int main(int argc,char *argv[])
{
char a;
int sock,r;
u_long src;
u_long dst;
char pktbuf[IP_MAXPACKET];
char payload[]="ABCDEFGHIJKLMNOPRST";
u_char options[4];
struct ipoption ipopt;
bzero(options,OPT_LEN);
while((a=getopt(argc,argv,"d:s:h?"))!=EOF)
{
switch(a) {
case 'h' : { usage(); exit(1); }
case 's' : { src=libnet_name_resolve(optarg,0); break;}
case 'd' : { dst=libnet_name_resolve(optarg,0); break;}
}
}
sock = libnet_open_raw_sock(IPPROTO_RAW);
if (sock<0)
{
perror("socket");
exit(1);
}
libnet_build_ip(strlen(payload),0,0x1337,0,255,0xaa,src,dst,payload,strlen(payload),pktbuf);
memcpy(ipopt.ipopt_list, options, OPT_LEN);
*(ipopt.ipopt_list) = 0xe4;
*(ipopt.ipopt_list+1) = 0;
*(ipopt.ipopt_list+1) = 0;
*(ipopt.ipopt_list+1) = 0;
r=libnet_insert_ipo(&ipopt,OPT_LEN,pktbuf);
if (r <0)
{
libnet_close_raw_sock(sock);
printf("Error ip options insertion failed\n");
exit(1);
}
r=libnet_write_ip(sock,pktbuf,LIBNET_IP_H+OPT_LEN+strlen(payload));
if (r<0)
{
libnet_close_raw_sock(sock);
printf("Error write_ip \n");
exit(1);
}
libnet_close_raw_sock(sock);
return 0;
}
int
main(int argc, char **argv)
{
int sock, c;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char *cp, *buf;
u_char *payload = "hello world";
u_char *options = " This here is a 40-byte IP option list.";
int payload_s = strlen(payload);
int option_s = strlen(options);
struct ipoption ipopt;
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
printf("IP + options and TCP + payload packet building/writing test\n");
while((c = getopt(argc, argv, "d:s:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if (!(dst_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if (!(src_ip = libnet_name_resolve(optarg, 1)))
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* Get packet memory. Let's get plenty.
*/
buf = malloc(IP_MAXPACKET);
if (!buf)
{
perror("No memory for packet");
exit(EXIT_FAILURE);
}
/*
* Open our raw IP socket and set IP_HDRINCL.
*/
sock = libnet_open_raw_sock(IPPROTO_RAW);
if (sock == -1)
{
perror("No socket");
exit(EXIT_FAILURE);
}
/*
* Build the IP header (shown exploded for commenting).
*/
libnet_build_ip(LIBNET_TCP_H + payload_s,/* Size of the payload */
0, /* IP tos */
242, /* IP ID */
0, /* Frag stuff */
48, /* TTL */
IPPROTO_TCP, /* Transport protocol */
src_ip, /* Source IP */
dst_ip, /* Destination IP */
NULL, /* Pointer to payload (none) */
0,
buf); /* Packet header memory */
/*
* Build the TCP header.
*/
libnet_build_tcp(src_prt, /* Source TCP port */
dst_prt, /* Destination TCP port */
11111, /* Sequence number */
99999, /* Acknowledgement number */
TH_SYN|TH_ACK, /* Control flags */
1024, /* Window size */
0, /* Urgent pointer */
payload, /* Pointer to payload */
payload_s,
buf + LIBNET_IP_H); /* Packet header memory */
/*
* Calculate the TCP header checksum (IP header checksum is *always* done
* by the kernel.
*/
libnet_do_checksum(buf, IPPROTO_TCP, LIBNET_TCP_H + payload_s);
memcpy(ipopt.ipopt_list, options, option_s);
*(ipopt.ipopt_list) = IPOPT_SECURITY;
*(ipopt.ipopt_list + 1) = 1;
/*
* Insert the IP options.
*/
c = libnet_insert_ipo(&ipopt, /* pointer to ipopt struct */
option_s, /* Length of option list */
buf); /* Packet header memory */
if (c == -1)
{
fprintf(stderr, "Can't add options, discarding them.\n");
}
/*
* Write the packet to the network.
*/
c = libnet_write_ip(sock, buf, LIBNET_TCP_H + LIBNET_IP_H + payload_s
+ option_s);
if (c < LIBNET_TCP_H + LIBNET_IP_H + payload_s + option_s)
{
fprintf(stderr, "libnet_write_ip: %s\n", strerror(errno));
}
printf("Completed, wrote %d bytes\n", c);
free(buf);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd,
FileData *ipod, char *device)
{
int n;
u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0;
static u_int8_t *pkt;
static int sockfd = -1;
struct libnet_link_int *l2 = NULL;
u_int8_t link_offset = 0;
#if !defined(WIN32)
int sockbuff = IP_MAXPACKET;
#endif
if (pd->file_mem == NULL)
pd->file_s = 0;
if (ipod->file_mem == NULL)
ipod->file_s = 0;
if (got_link) /* data link layer transport */
{
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
link_offset = LIBNET_ETH_H;
}
else
{
if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
{
nemesis_device_failure(INJECTION_RAW, (const char *)NULL);
return -1;
}
#if !defined(WIN32)
if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff,
sizeof(sockbuff))) < 0)
{
fprintf(stderr, "ERROR: setsockopt() failed.\n");
return -1;
}
#endif
}
udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s +
ipod->file_s;
udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H);
#ifdef DEBUG
printf("DEBUG: UDP packet length %u.\n", udp_packetlen);
printf("DEBUG: IP options size %u.\n", ipod->file_s);
printf("DEBUG: UDP payload size %u.\n", pd->file_s);
#endif
if (libnet_init_packet(udp_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
return -1;
}
if (got_link)
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP,
NULL, 0, pkt);
libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off,
ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr,
NULL, 0, pkt + link_offset);
libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem,
pd->file_s, pkt + link_offset + LIBNET_IP_H);
if (got_ipoptions)
{
if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem,
ipod->file_s, pkt + link_offset)) == -1)
{
fprintf(stderr, "ERROR: Unable to add IP options, discarding "
"them.\n");
}
}
if (got_link)
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H +
ipod->file_s);
libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H +
pd->file_s + ipod->file_s);
if (got_link)
n = libnet_write_link_layer(l2, device, pkt, udp_packetlen);
else
n = libnet_write_ip(sockfd, pkt, udp_packetlen);
if (verbose == 2)
nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE);
if (n != udp_packetlen)
{
fprintf(stderr, "ERROR: Incomplete packet injection. Only wrote "
"%d bytes.\n", n);
}
else
{
if (verbose)
{
if (got_link)
printf("Wrote %d byte UDP packet through linktype %s.\n", n,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte UDP packet.\n", n);
}
}
libnet_destroy_packet(&pkt);
if (got_link)
libnet_close_link_interface(l2);
else
libnet_close_raw_sock(sockfd);
return n;
}