Diff for /embedaddon/libnet/doc/PACKET_BUILDING between versions 1.1 and 1.1.1.2

version 1.1, 2012/02/21 22:14:23 version 1.1.1.2, 2013/07/22 11:54:41
Line 5 Line 5
 ===============================================================================  ===============================================================================
   
   
    ADDING A NEW PACKET BUILDER    ADDING A NEW PACKET BUILDER, STATIC HEADER SIZE
   
    Adding a new packet building module is usually pretty simple.  It dependsAdding a new packet building module to libnet is usually pretty simple. The
    completely on the complexity of the protocol.  The following documentfollowing short document details how to add a packet builder to libnet for a
    shows you how to add a packet builder for a simple protocol with aprotocol that has a static header size. We'll use the Sebek protocol as an
    static header size, but these concepts can be extended to a complex example to walk through the process.
    protocol also. 
   
    1) Start by defining your protocol header format in libnet-headers.h:1) Make sure you have a good reference for the protocol in question. Be it an
    RFC or an official release doc from the author or vendor, you'll need
    something comprehensive. For Sebek, the comprehensive reference is here:
    http://project.honeynet.org.
   
    #define LIBNET_XXX_H 0xSIZE2) Figure out how big the header is and add it to the top of libnet-headers.h:
   
    struct XXX_hdr#define LIBNET_SEBEK_H          0x30    /* sebek header:          48 bytes */   
    { 
        u_char  field1; 
        u_short field2; 
        u_long  field3; 
    }; 
   
    2) Add a pblock definition to libnet-structures.h (appened to the list):3) Create the protocol header structure and add it to the end of
    libnet-headers.h. Take care to use POSIX datatypes to define all of your
    values. Structure naming conventions are more or less up to you. Since
    they're never exported to the user, it's not a big deal, but try to keep
    them short and descriptive. Convention is to add the symbolic constant 
    #defines above the structure members they apply to.
   
    #define LIBNET_PBLOCK_XXX_H            0xNUMBER /*
  *  Sebek header
  *  Static header size: 48 bytes
  */
 struct libnet_sebek_hdr
 {
     u_int32_t magic;                /* identify packets that should be hidden */
     u_int16_t version;              /* protocol version, currently 1 */
 #define SEBEK_PROTO_VERSION 1
     u_int16_t type;                 /* type of record */
 #define SEBEK_TYPE_READ     0       /* currently, only read is supported */
 #define SEBEK_TYPE_WRITE    1
     u_int32_t counter;              /* PDU counter */
     u_int32_t time_sec;             /* EPOCH timer */
     u_int32_t time_usec;            /* residual microseconds */
     u_int32_t pid;                  /* PID */
     u_int32_t uid;                  /* UID */
     u_int32_t fd;                   /* FD */
 #define SEBEK_CMD_LENGTH   12
     u_int8_t cmd[SEBEK_CMD_LENGTH]; /* 12 first characters of the command */
     u_int32_t length;               /* PDU length */
 };
   
    3) Then work from the following template for libnet_build_XXX.c:3) Append a pblock identifier to the end of the list in libnet-structures.h.
    The ID number is not imporant as long as it is UNIQUE. As such, just find
    the last entry, append the new entry after it, and increase the pblock ID
    by one:
   
   #define LIBNET_PBLOCK_SEBEK_H           0x3f    /* Sebek header */
   
   4) Create your new builder file in src/. Adhere to the "libnet_build_PROTOCOL.c"
      convention. I recommend copying one of the existing builder modules and
      modifying it as you go.
   
   
   4a) 
   
 #if (HAVE_CONFIG_H)  #if (HAVE_CONFIG_H)
 #include "../include/config.h"  #include "../include/config.h"
 #endif  #endif
   #if (!(_WIN32) || (__CYGWIN__)) 
 #include "../include/libnet.h"  #include "../include/libnet.h"
   #else
   #include "../include/win32/libnet.h"
   #endif
   
   libnet_ptag_t
   libnet_build_sebek(u_int32_t magic, u_int16_t version, u_int16_t type,
   u_int32_t counter, u_int32_t time_sec, u_int32_t time_usec, u_int32_t pid,
   u_int32_t uid, u_int32_t fd, u_int8_t cmd[SEBEK_CMD_LENGTH], u_int32_t length,
   u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag)
   {
   
   
 libnet_ptag_t  libnet_ptag_t

Removed from v.1.1  
changed lines
  Added in v.1.1.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>