version 1.1, 2012/02/21 22:14:23
|
version 1.1.1.2, 2013/07/22 11:54:41
|
Line 5
|
Line 5
|
=============================================================================== |
=============================================================================== |
|
|
|
|
ADDING A NEW PACKET BUILDER | ADDING A NEW PACKET BUILDER, STATIC HEADER SIZE |
|
|
Adding a new packet building module is usually pretty simple. It depends | Adding a new packet building module to libnet is usually pretty simple. The |
completely on the complexity of the protocol. The following document | following short document details how to add a packet builder to libnet for a |
shows you how to add a packet builder for a simple protocol with a | protocol that has a static header size. We'll use the Sebek protocol as an |
static header size, but these concepts can be extended to a complex | example to walk through the process. |
protocol also. | |
|
|
1) Start by defining your protocol header format in libnet-headers.h: | 1) Make sure you have a good reference for the protocol in question. Be it an |
| RFC or an official release doc from the author or vendor, you'll need |
| something comprehensive. For Sebek, the comprehensive reference is here: |
| http://project.honeynet.org. |
|
|
#define LIBNET_XXX_H 0xSIZE | 2) Figure out how big the header is and add it to the top of libnet-headers.h: |
|
|
struct XXX_hdr | #define LIBNET_SEBEK_H 0x30 /* sebek header: 48 bytes */ |
{ | |
u_char field1; | |
u_short field2; | |
u_long field3; | |
}; | |
|
|
2) Add a pblock definition to libnet-structures.h (appened to the list): | 3) Create the protocol header structure and add it to the end of |
| libnet-headers.h. Take care to use POSIX datatypes to define all of your |
| values. Structure naming conventions are more or less up to you. Since |
| they're never exported to the user, it's not a big deal, but try to keep |
| them short and descriptive. Convention is to add the symbolic constant |
| #defines above the structure members they apply to. |
|
|
#define LIBNET_PBLOCK_XXX_H 0xNUMBER | /* |
| * Sebek header |
| * Static header size: 48 bytes |
| */ |
| struct libnet_sebek_hdr |
| { |
| u_int32_t magic; /* identify packets that should be hidden */ |
| u_int16_t version; /* protocol version, currently 1 */ |
| #define SEBEK_PROTO_VERSION 1 |
| u_int16_t type; /* type of record */ |
| #define SEBEK_TYPE_READ 0 /* currently, only read is supported */ |
| #define SEBEK_TYPE_WRITE 1 |
| u_int32_t counter; /* PDU counter */ |
| u_int32_t time_sec; /* EPOCH timer */ |
| u_int32_t time_usec; /* residual microseconds */ |
| u_int32_t pid; /* PID */ |
| u_int32_t uid; /* UID */ |
| u_int32_t fd; /* FD */ |
| #define SEBEK_CMD_LENGTH 12 |
| u_int8_t cmd[SEBEK_CMD_LENGTH]; /* 12 first characters of the command */ |
| u_int32_t length; /* PDU length */ |
| }; |
|
|
3) Then work from the following template for libnet_build_XXX.c: | 3) Append a pblock identifier to the end of the list in libnet-structures.h. |
| The ID number is not imporant as long as it is UNIQUE. As such, just find |
| the last entry, append the new entry after it, and increase the pblock ID |
| by one: |
|
|
|
#define LIBNET_PBLOCK_SEBEK_H 0x3f /* Sebek header */ |
|
|
|
4) Create your new builder file in src/. Adhere to the "libnet_build_PROTOCOL.c" |
|
convention. I recommend copying one of the existing builder modules and |
|
modifying it as you go. |
|
|
|
|
|
4a) |
|
|
#if (HAVE_CONFIG_H) |
#if (HAVE_CONFIG_H) |
#include "../include/config.h" |
#include "../include/config.h" |
#endif |
#endif |
|
#if (!(_WIN32) || (__CYGWIN__)) |
#include "../include/libnet.h" |
#include "../include/libnet.h" |
|
#else |
|
#include "../include/win32/libnet.h" |
|
#endif |
|
|
|
libnet_ptag_t |
|
libnet_build_sebek(u_int32_t magic, u_int16_t version, u_int16_t type, |
|
u_int32_t counter, u_int32_t time_sec, u_int32_t time_usec, u_int32_t pid, |
|
u_int32_t uid, u_int32_t fd, u_int8_t cmd[SEBEK_CMD_LENGTH], u_int32_t length, |
|
u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) |
|
{ |
|
|
|
|
libnet_ptag_t |
libnet_ptag_t |