diff options
Diffstat (limited to 'libnet/src')
-rw-r--r-- | libnet/src/libnet_build_ip.c | 56 | ||||
-rw-r--r-- | libnet/src/libnet_init.c | 1 | ||||
-rw-r--r-- | libnet/src/libnet_pblock.c | 18 |
3 files changed, 61 insertions, 14 deletions
diff --git a/libnet/src/libnet_build_ip.c b/libnet/src/libnet_build_ip.c index 3d3675b..c23c296 100644 --- a/libnet/src/libnet_build_ip.c +++ b/libnet/src/libnet_build_ip.c @@ -45,7 +45,6 @@ libnet_build_ipv4(u_int16_t len, u_int8_t tos, u_int16_t id, u_int16_t frag, u_int8_t ttl, u_int8_t prot, u_int16_t sum, u_int32_t src, u_int32_t dst, u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) { - int offset; u_int32_t h, n, i, j; libnet_pblock_t *p, *p_data, *p_temp; struct libnet_ipv4_hdr ip_hdr; @@ -58,9 +57,12 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) n = LIBNET_IPV4_H; /* size of memory block */ h = len; /* header length */ + // WRONG - this is total len of ip packet, and is put into the IP header ptag_data = 0; /* used if options are present */ + // WRONG - is used if there is ipv4 payload if (h + payload_s > IP_MAXPACKET) + // WRONG - h is the total length, it already includes payload_s { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): IP packet too large\n", __func__); @@ -97,6 +99,9 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) ip_hdr.ip_hl += j; } } + // Note that p->h_len is not adjusted. This seems a bug, but it is because + // it is not used! libnet_do_checksum() is passed the h_len (as `len'), + // but for IPPROTO_IP it is ignored in favor of the ip_hl. ip_hdr.ip_tos = tos; /* IP tos */ ip_hdr.ip_len = htons(h); /* total length */ @@ -123,7 +128,10 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) } /* find and set the appropriate ptag, or else use the default of 0 */ - offset = payload_s; + /* When updating the ipv4 block, we need to find the data block, and + * adjust our ip_offset if the new payload size is different from what + * it used to be. + */ if (ptag_hold && p->prev) { p_temp = p->prev; @@ -136,9 +144,13 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) if (p_temp->type == LIBNET_PBLOCK_IPDATA) { + int offset = payload_s; + ptag_data = p_temp->ptag; offset -= p_temp->b_len; - p->h_len += offset; + //p->h_len += offset; + // WRONG h_len is unused for checksum for IPv4, and even if it was used, + // the h_len doesn't depend on the payload size. } else { @@ -157,6 +169,16 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) if (payload && payload_s) { /* update ptag_data with the new payload */ + // on create: + // b_len = payload_s + // l->total_size += b_len + // h_len = 0 + // on update: + // b_len = payload_s + // h_len += <diff in size between new b_len and old b_len> + // increments if if b_len goes up, down if it goes down + // in either case: + // copied = 0 p_data = libnet_pblock_probe(l, ptag_data, payload_s, LIBNET_PBLOCK_IPDATA); if (p_data == NULL) @@ -171,6 +193,7 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) if (ptag_data == LIBNET_PTAG_INITIALIZER) { + // IPDATA's h_len gets set to payload_s in both branches if (p_data->prev->type == LIBNET_PBLOCK_IPV4_H) { libnet_pblock_update(l, p_data, payload_s, @@ -180,6 +203,10 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) } else { + // SR - I'm not sure how to reach this code. Maybe if the first + // time we added an ipv4 block, there was no payload, but when + // we modify the block the next time, we have payload? + /* update without setting this as the final pblock */ p_data->type = LIBNET_PBLOCK_IPDATA; p_data->ptag = ++(l->ptag_state); @@ -187,6 +214,7 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) /* Adjust h_len for checksum. */ p->h_len += payload_s; + // WRONG - IPV4 checksum doesn't include the payload_s. /* data was added after the initial construction */ for (p_temp = l->protocol_blocks; @@ -238,7 +266,16 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) * FREDRAYNAL: as we insert a new IP header, all checksums for headers * placed after this one will refer to here. */ - libnet_pblock_record_ip_offset(l, l->total_size); + // WRONG - the total_size when updating the pblock will include the link layer + // WRONG - it isn't called after adding options, so will be wrong by the amount of ip options + // WRONG - it updates the wrong protocol blocks: + // - the first time it runs we set the ip offsets for p (ipv4), and + // ipdata to the total size of just the ip portion + // - the next time, it starts at end, which is the ethernet block, and + // updates everything up to but not including the ipv4 block to the total size, which means it + // changes just the ethernet block, and the offset it sets is the total size including the ethernet + // header.... WTF? + libnet_pblock_record_ip_offset(l, p); return (ptag); bad: @@ -323,7 +360,7 @@ libnet_autobuild_ipv4(u_int16_t len, u_int8_t prot, u_int32_t dst, libnet_t *l) * FREDRAYNAL: as we insert a new IP header, all checksums for headers * placed after this one will refer to here. */ - libnet_pblock_record_ip_offset(l, l->total_size); + libnet_pblock_record_ip_offset(l, p); return (ptag); bad: @@ -520,8 +557,13 @@ u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag) } /* no checksum for IPv6 */ - return (ptag ? ptag : libnet_pblock_update(l, p, LIBNET_IPV6_H, - LIBNET_PBLOCK_IPV6_H)); + ptag = ptag ? ptag : libnet_pblock_update(l, p, LIBNET_IPV6_H, + LIBNET_PBLOCK_IPV6_H); + + libnet_pblock_record_ip_offset(l, p); + + return ptag; + bad: libnet_pblock_delete(l, p); return (-1); diff --git a/libnet/src/libnet_init.c b/libnet/src/libnet_init.c index 976b44c..58f4df1 100644 --- a/libnet/src/libnet_init.c +++ b/libnet/src/libnet_init.c @@ -250,6 +250,7 @@ libnet_getpbuf_size(libnet_t *l, libnet_ptag_t ptag) u_int32_t libnet_getpacket_size(libnet_t *l) { + // Why doesn't this return l->total_size? libnet_pblock_t *p; u_int32_t n; diff --git a/libnet/src/libnet_pblock.c b/libnet/src/libnet_pblock.c index 5e35aa5..5530c02 100644 --- a/libnet/src/libnet_pblock.c +++ b/libnet/src/libnet_pblock.c @@ -38,6 +38,7 @@ #else #include "../include/win32/libnet.h" #endif +#include <assert.h> libnet_pblock_t * libnet_pblock_probe(libnet_t *l, libnet_ptag_t ptag, u_int32_t n, u_int8_t type) @@ -500,15 +501,18 @@ libnet_pblock_p2p(u_int8_t type) } void -libnet_pblock_record_ip_offset(libnet_t *l, u_int32_t offset) +libnet_pblock_record_ip_offset(libnet_t *l, libnet_pblock_t *p) { - libnet_pblock_t *p = l->pblock_end; + libnet_pblock_t *c; + u_int32_t ip_offset = 0; - do - { - p->ip_offset = offset; - p = p->prev; - } while (p && p->type != LIBNET_PBLOCK_IPV4_H); + assert(p->type == LIBNET_PBLOCK_IPV4_H || p->type == LIBNET_PBLOCK_IPV6_H); + + for(c = p; c; c = c->prev) + ip_offset += c->b_len; + + for(c = p; c; c = c->prev) + c->ip_offset = ip_offset; } |