/* Copyright (C) 2011-2015 P.D. Buchan (pdbuchan@yahoo.com)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
// Send an IPv4 TCP packet via raw socket at the link layer (ethernet frame).
// Need to have destination MAC address.
// Values set for SYN packet with two TCP options: set maximum
// segment size, and provide TCP timestamp.
#include
#include
#include // close()
#include // strcpy, memset(), and memcpy()
#include // struct addrinfo
#include // needed for socket(), uint8_t, uint16_t, uint32_t
#include // needed for socket()
#include // IPPROTO_TCP, INET_ADDRSTRLEN
#include // struct ip and IP_MAXPACKET (which is 65535)
#define __FAVOR_BSD // Use BSD format of tcp header
#include // struct tcphdr
#include // inet_pton() and inet_ntop()
#include // macro ioctl is defined
#include // defines values for argument "request" of ioctl.
#include // struct ifreq
#include // ETH_P_IP = 0x0800, ETH_P_IPV6 = 0x86DD
#include // struct sockaddr_ll (see man 7 packet)
#include
#include // errno, perror()
// Define some constants.
#define ETH_HDRLEN 14 // Ethernet header length
#define IP4_HDRLEN 20 // IPv4 header length
#define TCP_HDRLEN 20 // TCP header length, excludes options data
// Function prototypes
uint16_t checksum (uint16_t *, int);
uint16_t tcp4_checksum (struct ip, struct tcphdr, uint8_t *, int);
char *allocate_strmem (int);
char **allocate_strmemp (int);
uint8_t *allocate_ustrmem (int);
uint8_t **allocate_ustrmemp (int);
int *allocate_intmem (int);
int
main (int argc, char **argv) {
int i, c, status, frame_length, sd, bytes, *ip_flags, *tcp_flags, nopt, *opt_len, buf_len;
char *interface, *target, *src_ip, *dst_ip;
struct ip iphdr;
struct tcphdr tcphdr;
uint8_t *src_mac, *dst_mac, *ether_frame;
uint8_t **options, *opt_buffer;
struct addrinfo hints, *res;
struct sockaddr_in *ipv4;
struct sockaddr_ll device;
struct ifreq ifr;
void *tmp;
// Allocate memory for various arrays.
src_mac = allocate_ustrmem (6);
dst_mac = allocate_ustrmem (6);
ether_frame = allocate_ustrmem (IP_MAXPACKET);
interface = allocate_strmem (40);
target = allocate_strmem (40);
src_ip = allocate_strmem (INET_ADDRSTRLEN);
dst_ip = allocate_strmem (INET_ADDRSTRLEN);
ip_flags = allocate_intmem (4);
tcp_flags = allocate_intmem (8);
opt_len = allocate_intmem (10);
options = allocate_ustrmemp (10);
for (i=0; i<10; i++) {
options[i] = allocate_ustrmem (40);
}
opt_buffer = allocate_ustrmem (40);
// Interface to send packet through.
strcpy (interface, "eno1");
// Submit request for a socket descriptor to look up interface.
if ((sd = socket (PF_PACKET, SOCK_RAW, htons (ETH_P_ALL))) < 0) {
perror ("socket() failed to get socket descriptor for using ioctl() ");
exit (EXIT_FAILURE);
}
// Use ioctl() to look up interface name and get its MAC address.
memset (&ifr, 0, sizeof (ifr));
snprintf (ifr.ifr_name, sizeof (ifr.ifr_name), "%s", interface);
if (ioctl (sd, SIOCGIFHWADDR, &ifr) < 0) {
perror ("ioctl() failed to get source MAC address ");
return (EXIT_FAILURE);
}
close (sd);
// Copy source MAC address.
memcpy (src_mac, ifr.ifr_hwaddr.sa_data, 6 * sizeof (uint8_t));
// Report source MAC address to stdout.
printf ("MAC address for interface %s is ", interface);
for (i=0; i<5; i++) {
printf ("%02x:", src_mac[i]);
}
printf ("%02x\n", src_mac[5]);
// Find interface index from interface name and store index in
// struct sockaddr_ll device, which will be used as an argument of sendto().
memset (&device, 0, sizeof (device));
if ((device.sll_ifindex = if_nametoindex (interface)) == 0) {
perror ("if_nametoindex() failed to obtain interface index ");
exit (EXIT_FAILURE);
}
printf ("Index for interface %s is %i\n", interface, device.sll_ifindex);
// Set destination MAC address: you need to fill these out
dst_mac[0] = 0xff;
dst_mac[1] = 0xff;
dst_mac[2] = 0xff;
dst_mac[3] = 0xff;
dst_mac[4] = 0xff;
dst_mac[5] = 0xff;
// Source IPv4 address: you need to fill this out
strcpy (src_ip, "192.168.0.240");
// Destination URL or IPv4 address: you need to fill this out
strcpy (target, "www.google.com");
// Fill out hints for getaddrinfo().
memset (&hints, 0, sizeof (struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = hints.ai_flags | AI_CANONNAME;
// Resolve target using getaddrinfo().
if ((status = getaddrinfo (target, NULL, &hints, &res)) != 0) {
fprintf (stderr, "getaddrinfo() failed for target: %s\n", gai_strerror (status));
exit (EXIT_FAILURE);
}
ipv4 = (struct sockaddr_in *) res->ai_addr;
tmp = &(ipv4->sin_addr);
if (inet_ntop (AF_INET, tmp, dst_ip, INET_ADDRSTRLEN) == NULL) {
status = errno;
fprintf (stderr, "inet_ntop() failed for target.\nError message: %s", strerror (status));
exit (EXIT_FAILURE);
}
freeaddrinfo (res);
// Fill out sockaddr_ll.
device.sll_family = AF_PACKET;
memcpy (device.sll_addr, src_mac, 6 * sizeof (uint8_t));
device.sll_halen = 6;
// Number of TCP options
nopt = 2;
// First TCP option - Maximum segment size
opt_len[0] = 0;
options[0][0] = 2u; opt_len[0]++; // Option kind 2 = maximum segment size
options[0][1] = 4u; opt_len[0]++; // This option kind is 4 bytes long
options[0][2] = 0x1u; opt_len[0]++; // Set maximum segment size to 0x100 = 256
options[0][3] = 0x0u; opt_len[0]++;
// Second TCP option - Timestamp option
opt_len[1] = 0;
options[1][0] = 8u; opt_len[1]++; // Option kind 8 = Timestamp option (TSOPT)
options[1][1] = 10u; opt_len[1]++; // This option is 10 bytes long
options[1][2] = 0x2u; opt_len[1]++; // Set the sender's timestamp (TSval) (4 bytes) (need SYN set to be valid)
options[1][3] = 0x3u; opt_len[1]++;
options[1][4] = 0x4u; opt_len[1]++;
options[1][5] = 0x5u; opt_len[1]++;
options[1][6] = 0x6u; opt_len[1]++; // Set the echo timestamp (TSecr) (4 bytes) (need ACK set to be valid)
options[1][7] = 0x7u; opt_len[1]++;
options[1][8] = 0x8u; opt_len[1]++;
options[1][9] = 0x9u; opt_len[1]++;
// Copy all options into single options buffer.
buf_len = 0;
c = 0; // index to opt_buffer
for (i=0; i 1) {
sum += *(addr++);
count -= 2;
}
// Add left-over byte, if any.
if (count > 0) {
sum += *(uint8_t *) addr;
}
// Fold 32-bit sum into 16 bits; we lose information by doing this,
// increasing the chances of a collision.
// sum = (lower 16 bits) + (upper 16 bits shifted right 16 bits)
while (sum >> 16) {
sum = (sum & 0xffff) + (sum >> 16);
}
// Checksum is one's compliment of sum.
answer = ~sum;
return (answer);
}
// Build IPv4 TCP pseudo-header and call checksum function.
uint16_t
tcp4_checksum (struct ip iphdr, struct tcphdr tcphdr, uint8_t *options, int opt_len) {
uint16_t svalue;
char buf[IP_MAXPACKET], cvalue;
char *ptr;
int chksumlen = 0;
ptr = &buf[0]; // ptr points to beginning of buffer buf
// Copy source IP address into buf (32 bits)
memcpy (ptr, &iphdr.ip_src.s_addr, sizeof (iphdr.ip_src.s_addr));
ptr += sizeof (iphdr.ip_src.s_addr);
chksumlen += sizeof (iphdr.ip_src.s_addr);
// Copy destination IP address into buf (32 bits)
memcpy (ptr, &iphdr.ip_dst.s_addr, sizeof (iphdr.ip_dst.s_addr));
ptr += sizeof (iphdr.ip_dst.s_addr);
chksumlen += sizeof (iphdr.ip_dst.s_addr);
// Copy zero field to buf (8 bits)
*ptr = 0; ptr++;
chksumlen += 1;
// Copy transport layer protocol to buf (8 bits)
memcpy (ptr, &iphdr.ip_p, sizeof (iphdr.ip_p));
ptr += sizeof (iphdr.ip_p);
chksumlen += sizeof (iphdr.ip_p);
// Copy TCP length to buf (16 bits)
svalue = htons (sizeof (tcphdr) + opt_len);
memcpy (ptr, &svalue, sizeof (svalue));
ptr += sizeof (svalue);
chksumlen += sizeof (svalue);
// Copy TCP source port to buf (16 bits)
memcpy (ptr, &tcphdr.th_sport, sizeof (tcphdr.th_sport));
ptr += sizeof (tcphdr.th_sport);
chksumlen += sizeof (tcphdr.th_sport);
// Copy TCP destination port to buf (16 bits)
memcpy (ptr, &tcphdr.th_dport, sizeof (tcphdr.th_dport));
ptr += sizeof (tcphdr.th_dport);
chksumlen += sizeof (tcphdr.th_dport);
// Copy sequence number to buf (32 bits)
memcpy (ptr, &tcphdr.th_seq, sizeof (tcphdr.th_seq));
ptr += sizeof (tcphdr.th_seq);
chksumlen += sizeof (tcphdr.th_seq);
// Copy acknowledgement number to buf (32 bits)
memcpy (ptr, &tcphdr.th_ack, sizeof (tcphdr.th_ack));
ptr += sizeof (tcphdr.th_ack);
chksumlen += sizeof (tcphdr.th_ack);
// Copy data offset to buf (4 bits) and
// copy reserved bits to buf (4 bits)
cvalue = (tcphdr.th_off << 4) + tcphdr.th_x2;
memcpy (ptr, &cvalue, sizeof (cvalue));
ptr += sizeof (cvalue);
chksumlen += sizeof (cvalue);
// Copy TCP flags to buf (8 bits)
memcpy (ptr, &tcphdr.th_flags, sizeof (tcphdr.th_flags));
ptr += sizeof (tcphdr.th_flags);
chksumlen += sizeof (tcphdr.th_flags);
// Copy TCP window size to buf (16 bits)
memcpy (ptr, &tcphdr.th_win, sizeof (tcphdr.th_win));
ptr += sizeof (tcphdr.th_win);
chksumlen += sizeof (tcphdr.th_win);
// Copy TCP checksum to buf (16 bits)
// Zero, since we don't know it yet
*ptr = 0; ptr++;
*ptr = 0; ptr++;
chksumlen += 2;
// Copy urgent pointer to buf (16 bits)
memcpy (ptr, &tcphdr.th_urp, sizeof (tcphdr.th_urp));
ptr += sizeof (tcphdr.th_urp);
chksumlen += sizeof (tcphdr.th_urp);
// Copy TCP options to buf (variable length, but in 32-bit chunks)
memcpy (ptr, options, opt_len);
ptr += opt_len;
chksumlen += opt_len;
return checksum ((uint16_t *) buf, chksumlen);
}
// Allocate memory for an array of chars.
char *
allocate_strmem (int len) {
void *tmp;
if (len <= 0) {
fprintf (stderr, "ERROR: Cannot allocate memory because len = %i in allocate_strmem().\n", len);
exit (EXIT_FAILURE);
}
tmp = (char *) malloc (len * sizeof (char));
if (tmp != NULL) {
memset (tmp, 0, len * sizeof (char));
return (tmp);
} else {
fprintf (stderr, "ERROR: Cannot allocate memory for array allocate_strmem().\n");
exit (EXIT_FAILURE);
}
}
// Allocate memory for an array of unsigned chars.
uint8_t *
allocate_ustrmem (int len) {
void *tmp;
if (len <= 0) {
fprintf (stderr, "ERROR: Cannot allocate memory because len = %i in allocate_ustrmem().\n", len);
exit (EXIT_FAILURE);
}
tmp = (uint8_t *) malloc (len * sizeof (uint8_t));
if (tmp != NULL) {
memset (tmp, 0, len * sizeof (uint8_t));
return (tmp);
} else {
fprintf (stderr, "ERROR: Cannot allocate memory for array allocate_ustrmem().\n");
exit (EXIT_FAILURE);
}
}
// Allocate memory for an array of pointers to arrays of unsigned chars.
uint8_t **
allocate_ustrmemp (int len) {
void *tmp;
if (len <= 0) {
fprintf (stderr, "ERROR: Cannot allocate memory because len = %i in allocate_ustrmemp().\n", len);
exit (EXIT_FAILURE);
}
tmp = (uint8_t **) malloc (len * sizeof (uint8_t *));
if (tmp != NULL) {
memset (tmp, 0, len * sizeof (uint8_t *));
return (tmp);
} else {
fprintf (stderr, "ERROR: Cannot allocate memory for array allocate_ustrmemp().\n");
exit (EXIT_FAILURE);
}
}
// Allocate memory for an array of ints.
int *
allocate_intmem (int len) {
void *tmp;
if (len <= 0) {
fprintf (stderr, "ERROR: Cannot allocate memory because len = %i in allocate_intmem().\n", len);
exit (EXIT_FAILURE);
}
tmp = (int *) malloc (len * sizeof (int));
if (tmp != NULL) {
memset (tmp, 0, len * sizeof (int));
return (tmp);
} else {
fprintf (stderr, "ERROR: Cannot allocate memory for array allocate_intmem().\n");
exit (EXIT_FAILURE);
}
}