static int
epcap_open(EPCAP_STATE *ep)
{
char errbuf[PCAP_ERRBUF_SIZE];
if (ep->file) {
PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
} else {
if (ep->dev == NULL)
PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));
#ifdef HAVE_PCAP_CREATE
PCAP_ERRBUF(ep->p = pcap_create(ep->dev, errbuf));
(void)pcap_set_snaplen(ep->p, ep->snaplen);
(void)pcap_set_promisc(ep->p, ep->opt & EPCAP_OPT_PROMISC);
(void)pcap_set_timeout(ep->p, ep->timeout);
if (ep->bufsz > 0)
(void)pcap_set_buffer_size(ep->p, ep->bufsz);
switch (pcap_activate(ep->p)) {
case 0:
break;
case PCAP_WARNING:
case PCAP_ERROR:
case PCAP_WARNING_PROMISC_NOTSUP:
case PCAP_ERROR_NO_SUCH_DEVICE:
case PCAP_ERROR_PERM_DENIED:
pcap_perror(ep->p, "pcap_activate: ");
exit(EXIT_FAILURE);
default:
exit(EXIT_FAILURE);
}
#else
PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen,
ep->opt & EPCAP_OPT_PROMISC, ep->timeout, errbuf));
#endif
/* monitor mode */
#ifdef PCAP_ERROR_RFMON_NOTSUP
if (pcap_can_set_rfmon(ep->p) == 1)
(void)pcap_set_rfmon(ep->p, ep->opt & EPCAP_OPT_RFMON);
#endif
}
ep->datalink = pcap_datalink(ep->p);
return 0;
}
int
epcap_open(EPCAP_STATE *ep)
{
char errbuf[PCAP_ERRBUF_SIZE];
if (ep->file) {
PCAP_ERRBUF(ep->p = pcap_open_offline(ep->file, errbuf));
} else {
if (ep->dev == NULL)
PCAP_ERRBUF(ep->dev = pcap_lookupdev(errbuf));
PCAP_ERRBUF(ep->p = pcap_open_live(ep->dev, ep->snaplen, ep->promisc, ep->timeout, errbuf));
/* monitor mode */
if (pcap_can_set_rfmon(ep->p) == 1)
(void)pcap_set_rfmon(ep->p, ep->rfmon);
}
return (0);
}
int
main(int argc, char *argv[])
{
pkt_t *dp = NULL;
int ch = 0;
u_int32_t count = 5;
u_int32_t group = 0; /* number of packets to send in group */
useconds_t usec = 0; /* rate limit number of SYN's sent */
pid_t pid = 0;
/* pcap */
pcap_t *p = NULL;
char *dev = NULL;
char errbuf[PCAP_ERRBUF_SIZE];
u_int32_t localnet = 0;
u_int32_t netmask = 0;
struct bpf_program fcode;
char *filt = NULL;
/* libnet */
char lerrbuf[LIBNET_ERRBUF_SIZE];
(void)memset(errbuf, 0, PCAP_ERRBUF_SIZE);
(void)memset(lerrbuf, 0, LIBNET_ERRBUF_SIZE);
ISNULL(filt = (char *)calloc(MAXFILT, 1));
ISNULL(dp = (pkt_t *)calloc(1, sizeof(pkt_t)));
dp->p_tcp = LIBNET_PTAG_INITIALIZER;
dp->p_ip = LIBNET_PTAG_INITIALIZER;
dp->winsize = TCP_WINSIZE;
dp->opts |= O_CHKISN; /* check the ISN return in the ACK by default */
drench_exit = 0; /* global, signal exit from loop */
while ( (ch = getopt(argc, argv, "ACc:d:hi:p:P:Rr:s:S:x:")) != EOF) {
switch (ch) {
case 'A': /* Continue ACK'ing all ACK's */
dp->opts |= O_ACK;
break;
case 'C': /* Don't check the returned sequence number in the ACK */
dp->opts ^= O_CHKISN;
break;
case 'c': /* Number of packets to send */
count = (u_int32_t)atoi(optarg);
break;
case 'd': /* Destination address */
dp->daddr = optarg;
break;
case 'h': /* Help */
usage();
break;
case 'i': /* Use interface */
dev = optarg;
break;
case 'p': /* Destination port */
dp->dport = (in_port_t)atoi(optarg);
break;
case 'P':
dp->payload = optarg; /* Send data with the ACK */
break;
case 'r': /* Range of ip's to allocate */
dp->range = (u_int8_t)atoi(optarg);
break;
case 'R': /* Repeat the scan */
dp->opts |= O_REPEAT;
break;
case 's': /* Source address */
dp->saddr = strdup(optarg);
break;
case 'S': /* Sleep (microseconds) */
usec = (useconds_t)atoi(optarg);
break;
case 'x': /* Number of packets to send in group */
group = (u_int32_t)atoi(optarg);
break;
default:
usage();
break;
}
}
if (dp->daddr == NULL) {
(void)fprintf(stderr, "Must specify destination address.\n");
usage();
}
if (dp->dport == 0) {
(void)fprintf(stderr, "Must specify destination port.\n");
usage();
}
if (dp->range == 0)
dp->range = 1;
if (group == 0)
group = dp->range;
if (dev == NULL)
PCAP_ERRBUF(dev = pcap_lookupdev(errbuf));
/* libnet */
dp->l = libnet_init(LIBNET_RAW4, dev, lerrbuf);
if (dp->l == NULL)
errx(EXIT_FAILURE, "libnet_init: %s", lerrbuf);
if (dp->saddr == NULL) {
u_int32_t ipaddr = 0;
/* Assign the inital address. */
/* FIXME Simplisitically assign the address from
* FIXME our current address. Note this breaks for many
* FIXME conditions: if the host is multi-homed, if
* FIXME another host exists on the network with that IP,
* FIXME if the final octet rolls past 254, if the network
* FIXME is classless, IP aliases ...
*
* FIXME We can check for these conditions (check the ARP
* FIXME table, etc), but it is error prone. So just
* FIXME warn the user and hope for the best.
*/
if ( (ipaddr = libnet_get_ipaddr4(dp->l)) == -1)
errx(EXIT_FAILURE, "%s", libnet_geterror(dp->l));
dp->saddr = strdup(libnet_addr2name4(ipaddr, LIBNET_DONT_RESOLVE));
(void)fprintf(stdout, "[%s] WARNING: Source address not assigned.\n", __progname);
}
if (dp->range > 1) {
(void)fprintf(stdout, "[%s] WARNING: Assigning addresses sequentially from %s.\n", __progname,
dp->saddr);
(void)fprintf(stdout, "[%s] WARNING: This may cause problems on your network if addresses conflict with other hosts!\n", __progname);
}
LIBNET_ERR(libnet_seed_prand(dp->l));
dp->secret = libnet_get_prand(LIBNET_PRu32);
/* pcap */
(void)fprintf(stdout, "[%s] Connection exhaustion started.\n", __progname);
(void)fprintf(stdout, "[%s] Using device: %s\n", __progname, dev);
(void)snprintf(filt, MAXFILT, PCAP_FILT, dp->daddr, dp->dport);
(void)fprintf(stdout, "[%s] Using filter: %s\n", __progname, filt);
PCAP_ERRBUF(p = pcap_open_live(dev, SNAPLEN, PROMISC, TIMEOUT, errbuf));
if (pcap_lookupnet(dev, &localnet, &netmask, errbuf) == -1)
errx(EXIT_FAILURE, "%s\n", errbuf);
PCAP_ERR(pcap_compile(p, &fcode, filt, 1 /* optimize == true */, netmask));
PCAP_ERR(pcap_setfilter(p, &fcode));
switch (pcap_datalink(p)) {
case DLT_IEEE802_11:
(void)fprintf(stderr, "[%s] Link layer is 802.11\n", __progname);
break;
case DLT_EN10MB:
(void)fprintf(stderr, "[%s] Link layer is ethernet\n", __progname);
break;
default:
(void)fprintf(stderr, "[%s] Link layer is unsupported\n", __progname);
break;
}
if (create_arp_pool1(dp) < 0)
warnx("Could not create ARP pool");
(void)signal(SIGHUP, drench_cleanup);
(void)signal(SIGQUIT, drench_cleanup);
(void)signal(SIGINT, drench_cleanup);
(void)signal(SIGTERM, drench_cleanup);
if ( (pid = fork()) == -1)
err(EXIT_FAILURE, "fork");
/* begin by sending SYN packets */
if (pid == 0)
drench_writer(dp, count, group, usec);
drench_reader(dp, p);
(void)destroy_arp_pool1(dp);
libnet_destroy(dp->l);
free(dp->saddr);
free(dp);
exit (EXIT_FAILURE);
}
