diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2009-03-30 17:59:59 -0700 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2009-03-30 17:59:59 -0700 |
commit | cdbfc1e4e4bc559ea7f19e2926209a73b3e9caa4 (patch) | |
tree | 148e9c77d4d58099defaf0d830b2e26c5b05f700 /libnet/sample | |
parent | a3694435cacc323efe6287747ae8778c17e897b1 (diff) | |
parent | 633599a72995f8f91ff55758b515e61049fb688a (diff) | |
download | libnet-cdbfc1e4e4bc559ea7f19e2926209a73b3e9caa4.tar.gz |
Merge branch 'ip_offset-patch' into v1.1.2.1-forkv1.1.2.1-fork
Diffstat (limited to 'libnet/sample')
-rw-r--r-- | libnet/sample/Makefile.am | 4 | ||||
-rw-r--r-- | libnet/sample/test_ipv4.c | 165 | ||||
-rw-r--r-- | libnet/sample/test_ipv6_icmpv4.c | 123 |
3 files changed, 291 insertions, 1 deletions
diff --git a/libnet/sample/Makefile.am b/libnet/sample/Makefile.am index 05cccbb..87b76a7 100644 --- a/libnet/sample/Makefile.am +++ b/libnet/sample/Makefile.am @@ -14,7 +14,7 @@ noinst_PROGRAMS = arp cdp dhcp_discover get_addr icmp_timestamp icmp_unreach \ smurf dot1x dns rpc_tcp rpc_udp mpls icmp_timeexceed \ fddi_tcp1 fddi_tcp2 tring_tcp1 tring_tcp2 icmp_redirect \ bgp4_hdr bgp4_open bgp4_update bgp4_notification gre \ - synflood6_frag tftp ip_link ip_raw sebek + synflood6_frag tftp ip_link ip_raw sebek test_ipv4 test_ipv6_icmpv4 arp_SOURCES = arp.c cdp_SOURCES = cdp.c @@ -59,5 +59,7 @@ gre_SOURCES = gre.c ip_raw_SOURCES = ip_raw.c ip_link_SOURCES = ip_link.c sebek_SOURCES = sebek.c +test_ipv4_SOURCES = test_ipv4.c +test_ipv6_icmpv4_SOURCES = test_ipv6_icmpv4.c LDADD = $(top_srcdir)/src/libnet.la diff --git a/libnet/sample/test_ipv4.c b/libnet/sample/test_ipv4.c new file mode 100644 index 0000000..cf1646b --- /dev/null +++ b/libnet/sample/test_ipv4.c @@ -0,0 +1,165 @@ +/* + * Regression test for bugs in ipv4 ip_offset and h_len handling, such as + * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418975 + * + * Copyright (c) 2009 Sam Roberts <sroberts@wurldtech.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +#if (HAVE_CONFIG_H) +#include "../include/config.h" +#endif +#include "./libnet_test.h" + +#include <assert.h> + +static void print_pblocks(libnet_t* l) +{ + libnet_pblock_t* p = l->protocol_blocks; + + while(p) { + /* h_len is header length for checksumming? "chksum length"? */ + printf(" tag %d flags %d type %20s/%#x buf %p b_len %2u h_len %2u ip_offset %2u, copied %2u\n", + p->ptag, p->flags, + libnet_diag_dump_pblock_type(p->type), p->type, + p->buf, p->b_len, p->h_len, p->ip_offset, p->copied); + p = p->next; + } + printf(" link_offset %d aligner %d total_size %u nblocks %d\n", + l->link_offset, l->aligner, l->total_size, l->n_pblocks); + +} + +static int build_ipv4(libnet_t* l, libnet_ptag_t ip_ptag, int payload_s) +{ + u_long src_ip = 0xf101f1f1; + u_long dst_ip = 0xf102f1f1; + u_int8_t* payload = malloc(payload_s); + assert(payload); + memset(payload, '\x00', payload_s); + + ip_ptag = libnet_build_ipv4( + LIBNET_IPV4_H + payload_s, /* length */ + 0, /* TOS */ + 0xbbbb, /* IP ID */ + 0, /* IP Frag */ + 0xcc, /* TTL */ + IPPROTO_UDP, /* protocol */ + 0, /* checksum */ + src_ip, /* source IP */ + dst_ip, /* destination IP */ + payload, /* payload */ + payload_s, /* payload size */ + l, /* libnet handle */ + ip_ptag); /* libnet id */ + + assert(ip_ptag > 0); + + free(payload); + + return ip_ptag; +} + +int +main(int argc, char *argv[]) +{ + libnet_t *l; + int r; + char *device = "eth0"; + u_int8_t enet_src[6] = {0x11, 0x11, 0x11, 0x11, 0x11, 0x11}; + u_int8_t enet_dst[6] = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22}; + char errbuf[LIBNET_ERRBUF_SIZE]; + libnet_ptag_t ip_ptag = 0; + libnet_ptag_t eth_ptag = 0; + int pkt1_payload = 10; + u_int8_t* pkt1 = NULL; + u_int32_t pkt1_sz = 0; + struct libnet_ipv4_hdr* h1; + int pkt2_payload = 2; + u_int8_t* pkt2 = NULL; + u_int32_t pkt2_sz = 0; + struct libnet_ipv4_hdr* h2; + + + + l = libnet_init( LIBNET_LINK, device, errbuf); + + assert(l); + + /* Bug is triggered when rebuilding the ipv4 blocks with smaller payload. + * If change in payload size is larger than 20 (iph) + 14 (ether) + + * aligner, it will cause checksum to be written into the unallocated + * memory before the packet, possibly corrupting glib's memory allocation + * structures. + */ + + printf("Packet 1:\n"); + + ip_ptag = build_ipv4(l, ip_ptag, pkt1_payload); + + eth_ptag = libnet_build_ethernet( + enet_dst, /* ethernet destination */ + enet_src, /* ethernet source */ + ETHERTYPE_IP, /* protocol type */ + NULL, /* payload */ + 0, /* payload size */ + l, /* libnet handle */ + 0); /* libnet id */ + assert(eth_ptag > 0); + + r = libnet_pblock_coalesce(l, &pkt1, &pkt1_sz); + assert(r >= 0); + + print_pblocks(l); + + libnet_diag_dump_hex(pkt1, 14, 0, stdout); + libnet_diag_dump_hex(pkt1+14, pkt1_sz-14, 0, stdout); + + printf("Packet 2:\n"); + + ip_ptag = build_ipv4(l, ip_ptag, pkt2_payload); + + r = libnet_pblock_coalesce(l, &pkt2, &pkt2_sz); + assert(r >= 0); + + print_pblocks(l); + + libnet_diag_dump_hex(pkt2, 14, 0, stdout); + libnet_diag_dump_hex(pkt2+14, pkt2_sz-14, 0, stdout); + + /* Packets should differ only in the total length and cksum. */ + h1 = (struct libnet_ipv4_hdr*) (pkt1+14); + h2 = (struct libnet_ipv4_hdr*) (pkt2+14); + + assert(h1->ip_len == htons(20+pkt1_payload)); + assert(h2->ip_len == htons(20+pkt2_payload)); + + h1->ip_len = h2->ip_len = 0x5555; + h1->ip_sum = h2->ip_sum = 0x6666; + + assert(memcmp(pkt1, pkt2, 14 + 20) == 0); + + return (EXIT_SUCCESS); +} + diff --git a/libnet/sample/test_ipv6_icmpv4.c b/libnet/sample/test_ipv6_icmpv4.c new file mode 100644 index 0000000..b3dcd67 --- /dev/null +++ b/libnet/sample/test_ipv6_icmpv4.c @@ -0,0 +1,123 @@ +/* + * Regression test for bugs such as reported in: + * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418975 + * + * Copyright (c) 2009 Sam Roberts <sroberts@wurldtech.com> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ +#if (HAVE_CONFIG_H) +#include "../include/config.h" +#endif +#include "./libnet_test.h" + +#include <assert.h> + +#include <netinet/in.h> + +static void print_pblocks(libnet_t* l) +{ + libnet_pblock_t* p = l->protocol_blocks; + + while(p) { + /* h_len is header length for checksumming? "chksum length"? */ + printf(" tag %d flags %d type %20s/%#x buf %p b_len %2u h_len %2u ip_offset %2u, copied %2u\n", + p->ptag, p->flags, + libnet_diag_dump_pblock_type(p->type), p->type, + p->buf, p->b_len, p->h_len, p->ip_offset, p->copied); + p = p->next; + } + printf(" link_offset %d aligner %d total_size %u nblocks %d\n", + l->link_offset, l->aligner, l->total_size, l->n_pblocks); + +} + +int +main(int argc, char *argv[]) +{ + libnet_t *l; + int r; + char *device = "eth0"; + struct libnet_ether_addr *mac_address; + struct in6_addr src_ip; + struct libnet_in6_addr dst_ip; + char errbuf[LIBNET_ERRBUF_SIZE]; + libnet_ptag_t icmp_ptag = 0; + libnet_ptag_t ipv6_ptag = 0; + char payload[24] = { 0 }; + + memset(&src_ip, 0x66, sizeof(src_ip)); + + l = libnet_init( LIBNET_RAW6, device, errbuf); + + assert(l); + + mac_address = libnet_get_hwaddr(l); + assert(mac_address); + + dst_ip = libnet_name2addr6(l, "::1" /* BCAST_ADDR - defined where? */, LIBNET_DONT_RESOLVE); + + memcpy(payload,src_ip.s6_addr,16); + payload[16] = 2; /* 2 for Target Link-layer Address */ + payload[17] = 1; /* The length of the option */ + memcpy(payload+18,mac_address->ether_addr_octet, 6); + + /* 0x2000: RSO */ + icmp_ptag = libnet_build_icmpv4_echo( + 136,0,0,0x2000,0, + (u_int8_t *)payload,sizeof(payload), l, LIBNET_PTAG_INITIALIZER); + assert(icmp_ptag); + + ipv6_ptag = libnet_build_ipv6( + 0, 0, + LIBNET_ICMPV6_H + sizeof(payload), // ICMPV6_H == ICMPV4_H, luckily + IPPROTO_ICMP6, + 255, + *(struct libnet_in6_addr*)&src_ip, + dst_ip, + NULL, 0, + l, 0); + assert(icmp_ptag); + + print_pblocks(l); + + { + u_int8_t* pkt1 = NULL; + u_int32_t pkt1_sz = 0; + r = libnet_pblock_coalesce(l, &pkt1, &pkt1_sz); + assert(r >= 0); + + libnet_diag_dump_hex(pkt1, LIBNET_IPV6_H, 0, stdout); + libnet_diag_dump_hex(pkt1+LIBNET_IPV6_H, pkt1_sz-LIBNET_IPV6_H, 0, stdout); + + free(pkt1); + pkt1 = NULL; + } + + r = libnet_write(l); + assert(r >= 0); + + return (EXIT_SUCCESS); +} + |