1: /*
2: *
3: * libnet 1.1
4: * Build a BGP4 open message with what you want as payload
5: *
6: * Copyright (c) 2003 Frédéric Raynal <pappy@security-labs.org>
7: * All rights reserved.
8: *
9: * Examples:
10: *
11: * minimal BGP OPEN message:
12: *
13: * ./bgp4_open -s 1.1.1.1 -d 2.2.2.2
14: *
15: * 12:17:00.879139 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
16: * 16843009:16843038(29) win 32767: BGP (ttl 64, id 242, len 69)
17: * 0x0000 4500 0045 00f2 0000 4006 73bc 0101 0101 E..E....@.s.....
18: * 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
19: * 0x0020 5002 7fff ad2e 0000 0101 0101 0101 0101 P...............
20: * 0x0030 0101 0101 0101 0101 001d 0104 1234 5678 .............4Vx
21: * 0x0040 dead beef 00 .....
22: *
23: *
24: * use payload as BGP option for authentication:
25: *
26: * ./bgp4_open -s 1.1.1.1 -d 2.2.2.2 -p `printf "\x01\x01\x00"` -S 3
27: *
28: * 12:15:48.102808 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
29: * 16843009:16843041(32) win 32767: BGP (ttl 64, id 242, len 72)
30: * 0x0000 4500 0048 00f2 0000 4006 73b9 0101 0101 E..H....@.s.....
31: * 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
32: * 0x0020 5002 7fff a927 0000 0101 0101 0101 0101 P....'..........
33: * 0x0030 0101 0101 0101 0101 0020 0104 1234 5678 .............4Vx
34: * 0x0040 dead beef 0301 0100 ........
35: *
36: *
37: * Redistribution and use in source and binary forms, with or without
38: * modification, are permitted provided that the following conditions
39: * are met:
40: * 1. Redistributions of source code must retain the above copyright
41: * notice, this list of conditions and the following disclaimer.
42: * 2. Redistributions in binary form must reproduce the above copyright
43: * notice, this list of conditions and the following disclaimer in the
44: * documentation and/or other materials provided with the distribution.
45: *
46: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
47: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56: * SUCH DAMAGE.
57: *
58: */
59: #if (HAVE_CONFIG_H)
60: #include "../include/config.h"
61: #endif
62: #include "./libnet_test.h"
63:
64: int
65: main(int argc, char *argv[])
66: {
67: int c;
68: libnet_t *l;
69: u_long src_ip, dst_ip, length;
70: libnet_ptag_t t = 0;
71: char errbuf[LIBNET_ERRBUF_SIZE];
72: u_char *payload = NULL;
73: u_long payload_s = 0;
74: u_char marker[LIBNET_BGP4_MARKER_SIZE];
75:
76: printf("libnet 1.1 packet shaping: BGP4 open + payload[raw]\n");
77:
78: /*
79: * Initialize the library. Root priviledges are required.
80: */
81: l = libnet_init(
82: LIBNET_RAW4, /* injection type */
83: NULL, /* network interface */
84: errbuf); /* error buffer */
85:
86: if (l == NULL)
87: {
88: fprintf(stderr, "libnet_init() failed: %s", errbuf);
89: exit(EXIT_FAILURE);
90: }
91:
92: src_ip = 0;
93: dst_ip = 0;
94: memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
95:
96: while ((c = getopt(argc, argv, "d:s:t:m:p:S:")) != EOF)
97: {
98: switch (c)
99: {
100: /*
101: * We expect the input to be of the form `ip.ip.ip.ip.port`. We
102: * point cp to the last dot of the IP address/port string and
103: * then seperate them with a NULL byte. The optarg now points to
104: * just the IP address, and cp points to the port.
105: */
106: case 'd':
107: if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
108: {
109: fprintf(stderr, "Bad destination IP address: %s\n", optarg);
110: exit(EXIT_FAILURE);
111: }
112: break;
113:
114: case 's':
115: if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
116: {
117: fprintf(stderr, "Bad source IP address: %s\n", optarg);
118: exit(EXIT_FAILURE);
119: }
120: break;
121:
122: case 'm':
123: memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
124: break;
125:
126: case 'p':
127: payload = optarg;
128: break;
129:
130: case 'S':
131: payload_s = atoi(optarg);
132: break;
133:
134: default:
135: exit(EXIT_FAILURE);
136: }
137: }
138:
139: if (!src_ip || !dst_ip)
140: {
141: usage(argv[0]);
142: goto bad;
143: }
144:
145: if (payload_s && !payload)
146: {
147: payload = (u_char *)malloc(payload_s);
148: if (!payload)
149: {
150: printf("memory allocation failed (%ld bytes requested)\n", payload_s);
151: goto bad;
152: }
153: memset(payload, 0x41, payload_s);
154: }
155:
156:
157: if (payload && !payload_s)
158: {
159: payload_s = strlen(payload);
160: }
161:
162: length = LIBNET_BGP4_OPEN_H + payload_s;
163: t = libnet_build_bgp4_open(
164: 4, /* version */
165: 0x3412, /* my AS */
166: 0x7856, /* hold time */
167: 0xefbeadde, /* BGP id */
168: payload_s, /* options length */
169: payload, /* payload */
170: payload_s, /* payload size */
171: l, /* libnet handle */
172: 0); /* libnet id */
173: if (t == -1)
174: {
175: fprintf(stderr, "Can't build BGP4 open header: %s\n", libnet_geterror(l));
176: goto bad;
177: }
178:
179: length+=LIBNET_BGP4_HEADER_H;
180: t = libnet_build_bgp4_header(
181: marker, /* marker */
182: length, /* length */
183: LIBNET_BGP4_OPEN, /* message type */
184: NULL, /* payload */
185: 0, /* payload size */
186: l, /* libnet handle */
187: 0); /* libnet id */
188: if (t == -1)
189: {
190: fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
191: goto bad;
192: }
193:
194: length+=LIBNET_TCP_H;
195: t = libnet_build_tcp(
196: 0x6666, /* source port */
197: 179, /* destination port */
198: 0x01010101, /* sequence number */
199: 0x02020202, /* acknowledgement num */
200: TH_SYN, /* control flags */
201: 32767, /* window size */
202: 0, /* checksum */
203: 0, /* urgent pointer */
204: length, /* TCP packet size */
205: NULL, /* payload */
206: 0, /* payload size */
207: l, /* libnet handle */
208: 0); /* libnet id */
209: if (t == -1)
210: {
211: fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
212: goto bad;
213: }
214:
215: length+=LIBNET_IPV4_H;
216: t = libnet_build_ipv4(
217: length, /* length */
218: 0, /* TOS */
219: 242, /* IP ID */
220: 0, /* IP Frag */
221: 64, /* TTL */
222: IPPROTO_TCP, /* protocol */
223: 0, /* checksum */
224: src_ip, /* source IP */
225: dst_ip, /* destination IP */
226: NULL, /* payload */
227: 0, /* payload size */
228: l, /* libnet handle */
229: 0); /* libnet id */
230: if (t == -1)
231: {
232: fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
233: goto bad;
234: }
235:
236: /*
237: * Write it to the wire.
238: */
239: c = libnet_write(l);
240: if (c == -1)
241: {
242: fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
243: goto bad;
244: }
245: else
246: {
247: fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
248: }
249:
250: libnet_destroy(l);
251: return (EXIT_SUCCESS);
252: bad:
253: libnet_destroy(l);
254: return (EXIT_FAILURE);
255: }
256:
257: void
258: usage(char *name)
259: {
260: fprintf(stderr,
261: "usage: %s -s source_ip -d destination_ip"
262: " [-m marker] [-p payload] [-S payload size]\n",
263: name);
264: }
265:
266: /* EOF */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to bgp4_open.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libnet / sample