1 /*
2 *
3 * libnet 1.1
4 * Build a BGP4 open message with what you want as payload
5 *
6 * Copyright (c) 2003 Frédéric Raynal <pappy@security-labs.org>
7 * All rights reserved.
8 *
9 * Examples:
10 *
11 * minimal BGP OPEN message:
12 *
13 * ./bgp4_open -s 1.1.1.1 -d 2.2.2.2
14 *
15 * 12:17:00.879139 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
16 * 16843009:16843038(29) win 32767: BGP (ttl 64, id 242, len 69)
17 * 0x0000 4500 0045 00f2 0000 4006 73bc 0101 0101 E..E....@.s.....
18 * 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
19 * 0x0020 5002 7fff ad2e 0000 0101 0101 0101 0101 P...............
20 * 0x0030 0101 0101 0101 0101 001d 0104 1234 5678 .............4Vx
21 * 0x0040 dead beef 00 .....
22 *
23 *
24 * use payload as BGP option for authentication:
25 *
26 * ./bgp4_open -s 1.1.1.1 -d 2.2.2.2 -p `printf "\x01\x01\x00"` -S 3
27 *
28 * 12:15:48.102808 1.1.1.1.26214 > 2.2.2.2.179: S [tcp sum ok]
29 * 16843009:16843041(32) win 32767: BGP (ttl 64, id 242, len 72)
30 * 0x0000 4500 0048 00f2 0000 4006 73b9 0101 0101 E..H....@.s.....
31 * 0x0010 0202 0202 6666 00b3 0101 0101 0202 0202 ....ff..........
32 * 0x0020 5002 7fff a927 0000 0101 0101 0101 0101 P....'..........
33 * 0x0030 0101 0101 0101 0101 0020 0104 1234 5678 .............4Vx
34 * 0x0040 dead beef 0301 0100 ........
35 *
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 *
46 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56 * SUCH DAMAGE.
57 *
58 */
59 #if (HAVE_CONFIG_H)
60 #include "../include/config.h"
61 #endif
62 #include "./libnet_test.h"
63
64 int
main(int argc,char * argv[])65 main(int argc, char *argv[])
66 {
67 int c;
68 libnet_t *l;
69 u_long src_ip, dst_ip, length;
70 libnet_ptag_t t = 0;
71 char errbuf[LIBNET_ERRBUF_SIZE];
72 u_char *payload = NULL;
73 u_long payload_s = 0;
74 u_char marker[LIBNET_BGP4_MARKER_SIZE];
75
76 printf("libnet 1.1 packet shaping: BGP4 open + payload[raw]\n");
77
78 /*
79 * Initialize the library. Root priviledges are required.
80 */
81 l = libnet_init(
82 LIBNET_RAW4, /* injection type */
83 NULL, /* network interface */
84 errbuf); /* error buffer */
85
86 if (l == NULL)
87 {
88 fprintf(stderr, "libnet_init() failed: %s", errbuf);
89 exit(EXIT_FAILURE);
90 }
91
92 src_ip = 0;
93 dst_ip = 0;
94 memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
95
96 while ((c = getopt(argc, argv, "d:s:t:m:p:S:")) != EOF)
97 {
98 switch (c)
99 {
100 /*
101 * We expect the input to be of the form `ip.ip.ip.ip.port`. We
102 * point cp to the last dot of the IP address/port string and
103 * then seperate them with a NULL byte. The optarg now points to
104 * just the IP address, and cp points to the port.
105 */
106 case 'd':
107 if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
108 {
109 fprintf(stderr, "Bad destination IP address: %s\n", optarg);
110 exit(EXIT_FAILURE);
111 }
112 break;
113
114 case 's':
115 if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
116 {
117 fprintf(stderr, "Bad source IP address: %s\n", optarg);
118 exit(EXIT_FAILURE);
119 }
120 break;
121
122 case 'm':
123 memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
124 break;
125
126 case 'p':
127 payload = optarg;
128 break;
129
130 case 'S':
131 payload_s = atoi(optarg);
132 break;
133
134 default:
135 exit(EXIT_FAILURE);
136 }
137 }
138
139 if (!src_ip || !dst_ip)
140 {
141 usage(argv[0]);
142 goto bad;
143 }
144
145 if (payload_s && !payload)
146 {
147 payload = (u_char *)malloc(payload_s);
148 if (!payload)
149 {
150 printf("memory allocation failed (%ld bytes requested)\n", payload_s);
151 goto bad;
152 }
153 memset(payload, 0x41, payload_s);
154 }
155
156
157 if (payload && !payload_s)
158 {
159 payload_s = strlen(payload);
160 }
161
162 length = LIBNET_BGP4_OPEN_H + payload_s;
163 t = libnet_build_bgp4_open(
164 4, /* version */
165 0x3412, /* my AS */
166 0x7856, /* hold time */
167 0xefbeadde, /* BGP id */
168 payload_s, /* options length */
169 payload, /* payload */
170 payload_s, /* payload size */
171 l, /* libnet handle */
172 0); /* libnet id */
173 if (t == -1)
174 {
175 fprintf(stderr, "Can't build BGP4 open header: %s\n", libnet_geterror(l));
176 goto bad;
177 }
178
179 length+=LIBNET_BGP4_HEADER_H;
180 t = libnet_build_bgp4_header(
181 marker, /* marker */
182 length, /* length */
183 LIBNET_BGP4_OPEN, /* message type */
184 NULL, /* payload */
185 0, /* payload size */
186 l, /* libnet handle */
187 0); /* libnet id */
188 if (t == -1)
189 {
190 fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
191 goto bad;
192 }
193
194 length+=LIBNET_TCP_H;
195 t = libnet_build_tcp(
196 0x6666, /* source port */
197 179, /* destination port */
198 0x01010101, /* sequence number */
199 0x02020202, /* acknowledgement num */
200 TH_SYN, /* control flags */
201 32767, /* window size */
202 0, /* checksum */
203 0, /* urgent pointer */
204 length, /* TCP packet size */
205 NULL, /* payload */
206 0, /* payload size */
207 l, /* libnet handle */
208 0); /* libnet id */
209 if (t == -1)
210 {
211 fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
212 goto bad;
213 }
214
215 length+=LIBNET_IPV4_H;
216 t = libnet_build_ipv4(
217 length, /* length */
218 0, /* TOS */
219 242, /* IP ID */
220 0, /* IP Frag */
221 64, /* TTL */
222 IPPROTO_TCP, /* protocol */
223 0, /* checksum */
224 src_ip, /* source IP */
225 dst_ip, /* destination IP */
226 NULL, /* payload */
227 0, /* payload size */
228 l, /* libnet handle */
229 0); /* libnet id */
230 if (t == -1)
231 {
232 fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
233 goto bad;
234 }
235
236 /*
237 * Write it to the wire.
238 */
239 c = libnet_write(l);
240 if (c == -1)
241 {
242 fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
243 goto bad;
244 }
245 else
246 {
247 fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
248 }
249
250 libnet_destroy(l);
251 return (EXIT_SUCCESS);
252 bad:
253 libnet_destroy(l);
254 return (EXIT_FAILURE);
255 }
256
257 void
usage(char * name)258 usage(char *name)
259 {
260 fprintf(stderr,
261 "usage: %s -s source_ip -d destination_ip"
262 " [-m marker] [-p payload] [-S payload size]\n",
263 name);
264 }
265
266 /* EOF */
267