet_write() error\n"); goto bad; } else printf("Wrote %d byte TCP packet.\nSeqNum: %d, ackNum: %d\n\n",c,seqn,seqn+LIBNET_TCP_H+payload_s+1); //printf("Wrote %d byte TCP packet.\n",c); sleep(1); } libnet_destroy(l); return 0; bad: libnet_destroy(l); exit(EXIT_FAILURE); }