/*****************************************************************************
* public implementations
****************************************************************************/
struct sender6 * sender6_create(const char *device) /* {{{ */
{
char errbuf[LIBNET_ERRBUF_SIZE];
char *dev;
struct sender6 *sender;
dev = strdup(device);
if(!dev) logea(__FILE__, __LINE__, NULL);
sender = malloc(sizeof(struct sender6));
if(!sender) logea(__FILE__, __LINE__, NULL);
sender->ln = libnet_init(LIBNET_RAW6, dev, errbuf);
if(!sender->ln) goto out_libnet;
free(dev);
sender->ip = libnet_get_ipaddr6(sender->ln);
sender->icmptag = 0;
sender->iptag = 0;
sender->tmptag = 0;
logd(LOG_INFO, "%s dev=%s ok\n", __func__, device);
return sender;
out_libnet:
loge(LOG_FATAL, __FILE__, __LINE__);
logd(LOG_FATAL, "%s: %s", __func__, errbuf);
free(sender);
free(dev);
return NULL;
} /* }}} */
int
main (int argc, char **argv)
{
libnet_t *l;
char err_buf[LIBNET_ERRBUF_SIZE];
char *iface = NULL;
char *src_s = NULL, *victim_s = NULL, *plist_s = NULL;
libnet_plist_t *plist=NULL;
struct libnet_in6_addr src, victim;
int s = 0, d = 0, i = 0, p = 0, opt;
libnet_ptag_t tcp_tag;
u_long seq;
extern char *optarg;
extern int opterr;
printf
("\n6pack - IPv6 Port Scanner - v0.0002 ( http://genhex.org/projects/6pack/ )\n(c) 2003 Bruno Morisson <*****@*****.**>\n\n");
while ((opt = getopt (argc, argv, "vTUb:t:i:p:s:d:")) != -1)
{
switch (opt)
{
case 's':
if (s)
usage ();
src_s = optarg;
s++;
break;
case 'd':
if (d)
usage ();
victim_s = optarg;
d++;
break;
case 'i':
if (i)
usage ();
iface = optarg;
i++;
break;
case 'p':
if (p)
usage ();
plist_s = optarg;
p++;
break;
case 'v':
verbose++;
break;
case 't':
timeout = atoi (optarg);
break;
default:
usage ();
}
}
if (d != 1 || p != 1)
usage ();
if (!(l = libnet_init (LIBNET_RAW6, iface, err_buf)))
{
fprintf (stderr, "error opening raw sock: %s\n", err_buf);
exit (-1);
}
if (!iface)
iface = libnet_getdevice (l);
if (libnet_plist_chain_new (l, &plist, plist_s) == -1)
{
fprintf (stderr, "invalid portlist %s\n", libnet_geterror (l));
exit (-1);
}
if(s)
src = libnet_name2addr6 (l, src_s, LIBNET_RESOLVE);
else
src = libnet_get_ipaddr6(l);
if (!memcmp
((char *) &src, (char *) &in6addr_error, sizeof (in6addr_error)))
{
fprintf (stderr, "error in address: %s\n", libnet_geterror (l));
exit (-1);
}
victim = libnet_name2addr6 (l, victim_s, LIBNET_RESOLVE);
if (!memcmp
((char *) &victim, (char *) &in6addr_error, sizeof (in6addr_error)))
{
fprintf (stderr, "error in address: %s\n", libnet_geterror (l));
exit (-1);
}
printf ("Using device: %s\n", iface);
tcp_tag = build_pkt (l, &seq, src, victim);
signal (SIGCHLD, SIG_IGN); /* We really shouldn't do this... */
if (!collect (iface, seq))
return -1;
printf ("Scanning ports %s on %s\n",
libnet_plist_chain_dump_string (plist), victim_s);
send_tcp_pkts (l, plist, tcp_tag, seq);
return 0;
}
// Purpose: Properly handle arguments and configure global structs (tx)
int getopts (int argc, char *argv[])
{
int i, c, rargs, RX=0, count_set=0, delay_set=0;
unsigned int time_factor;
char *packet_type=NULL, *mops_type=NULL;
char *dum;
unsigned char *dum1, *dum2;
libnet_t *l;
char err_buf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *mymac;
FILE *afp;
char hexpld[MAX_PAYLOAD_SIZE*2];
int hexpld_specified=0;
opterr = 1; // let getopt print error message if necessary
while ((c = getopt(argc, argv, short_options)) != -1)
switch (c) {
case '4':
tx.eth_type = 0x0800;
ipv6_mode=0;
break;
case '6':
tx.eth_type = 0x86dd;
ipv6_mode=1;
break;
case 'h':
help();
break;
case 'q':
quiet=1;
break;
case 'v':
version();
break;
case 'V':
verbose++;
break;
case 'S':
simulate=1;
break;
case 'x':
mz_port = MZ_DEFAULT_PORT;
break;
case 'a':
strncpy (tx.eth_src_txt, optarg, 32);
tx.packet_mode = 0;
break;
case 'A':
strncpy (tx.ip_src_txt, optarg, sizeof(tx.ip_src_txt));
break;
case 'b':
strncpy (tx.eth_dst_txt, optarg, 32);
tx.packet_mode = 0;
break;
case 'B':
strncpy (tx.ip_dst_txt, optarg, sizeof(tx.ip_dst_txt));
break;
case 'c':
errno=0;
tx.count = strtol(optarg, (char **)NULL, 10);
if ((errno == ERANGE && (tx.count == LONG_MAX || tx.count == LONG_MIN))
|| (errno != 0 && tx.count == 0)) {
perror("strtol");
return (-1);
}
if (tx.count<0) tx.count=1; //TODO: Allow count=0 which means infinity (need to update all send_functions)
count_set=1;
break;
case 'd':
errno=0;
// determine whether seconds or msecs are used
// default is usec!!!
time_factor=1;
if (exists(optarg,"s") || exists(optarg,"sec")) time_factor=1000000;
if (exists(optarg,"m") || exists(optarg,"msec")) time_factor=1000;
dum = strtok(optarg,"ms");
tx.delay = strtol(dum, (char **)NULL, 10) * time_factor;
if ((errno == ERANGE && (tx.delay == LONG_MAX || tx.delay == LONG_MIN))
|| (errno != 0 && tx.delay == 0)) {
perror("strtol");
return (-1);
}
if (tx.delay<0) tx.delay=0; // no delay
delay_set=1;
break;
case 'p':
errno=0;
tx.padding = strtol(optarg, (char **)NULL, 10);
if ((errno == ERANGE && (tx.padding == LONG_MAX || tx.padding == LONG_MIN))
|| (errno != 0 && tx.padding == 0)) {
perror("strtol");
return (-1);
}
if (tx.padding>10000) {
fprintf(stderr, " Warning: Padding must not exceed 10000!\n");
return -1;
}
break;
case 't':
packet_type = optarg; // analyzed below
break;
case 'X':
mops_type = optarg; // MOPS TRANSITION STRATEGY -- analyzed below
break;
case 'T':
packet_type = optarg;
RX = 1;
break;
case 'r':
mz_rand = 1;
break;
case 'M':
if (strncmp(optarg,"help",4)==0) {
(void) get_mpls_params("help ");
}
else {
strncpy (tx.mpls_txt, optarg, 128);
tx.eth_type = ETHERTYPE_MPLS;
tx.packet_mode = 0;
tx.mpls=1;
}
break;
case 'P': // ASCII payload
strncpy((char*)tx.ascii_payload, optarg, MAX_PAYLOAD_SIZE);
tx.ascii = 1;
break;
case 'f': // ASCII payload in FILE
afp = fopen(optarg, "r");
if (fgets((char*)tx.ascii_payload, MAX_PAYLOAD_SIZE, afp) == NULL)
fprintf(stderr, " mz/getopts: File empty?\n");
fclose(afp);
tx.ascii = 1;
break;
case 'F': // HEX payload in FILE
afp = fopen(optarg, "r");
i=0;
while ( (hexpld[i]=fgetc(afp))!=EOF ) {
if (isspace(hexpld[i])) {
hexpld[i]=':';
}
i++;
}
hexpld[i]='\0';
fclose(afp);
hexpld_specified=1;
break;
case 'Q': // VLAN TAG
if (strncmp(optarg,"help",4)==0) {
print_dot1Q_help(); // ugly but most simple and safe solution
}
else {
strncpy (tx.dot1Q_txt, optarg, 32);
tx.dot1Q=1;
// determine number of VLAN tags
for (i=0; i<strlen(tx.dot1Q_txt); i++) {
if (tx.dot1Q_txt[i]==',') tx.dot1Q++;
}
tx.packet_mode = 0;
}
break;
case '?':
if ((optopt == 'a') || (optopt == 'b') || (optopt = 'c') ||
(optopt == 'd') || (optopt == 'f') || (optopt = 'p') ||
(optopt == 't') || (optopt == 'm'))
fprintf (stderr, " mz/getopts: Option -%c requires an argument.\n", optopt);
else if (isprint (optopt))
fprintf (stderr, " mz/getopts: Unknown option -%c'.\n", optopt);
else
fprintf (stderr, " mz/getopts: Unknown option character \\x%x'.\n", optopt);
return 1;
default:
fprintf (stderr," mz/getopts: Could not handle arguments properly!\n");
return 1;
}
// ********************************************
// Handle additional arguments
// ********************************************
//
// Greeting text
if (verbose) {
fprintf(stderr,"\n"
MAUSEZAHN_VERSION
"\n"
"Use at your own risk and responsibility!\n"
"-- Verbose mode --\n"
"\n");
}
if (argc<2) {
help();
}
if ((rargs=argc-optind)>2) { // number of remaining arguments
fprintf(stderr," mz/getopts: Too many arguments!\n");
return -1;
}
// There can be 0-2 additional arguments
switch (rargs) {
case 0:
if (lookupdev()) { // no device found
if (verbose) fprintf(stderr, " mz: no active interfaces found!\n");
strcpy(tx.device, "lo");
}
if (verbose) // device found
fprintf(stderr," mz: device not given, will use %s\n",tx.device);
break;
case 1: // arg_string OR device given => find out!
if ( (strncmp(argv[optind],"eth",3)==0)
|| (strncmp(argv[optind],"ath",3)==0)
|| ((strncmp(argv[optind],"lo",2)==0)&&(strncmp(argv[optind],"log",3)!=0))
|| (strncmp(argv[optind],"vmnet",5)==0)
|| (strncmp(argv[optind],"wifi",4)==0) ) {
// device has been specified!
strncpy (tx.device, argv[optind], 16);
}
else { /// arg_string given => no device has been specified -- let's find one!
strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE);
if (lookupdev()) { // no device found
if (verbose) fprintf(stderr, " mz: no active interfaces found!\n");
strcpy(tx.device, "lo");
}
if (verbose)
fprintf(stderr," mz: device not given, will use %s\n",tx.device);
}
break;
case 2: // both device and arg_string given
strncpy (tx.device, argv[optind], 16);
strncpy (tx.arg_string, argv[optind+1], MAX_PAYLOAD_SIZE);
break;
default:
fprintf(stderr," mz/getopts: Unknown argument problem!\n");
return 1;
}
if (hexpld_specified) {
strcat(tx.arg_string, ",p=");
strcat(tx.arg_string, hexpld);
}
//////////////////////////////////////////////////////////////////////////
//
// Initialize MAC and IP Addresses.
//
// - tx.eth_src = own interface MAC
// - tx.ip_src = own interface IP or user specified
// - tx.ip_dst = 255.255.255.255 or user specified (can be a range)
// - tx.ip_src_rand ... is set if needed.
//
// Get own device MAC address:
// Don't open context if only a help text is requested
if (getarg(tx.arg_string,"help", NULL)!=1) {
l = libnet_init (LIBNET_LINK_ADV, tx.device, err_buf );
if (l == NULL) {
fprintf(stderr, " mz/getopts: libnet_init() failed (%s)", err_buf);
return -1;
}
mymac = libnet_get_hwaddr(l);
for (i=0; i<6; i++) {
tx.eth_src[i] = mymac->ether_addr_octet[i];
tx.eth_mac_own[i] = mymac->ether_addr_octet[i];
}
// Set source IP address:
if (strlen(tx.ip_src_txt)) { // option -A has been specified
if (mz_strcmp(tx.ip_src_txt, "bcast", 2)==0) {
tx.ip_src = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
} else if (strcmp(tx.ip_src_txt, "rand") == 0) {
tx.ip_src_rand = 1;
tx.ip_src_h = (u_int32_t) ( ((float) rand()/RAND_MAX)*0xE0000000); //this is 224.0.0.0
}
else if (get_ip_range_src(tx.ip_src_txt)) { // returns 1 when no range has been specified
// name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN:
if (ipv6_mode)
tx.ip6_src = libnet_name2addr6 (l, tx.ip_src_txt, LIBNET_RESOLVE);
else
tx.ip_src = libnet_name2addr4 (l, tx.ip_src_txt, LIBNET_RESOLVE);
}
}
else { // no source IP specified: by default use own IP address
if (ipv6_mode) {
tx.ip6_src = libnet_get_ipaddr6(l);
if (strncmp((char*)&tx.ip6_src,(char*)&in6addr_error,sizeof(in6addr_error))==0)
printf("Failed to set source IPv6 address: %s", l->err_buf);
}
else
tx.ip_src = libnet_get_ipaddr4(l);
}
// Set destination IP address:
if (strlen(tx.ip_dst_txt)) { // option -B has been specified
if (mz_strcmp(tx.ip_dst_txt, "rand", 2)==0) {
fprintf(stderr, "Option -B does not support random destination IP addresses currently.\n");
return 1;
}
if (mz_strcmp(tx.ip_dst_txt, "bcast", 2)==0) {
tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
} else if (get_ip_range_dst(tx.ip_dst_txt)) { // returns 1 when no range has been specified
// name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN:
if (ipv6_mode)
tx.ip6_dst = libnet_name2addr6 (l, tx.ip_dst_txt, LIBNET_RESOLVE);
else
tx.ip_dst = libnet_name2addr4 (l, tx.ip_dst_txt, LIBNET_RESOLVE);
}
}
else { // no destination IP specified: by default use broadcast
tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
}
// Initialize tx.ip_src_h and tx.ip_dst_h which are used by 'print_frame_details()'
// in verbose mode. See 'modifications.c'.
if (tx.ip_src_rand) { // ip_src_h already given, convert to ip_src
dum1 = (unsigned char*) &tx.ip_src_h;
dum2 = (unsigned char*) &tx.ip_src;
}
else { // ip_src already given, convert to ip_src_h
dum1 = (unsigned char*) &tx.ip_src;
dum2 = (unsigned char*) &tx.ip_src_h;
}
*dum2 = *(dum1+3);
dum2++;
*dum2 = *(dum1+2);
dum2++;
*dum2 = *(dum1+1);
dum2++;
*dum2 = *dum1;
dum1 = (unsigned char*) &tx.ip_dst;
dum2 = (unsigned char*) &tx.ip_dst_h;
*dum2 = *(dum1+3);
dum2++;
*dum2 = *(dum1+2);
dum2++;
*dum2 = *(dum1+1);
dum2++;
*dum2 = *dum1;
libnet_destroy(l);
}
//
// END OF ADDRESS INITIALIZATION
//
//////////////////////////////////////////////////////////////////////////
////// retrieve interface parameters ///////
for (i=0; i<device_list_entries; i++) {
get_dev_params(device_list[i].dev);
}
//////////////////////////////////////////////////////////////////////////
//
// Mausezahn CLI desired?
if (mz_port) {
// has port number been specified?
if (strlen(tx.arg_string)) {
mz_port = (int) str2int (tx.arg_string);
}
if (!quiet) {
fprintf(stderr, "Mausezahn accepts incoming Telnet connections on port %i.\n", mz_port);
}
mz_cli_init();
cli();
}
//////////////////////////////////////////////////////////////////////////
//
// Mode decision
//
// Consider -t and -m option (used exclusively)
// -t => special packet types, stateless
//
// If -t not present then evaluate arg_string which must
// contain a byte-string in hexadecimal notation.
//
//
// ***** NEW: MOPS TRANSITION STRATEGY *****
if (mops_type != NULL) {
if (mz_strcmp(mops_type,"lldp",4)==0) {
mops_direct(tx.device, MOPS_LLDP, tx.arg_string);
}
}
if (packet_type == NULL) { // raw hex string given
mode = BYTE_STREAM;
}
else if (strcmp(packet_type,"arp")==0) {
mode = ARP;
}
else if (strcmp(packet_type,"bpdu")==0) {
mode = BPDU;
}
else if (strcmp(packet_type,"ip")==0) {
mode = IP;
}
else if (strcmp(packet_type,"udp")==0) {
mode = UDP;
}
else if (strcmp(packet_type,"icmp")==0) {
mode = ICMP;
}
else if (strcmp(packet_type,"icmp6")==0) {
mode = ICMP6;
}
else if (strcmp(packet_type,"tcp")==0) {
mode = TCP;
}
else if (strcmp(packet_type,"dns")==0) {
mode = DNS;
}
else if (strcmp(packet_type,"cdp")==0) {
mode = CDP;
}
else if (strcmp(packet_type,"syslog")==0) {
mode = SYSLOG;
}
else if (strcmp(packet_type,"lldp")==0) {
mode = LLDP;
tx.packet_mode=0; // create whole frame by ourself
}
else if (strcmp(packet_type,"rtp")==0) {
if (RX) {
mode = RX_RTP;
}
else {
mode = RTP;
if (!count_set) tx.count = 0;
if (!delay_set) tx.delay = 20000; // 20 msec inter-packet delay for RTP
}
}
else if (strcmp(packet_type,"help")==0) {
fprintf(stderr, "\n"
MAUSEZAHN_VERSION
"\n"
"| The following packet types are currently implemented:\n"
"|\n"
"| arp ... sends ARP packets\n"
"| bpdu ... sends BPDU packets (STP or PVST+)\n"
"| cdp ... sends CDP messages\n"
"| ip ... sends IPv4 packets\n"
"| udp ... sends UDP datagrams\n"
"| tcp ... sends TCP segments\n"
"| icmp ... sends ICMP messages\n"
"| dns ... sends DNS messages\n"
"| rtp ... sends RTP datagrams\n"
"| syslog ... sends Syslog messages\n"
"|\n"
"| Of course you can build any other packet type 'manually' using the direct layer 2 mode.\n"
"| FYI: The interactive mode supports additional protocols. (Try mz -x <port>)\n"
"\n"
);
exit(1);
}
else {
fprintf(stderr, " mz: you must specify a valid packet type!\n");
}
//////////////////////////////////////////////////////////////////////////
// TODO: Implement macro support
// Check macro types here
return 0;
}
