1 /******************************************************************************/
2 /* */
3 /* Copyright (c) International Business Machines Corp., 2006 */
4 /* */
5 /* This program is free software; you can redistribute it and/or modify */
6 /* it under the terms of the GNU General Public License as published by */
7 /* the Free Software Foundation; either version 2 of the License, or */
8 /* (at your option) any later version. */
9 /* */
10 /* This program is distributed in the hope that it will be useful, */
11 /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
12 /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See */
13 /* the GNU General Public License for more details. */
14 /* */
15 /* You should have received a copy of the GNU General Public License */
16 /* along with this program; if not, write to the Free Software */
17 /* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */
18 /* */
19 /******************************************************************************/
20
21 /*
22 * File:
23 * ns-icmpv4_sender.c
24 *
25 * Description:
26 * This is ICMPv4 echo request sender.
27 * This utility is also able to set illegal information in the IP header
28 *
29 * Author:
30 * Mitsuru Chinen <mitch@jp.ibm.com>
31 *
32 * History:
33 * Mar 5 2006 - Created (Mitsuru Chinen)
34 *---------------------------------------------------------------------------*/
35
36 /*
37 * Header Files
38 */
39 #include <stdio.h>
40 #include <stdlib.h>
41 #include <string.h>
42 #include <errno.h>
43 #include <netdb.h>
44 #include <signal.h>
45 #include <time.h>
46 #include <unistd.h>
47 #include <sys/ioctl.h>
48 #include <sys/socket.h>
49 #include <arpa/inet.h>
50 #include <net/ethernet.h>
51 #include <net/if_arp.h>
52
53 #include "ns-traffic.h"
54
55 /*
56 * Structure Definitions
57 */
58 struct icmpv4_fake {
59 struct ip4_datagram pkt;
60 char *src_ifname;
61 struct sockaddr_ll saddr_ll;
62 struct sockaddr_ll daddr_ll;
63 struct in_addr saddr;
64 struct in_addr daddr;
65 unsigned short int pkt_size;
66 unsigned short int data_size;
67 double timeout;
68
69 u_int16_t fake_flag;
70 };
71
72 /*
73 * Gloval variables
74 */
75 char *program_name; /* program name */
76 struct sigaction handler; /* Behavior for a signal */
77 int catch_sighup; /* When catch the SIGHUP, set to non-zero */
78
79 /*
80 * Function: usage()
81 *
82 * Descripton:
83 * Print the usage of this program. Then, terminate this program with
84 * the specified exit value.
85 *
86 * Argument:
87 * exit_value: exit value
88 *
89 * Return value:
90 * This function does not return.
91 */
usage(char * program_name,int exit_value)92 void usage(char *program_name, int exit_value)
93 {
94 FILE *stream = stdout; /* stream where the usage is output */
95
96 if (exit_value == EXIT_FAILURE)
97 stream = stderr;
98
99 fprintf(stream, "%s [OPTION]\n"
100 "\t-I if_name\tInterface name of the source host\n"
101 "\t-S ip_addr\tIPv4 address of the source host\n"
102 "\t-M mac_addr\tMAC address of the destination host\n"
103 "\t-D ip_addr\tIPv4 address of the destination host\n"
104 "\t-s packetsize\tnumber of data bytes (exclude header)\n"
105 "\t-t value\ttimeout [sec]\n"
106 "\t-d\t\tdisplay debug informations\n"
107 "\t-h\t\tdisplay this usage\n"
108 "\n"
109 "\t[options for fake]\n"
110 "\t -c\tbreak checksum\n"
111 "\t -f\tbreak fragment information\n"
112 "\t -i\tbreak IPv4 destination address\n"
113 "\t -l\tbreak header length\n"
114 "\t -L\tbreak total length\n"
115 "\t -p\tbreak protocol number\n"
116 "\t -v\tbreak IP version\n", program_name);
117 exit(exit_value);
118 }
119
120 /*
121 * Function: set_signal_flag()
122 *
123 * Description:
124 * This function sets global variables accordig to signal
125 *
126 * Argument:
127 * type: type of signal
128 *
129 * Return value:
130 * None
131 */
set_signal_flag(int type)132 void set_signal_flag(int type)
133 {
134 if (debug)
135 fprintf(stderr, "Catch signal. type is %d\n", type);
136
137 switch (type) {
138 case SIGHUP:
139 catch_sighup = 1;
140 handler.sa_handler = SIG_IGN;
141 if (sigaction(type, &handler, NULL) < 0)
142 fatal_error("sigaction()");
143 break;
144
145 default:
146 fprintf(stderr, "Unexpected signal (%d) is caught\n", type);
147 exit(EXIT_FAILURE);
148 }
149 }
150
151 /*
152 * Function: parse_options()
153 *
154 * Description:
155 * This function parse the options, then modify the fake icmp data
156 *
157 * Argument:
158 * argc: the number of argument
159 * argv: arguments
160 * fake_p: pointer to data of fake icmp data to modify
161 *
162 * Return value:
163 * None
164 */
parse_options(int argc,char * argv[],struct icmpv4_fake * fake_p)165 void parse_options(int argc, char *argv[], struct icmpv4_fake *fake_p)
166 {
167 int optc; /* option */
168 unsigned long opt_ul; /* option value in unsigned long */
169 double opt_d; /* option value in double */
170 struct in_addr opt_addr; /* option value in struct in_addr */
171 struct sockaddr_ll opt_addr_ll; /* option value in struct sockaddr_ll */
172 int is_specified_src_ifname = 0;
173 int is_specified_saddr = 0;
174 int is_specified_daddr_ll = 0;
175 int is_specified_daddr = 0;
176
177 while ((optc = getopt(argc, argv, "I:S:M:D:s:t:dhcfilLpv")) != EOF) {
178 switch (optc) {
179 case 'I':
180 fake_p->src_ifname = strdup(optarg);
181 if (fake_p->src_ifname == NULL)
182 fatal_error("strdup() failed.");
183 is_specified_src_ifname = 1;
184 break;
185
186 case 'S':
187 if (inet_pton(AF_INET, optarg, &opt_addr) <= 0) {
188 fprintf(stderr, "Source address is wrong\n");
189 usage(program_name, EXIT_FAILURE);
190 }
191 fake_p->saddr = opt_addr;
192 is_specified_saddr = 1;
193 break;
194
195 case 'M':
196 if (eth_pton(AF_INET, optarg, &opt_addr_ll)) {
197 fprintf(stderr,
198 "Destination MAC address is wrong\n");
199 usage(program_name, EXIT_FAILURE);
200 }
201 fake_p->daddr_ll = opt_addr_ll;
202 is_specified_daddr_ll = 1;
203 break;
204
205 case 'D':
206 if (inet_pton(AF_INET, optarg, &opt_addr) <= 0) {
207 fprintf(stderr,
208 "Destination address is wrong\n");
209 usage(program_name, EXIT_FAILURE);
210 }
211 fake_p->daddr = opt_addr;
212 is_specified_daddr = 1;
213 break;
214
215 case 's':
216 opt_ul = strtoul(optarg, NULL, 0);
217 if (opt_ul > ICMPV4_DATA_MAXSIZE) {
218 fprintf(stderr,
219 "Data size sholud be less than %d\n",
220 ICMPV4_DATA_MAXSIZE + 1);
221 usage(program_name, EXIT_FAILURE);
222 }
223 fake_p->data_size = opt_ul;
224 break;
225
226 case 't':
227 opt_d = strtod(optarg, NULL);
228 if (opt_d < 0.0) {
229 fprintf(stderr,
230 "Timeout should be positive value\n");
231 usage(program_name, EXIT_FAILURE);
232 }
233 fake_p->timeout = opt_d;
234 break;
235
236 case 'd':
237 debug = 1;
238 break;
239
240 case 'h':
241 usage(program_name, EXIT_SUCCESS);
242 break;
243
244 /* Options for fake */
245 case 'c':
246 fake_p->fake_flag |= FAKE_CHECK;
247 break;
248
249 case 'f':
250 fake_p->fake_flag |= FAKE_FRAGMENT;
251 break;
252
253 case 'i':
254 fake_p->fake_flag |= FAKE_DADDR;
255 break;
256
257 case 'l':
258 fake_p->fake_flag |= FAKE_IHL;
259 break;
260
261 case 'L':
262 fake_p->fake_flag |= FAKE_TOT_LEN;
263 break;
264
265 case 'p':
266 fake_p->fake_flag |= FAKE_PROTOCOL;
267 break;
268
269 case 'v':
270 fake_p->fake_flag |= FAKE_VERSION;
271 break;
272
273 default:
274 usage(program_name, EXIT_FAILURE);
275 }
276 }
277
278 if (!is_specified_src_ifname) {
279 fprintf(stderr,
280 "Interface name of the source host is not specified\n");
281 usage(program_name, EXIT_FAILURE);
282 }
283
284 if (!is_specified_saddr) {
285 fprintf(stderr, "Source IP address is not specified\n");
286 usage(program_name, EXIT_FAILURE);
287 }
288
289 if (!is_specified_daddr_ll) {
290 fprintf(stderr, "Destination MAC address is not specified\n");
291 usage(program_name, EXIT_FAILURE);
292 }
293
294 if (!is_specified_daddr) {
295 fprintf(stderr, "Destination IP address is not specified\n");
296 usage(program_name, EXIT_FAILURE);
297 }
298 }
299
300 /*
301 * Function: complete_eth_addrs()
302 *
303 * Description:
304 * This function sets the source and destination ethernet address completely
305 *
306 * Argument:
307 * fake_p: pointer to data of fake icmp structure
308 *
309 * Return value:
310 * None
311 *
312 */
complete_eth_addrs(struct icmpv4_fake * fake_p)313 void complete_eth_addrs(struct icmpv4_fake *fake_p)
314 {
315 int sock_fd; /* Socket for ioctl() */
316 struct ifreq ifinfo; /* Interface information */
317
318 if ((sock_fd = socket(AF_PACKET, SOCK_DGRAM, 0)) < 0)
319 fatal_error("socket()");
320
321 /* Source */
322 fake_p->saddr_ll.sll_family = AF_PACKET; /* Always AF_PACKET */
323 fake_p->saddr_ll.sll_protocol = htons(ETH_P_IP); /* IPv4 */
324 fake_p->saddr_ll.sll_hatype = ARPHRD_ETHER; /* Header type */
325 fake_p->saddr_ll.sll_pkttype = PACKET_HOST; /* Packet type */
326 fake_p->saddr_ll.sll_halen = ETH_ALEN; /* Length of address */
327
328 /* Get the MAC address of the interface at source host */
329 get_ifinfo(&ifinfo, sock_fd, fake_p->src_ifname, SIOCGIFHWADDR);
330 memcpy(fake_p->saddr_ll.sll_addr, ifinfo.ifr_hwaddr.sa_data, ETH_ALEN);
331
332 /* Get the interface index */
333 get_ifinfo(&ifinfo, sock_fd, fake_p->src_ifname, SIOCGIFINDEX);
334 fake_p->saddr_ll.sll_ifindex = ifinfo.ifr_ifindex;
335 fake_p->daddr_ll.sll_ifindex = ifinfo.ifr_ifindex;
336
337 close(sock_fd);
338 }
339
340 /*
341 * Function: create_clean_packet()
342 *
343 * Description:
344 * This function creates icmpv4 packet without any fakes
345 *
346 * Argument:
347 * fake_p: pointer to data of fake icmp structure
348 *
349 * Return value:
350 * None
351 */
create_clean_packet(struct icmpv4_fake * fake_p)352 void create_clean_packet(struct icmpv4_fake *fake_p)
353 {
354 struct ip4_datagram pkt; /* sending IPv4 packet */
355 struct icmp4_segment *icmp_p; /* ICMPv4 part of sending packet */
356 unsigned short int pkt_size;
357
358 memset(&pkt, '\0', sizeof(struct ip4_datagram));
359 pkt_size = sizeof(struct iphdr) /* IP header */
360 +sizeof(struct icmphdr) /* ICMP header */
361 +fake_p->data_size; /* ICMP payload */
362
363 icmp_p = (struct icmp4_segment *)&(pkt.payload);
364
365 /* IPv4 Header */
366 pkt.hdr.version = 4;
367 pkt.hdr.ihl = sizeof(struct iphdr) / 4;
368 pkt.hdr.tos = 0;
369 pkt.hdr.tot_len = htons(pkt_size);
370 pkt.hdr.id = htons(IPV4_PACKET_ID);
371 pkt.hdr.frag_off = htons(IPV4_DEFAULT_FLAG);
372 pkt.hdr.ttl = IPV4_DEFAULT_TTL;
373 pkt.hdr.protocol = IPPROTO_ICMP;
374 pkt.hdr.check = 0; /* Calculate later */
375 pkt.hdr.saddr = fake_p->saddr.s_addr;
376 pkt.hdr.daddr = fake_p->daddr.s_addr;
377
378 /* ICMPv4 Header */
379 icmp_p->hdr.type = ICMP_ECHO;
380 icmp_p->hdr.code = 0;
381 icmp_p->hdr.checksum = 0; /* Calculate later */
382 icmp_p->hdr.un.echo.id = htons(ICMP_ECHO_ID);
383 icmp_p->hdr.un.echo.sequence = htons(1);
384
385 /* ICMPv4 Payload */
386 fill_payload(icmp_p->data, fake_p->data_size);
387
388 /* Calcualte checksums */
389 pkt.hdr.check = calc_checksum((u_int16_t *) (&pkt.hdr),
390 sizeof(struct iphdr));
391 icmp_p->hdr.checksum = calc_checksum((u_int16_t *) icmp_p,
392 sizeof(struct icmphdr) +
393 fake_p->data_size);
394
395 /* Store the clean packet data */
396 fake_p->pkt = pkt;
397 fake_p->pkt_size = pkt_size;
398 }
399
400 /*
401 * Function: thrust_fakes()
402 *
403 * Description:
404 * This function thrust fake information to the icmp packet
405 *
406 * Argument:
407 * pkt : Payload of the Ethernet frame (Namely, IPv6 packet
408 * fake_flag: Flag which represents what information would be faked
409 *
410 * Return value:
411 * None
412 */
thrust_fakes(struct ip4_datagram * pkt,u_int16_t fake_flag)413 void thrust_fakes(struct ip4_datagram *pkt, u_int16_t fake_flag)
414 {
415 int rand_val;
416 size_t bitsize;
417 u_int32_t seed;
418
419 if (debug)
420 fprintf(stderr, "fake_flag = %2x\n", fake_flag);
421
422 if (fake_flag & FAKE_VERSION) { /* version */
423 bitsize = 4;
424 seed = bit_change_seed(bitsize, 1);
425 pkt->hdr.version ^= seed;
426 }
427
428 if (fake_flag & FAKE_IHL) { /* header length */
429 bitsize = 4;
430 seed = bit_change_seed(bitsize, 1);
431 pkt->hdr.ihl ^= seed;
432 }
433
434 if (fake_flag & FAKE_TOT_LEN) { /* total length */
435 bitsize = sizeof(pkt->hdr.tot_len) * 8;
436 seed = bit_change_seed(bitsize, bitsize / 8);
437 pkt->hdr.tot_len ^= seed;
438 }
439
440 if (fake_flag & FAKE_FRAGMENT) { /* fragment information */
441 /* Set reserved flag */
442 rand_val = rand() / ((RAND_MAX + 1U) / 16);
443 if (!rand_val) {
444 if (debug)
445 fprintf(stderr, "Up reserved bit\n");
446 pkt->hdr.frag_off |= htonl(0x80000000);
447 }
448
449 /* Set more fragments flag */
450 rand_val = rand() / ((RAND_MAX + 1U) / 3);
451 if (!rand_val) {
452 if (debug)
453 fprintf(stderr, "Set more fragments flag\n");
454 pkt->hdr.frag_off |= htons(0x2000);
455 }
456
457 /* Unset unfragmented flag */
458 rand_val = rand() / ((RAND_MAX + 1U) / 3);
459 if (!rand_val) {
460 if (debug)
461 fprintf(stderr, "Unset unfragmented flag\n");
462 pkt->hdr.frag_off &= htons(0xbfff);
463 }
464
465 /* Set fragment offset */
466 rand_val = rand() / ((RAND_MAX + 1U) / 3);
467 if (!rand_val) {
468 bitsize = 13;
469 seed = bit_change_seed(bitsize, 0);
470 if (debug)
471 fprintf(stderr, "Set fragment offset %02x\n",
472 seed);
473 pkt->hdr.frag_off |= htons(seed);
474 }
475 }
476
477 if (fake_flag & FAKE_PROTOCOL) { /* protocol */
478 rand_val = rand() / ((RAND_MAX + 1U) / 5);
479 switch (rand_val) {
480 case 1:
481 case 2:
482 if (debug)
483 fprintf(stderr, "Bit reverse\n");
484 bitsize = sizeof(pkt->hdr.protocol) * 8;
485 seed = bit_change_seed(bitsize, 0);
486 pkt->hdr.protocol ^= seed;
487 break;
488
489 case 3:
490 case 4:
491 if (debug)
492 fprintf(stderr, "Unknown Protocol\n");
493 if (rand_val) {
494 int number;
495 int counter;
496 for (counter = 0; counter <= 0xff; counter++) {
497 number =
498 rand() / ((RAND_MAX + 1U) / 0x100);
499 if (getprotobynumber(number) == NULL) {
500 pkt->hdr.protocol = number;
501 break;
502 }
503 }
504 }
505 break;
506
507 default:
508 if (debug)
509 fprintf(stderr, "Do nothing\n");
510 break;
511 }
512 }
513
514 if (fake_flag & FAKE_DADDR) { /* destination address */
515 bitsize = sizeof(pkt->hdr.daddr) * 8;
516 seed = bit_change_seed(bitsize, bitsize / 8);
517 pkt->hdr.daddr ^= seed;
518 }
519
520 /* Recalculate checksum once */
521 pkt->hdr.check = 0;
522 pkt->hdr.check =
523 calc_checksum((u_int16_t *) & (pkt->hdr), sizeof(struct iphdr));
524
525 if (fake_flag & FAKE_CHECK) { /* checksum */
526 bitsize = sizeof(pkt->hdr.check) * 8;
527 seed = bit_change_seed(bitsize, bitsize / 8);
528 pkt->hdr.check ^= seed;
529 }
530 }
531
532 /*
533 * Function: send_packet()
534 *
535 * Description:
536 * This function sends icmpv4 packet
537 *
538 * Argument:
539 * fake_p: pointer to data of fake icmp structure
540 *
541 * Return value:
542 * None
543 */
send_packets(struct icmpv4_fake * fake_p)544 void send_packets(struct icmpv4_fake *fake_p)
545 {
546 int sock_fd;
547 int retval;
548 struct ip4_datagram pkt;
549 double start_time;
550
551 /* Open a socket */
552 sock_fd = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP));
553 if (sock_fd < 0)
554 fatal_error("socket()");
555
556 /* Bind the socket to the physical address */
557 retval = bind(sock_fd, (struct sockaddr *)&(fake_p->saddr_ll),
558 sizeof(struct sockaddr_ll));
559 if (retval < 0)
560 fatal_error("bind()");
561
562 /* Set singal hander for SIGHUP */
563 handler.sa_handler = set_signal_flag;
564 handler.sa_flags = 0;
565 if (sigfillset(&handler.sa_mask) < 0)
566 fatal_error("sigfillset()");
567 if (sigaction(SIGHUP, &handler, NULL) < 0)
568 fatal_error("sigfillset()");
569
570 /*
571 * loop for sending packets
572 */
573 pkt = fake_p->pkt;
574 start_time = time(NULL);
575
576 for (;;) {
577 if (fake_p->fake_flag) {
578 pkt = fake_p->pkt;
579 thrust_fakes(&pkt, fake_p->fake_flag);
580 }
581
582 retval = sendto(sock_fd, &pkt, fake_p->pkt_size, 0,
583 (struct sockaddr *)&(fake_p->daddr_ll),
584 sizeof(struct sockaddr_ll));
585 if (retval < 0)
586 fatal_error("sendto()");
587
588 if (fake_p->timeout) /* timeout */
589 if (fake_p->timeout < difftime(time(NULL), start_time))
590 break;
591
592 if (catch_sighup) /* catch SIGHUP */
593 break;
594 }
595
596 /* Close the socket */
597 close(sock_fd);
598 }
599
600 /*
601 *
602 * Function: main()
603 *
604 */
main(int argc,char * argv[])605 int main(int argc, char *argv[])
606 {
607 struct icmpv4_fake fake_data;
608
609 debug = 0;
610 program_name = strdup(argv[0]);
611 srand(getpid());
612
613 memset(&fake_data, '\0', sizeof(struct icmpv4_fake));
614 parse_options(argc, argv, &fake_data);
615
616 complete_eth_addrs(&fake_data);
617 create_clean_packet(&fake_data);
618
619 send_packets(&fake_data);
620
621 exit(EXIT_SUCCESS);
622 }
623