* $Id: libnet_write.c,v 1.21 2005/11/29 21:52:41 carlosc Exp $
* libnet_write.c - writes a prebuilt packet to the network
* Copyright (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com>
* Copyright (c) 2002 - 2003 Roberto Larcher <roberto.larcher@libero.it>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
#include "../include/config.h"
#if (!(_WIN32) || (__CYGWIN__))
#include "../include/libnet.h"
#include "../include/win32/libnet.h"
#include "../include/win32/config.h"
libnet_write(libnet_t
*l
)
c
= libnet_pblock_coalesce(l
, &packet
, &len
);
/* err msg set in libnet_pblock_coalesce() */
switch (l
->injection_type
)
if (len
> LIBNET_MAX_PACKET
)
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): packet is too large (%d bytes)\n",
c
= libnet_write_raw_ipv4(l
, packet
, len
);
c
= libnet_write_raw_ipv6(l
, packet
, len
);
c
= libnet_write_link(l
, packet
, len
);
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): unsuported injection type\n", __func__
);
l
->stats
.bytes_written
+= c
;
l
->stats
.packet_errors
++;
* XXX - we probably should have a way to retrieve the number of
* bytes actually written (since we might have written something).
l
->stats
.bytes_written
+= c
;
* Restore original pointer address so free won't complain about a
* modified chunk pointer.
packet
= packet
- l
->aligner
;
libnet_win32_build_fake_ethernet(u_int8_t
*dst
, u_int8_t
*src
, u_int16_t type
,
u_int8_t
*payload
, u_int32_t payload_s
, u_int8_t
*packet
, libnet_t
*l
,
struct libnet_ethernet_hdr eth_hdr
;
memset(ð_hdr
, 0, sizeof(eth_hdr
));
eth_hdr
.ether_type
= htons(type
);
memcpy(eth_hdr
.ether_dhost
, dst
, ETHER_ADDR_LEN
); /* destination address */
memcpy(eth_hdr
.ether_shost
, src
, ETHER_ADDR_LEN
); /* source address */
if (payload
&& payload_s
)
* Unchecked runtime error for buf + ETH_H payload to be greater than
* the allocated heap memory.
memcpy(packet
+ LIBNET_ETH_H
, payload
, payload_s
);
memcpy(packet
, ð_hdr
, sizeof(eth_hdr
));
libnet_win32_build_fake_token(u_int8_t
*dst
, u_int8_t
*src
, u_int16_t type
,
u_int8_t
*payload
, u_int32_t payload_s
, u_int8_t
*packet
, libnet_t
*l
,
struct libnet_token_ring_hdr token_ring_hdr
;
memset(&token_ring_hdr
, 0, sizeof(token_ring_hdr
));
token_ring_hdr
.token_ring_access_control
= 0x10;
token_ring_hdr
.token_ring_frame_control
= 0x40;
token_ring_hdr
.token_ring_llc_dsap
= 0xaa;
token_ring_hdr
.token_ring_llc_ssap
= 0xaa;
token_ring_hdr
.token_ring_llc_control_field
= 0x03;
token_ring_hdr
.token_ring_type
= htons(type
);
memcpy(token_ring_hdr
.token_ring_dhost
, dst
, ETHER_ADDR_LEN
);
memcpy(token_ring_hdr
.token_ring_shost
, libnet_get_hwaddr(l
),
if (payload
&& payload_s
)
* Unchecked runtime error for buf + ETH_H payload to be greater than
* the allocated heap memory.
memcpy(packet
+ LIBNET_TOKEN_RING_H
, payload
, payload_s
);
memcpy(packet
, &token_ring_hdr
, sizeof(token_ring_hdr
));
libnet_win32_write_raw_ipv4(libnet_t
*l
, u_int8_t
*payload
, u_int32_t payload_s
)
static BYTE dst
[ETHER_ADDR_LEN
];
static BYTE src
[ETHER_ADDR_LEN
];
LPPACKET lpPacket
= NULL
;
struct libnet_ipv4_hdr
*ip_hdr
= NULL
;
memset(dst
, 0, sizeof(dst
));
memset(src
, 0, sizeof(src
));
packet_s
= payload_s
+ l
->link_offset
;
packet
= (u_int8_t
*)malloc(packet_s
);
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): failed to allocate packet\n", __func__
);
/* we have to do the IP checksum */
if (libnet_do_checksum(l
, payload
, IPPROTO_IP
, LIBNET_IPV4_H
) == -1)
/* error msg set in libnet_do_checksum */
/* MACs, IPs and other stuff... */
ip_hdr
= (struct libnet_ipv4_hdr
*)payload
;
memcpy(src
, libnet_get_hwaddr(l
), sizeof(src
));
remoteip
= ip_hdr
->ip_dst
.S_un
.S_addr
;
/* check if the remote station is the local station */
if (remoteip
== libnet_get_ipaddr4(l
))
memcpy(dst
, src
, sizeof(dst
));
memcpy(dst
, libnet_win32_get_remote_mac(l
, remoteip
), sizeof(dst
));
PacketGetNetType(l
->lpAdapter
, &type
);
libnet_win32_build_fake_ethernet(dst
, src
, ETHERTYPE_IP
, payload
,
payload_s
, packet
, l
, 0);
libnet_win32_build_fake_token(dst
, src
, ETHERTYPE_IP
, payload
,
payload_s
, packet
, l
, 0);
case NdisMediumArcnet878_2
:
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): network type (%d) is not supported\n", __func__
,
if ((lpPacket
= PacketAllocatePacket()) == NULL
)
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): failed to allocate the LPPACKET structure\n", __func__
);
PacketInitPacket(lpPacket
, packet
, packet_s
);
/* PacketSendPacket returns a BOOLEAN */
if (PacketSendPacket(l
->lpAdapter
, lpPacket
, TRUE
))
BytesTransfered
= packet_s
;
PacketFreePacket(lpPacket
);
return (BytesTransfered
);
libnet_write_raw_ipv4(libnet_t
*l
, u_int8_t
*packet
, u_int32_t size
)
return (libnet_win32_write_raw_ipv4(l
, packet
, size
));
libnet_write_raw_ipv6(libnet_t
*l
, u_int8_t
*packet
, u_int32_t size
)
/* no difference in win32 */
return (libnet_write_raw_ipv4(l
, packet
, size
));
libnet_write_raw_ipv4(libnet_t
*l
, u_int8_t
*packet
, u_int32_t size
)
struct libnet_ipv4_hdr
*ip_hdr
;
ip_hdr
= (struct libnet_ipv4_hdr
*)packet
;
#if (LIBNET_BSD_BYTE_SWAP)
* For link access, we don't need to worry about the inconsistencies of
* certain BSD kernels. However, raw socket nuances abound. Certain
* BSD implmentations require the ip_len and ip_off fields to be in host
ip_hdr
->ip_len
= FIX(ip_hdr
->ip_len
);
ip_hdr
->ip_off
= FIX(ip_hdr
->ip_off
);
#endif /* LIBNET_BSD_BYTE_SWAP */
memset(&sin
, 0, sizeof(sin
));
sin
.sin_family
= AF_INET
;
sin
.sin_addr
.s_addr
= ip_hdr
->ip_dst
.s_addr
;
* XXX - should first check to see if there's a pblock for a TCP
* header, if not we can use a dummy value for the port.
struct libnet_tcp_hdr
*tcph_p
=
(struct libnet_tcp_hdr
*)(packet
+ (ip_hdr
->ip_hl
<< 2));
sin
.sin_port
= tcph_p
->th_dport
;
* XXX - should first check to see if there's a pblock for a UDP
* header, if not we can use a dummy value for the port.
else if (ip_hdr
->ip_p
== 17)
struct libnet_udp_hdr
*udph_p
=
(struct libnet_udp_hdr
*)(packet
+ (ip_hdr
->ip_hl
<< 2));
sin
.sin_port
= udph_p
->uh_dport
;
c
= sendto(l
->fd
, packet
, size
, 0, (struct sockaddr
*)&sin
,
sizeof(struct sockaddr
));
#if (LIBNET_BSD_BYTE_SWAP)
ip_hdr
->ip_len
= UNFIX(ip_hdr
->ip_len
);
ip_hdr
->ip_off
= UNFIX(ip_hdr
->ip_off
);
#endif /* LIBNET_BSD_BYTE_SWAP */
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): %d bytes written (%s)\n", __func__
, c
,
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): %d bytes written (%d)\n", __func__
, c
,
libnet_write_raw_ipv6(libnet_t
*l
, u_int8_t
*packet
, u_int32_t size
)
#if defined HAVE_SOLARIS && !defined HAVE_SOLARIS_IPV6
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
, "%s(): no IPv6 support\n",
__func__
, strerror(errno
));
struct libnet_ipv6_hdr
*ip_hdr
;
ip_hdr
= (struct libnet_ipv6_hdr
*)packet
;
memset(&sin
, 0, sizeof(sin
));
sin
.sin6_family
= AF_INET6
;
memcpy(sin
.sin6_addr
.s6_addr
, ip_hdr
->ip_dst
.libnet_s6_addr
,
sizeof(ip_hdr
->ip_dst
.libnet_s6_addr
));
c
= sendto(l
->fd
, packet
, size
, 0, (struct sockaddr
*)&sin
, sizeof(sin
));
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): %d bytes written (%s)\n", __func__
, c
,
snprintf(l
->err_buf
, LIBNET_ERRBUF_SIZE
,
"%s(): %d bytes written (%d)\n", __func__
, c
,