Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] - نسخه متنی

Mike D. Schiffman

نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
افزودن یادداشت
افزودن یادداشت جدید







Packet Builder Functions

The core of libnet is the platform-independent packet-building functionality. These functions enable an application programmer to build protocol headers (and data) in a simple and consistent manner without having to worry (too much) about low-level network odds and ends. Each libnet_build() function builds a piece of a packet (generally a protocol header). While it is perfectly possible to build an entire, ready-to-transmit packet with a single call to a libnet_build() function, generally more than one builder-class function call is required to construct a full packet. A "complete" wire-ready packet generally consists of more than one piece.

Every function that builds a protocol header takes a series of arguments roughly corresponding to the header values as they appear on the wire. This process is intuitive but often makes for functions with huge prototypes and large stack frames.

One important thing to note is that you must call these functions in order, corresponding to how they should appear on the wire (from the highest protocol layer on down). This building process is intuitive; it approximates what happens in an operating system kernel. In other words, to build a Network Time Protocol (NTP) packet by using the link-layer interface, the application programmer would call the libnet_build() functions in the following order:



libnet_build_ntp()



libnet_build_udp()



libnet_build_ipv4()



libnet_build_ethernet()



This ordering is essential for libnet 1.1.0 to properly link together the packet internally (previous libnet versions did not have the requirement).

Figure 3.2 shows the protocols that libnet's packet construction functionality support and their general relationships within the context of the ISO Open Systems Interconnectivity (OSI) 7 layer model. Note that libnet supports arbitrary application programmer specified protocols via the libnet_build_data() interface (the "other" protocols).


Figure 3.2: Libnet-supported protocols and their relationships.

All standard libnet_build() functions take the same final four arguments, as Table 3.3 summarizes.














































Table 3.3: Packet Builder Function Final Four Arguments

ARGUMENT


DATATYPE


MEANING


OPTIONAL?





payload


u_char *


Pointer to a byte array containing a payload


Yes (NULL)





payload_s


u_long


Size of the payload


Yes (0)





1


libnet_t


Pointer to the libnet descriptor


No





ptag


libnet_ptag_t


ID of the protocol unit to modify


Yes (0)







The optional arguments are just that, and the value in parentheses can replace them if they are not to be used.

The four libnet_build() functions that do not take the same final four arguments are as follows:



libnet_autobuild_ethernet(). No payload or ptag



libnet_autobuild_ipv4(). No payload, payload_s, or ptag



libnet_build_ipv4_options(). No payload or payload_s



libnet_build_tcp_options(). No payload or payload_s




The Payload Interface


The payload interface specifies an optional way to include data directly after the protocol header in question. You can use this function for a variety of purposes, including the following:



Including additional or arbitrary protocol header information that is not available from a libnet interface



Including a packet payload (data segment)



Building another protocol header that is not available from a libnet interface



To employ the interface, the application programmer should construct the payload data and pass a u_char * to this data and its size to the desired libnet_build() function. Libnet handles the rest. The example code at the end of this chapter employs this interface to include a packet payload after a UDP header.


Libnet Header Sizes


Certain libnet_build() functions require packet length arguments. For example, libnet_build_ipv4() requires the application programmer to specify the entire IP packet length as the first argument. To make this process easier, libnet includes a list of symbolic constants corresponding to header length values in bytes for every supported protocol (for protocols with variable sized headers, the only base header size is defined). This list appears in Table 3.4.


































































































































































































































Table 3.4: Header Sizes

PROTOCOL


HEADER SIZE


SYMBOLIC CONSTANT





802.1q


18 bytes


LIBNET_802_1Q_H





802.2 (LLC)


3 bytes


LIBNET_802_2_H





802.2 (LLC/SNAP)


8 bytes


LIBNET_802_2SNAP_H





802.3


14 bytes


LIBNET_802_3_H





ARP (base)


8 bytes


LIBNET_ARP_H





ARP (Ethernet)


28 bytes


LIBNET_ARP_ETH_H





CDP


8 bytes


LIBNET_CDP_H





DHCPv4


240 bytes


LIBNET_DHCPV4_H





DNSv4


12 bytes


LIBNET_DNS_H





DIX Ethernet II


14 bytes


LIBNET_ETHERNET_H





ICMPv4 echo


8 bytes


LIBNET_ICMPV4_ECHO_H





ICMPv4 mask


12 bytes


LIBNET_ICMPV4_MASK_H





ICMPv4 unreachable


8 bytes


LIBNET_ICMPV4_UNREACH_H





ICMPv4 time-exceeded


8 bytes


LIBNET_ICMPV4_TIMEXCEED_H





ICMPv4 redirect


8 bytes


LIBNET_ICMPV4_REDIRECT_H





ICMPv4 timestamp


20 bytes


LIBNET_ICMPV4_TS_H





IGMP


8 bytes


LIBNET_IGMP_H





IPv4


20 bytes


LIBNET_IPV4_H





IPv6


40 bytes


LIBNET_IPV6_H





IPSEC ESP header


12 bytes


LIBNET_IPSEC_ESP_HDR_H





IPSEC ESP trailer


2 bytes


LIBNET_IPSEC_ESP_FTR_H





IPSEC AH


16 bytes


LIBNET_IPSEC_AH_H





OSPFv2


16 bytes


LIBNET_OSPF_H





OSPFv2 hello


24 bytes


LIBNET_OSPF_HELLO_H





OSPFv2 DBD


8 bytes


LIBNET_DBD_H





OSPFv2 LSR


12 bytes


LIBNET_LSR_H





OSPFv2 LSU


4 bytes


LIBNET_LSU_H





OSPFv2 LSA


20 bytes


LIBNET_LSA_H





NTP


48 bytes


LIBNET_NTP_H





RIP


24 bytes


LIBNET_RIP_H





STP


35 bytes


LIBNET_STP_H





TCP


20 bytes


LIBNET_TCP_H





UDP


8 bytes


LIBNET_UDP_H





VRRP


8 bytes


LIBNET_VRRP_H








Protocol Tags and Libnet Packet Builder Return Values


Libnet uses the protocol tag (ptag) to identify individual pieces of a packet after being created. A new ptag results every time a libnet_ build() function with an empty (0) ptag argument completes successfully. This new ptag now refers to the packet piece just created. The application programmer's responsibility is to save this value if he or she plans to modify this particular portion later on in the program. If the application programmer needs to modify some values of that particular packet piece again, he or she calls the same libnet_build() function specifying the saved ptag argument. Libnet then searches for that packet piece and modifies it rather than creating a new one. Upon failure for any reason, libnet_build() functions return -1; libnet_geterror() tells you why.



libnet_ptag_t libnet_build_802_lq(u_char *dst, u_char *src,
u_short tpi, u_char priority, u_char cfi, u_short vid,
u_short len, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_802_lq() builds an IEEE 802.lq VLAN tagging header. Depending on the value of len, the function wraps the 802.lq header inside either an IEEE 802.3 header or an RFC 894 Ethernet II (DIX) header (both resulting in an 18-byte frame). If len is 1500 or less, most receiving protocol stacks parse the frame as an IEEE 802.3 encapsulated frame. If len is one of the Ethernet types in Table 3.6, most protocol stacks parse the frame as an RFC 894 Ethernet II encapsulated frame. The function takes arguments (see Table 3.5).






























































Table 3.5: libnet_build_802_lq() Arguments

ARGUMENT


MEANING





dst


destination MAC address





src


source MAC address





tpi


tag protocol identifier





priority


priority





cfi


canonical format indicator, should be 1 or 0





vid


VLAN identifier





len


802.3: length of the frame (SANS 802.1 q), Ethernet II: layer 3 protocol
































































Table 3.6: Ethernet-Type Symbolic Constants

CONSTANT


MEANING





ETHERTYPE_PUP


PUP protocol





ETHERTYPE_IP


IP protocol





ETHERTYPE_ARP


ARP protocol





ETHERTYPE_REVARP


RARP protocol





ETHERTYPE_VLAN


IEEE 802. 1Q VLAN tagging





ETHERTYPE_LOOPBACK


test







Table 3.6 summarizes the different Ethernet-type symbolic constants associated with len (for an RFC 894 encapsulated frame). These constants specify the layer 3 protocol in several link-layer protocols, including 802.lq., 802.2, ARP, RARP, and Ethernet II.



libnet_ptag_t libnet_build_802_2(u_char dsap, u_char dsap,
u_char control, u_char *payload, u_long payload_s, libnet_t
*1, libnet_ptag_t ptag);


libnet_build_802_2() builds an IEEE 802.2 link-layer control (LLC) header. The function takes arguments (see Table 3.7).








































Table 3.7: libnet_build_802_2() Arguments

ARGUMENT


MEANING





dsap


destination service access point





ssap


destination service access point





control


control







Table 3.6 summarizes the different symbolic constants for type. Table 3.8 summarizes the different values for some of the service access point values.


































Table 3.8: Service Access Point Symbolic Constants

CONSTANT


MEANING





LIBNET_SAP_STP


spanning tree protocol header follows





LIBNET_SAP_SNAP


SNAP header follows









libnet_ptag_t libnet_build_802_2snap(u_char dsap, u_char
dsap, u_char control, u_char *oui, u_short type, u_char
*payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_802_2snap() builds an IEEE 802.2 Link-Layer Control/Subnetwork Attachment Point (LLC/SNAP) header. The function takes arguments (see Table 3.9).




















































Table 3.9: libnet_build_802_2snap() Arguments

ARGUMENT


MEANING





dsap


destination service access point (should be Oxaa)





ssap


destination service access point (should be Oxaa)





control


control





oui


3-byte organizationally unique identifier





type


upper layer protocol







Table 3.6 summarizes the different symbolic constants for type.



libnet_ptag_t libnet_build_802_3(u_char *dst, u_char *src,
u_short tpi, u_char priority, u_char cfi, u_short vid,
u_short len, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_802_3() builds an IEEE 802.3 header. The 802.3 header is almost identical to the RFC 894 Ethernet II header-the exception being that the field immediately following the source address holds the frame's length (as opposed to the layer 3 protocol). You should only use this function when libnet is initialized with the LIBNET_LINK interface. The function takes arguments (see Table 3.10).








































Table 3.10: libnet_build_802_3() Arguments

ARGUMENT


MEANING





dst


destination MAC address





src


source MAC address





len


frame's entire length SANS 802.3 header







The reader should note that an 802.2 LLC/SNAP header generally always proceeds the 802.3 header.



libnet_ptag_t libnet_build_arp(u_short hrd, u_short pro,
u_short hln, u_short pln, u_short op, u_char *sha, u_char
*spa, u_char *tpa, u_char *tpa, u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_arp() builds an Address Resolution Protocol (ARP) header. Depending on the op value, the function builds one of several different types of RFC 826 ARP or RFC 903 RARP packets. The function takes arguments (see Table 3.11).












































































Table 3.11: libnet_build_arp() Arguments

ARGUMENT


MEANING





hrd


hardware address format





pro


protocol address format





hln


hardware address length





pln


protocol address length





op


ARP operation type





sha


sender's hardware address





spa


sender's protocol address





tha


target's hardware address





tpa


target's protocol address







Table 3.12 summarizes the different symbolic constants associated with hrd.




































































































Table 3.12: libnet_build_arp() Hardware Address Symbolic Constants

CONSTANT


MEANING





ARPHRD_NETROM


KA9Q: NET/ROM pseudo





ARPHRD_ETHER


Ethernet (10Mbps and higher)





ARPHRD_EETHER


Experimental Ethernet (3Mbps)





ARPHRD_AX25


Amateur Radio AX.25 Level 2





ARPHRD_PRONET


PROnet token ring





ARPHRD_CHAOS


Chaosnet





ARPHRD_IEEE802


IEEE 802.2 networks





ARPHRD_ARCNET


ARCnet





ARPHRD_APPLETLK


APPLEtalk





ARPHRD_DLCI


Frame Relay DLCI





ARPHRD_ATM


ATM





ARPHRD_METRICOM


Metricom STRIP





ARPHRD_IPSEC


IP sec tunnel







Table 3.6 summarizes the different symbolic constants for pro. Table 3.13 summarizes the different symbolic constants associated with op.


























































Table 3.13: libnet_build_arp() Operation Type Symbolic Constants

CONSTANT


MEANING





ARPOP_REQUEST


request





ARPOP_REPLY


reply





ARPOP_REVREQUEST


request reverse (RARP)





ARPOP_REVREPLY


reply reverse (RARP)





ARPOP_INVREQUEST


InARP request





ARPOP_INVREPLY


InARP reply









libnet_ptag_t libnet_build_bootpv4(u_char opcode, u_char
htype, u_char hlen, u_char hopcount, u_long xid, u_short
secs, u_short unused, u_long cip, u_long yip, u_long sip,
u_long gip, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_bootpv4() builds an IP version 4 RFC 951 Bootstrap Protocol header. The function takes arguments (see Table 3.14).
























































































Table 3.14: libnet_build_bootpv4() Arguments

ARGUMENT


MEANING





opcode


operation code





htype


hardware address type





hlen


hardware length





hopcount


hop count used by proxy servers





xid


transaction id





secs


number of seconds since transaction began





unused


unused or used as flags





cip


client IP address





yip


your IP address





sip


server IP address





gip


gateway IP address







The BOOTP protocol also accepts optional additional variable length and size arguments. To include these, the programmer uses the payload interface. Table 3.15 summarizes the opcode symbolic constants.


































Table 3.15: libnet_build_bootpv4() Operation Code Symbolic Constants

CONSTANT


MEANING





LIBNET_DHCP_REQUEST


DHCP/BOOTP request





LIBNET_DHCP_REPLY


DHCP/BOOTP reply









libnet_ptag_t libnet_build_cdp(u_char version, u_char ttl,
u_short sum, u_short type, u_short len, u_char *value, u_char
*payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);


libnet_build_cdp() builds a Cisco Discovery Protocol (CDP) header. Cisco Systems designed CDP to aid in the network management of adjacent Cisco devices. The function takes arguments (see Table 3.16).


























































Table 3.16: libnet_build_cdp() Arguments

ARGUMENT


MEANING





version


version





ttl


time information in the packet should be retained by the recipient





sum


checksum





type


packet type





len


length of the value argument in bytes





value


a type defined byte string







The CDP protocol also accepts an arbitrary number of additional "type / length / value" arguments. To include these, the programmer could either use the payload interface or libnet_build_data() to construct them. Table 3.17 summarizes the type symbolic constants.
































































Table 3.17: libnet_build_cdp() Type Symbolic Constants

CONSTANT


MEANING





LIBNET_CDP_DEVID


device id





LIBNET_CDP_ADDRESS


address(es) for the interface the CDP packet is being sent on





LIBNET_CDP_PORTID


port id for the interface the CDP packet is being sent on





LIBNET_CDP_CAPABIL


device capabilities





LIBNET_CDP_VERSION


software version





LIBNET_CDP_PLATFORM


hardware platform





LIBNET_CDP_IPPREFIX


ip prefix









libnet_ptag_t libnet_build_data(u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_data() builds a generic data unit. This function does not build a specific protocol header; rather, it appends an application programmer-specified block of data to the end of the packet list. Other than having no header arguments, it behaves exactly the same as every other protocol builder function.



libnet_ptag_t libnet_build_dhcpv4(u_char opcode, u_char
htype, u_char hlen, u_char hopcount, u_long xid, u_short
secs, u_short flags, u_long cip, u_long yip, u_long sip,
u_long gip, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_dhcpv4() builds an IP version 4 RFC 2131 Dynamic Host Configuration Protocol header. The use of this function is identical to libnet_build_bootpv4().



libnet_ptag_t libnet_build_dnsv4(u_short id, u_short flags,
u_short num_q, u_short num_anws_rr, u_short num_auth_rr,
u_short num_addi_rr, u_char *payload, u_long payload_s,
libnet_t *1, libnet_ptag_t ptag);


libnet_build_dnsv4() builds an RFC 1035 IP version 4 DNS header. The function takes arguments (see Table 3.18).


























































Table 3.18: libnet_build_dnsv4() Arguments

ARGUMENT


MEANING





id


ID





flags


control flags





num_q


number of questions





num_anws_rr


number of answer resource records





num_auth_rr


number of authority resource records





num_addi_rr


number of additional resource records









libnet_ptag_t libnet_build_ethernet(u_char *dst, u_char *src,
u_short type, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_ethernet() builds an RFC 894 Ethernet II header. The RFC 894 Ethernet II header is almost identical to the IEEE 802.3 header, with the exception that the field immediately following the source address holds the layer 3 protocol (as opposed to frame's length). You should only use this function when libnet is initialized with the LIBNET_LINK interface. The function takes arguments (see Table 3.19).








































Table 3.19: libnet_build_ethernet() Arguments

ARGUMENT


MEANING





dst


destination Ethernet address





src


source Ethernet address





type


type of data to follow (upper layer protocol)







The type symbolic constants are the Ethernet type symbolic constants in Table 3.6.



libnet_ptag_t libnet_autobuild_ethernet(u_char *dst, u_short type,
libnet_t *1);


libnet_autobuild_ethernet() auto builds an Ethernet protocol header. The function is useful to build an Ethernet header quickly when the extra functionality is not needed. The function takes the same dst and type arguments (see Table 3.19). The function does not accept a ptag argument, but it does return a ptag. In other words, you can use it to build a new Ethernet header but not to modify an existing one.



libnet_ptag_t libnet_build_icmpv4_echo(u_char type, u_char
code, u_short sum, u_short id, u_short seq, u_char *payload,
u_long payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_icmpv4_echo() builds an IP version 4 RFC 792 Internet Control Message Protocol echo request/reply header. The function takes arguments (see Table 3.20).




















































Table 3.20: libnet_build_icmpv4_echo() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_ECHOREPLY or ICMP_ECHO)





code


code of ICMP packet (should be 0)





sum


checksum





id


identification number





seq


sequence number









libnet_ptag_t libnet_build_icmpv4_mask(u_char type, u_char
code, u_short sum, u_short id, u_short seq, u_long mask,
u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_icmpv4_mask() builds an IP version 4 RFC 792 Internet Control Message Protocol IP netmask request/reply header. The function takes arguments (see Table 3.21).


























































Table 3.21: libnet_build_icmpv4_mask() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_MASKREQ or ICMP_MASKREPLY)





code


code of ICMP packet (should be 0)





sum


checksum





id


identification number





seq


sequence number





mask


subnet mask









libnet_ptag_t libnet_build_icmpv4_timestamp(u_char type,
u_char code, u_short sum, u_short id, u_short seq, n_time
otime, n_time rtime, n_time ttime, u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_icmpv4_timestamp() builds an IP version 4 RFC 792 Internet Control Message Protocol timestamp request/reply header. The function takes arguments (see Table 3.22).






































































Table 3.22: libnet_build_icmpv4_timestamp() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_TSTAMP or ICMP_TSTAMPREPLY)





code


code of ICMP packet (should be 0)





sum


checksum





id


identification number





seq


sequence number





otime


originate timestamp





rtime


receive timestamp





ttime


transmit timestamp









libnet_ptag_t libnet_build_icmpv4_unreach(u_char type, u_char
code, u_short sum, u_short orig_len, u_char
orig_tos, u_short orig_id, u_short orig_frag, u_char orig_ttl, u_char
orig_prot, u_short orig_check, u_long orig_src, u_long
orig_dst, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_icmpv4_unreach() builds an IP version 4 RFC 792 Internet Control Message Protocol unreachable header. The function takes arguments (see Table 3.23). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP unreachable message in the first place).


















































































Table 3.23: libnet_build_icmpv4_unreach() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_UNREACH)





code


code of ICMP packet (should be one of the 16 unreachable codes)





sum


checksum





orig_id


original IP header identification





orig_frag


original IP header fragmentation information





orig_ttl


orginal IP header time to live





orig_prot


original IP header protocol





orig_check


original IP header checksum





orig_src


original IP header source address





orig_dst


original IP header destination address









libnet_ptag_t libnet_build_icmpv4_timeexceed(u_char type,
u_char code, u_short sum, u_short orig_len, u_char orig_tos,
u_short orig_id, u_short orig_frag, u_char orig_ttl, u_char
orig_prot, u_short orig_check, u_long orig_src, u_long
orig_dst, u_char *payload, u_long payload_s, libnet_t *l,
libnet_ptag_t ptag);


libnet_build_icmpv4_timeexceed() builds an IP version 4 RFC 792 Internet Control Message Protocol time exceeded header. The function takes arguments (see Table 3.24). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP time exceeded message in the first place).


















































































Table 3.24: libnet_build_icmpv4_timeexceed() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_TIMXCEED)





code


code of ICMP packet (should be either ICMP_TIMXCEED_INTRANS or ICMP_TIMXCEED_REASS)





sum


checksum





orig_id


original IP header identification





orig_frag


original IP header fragmentation information





orig_ttl


orginal IP header time to live





orig_prot


original IP header protocol





orig_check


original IP header checksum





orig_src


original IP header source address





orig_dst


original IP header destination address









libnet_ptag_t libnet_build_icmpv4_redirect(u_char type,
u_char code, u_short sum, u_long gateway, u_short orig_len,
u_char orig_tos, u_short orig_id, u_short orig_frag, u_char
orig_ttl, u_char orig_prot, u_short orig_check, u_long
orig_src, u_long orig_dst, u_char *payload, u_long payload_s,
libnet_t *1, libnet_ptag_t ptag);


libnet_build_icmpv4_redirect() builds an IP version 4 RFC 792 Internet Message Control Protocol redirect header. The function takes arguments (see Table 3.25). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP redirect message in the first place).


















































































Table 3.25: libnet_build_icmpv4_redirect() Arguments

ARGUMENT


MEANING





type


type of ICMP packet (should be ICMP_REDIRECT)





code


code of ICMP packet (should be one of the four redirect codes)





sum


checksum





orig_id


original IP header identification





orig_frag


original IP header fragmentation information





orig_ttl


original IP header time to live





orig_prot


original IP header protocol





orig_check


original IP header checksum





orig_src


original IP header source address





orig_dst


original IP header destination address









libnet_ptag_t libnet_build_ipv4(u_short len, u_char tos,
u_short id, u_short frag, u_char ttl, u_char prot, u_short
sum, u_long src, u_long dst, u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_ipv4() builds a version 4 RFC 791 Internet Protocol header. The function takes arguments (see Table 3.26). Table 3.27 summarizes the tos symbolic constants. Table 3.28 summarizes the frag symbolic constants.












































































Table 3.26: libnet_build_ipv4() Arguments

ARGUMENT


MEANING





len


total length of the IP packet





tos


type of service bits





id


IP identification number





frag


fragmentation bits and offset





ttl


time to live in the network





prot


upper layer protocol





sum


checksum





src


source IPv4 address (little endian)





dst


destination IPv4 address (little endian)




















































Table 3.27: libnet_build_ipv4() tos Symbolic Constants

CONSTANT


MEANING





IPTOS_LOWDELAY


type of service, minimize delay





IPTOS_THROUGHPUT


type of service, maximize throughput





IPTOS_RELIABILITY


type of service, maximize reliability





IPTOS_LOWCOST


type of service, minimize monetary cost




















































Table 3.28: libnet_build_ipv4() frag Symbolic Constants

CONSTANT


MEANING





IP_RF


reserved fragmentation bit





IP_DF


don't fragment this datagram





IP_MF


more fragments coming





IP_OFFMASK


mask used to get offset







The protocol field can be any upper-layer protocol number found in /etc/protocols on any modern UNIX system. For example, a TCP packet would have this field set to IPPROTO_TCP, and a UDP packet would have this field set to IPPROTO_UDP.



libnet_ptag_t libnet_autobuild_ipv4(u_short len, u_char prot,
u_long dst, libnet_t *1);


libnet_autobuild_ipv4() auto builds a version 4 Internet Protocol header. The function is useful to build an IP header quickly when you do not need a granular level of control. The function takes the same len, prot, and dst arguments (see Table 3.26). The function does not accept a ptag argument, but it does return a ptag. In other words, you can use it to build a new IP header but not to modify an existing one.



libnet_ptag_t libnet_build_ipv4_options(u_char *options,
u_long options_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_ipv4_options() builds an IP version 4 options header. The function takes arguments (see Table 3.29).


































Table 3.29: libnet_build_ipv4_options() Arguments

ARGUMENT


MEANING





options


the byte string of options





options_s


the length of the options string







The function expects options to be a valid IP options string of size options_s, no larger than 40 bytes (the maximum size of an options string). The function checks to make sure that the preceding header is an IPv4 header and that the options string would not result in a packet larger than 65,535 bytes (IPMAXPACKET). The function counts up the number of 32-bit words in the options string and adjusts the IP header length value as necessary.



libnet_ptag_t libnet_build_ipv6(u_char tc, u_long fl, u_short
len, u_char nh, u_char hl, struct libnet_in6_addr src, struct
libnet_in6_addr dst, u_char *payload, u_long payload_s, libnet_t *l,
libnet_ptag_t ptag);


libnet_build_ipv6() builds a version 6 RFC 2460 Internet Protocol header. The function takes arguments (see Table 3.30).
































































Table 3.30: libnet_build_ipv6() Arguments

ARGUMENT


MEANING





tc


traffic class





fl


flow label





len


total length of the IP packet





nh


next header





hl


hop limit





src


source IPv6 address





dst


destination IPv6 address









libnet_ptag_t libnet_build_ntp(u_char leap_indicator, u_char
version, u_char mode, u_char stratum, u_char poll, u_char
precision, u_short delay_int, u_short delay_frac, u_short
dispersion_int, u_short dispersion_frac, u_long reference_id,
u_long ref_ts_int, u_long ref_ts_frac, u_long orig_ts_int,
u_long orig_ts_frac, u_long rec_ts_int, u_long rec_ts_frac,
u_long xmt_ts_int, u_long xmt_ts_frac, u_char *payload,
u_long payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_ntp() builds a Network Time Protocol header (RFCs 1119 and 1305). The function's massive argument list appears in Table 3.31.








































































































































Table 3.31: libnet_build_ntp() Arguments

ARGUMENT


MEANING





leap_indicator


leap indicator





version


version





mode


mode





stratum


stratum





poll


polling interval (should be between 4–12)





precision


precision





delay_int


root delay integer





delay_frac


root delay fraction





dispersion_int


dispersion integer





dispersion_frac


dispersion fraction





reference_id


reference id





ref_ts_int


reference timestamp integer





ref_ts_frac


reference timestamp fraction





orig_ts_int


originate timestamp integer





orig_ts_frac


originate timestamp fraction





rec_ts_int


receive timestamp integer





rec_ts_frac


receive timestamp fraction





xmt_ts_int


transmit timestamp integer





xmt_ts_frac


transmit timestamp fraction







Table 3.32 summarizes the leap_indicator symbolic constants.














































Table 3.32: libnet_build_ntp() leap Indicator Symbolic Constants

CONSTANT


MEANING





LIBNET_NTP_LI_NW


no warning





LIBNET_NTP_LI_AS


the last minute has 61 seconds





LIBNET_NTP_LI_DS


the last minute has 59 seconds





LIBNET_NTP_LI_AC


alarm condition







Table 3.33 summarizes the version symbolic constants.








































Table 3.33: libnet_build_ntp() version Symbolic Constants

CONSTANT


MEANING





LIBNET_NTP_VN_2


version 2





LIBNET_NTP_VN_3


version 3





LIBNET_NTP_VN_4


version 4







Table 3.34 summarizes the mode symbolic constants.






































































Table 3.34: libnet_build_ntp() mode Symbolic Constants

CONSTANT


MEANING





LIBNET_NTP_MODE_R


reserved





LIBNET_NTP_MODE_A


symmetric active





LIBNET_NTP_MODE_P


symmetric passive





LIBNET_NTP_MODE_C


client





LIBNET_NTP_MODE_S


server





LIBNET_NTP_MODE_B


broadcast





LIBNET_NTP_MODE_RC


reserved for NTP control messages





LIBNET_NTP_MODE_RP


reserved for private use







Table 3.35 summarizes the stratum symbolic constants. In addition to those listed, the NTP protocol specifies that stratum values from 0x2-0xf are considered secondary, and values from 0x10-0xff are reserved.


































Table 3.35: libnet_build_ntp() stratum Symbolic Constants

CONSTANT


MEANING





LIBNET_NTP_STRATUM_UNAVAIL


unspecified or unavailable





LIBNET_NTP_STRATUM_PRIMARY


primary reference (radio clock)







Table 3.36 summarizes the reference_id symbolic constants.






















































































































Table 3.36: libnet_build_ntp() reference id Symbolic Constants

CONSTANT


MEANING





LIBNET_NTP_REF_LOCAL


uncalibrated local clock





LIBNET_NTP_REF_PPS


atomic / pps clock





LIBNET_NTP_REF_ACTS


NIST dial-up modem





LIBNET_NTP_REF_USNO


USNO modem service





LIBNET_NTP_REF_PTB


PTB (German) modem service





LIBNET_NTP_REF_TDF


Allouis (French) radio





LIBNET_NTP_REF_DCF


MainFlingen (German) radio





LIBNET_NTP_REF_MSF


Rugby (UK) radio





LIBNET_NTP_REF_WWV


Ft. Collins (US) radio





LIBNET_NTP_REF_WWVB


Boulder (US) radio





LIBNET_NTP_REF_WWVH


Kaui Hawaii (US) radio





LIBNET_NTP_REF_CHU


Ottawa (Canada) radio





LIBNET_NTP_REF_LORC


LORAN-C radionavigation





LIBNET_NTP_REF_OMEG


OMEGA radionavigation





LIBNET_NTP_REF_GPS


global positioning system





LIBNET_NTP_REF_GOES


geostationary orbit environment satellite









libnet_ptag_t libnet_build_ospfv2(u_short len, u_char type,
u_long rtr_id, u_long area_id, u_short sum, u_short autype,
u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_ospfv2() builds a version 2 RFC 2328 Open Shortest Path First Protocol header. This function builds the top level OSPF header while the functions following it build OSPF subheaders. The function takes arguments (see Table 3.37). Table 3.38 summarizes the type symbolic constants. Table 3.39 summarizes the autype symbolic constants.


























































Table 3.37: libnet_build_ospfv2() Arguments

ARGUMENT


MEANING





len


total length of the OSPF packet





type


type of OSPF packet





rtr_id


source router id





area_id


roaming id





sum


checksum





autype


authentication type


























































Table 3.38: libnet_build_ospfv2() type Symbolic Constants

CONSTANT


MEANING





LIBNET_OSPF_HELLO


hello packet





LIBNET_OSPF_DBD


database description packet





LIBNET_OSPF_LSR


link state request packet





LIBNET_OSPF_LSU


link state update packet





LIBNET_OSPF_LSA


link state acknowledgement packet














































Table 3.39: libnet_build_ospfv2() autype Symbolic Constants

CONSTANT


MEANING





LIBNET_OSPF_AUTH_NULL


no authentication





LIBNET_OSPF_AUTH_SIMPLE


simple eight character password





LIBNET_OSPF_AUTH_MD5


MD5 hash









libnet_ptag_t libnet_build_ospfv2_hello(u_long netmask,
u_short interval, u_char opts, u_char priority, u_int
dead_int, u_long des_rtr, u_long bkup_rtr, u_long neighbor,
u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_ospfv2_hello() builds an Open Shortest Path First Protocol Hello header. The function takes arguments (see Table 3.40).






































































Table 3.40: libnet_build_ospfv2_hello() Arguments

ARGUMENT


MEANING





netmask


netmask associated with the interface





interval


number of seconds between the router's last packet





opts


options





priority


router priority





dead_int


number of seconds of silence before router is deemed down





des_rtr


designated router





bkup_rtr


backup router





neighbor


neighbor router







You can add additional neighbor routers as needed by using either the pay-load interface or libnet_build_data().



libnet_ptag_t libnet_build_ospfv2_dbd(u_short dgram_len,
u_char opts, u_char type, u_int seqnum, u_char *payload,
u_long payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_ospfv2_dbd() builds an OSPF database description header. The function takes arguments (see Table 3.41). The type symbolic constants appear in Table 3.42.














































Table 3.41: libnet_build_ospfv2_dbd() Arguments

ARGUMENT


MEANING





dgram_len


MTU of interface





opts


options





type


type of exchange





seqnum


dbd sequence number














































Table 3.42: libnet_build_ospfv2_dbd() type Symbolic Constants

CONSTANT


MEANING





LIBNET_DBD_IBI


initialization





LIBNET_DBD_MBIT


more DBD packets en route





LIBNET_DBD_MSBIT


sender is master during this exchange









libnet_ptag_t libnet_build_ospfv2_lsr(u_int type, u_int lsid,
u_long advrtr, u_char *payload, u_long payload_s, libnet_t
*1, libnet_ptag_t ptag);


libnet_build_ospfv2_lsr() builds an OSPF link state request header. The function takes arguments (see Table 3.43).








































Table 3.43: libnet_build_ospfv2_lsr() Arguments

ARGUMENT


MEANING





type


type of link state





lsid


link state id





advrtr


advertising router







All link state packets use type symbolic constants summarized in Table 3.44. You can add additional advrtr routers as needed by using the payload interface or libnet_build_data().




















































Table 3.44: libnet_build_ospfv2_lsr() type Symbolic Constants

CONSTANT


MEANING





LIBNET_LS_TYPE_RTR


router LSA





LIBNET_LS_TYPE_NET


network LSA





LIBNET_LS_TYPE_IP


summary LSA (IP Network)





LIBNET_LS_TYPE_ASBR


summary-LSA (ASBR)





LIBNET_LS_TYPE_ASEXT


AS external LSA









libnet_ptag_t libnet_build_ospfv2_lsu(u_int num, u_char
*payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);


libnet_build_ospfv2_lsu() builds an OSPF link state update header. num contains the number of link state advertisements to be broadcasted.



libnet_ptag_t libnet_build_ospfv2_lsa(u_short age, u_char
opts, u_char type, u_int lsid, u_long advrtr, u_int seqnum,
u_short sum, u_short len, u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_ospfv2_lsa() builds an OSPF link state acknowledgment header. The function takes arguments (see Table 3.45).






































































Table 3.45: libnet_build_ospfv2_lsa() Arguments

ARGUMENT


MEANING





age


time in seconds since LSA originated





opts


options





type


type





lsid


link state id





advrtr


advertising router





seqnum


sequence number





sum


checksum





len


length of LSA packet









libnet_ptag_t libnet_build_rip(u_char cmd, u_char version,
u_short rd, u_short af, u_short rt, u_long addr, u_long mask,
u_long next_hop, u_long metric, u_char *payload, u_long
payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_rip() builds a Routing Information Protocol header (RFCs 1058 and 2453). The function takes arguments (see Table 3.46). Table 3.47 summarizes the RIP cmd symbolic constants.












































































Table 3.46: libnet_build_rip() Arguments

ARGUMENT


MEANING





cmd


command





version


version





rd


zero (vl) or routing domain (v2)





af


address family





rt


zero (v1) or route tag (v2)





addr


IP address





mask


zero (vl) or subnet mask (v2)





next_hop


zero (vl) or next hop IP address (v2)





metric


routing metric
































































Table 3.47: libnet_build_rip() command Symbolic Constants

CONSTANT


MEANING





RIPCMD_REQUEST


request





RIPCMD_RESPONSE


response





RIPCMD_TRACEON


turn tracing on





RIPCMD_TRACEOFF


turn tracing off





RIPCMD_POLL


like a request, but anyone answers





RIPCMD_POLLENTRY


like a poll, but for entire entry









libnet_ptag_t libnet_build_stp(u_short id, u_char version,
u_char bpdu_type, u_char flags, u_char *root_id, u_long
root_pc, u_char *bridge_id, u_short port_id, u_short




message_age, u_short max_age, u_short hello_time, u_short
f_delay, u_char *payload, u_long payload_s, libnet_t *1,
libnet_ptag_t ptag);


libnet_build_stp() builds an IEEE 802.1d Spanning Tree Protocol header. The function takes arguments (see Table 3.48).






























































































Table 3.48: libnet_build_stp() Arguments

ARGUMENT


MEANING





id


protocol id





version


protocol version





bpdu_type


bridge protocol data unit type





flags


flags





root_id


root id





root_pc


root path cost





bridge_id


bridge id





port_id


port id





message_age


message age





max_age


max age





hello_time


hello time





f_delay


forward delay









libnet_ptag_t libnet_ptag_t libnet_build_tcp(u_short sp,
u_short dp, u_long seq, u_long ack, u_char control, u_short
win, u_short sum, u_short urg, u_short len, u_char *payload,
u_long payload_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_tcp() builds an RFC 793 Transmission Control Protocol header. The function takes arguments (see Table 3.49). Table 3.50 summarizes the TCP control flag symbolic constants.






































































Table 3.49: libnet_build_tcp() Argument

ARGUMENT


MEANING





sp


source port





dp


destination port





seq


sequence number





ack


acknowledgment number





control


control flags





win


window size





sum


checksum





len


total length of the TCP packet
































































Table 3.50: libnet_build_tcp() control flag Symbolic Constants

CONSTANT


MEANING





TH_FIN


finished sending data





TH_SYN


synchronize sequence numbers





TH_RST


reset the connection





TH_PUSH


push data to the application layer





TH_ACK


acknowledgment field should be checked





TH_URG


packet contains urgent data pointed to by the urgent pointer









libnet_ptag_t libnet_build_tcp_options(u_char *options,
u_long options_s, libnet_t *1, libnet_ptag_t ptag);


libnet_build_tcp_options() builds a TCP options header. The function takes arguments (see Table 3.51).


































Table 3.51: libnet_build_tcp_options() Arguments

ARGUMENT


MEANING





options


the byte string of options





options_s


the length of the options string







The function expects options to be a valid TCP options string of size options_s, which is no larger than 40 bytes (the maximum size of an options string). The function checks to make sure that the packet consists of a TCP header preceded by an IPv4 header and that the addition of the options string would not result in a packet larger than 65,535 bytes (IPMAXPACKET). The function counts the number of 32-bit words in the options string and adjusts the TCP header length value as necessary.



libnet_ptag_t libnet_build_udp(u_short sp, u_short dp,
u_short len, u_short sum, u_char *payload, u_long payload_s,
libnet_t *1, libnet_ptag_t ptag);


libnet_build_udp() builds an RFC 768 User Datagram Protocol (UDP) header. The function takes arguments (see Table 3.52).














































Table 3.52: libnet_build_udp() Arguments

ARGUMENT


MEANING





sp


source port





dp


destination port





len


total length of the UDP packet





sum


checksum









libnet_ptag_t libnet_build_vrrp(u_char version, u_char type,
u_char vrouter_id, u_char priority, u_char ip_count, u_char
auth_type, u_char advert_int, u_short sum, u_char *payload,
u_long payload_s, libnet_t *l,libnet_ptag_t ptag);


libnet_build_vrrp() builds an RFC 2338 Virtual Router Redundancy Protocol header. The function takes arguments (see Table 3.53).






































































Table 3.53: libnet_build_vrrp() Arguments

ARGUMENT


MEANING





version


version





type


type of VRRP packet





vrouter_id


virtual router id





priority


priority





ip_count


number of IP addresses





auth_type


authentication type





advert_int


advertisement interval





sum


checksum







ver should either be LIBNET_VERP_VERSION_01 for version one or LIB-NET_VRRP_VERSION_02 for version two. At this writing, libnet only has intrinsic support for VRRP advertisements; the type should be LIBNET_VRRP_TYPE_ADVERT. You can add IP addresses as needed by using the pay-load interface or libnet_build_data(). Table 3.54 summarizes the auth_type symbolic constants.








































Table 3.54: libnet_build_vrrp() authentication type Symbolic Constants

CONSTANT


MEANING





LIBNET_VRRP_AUTH_NONE


No authentication





LIBNET_VRRP_AUTH_PASSWD


Password authentication





LIBNET_VRRP_AUTH_IPAH


IPsec-based authentication









int libnet_toggle_checksum(libnet_t *1, libnet_ptag_t ptag,
int mode);


libnet_toggle_checksum() controls the disposition of libnet's automatic checksum calculation feature for the protocol block that ptag referenced. If mode is LIBNET_ON, then libnet computes the proper checksum for the ptag in question (assuming that it has a checksum field). If mode is LIB-NET_OFF, libnet will not compute the checksum. Upon success, the function returns 1; upon failure, the function returns -1 and libnet_geterror() tells you why.

/ 135