1LIBNET(3) LIBNET(3)
2
6 libnet - "libpwrite" Network Routine Library
7
10 The Network Library provides a simple API for commonly used low-level
11 network functions (mainly packet injection). Using libnet, it is easy
12 to build and write arbitrary network packets. It provides a portable
13 framework for low-level network packet writing and handling (use libnet
14 in conjunction with libpcap and you can write some really cool stuff).
15 Libnet includes packet creation at the IP layer and at the link layer
16 as well as a host of supplementary and complementary functionality.
17 For a much more verbose treatment of libnet, including verbosely com‐
19 mented examples, please see the online web-based documentation at
20 http://www.packetfactory.net/libnet/manual/.
21
24 #include <libnet.h>
25 PACKET MEMORY MANAGEMENT ROUTINES
27 int libnet_init_packet(size_t p_size, u_char **buf);
29 int libnet_destroy_packet(u_char **buf);
31 int libnet_init_packet_arena(struct libnet_arena **arena, int p_size,
33 u_short p_num);
34 u_char *libnet_next_packet_from_arena(struct libnet_arena **arena,
36 int p_size);
37 int libnet_destroy_packet_arena(struct libnet_arena **arena);
39 ADDRESS RESOLUTION ROUTINES
42 u_char *libnet_host_lookup(u_long in, u_short use_name);
44 void libnet_host_lookup_r(u_long in, u_short use_name, u_char *buf);
46 u_long libnet_name_resolve(u_char *hostname, u_short use_name);
48 u_long libnet_get_ipaddr(struct libnet_link_int *l, const u_char *device,
50 const u_char *buf);
51 struct ether_addr *libnet_get_hwaddr(struct libnet_link_int *l,
53 const u_char *device, const u_char *buf);
54 PACKET INJECTION FRAMEWORK ROUTINES
57 int libnet_open_raw_sock(int protocol);
59 int libnet_close_raw_sock(int fd);
61 int libnet_select_device(struct sockaddr_in *sin, u_char **device,
63 u_char *ebuf);
64 struct libnet_link_int *libnet_open_link_interface(char *device, char *ebuf);
66 int libnet_close_link_interface(struct libnet_link_int *l);
68 int libnet_write_ip(int sock, u_char *packet, int len);
70 int libnet_write_link_layer(struct libnet_link_int *l, const u_char *device,
72 u_char *buf, int len);
73 int libnet_do_checksum(u_char *buf, int protocol, int len);
75 u_short libnet_ip_check(u_short *buf, int len);
77 PACKET BUILDER ROUTINES
80 int libnet_build_arp(u_short hrd, u_short pro, u_short hln, u_short pln,
82 u_short op, u_char *sha, u_char *spa, u_char *tha,
83 u_char *tpa, const u_char *payload, int payload_s,
84 u_char *buf);
85 int libnet_build_dns(u_short id, u_short flags, u_short num_q,
87 u_short num_anws_rr, u_short num_auth_rr,
88 u_short num_addi_rr, const u_char *payload, int payload_s,
89 u_char *buf);
90 int libnet_build_ethernet(u_char *daddr, u_char *saddr, u_short id,
92 const u_char *payload, int payload_s, u_char *buf);
93 int libnet_build_icmp_echo(u_char type, u_char code, u_short id,
95 u_short seq, const u_char *payload, int payload_s,
96 u_char *buf);
97 int libnet_build_icmp_mask(u_char type, u_char code, u_short id,
99 u_short seq, u_long mask, const u_char *payload,
100 int payload_s, u_char *buf);
101 int libnet_build_icmp_unreach(u_char type, u_char code,
103 u_short orig_len, u_char orig_tos, u_short orig_id,
104 u_short orig_frag, u_char orig_ttl, u_char orig_prot,
105 u_long orig_src, u_long orig_dst, const u_char *orig_payload,
106 int payload_s, u_char *buf);
107 int libnet_build_icmp_timeexceed(u_char type, u_char code,
109 u_short orig_len, u_char orig_tos, u_short orig_id,
110 u_short orig_frag, u_char orig_ttl, u_char orig_prot,
111 u_long orig_src, u_long orig_dst, const u_char *orig_payload,
112 int payload_s, u_char *buf);
113 int libnet_build_icmp_redirect(u_char type, u_char code, u_long gateway
115 u_short orig_len, u_char orig_tos, u_short orig_id,
116 u_short orig_frag, u_char orig_ttl, u_char orig_prot,
117 u_long orig_src, u_long orig_dst, const u_char *orig_payload,
118 int payload_s, u_char *buf);
119 int libnet_build_icmp_timestamp(u_char type, u_char code, u_short id,
121 u_short seq, n_time otime, n_time rtime, n_time ttime,
122 const u_char *payload, int payload_s, u_char *buf);
123 int libnet_build_igmp(u_char type, u_char code, u_long ip,
125 const u_char *payload, int payload_s, u_char *buf);
126 int libnet_build_ip(u_short len, u_char tos, u_short id, u_short frag,
128 u_char ttl, u_char prot, u_long saddr, u_long daddr,
129 const u_char *payload, int payload_s, u_char *buf);
130 int libnet_build_ospf(u_short len, u_char type, u_long router_id,
132 u_long area_id, u_short auth_type, const char *payload,
133 int payload_s, u_char *buf);
134 int libnet_build_ospf_hello(u_long netmask, u_short interval,
136 u_char options, u_char priority, u_int dead_interval,
137 u_long des_router, u_long backup, u_long neighbor,
138 const char *payload, int payload_s, u_char *buf);
139 int libnet_build_ospf_dbd(u_short len, u_char options, u_char type,
141 u_int sequence_num, const char *payload, int payload_s,
142 u_char *buf);
143 int libnet_build_ospf_lsr(u_int type, u_int ls_id, u_long adv_router,
145 const char *payload, int payload_s, u_char *buf);
146 int libnet_build_ospf_lsu(u_int num, const char *payload, int payload_s,
148 u_char *buf);
149 int libnet_build_ospf_lsa(u_short age, u_char options, u_char type,
151 u_int ls_id, u_long adv_router, u_int sequence_num,
152 u_short len, const char *payload, int payload_s,
153 u_char *buf);
154 int libnet_build_ospf_lsa_rtr(u_short flags, u_short num, u_int id,
156 u_int data, u_char type, u_char tos, u_short metric,
157 const char *payload, int payload_s, u_char *buf);
158 int libnet_build_ospf_lsa_net(u_long netmask, u_int router_id,
160 const char *payload, int payload_s, u_char *buf);
161 int libnet_build_ospf_lsa_sum(u_long netmask, u_int metric, u_int tos,
163 const char *payload, int payload_s, u_char *buf);
164 int libnet_build_ospf_lsa_as(u_long netmask, u_int metric,
166 u_long fwd_addr, u_int tag, const char *payload,
167 int payload_s, u_char *buf);
168 int libnet_build_rip(u_char command, u_char ver, u_short rd, u_short af,
170 u_short rt, u_long addr, u_long mask, u_long next_hop,
171 u_long metric, const u_char *payload, int payload_s,
172 u_char *buf);
173 int libnet_build_tcp(u_short sport, u_short dport, u_long seq,
175 u_long ack, u_char control, u_short win, u_short urg,
176 const u_char *payload, int payload_s, u_char *buf);
177 int libnet_build_udp(u_short sport, u_short dport,
179 const u_char *payload, int payload_s, u_char *buf);
180 int libnet_build_vrrp(u_char vrouter_id, u_char priority,
182 u_char ip_count, u_char auth_type, u_char advert_int,
183 const u_char *payload, int payload_s, u_char *buf);
184 int libnet_insert_ipo(struct ipoption *opt, u_char opt_len, u_char *buf);
186 int libnet_insert_tcpo(struct tcpoption *opt, u_char opt_len,
188 u_char *buf);
189 MISCELLANEOUS SUPPORT ROUTINES
192 int libnet_seed_prand();
194 u_long libnet_get_prand(int type);
196 void libnet_hex_dump(u_char *buf, int len, int swap, FILE *stream);
198 int libnet_plist_chain_new(struct libnet_plist_chain **head,
200 char *tok_list);
201 int libnet_plist_chain_next_pair(struct libnet_plist_chain *p,
203 u_short *bport, u_short *eport);
204 int libnet_plist_chain_dump(struct libnet_plist_chain *p);
206 u_char *libnet_plist_chain_dump_string(struct libnet_plist_chain *p);
208 int libnet_plist_chain_free(struct libnet_plist_chain *p);
210 void libnet_error(int severity, char *msg, ...);
212 ASN.1 BER ROUTINES
215 u_char *libnet_build_asn1_int(u_char *data, int *datalen, u_char type,
217 long *int_p, int int_s);
218 u_char *libnet_build_asn1_uint(u_char *data, int *datalen, u_char type,
220 u_char *int_p, int int_s);
221 u_char *libnet_build_asn1_string(u_char *data, int *datalen, u_char type,
223 u_long *string, int str_s);
224 u_char *libnet_build_asn1_header(u_char *data, int *datalen, u_char type,
226 int len);
227 u_char *libnet_build_asn1_length(u_char *data, int *datalen, int len);
229 u_char *libnet_build_asn1_sequence(u_char *data, int *datalen,
231 u_char type, int len);
232 u_char *libnet_build_asn1_objid(u_char *data, int *datalen, u_char type,
234 oid *objid, int oid_s);
235 u_char *libnet_build_asn1_null(u_char *data, int *datalen, u_char type);
237 u_char *libnet_build_asn1_bitstring(u_char *data, int *datalen,
239 u_char type, u_long *string, int str_s);
240
243 libnet_host_lookup() converts the supplied network-ordered (big-endian)
244 IPv4 address into its human-readable coutnerpart. If use_name is 1,
245 libnet_host_lookup() will attempt to resolve this IP address and return
246 a hostname, otherwise (or if the lookup fails), the function returns a
247 dotted-decimal ASCII string. This function is hopelessly non re-
248 entrant as it uses static data. Users concerned with re-entrancy
249 should use libnet_host_lookup_r().
250 libnet_host_lookup_r() is the (planned) reentrant version of the above
252 function. As soon as reentrant network resolver libraries become
253 available this function will likewise be reentrant. An additional
254 argument of a buffer to store the converted (or resolved) IPv4 address
255 is supplied by the user.
256 libnet_name_resolve() takes a NULL terminated ASCII string representa‐
258 tion of an IPv4 address (dots and decimals or canonical hostname if
259 use_name is 1) and converts it into a network-ordered (big-endian)
260 4-byte value.
261 libnet_get_ipaddr() takes a pointer to a link layer interface struct, a
263 pointer to the network device name, and an empty buffer to be used in
264 case of error. Upon success the function returns the IP address of the
265 specified interface in host-byte order or 0 upon error (and errbuf will
266 contain a reason).
267 libnet_get_hwaddr() takes a pointer to a link layer interface struct, a
269 pointer to the network device name, and an empty buffer to be used in
270 case of error. The function returns the MAC address of the specified
271 interface upon success or 0 upon error (and errbuf will contain a rea‐
272 son).
273
276 libnet_init_packet() initializes a packet for use. If the size parame‐
277 ter is omitted (or negative) the library will pick a reasonable value
278 for the user (currently LIBNET_MAX_PACKET). If the memory allocation
279 is successful, the memory is zeroed and the function returns 1. If
280 there is an error, the function returns -1. Since this function calls
281 malloc, you certainly should, at some point, make a corresponding call
282 to destroy_packet().
283 libnet_destroy_packet() frees the memory associated with the packet.
285 libnet_init_packet_arena() allocates and initializes a memory pool. If
287 you plan on building and sending several different packets, this is a
288 good choice. It allocates a pool of memory from which you can grab
289 chunks to build packets (see next_packet_from_arena() below). It takes
290 the address to an arena structure pointer (so it can modify the struc‐
291 ture elements), and hints on the possible packet size and number of
292 packets. The last two arguments are used to compute the size of the
293 memory pool. The function returns -1 if the malloc fails or 1 if
294 everything goes ok.
295 libnet_next_packet_from_arena() returns a chunk of memory from the
297 arena of the requested size pool and decrements the available byte
298 counter. If the requested memory is not available from the arena, it
299 returns NULL. Note that there is nothing preventing a poorly coded
300 application from using more memory than requested and causing all kinds
301 of problems. Take heed.
302 libnet_destroy_packet_arena() frees the memory associated with the
304 arena.
305 During packet or arena initilization and utilization, if 0 is passed
307 for either of size values, the functions make a best guest. If 0 is
308 passed for the packet size, it adjusts it to be LIBNET_MAX_PACKET, and
309 if 0 is passed for the packet number (in the case of lib‐
310 net_init_packet_arena) it adjusts it to be 3. Be aware that this is
311 196605 bytes of memory.
312 The number of bytes allocated may actually be slightly more than
314 requested due to alignment constraints (values are aligned on a 4-byte
315 boundry).
316 For the above three functions, it is a checked runtime error for arena
318 to be a NULL pointer.
319 The arena interface also includes LIBNET_GET_ARENA_SIZE which returns
321 the total size of an arena and LIBNET_GET_ARENA_REMAINING_BYTES which
322 returns the remaining bytes of usable memory from an arena.
323
326 libnet_open_raw_sock() opens a raw IPv4 socket of the supplied protocol
327 type and sets the IP_HDRINCL socket option. Returned is the socket
328 file descriptor or -1 on error.
329 libnet_close_raw_sock() closes an opened raw socket. Returned is 1
331 upon success or -1 on error.
332 libnet_select_device() will run through the list of interfaces and
334 select one for use (ignoring the loopback device). If device points to
335 NULL, (don't pass in a NULL pointer, the function expects a pointer to
336 a pointer, and C can't derefence a NULL pointer) it will try to fill it
337 in with the first non-loopback device it finds, otherwise, it will try
338 to open the specified device. If successful, 1 is returned (and if
339 device was NULL, it will now contain the device name which can be used
340 in libnet_*link*() type calls). If an error occurs, -1 is returned and
341 errbuf will contain a reason. The errbuf should contain a pointer to a
342 buffer at least as large as LIBNET_ERR_BUF.
343 libnet_open_link_interface() opens a low-level packet interface. This
345 is required to write link layer frames. Supplied is a u_char pointer
346 to the interface device name and a u_char pointer to an error buffer.
347 Returned is a filled in libnet_link_int struct or NULL on error.
348 libnet_close_link_interface() closes an opened low-level packet inter‐
350 face. Returned is 1 upon success or -1 on error.
351 libnet_write_ip() writes an IP packet to the network. The first argu‐
353 ment is the socket created with libnet_open_raw_sock(), the second is a
354 pointer to a buffer containing a complete IP datagram, and the third
355 argument is the total packet size. It returns the number of bytes
356 written.
357 libnet_write_link_layer() writes an link-layer frame to the network.
359 The first argument is a pointer to a filled in libnet_link_int struc‐
360 ture, the next is a pointer to the network device, the next is the raw
361 packet and the last is the packet size. Returned is the number of
362 bytes written or -1 on error.
363 libnet_do_checksum() calculates the checksum for the packet header.
365 The first argument is a pointer to the constructed IPv4 packet buffer.
366 The second is the transport protocol used and the third is the packet
367 length (not including the IP header). The function calculates the
368 checksum for the transport protocol and fills it in at the appropriate
369 header location. This function should be called only after a complete
370 packet has been built. Note that when using raw sockets the IP check‐
371 sum is always computed by the kernel, but when using link layer inter‐
372 faces, the IP checksum must be explicitly computed. The function
373 returns 1 upon success or -1 if an error occurs.
374
377 For all of the build_* functions, it is a checked runtime error for buf
378 to be a NULL pointer (the function will return -1), but an unchecked
379 error for the optional payload or the packet header itself to exceed
380 the allocated memory. Take heed.
381 libnet_build_arp() constructs an ARP (Address Resolution Protocol)
383 packet. Supplied are the following: hardware addresss type, protocol
384 address type, the hardware addess length, the protocol address length,
385 the ARP packet type, the sender hardware address, the sender protocol
386 address, the target hardware address, the target protocol address, the
387 packet payload, the payload size, and finally, a pointer to the packet
388 header memory. Note that this function only builds ethernet/IP ARP
389 packets, and consequently the first value should be ARPHRD_ETHER. The
390 ARP packet type should be one of the following: ARPOP_REQUEST,
391 ARPOP_REPLY, ARPOP_REVREQUEST, ARPOP_REVREPLY, ARPOP_INVREQUEST, or
392 ARPOP_INVREPLY.
393 libnet_build_dns() constructs a DNS (Domain Name Service) packet. Sup‐
395 plied are the following: DNS packet ID, flags, number of questions,
396 number of answer resource records, number of authority resource
397 records, number of additional resource records. All of the above are
398 unsigned shorts. All of the `interesting` fields of the header are
399 variable in content and length, and therefore have to be included at
400 the programmer's discretion. We use the standard libnet payload and
401 payload size interface for this. Finally, please be sure to include a
402 pointer to some preallocated memory.
403 libnet_build_ethernet() constructs an ethernet packet. Supplied is the
405 destination address, source address (as arrays of unsigned character
406 bytes) and the ethernet frame type, a pointer to an optional data pay‐
407 load, the payload length, and a pointer to a pre-allocated block of
408 memory for the packet. The ethernet packet type should be one of the
409 following:
410 Value Type
412 ETHERTYPE_PUP PUP protocol
413 ETHERTYPE_IP IP protocol
414 ETHERTYPE_ARP ARP protocol
415 ETHERTYPE_REVARP Reverse ARP protocol
416 ETHERTYPE_VLAN IEEE VLAN tagging
417 ETHERTYPE_LOOPBACK Used to test intefaces
418 Please note that some low-level interfaces (bpf in particular) do not
420 allow for the spoofing of ethernet addresses without kernel modifica‐
421 tion.
422 The following functions construct ICMP (Internet Control Message Proto‐
424 col) packets.
425 libnet_build_icmp_echo() builds an ICMP_ECHO / ICMP_ECHOREPLY packet.
427 Supplied is a byte for the packet type, a byte for the code, an
428 unsigned short for the packet id, an unsigned short for the packet
429 sequence number, and a pointer to an optional data payload, the payload
430 length, and a pointer to a pre-allocated block of memory for the
431 packet. The type should be ICMP_ECHOREPLY or ICMP_ECHO and the code
432 should be 0.
433 libnet_build_icmp_mask() builds an ICMP_MASKREQ / ICMP_MASKREPLY
435 packet. Supplied is a byte for the packet type, a byte for the code,
436 an unsigned short for the packet id, an unsigned short for the packet
437 sequence number, a 32-bit subnet mask, a pointer to an optional data
438 payload, the payload length, and a pointer to a pre-allocated block of
439 memory for the packet. The type should be ICMP_MASKREQ or ICMP_MASKRE‐
440 PLY and the code should be 0.
441 libnet_build_icmp_unreach() builds an ICMP_UNREACH packet. Supplied is
443 the normal ICMP stuff, a byte for the packet type and a byte for the
444 code. Next come the values for the IP header that caused the error
445 that necessitated the unreachable. The standard payload arguments to
446 this function actually apply to the original IP packet and will be
447 tacked on there. The type should be ICMP_UNREACH and the code should
448 be one of the following 16 different unreachable codes:
449 Code Symbolic Name
451 0 ICMP_UNREACH_NET
452 1 ICMP_UNREACH_HOST
453 2 ICMP_UNREACH_PROTOCOL
454 3 ICMP_UNREACH_PORT
455 4 ICMP_UNREACH_NEEDFRAG
456 5 ICMP_UNREACH_SRCFAIL
457 6 ICMP_UNREACH_NET_UNKNOWN
458 7 ICMP_UNREACH_HOST_UNKNOWN
459 8 ICMP_UNREACH_ISOLATED
460 9 ICMP_UNREACH_NET_PROHIB
461 10 ICMP_UNREACH_HOST_PROHIB
462 11 ICMP_UNREACH_TOSNET
463 12 ICMP_UNREACH_TOSHOST
464 13 ICMP_UNREACH_FILTER_PROHIB
465 14 ICMP_UNREACH_HOST_PRECEDENCE
466 15 ICMP_UNREACH_PRECEDENCE_CUTOFF
467 libnet_build_icmp_timeexceed() builds an ICMP_TIMEXCEED packet. Sup‐
470 plied is the normal ICMP stuff, a byte for the packet type and a byte
471 for the code. Next come the values for the IP header that caused the
472 error that necessitated the unreachable. The standard payload argu‐
473 ments to this function actually apply to the original IP packet and
474 will be tacked on there. The type should be ICMP_REDIRECT and the code
475 should be ICMP_TIMXCEED_INTRANS or ICMP_TIMXCEED_REASS.
476 libnet_build_icmp_redirect() builds an ICMP_REDIRECT packet. Supplied
478 is a byte for the packet type, a byte for the code, and the unsigned
479 long IP address of the gateway that should be used. Next come the val‐
480 ues for the IP header that caused the error that necessitated the redi‐
481 rect. The standard payload arguments to this function actually apply
482 to the original IP packet and will be tacked on there. The type should
483 be ICMP_REDIRECT and the code should be one of the following:
484 Code Symbolic Name
486 0 ICMP_UNREACH_NET
487 1 ICMP_UNREACH_HOST
488 2 ICMP_UNREACH_PROTOCOL (redirect for type of service and net‐
489 work)
490 3 ICMP_UNREACH_PORT (redirect for type of service and host)
491 libnet_build_icmp_timestamp() builds an ICMP_TSTAMP / ICMP_TSTAMPREPLY
493 packet. Supplied is a byte for the packet type, a byte for the code,
494 an unsigned short for the packet id, an unsigned short for the packet
495 sequence number, the three timestamp values, a pointer to an optional
496 data payload, the payload length, and a pointer to a pre-allocated
497 block of memory for the packet. The type should be ICMP_TSTAMP or
498 ICMP_TSTAMPREPLY and the code should be 0.
499 libnet_build_igmp() builds an IGMP (Internet Group Membership Protocol)
501 packet. Supplied is a byte for the packet type, a byte for the code,
502 an unsigned long for the Class D address, and the other usual things.
503 libnet_build_ip() builds an IP (Internet Protocol) packet. Supplied is
505 the packet length (not including the IP header), the IP tos bits, the
506 IP ID, the fragmentation flags and offset, the packet TTL, the trans‐
507 port protocol, the source and destination IP addresses (in network-byte
508 order), a pointer to an optional data payload, the payload length, and
509 a pointer to a pre-allocated block of memory for the packet. To just
510 build an IP header with no data payload, only IP_H bytes need to be
511 allocated. The payload and payload size arguments should not be used
512 to build any of the supported transport protocol-type packets; for
513 these transports, the relevant functions should be used. The payload
514 arguments should only be used to build an arbitrary IP packet with a
515 payload.
516
519 libnet_build_ospf() builds a OSPF (Open Shortest Path First) packet.
520 You pass the packet length (not including the OSPF header), the packet
521 type, 32-bit router ID, 32-bit area ID, the authentication type, a
522 pointer to an optional data payload, the payload length, and a pointer
523 to a pre-allocated block of memory for the packet. The payload should
524 not be used to build the Hello, LSA, LSU, LSR, or DBD packets. The
525 following variables are to be used for the OSPF packet type:
526 OSPF_UMD UMd monitoring packet
528 OSPF_HELLO Hello packet
529 OSPF_DBD Database Desc. packet
530 OSPF_LSR Link State Request packet
531 OSPF_LSU Link State Update packet
532 OSPF_LSA Link State Ack. packet
533 The following are the possible authentication types:
535 OSPF_AUTH_NULL NULL password
537 OSPF_AUTH_SIMPLE plaintext, 8 char pass.
538 OSPF_AUTH_MD5 MD5
539 The following is the structure used for the 64 bit field when using
541 MD5:
542 struct auth {
544 u_short ospf_auth_null; /* NULL 16 bits */
545 u_char ospf_auth_keyid; /* Key ID */
546 u_char ospf_auth_len; /* Auth data len */
547 u_int ospf_auth_seq; /* Sequence num */
548 };
549 libnet_build_ospf_hello() builds an OSPF Hello packet. You pass the
551 netmask for the interface, the number of seconds since the last packet
552 was sent, possible options, the router's priority (if 0, it can't be a
553 backup router), the time (in seconds) until a router is deemed down,
554 the networks designated router, the networks backup router, a neighbor,
555 a pointer to an optional data payload, the payload length, and a
556 pointer to a pre-allocated block of memory used for the packet. If
557 there are more than one neighbors that are to be included in the
558 packet, just allocate enough space for the packet buf, and pass the
559 neighbors as the "optional data payload."
560 libnet_build_ospf_dbd() builds an OSPF DataBase Description (DBD)
562 packet. You pass the maximum length of an IP packet the interface can
563 use, packet options, the type of exchange occuring, a sequence number,
564 a pointer to an optional data payload, the payload length, and a
565 pointer to a pre-allocated block of memory for the packet. The follow‐
566 ing can be used for the type variable:
567 DBD_IBIT Init bit
569 DBD_MBIT More DBD packets to come
570 DBD_MSBIT sender is the master
571 libnet_build_ospf_lsr() builds an OSPF Link State Request (LSR) packet.
573 You pass the type of link state packet being requested, the link state
574 ID, the advertising router, a pointer to an optional data payload, the
575 payload length, and a pointer to a pre-allocated block of memory for
576 the packet. See the libnet_build_ospf_lsa() section for more informa‐
577 tion regarding variables.
578 libnet_build_ospf_lsu() builds an OSPF Link State Update (LSU) packet.
580 You pass the number of Link State Acknowledgment (LSA) packets that
581 will be in the packet, a pointer to an optional data payload, the pay‐
582 load length, and a pointer to a pre-allocated block of memory for the
583 packet.
584 libnet_build_ospf_lsa() builds an OSPF Link State Acknowledgement (LSA)
586 packet. You pass the link state age, packet options, type of LSA, the
587 link state ID, the advertising router, the packet's sequence number,
588 the length of the packet (_not_ including the LSA header length), a
589 pointer to an optional data payload, the payload length, and a pointer
590 to a pre-allocated block of memory for the packet. The following vari‐
591 ables can be used for the type of LSA:
592 LS_TYPE_RTR Router LSA
594 LS_TYPE_NET Network LSA
595 LS_TYPE_IP Summary LSA (IP Network)
596 LS_TYPE_ASBR Summary LSA (ASBR)
597 LS_TYPE_ASEXT AS-External LSA
598 libnet_build_ospf_lsa_rtr() builds an OSPF Link State Router packet.
600 You pass the optional packet flags, the number of links within that
601 packet, the link ID (helps describe the next variable), the info for
602 the specified link ID, the type of router link, the number of TOS met‐
603 rics for this link, the metric (the cost of using the link), a pointer
604 to an optional data payload, the payload length, and a pointer to a
605 pre-allocated block of memory for the packet. The possible flags (not
606 including 0x00) are as follows:
607 RTR_FLAGS_W W bit
609 RTR_FLAGS_E E bit
610 RTR_FLAGS_B B bit
611 The possible link ID's are as follows:
612 LINK_ID_NBR_ID Neighbors router ID
614 LINK_ID_IP_DES IP addr of router
615 LINK_ID_SUB IP subnet number
616 The possible values for the router type are as follows:
618 RTR_TYPE_PTP Point-to-point
620 RTR_TYPE_TRANS Connection to a "transit network"
621 RTR_TYPE_STUB Connection to a "stub network"
622 RTR_TYPE_VRTL Connection to a "virtual link"
623 libnet_build_ospf_lsa_net() builds an OSPF Link Sate Network packet.
625 You pass the interface's netmask, the router ID, a pointer to an
626 optional data payload, the payload length, and a pointer to a pre-allo‐
627 cated block of memory for the packet.
628 libnet_build_ospf_lsa_sum() builds an OSPF Link State Summary packet.
630 You pass the interface's netmask, the cost of using the link (metric),
631 the TOS and metric, which is passed as a unsigned integer but the first
632 8 bits are the TOS and the last 24 bits are the TOS metric, a pointer
633 to an optional data payload, the payload length, and a pointer to a
634 pre-allocated block of memory for the packet.
635 libnet_buils_ospf_lsa_as() builds an OSPF Link State AS External
637 packet. You pass the interface's netmask, the cost of using the link
638 (metric), the forwarding address, the external route tag, a pointer to
639 an optional data payload, the payload length, and a pointer to a pre-
640 allocated block of memory for the packet. In reality, the metric only
641 uses the last 24 bits of the unsigned int. The first 8bits are
642 reserved for a possible bit to be set (the E bit, see above for more
643 info). The variable AS_E_BIT_ON can be used logically to set the E bit
644 on.
645
648 LIBNET_OSPF_AUTHCPY() simply copies, byte for byte, your authentication
649 buf to the pre-allocated block of memory for your packet.
650
653 Random variables:
654 IPPROTO_OSPF 89
656 OSPFVERSION 2
657 Header Lengths:
659 OSPF_H OSPF header
661 HELLO_H Hello header
662 DBD_H DBD header
663 LSR_H LSR header
664 LSU_H LSU header
665 LSA_H LSA header
666 LS_RTR_LEN LS-Router header
667 LS_NET_LEN LS-Network header
668 LS_SUM_LEN LS-Summary header
669 LS_AS_EXT_LEN LS-AS External header
670 Packet options:
672 OPT_EBIT AS-external-LSAs are flooded
674 OPT_MCBIT IP multicast dgrams are forwarded
675 OPT_NPBIT Handles type-7 LSAs
676 OPT_EABIT Sends/recv's AS-external LSAs
677 OPT_DCBIT Handles demand circuits
678 libnet_build_rip() constructs a RIP (Routing Information Protocol)
682 packet. The values supplied depend on the version of the RIP packet
683 you desire to build. The following table applies:
684 Passing Order Datatype RIP v1 RIPv2
686 first byte command command
687 second byte version version
688 third ushort zero routing domain
689 fourth ushort address family address family
690 fifth ushort zero route tag
691 sixth ulong IP address IP address
692 seventh ulong zero subnet mask
693 eighth ulong zero next hop IP
694 ninth ulong metric metric
695 tenth const u_char * Packet payload
696 eleventh int Packet payload size
697 twelfth u_char * Packet header memory
698 The command should be one of the following: RIPCMD_REQUEST,
700 RIPCMD_RESPONSE, RIPCMD_TRACEON, RIPCMD_TRACEOFF, RIPCMD_POLL,
701 RIPCMD_POLLENTRY, or RIPCMD_MAX. The version should be RIPVER_1 or
702 RIPVER_2.
703 libnet_build_tcp() builds a TCP (Transmission Control Protocol) packet.
705 Supplied is the source port, destination port, the sequence and
706 acknowledgement numbers, the control bits (which can be logically OR'd
707 together to set multiple flags -- see the example below), the adver‐
708 tised window size, the urgent pointer, a pointer to an optional data
709 payload, the payload size, and lastly, the pointer to a pre-allocated
710 block of memory for the packet. To just build a TCP header with no
711 data payload, only TCP_H bytes need be allocated.
712 libnet_build_udp() builds a UDP (User Datagram Protocol) packet. Sup‐
714 plied is the source port, the destination port, a pointer to an
715 optional data payload, the payload size, and lastly, a pointer to a
716 pre-allocated block of memory for the packet. To just build a UDP
717 header with no data payload, only UDP_H bytes need to be allocated.
718 libnet_vuild_vrrp() builds a VRRP (Virtual Router Redundancy Protocol)
720 packet. Supplied is the virtual router ID, the priority, the number of
721 IP addresses in the packet, the authorization type (LIB‐
722 NET_VRRP_AUTH_NONE, LIBNET_VRRP_AUTH_PASSWD, or LIBNET_VRRP_AUTH_IPAH),
723 the adverstisment interval, a pointer to an optional data payload, the
724 payload size, and lastly, a pointer to a pre-allocated block of memory
725 for the packet.
726 libnet_insert_ipo() inserts IP options into an already created IP
728 packet. Supplied is a pointer to an ip option struct (which must be
729 filled in by the user), the size of the options list, and a pointer the
730 completed packet. The function returns -1 if the options would make
731 the packet too large (greater then 65535 bytes) or 1 otherwise. It is
732 an unchecked runtime error for the user to have not allocated enough
733 heap memory for the packet + options.
734 libnet_insert_tcpo() inserts TCP options into an already created IP
736 packet. Replace the pointer to an IP option struct with one to a TCP
737 option struct and this function is exactly the same as above.
738
741 libnet_seed_prand() seeds the psuedorandom number generator. Returns 1
742 on success, -1 on failure.
743 libnet_get_prand() returns a positive psuedorandom integer of the spec‐
745 ified type. Expects type to be one of five symbolics PR2, PR8, PR16,
746 PRu16, PR32 or PRu32. PR2 returns a one or a zero, PR8 returns a byte,
747 PR16 returns up to a signed short (from 0 to 32767), PRu16 returns an
748 unsigned short (from 0 to 65535), PR32 returns a signed long (from 0 to
749 2147483647) and PRu32 returns an unsigned long number (from 0 to
750 4294967295).
751 libnet_hex_dump() prints a packet out in hex. Supplied is the packet
753 and its length, a swap flag, and a pointer to a previously opened
754 stream. The swap flag (1 or 0) specifies whether or not to print the
755 packet as it appears in memory (0) or to swap the bytes into host order
756 (1).
757 libnet_plist_chain_new() builds a new libnet port list chain. A libnet
759 port list chain is a fast and simple way of implementing port list
760 ranges (useful for applications that employ a list of ports like a port
761 scanner). You'll see naive implementations that allocate an entire
762 array of 65535 bytes and fill in the desired ports one by one. How‐
763 ever, we only really need to store the beginning port and the ending
764 port, and we can efficiently store multiple port ranges (delimated by
765 commas) by using a linked list chain with each node holding the begin‐
766 ning and ending port for a particular range. For example, The port
767 range `1-1024` would occupy one node with the bport being 1 and the
768 eport being 1024. The port range `25,110-161,6000` would result in 3
769 nodes being allocated. Single ports are taken as single ranges (port
770 25 ends up being 25-25). A port list range without a terminating port
771 (port_num - ) is considered shorthand for (port_num - 65535). The
772 arguments are a pointer to libnet_plist_chain pointer (which will end
773 up being the head of the linked list) and pointer to the port list
774 itself. The function checks this character port list for valid tokens
775 (1234567890,- ) and returns an error if an unrecognized token is found.
776 Upon success the function returns 1, and head points to the newly
777 formed port list (and also contains the number of nodes in the list.
778 If an error occurs (an unrecognized token is found or malloc fails) -1
779 is returned and head is set to NULL. libnet_plist_chain_next_pair()
780 should be used to extract port list pairs.
781 libnet_plist_chain_next_pair() fetchs the next pair of ports from the
783 list. The function takes a pointer to the head of the prebuilt list
784 and a pointer to a u_short that will contain the beginning port and a
785 pointer to a u_short that will contain the ending port. The function
786 returns 1 and fills in these values if there are nodes remaining, or if
787 the port list chain is exhausted, it returns 0.
788 libnet_plist_chain_dump() prints the list (as lists of integers).
790 libnet_plist_chain_dump_string() returns a string containing the port
792 list chain.
793 libnet_plist_chain_free() frees the entire list.
795 libnet_error() dumps an error message to stderr. Included is the
797 severity of the message (LIBNET_ERR_WARNING, LIBNET_ERR_CRITICAL, or
798 LIBNET_ERR_FATAL) and the message string itself. If the severity is
799 LIBNET_ERR_FATAL, the function will exit the program. This is the only
800 defined exit point in the whole library.
801
805 libnet_build_asn1_int()
806 libnet_build_asn1_uint()
808 libnet_build_asn1_string()
810 libnet_build_asn1_header()
812 libnet_build_asn1_length()
814 libnet_build_asn1_sequence()
816 libnet_build_asn1_objid()
818 libnet_build_asn1_null()
820 libnet_build_asn1_bitstring()
822
825 To make your life and code cleaner, libnet defines symbolic constants
826 to make your life easier.
827 Default packet header sizes:
829 LIBNET_ARP_H ARP
831 LIBNET_DNS_H DNS
832 LIBNET_ETH_H ethernet
833 LIBNET_ICMP_H ICMP header (base)
834 LIBNET_ICMP_ECHO_H ICMP_ECHO / ICMP_ECHOREPLY
835 LIBNET_ICMP_MASK_H ICMP_MASKREQ / ICMP_MASKREPLY
836 LIBNET_ICMP_UNREACH_H ICMP_UNREACHABLE (base)
837 LIBNET_ICMP_REDIRECT_H ICMP_REDIRECT (base)
838 LIBNET_ICMP_TS_H ICMP_TSTAMP (base)
839 LIBNET_ICMP_TIMXCEED_H ICMP_TIMXCEED (base)
840 LIBNET_IGMP_H IGMP
841 LIBNET_IP_H IP
842 LIBNET_RIP_H RIP
843 LIBNET_TCP_H TCP
844 LIBNET_UDP_H UDP
845 LIBNET_VRRP_H VRRP (base)
846 Standard memory sizes for packets:
848 LIBNET_PACKET Standard packet size (IP_H + TCP_H)
850 LIBNET_OPTS Maximum IP options list
851 LIBNET_MAX_PACKET Maximum IPv4 packet size
852 Other constants you should know about:
855 IP Type Of Service constants:
857 IPTOS_LOWDELAY Minimize delay
859 IPTOS_THROUGHPUT Maximize throughput
860 IPTOS_RELIABILITY Maximize reliability
861 IPTOS_MINCOST Minimize monetary cost
862 IP Fragmentation flags:
865 IP_DF Don't fragment this datagram
867 IP_MF More fragments en route
868 TCP control bits:
871 TH_URG Urgent flag
873 TH_ACK Acknowledgement field valid
874 TH_PUSH Push this data to application layer
875 TH_RST Reset the referenced connection
876 TH_SYN Synchronize connection state
877 TH_FIN Finished sending data
878
882 To properly compile your applications under libnet, you should use the
883 `libnet-config` script. This script is created during the GNU config‐
884 ure process will ensure that future compilations linked against libnet
885 contain the correct CPP and CFLAG options as well as additional
886 libraries for the targeted architecture. To invoke it simply:
887 gcc `libnet-config --defines --cflags` foo.c -o foo `libnet-config
889 --libs`
890 The script handles all libnet dependencies and concessions for the
892 architecture it was compiled on.
893
896 pcap(3), bpf(4), dlpi(7P)
897
899 Mike D. Schiffman <mike@infonexus.com> See the online web reference
900 manual for additional contributers.
901 The current version is always available:
903 http://www.packetfactory.net/libnet
905
907 Solaris raw sockets are cooked. They do not allow one to set the
908 ip_len, ip_frag or the ip_id (including IP options at the raw socket
909 layer doesn't work either). To work around this, use the link-layer API
910 instead of raw socket functions.
911 The Berkeley Packet Filter alone does not allow for the arbitrary spec‐
913 ification of source ethernet addresses. This is not so much a bug as
914 an oversight in the protocol. Included with the distribution is lkm
915 code to work around this (FreeBSD has support for an ioctl that works
916 around this).
917 The OSPF functionality has not been extensively tested as yet and is
919 considered to be in beta release.
920 Please send bug reports to mike@infonexus.com.
922libnet 1.0.2 01 17 2001 LIBNET(3)