The core of libnet is the platform-independent packet-building functionality. These functions enable an application programmer to build protocol headers (and data) in a simple and consistent manner without having to worry (too much) about low-level network odds and ends. Each libnet_build() function builds a piece of a packet (generally a protocol header). While it is perfectly possible to build an entire, ready-to-transmit packet with a single call to a libnet_build() function, generally more than one builder-class function call is required to construct a full packet. A "complete" wire-ready packet generally consists of more than one piece.
Every function that builds a protocol header takes a series of arguments roughly corresponding to the header values as they appear on the wire. This process is intuitive but often makes for functions with huge prototypes and large stack frames.
One important thing to note is that you must call these functions in order, corresponding to how they should appear on the wire (from the highest protocol layer on down). This building process is intuitive; it approximates what happens in an operating system kernel. In other words, to build a Network Time Protocol (NTP) packet by using the link-layer interface, the application programmer would call the libnet_build() functions in the following order:
libnet_build_ntp()
libnet_build_udp()
libnet_build_ipv4()
libnet_build_ethernet()
This ordering is essential for libnet 1.1.0 to properly link together the packet internally (previous libnet versions did not have the requirement).
Figure 3.2 shows the protocols that libnet's packet construction functionality support and their general relationships within the context of the ISO Open Systems Interconnectivity (OSI) 7 layer model. Note that libnet supports arbitrary application programmer specified protocols via the libnet_build_data() interface (the "other" protocols).
Figure 3.2: Libnet-supported protocols and their relationships.
All standard libnet_build() functions take the same final four arguments, as Table 3.3 summarizes.
|
ARGUMENT |
DATATYPE |
MEANING |
OPTIONAL? |
|---|---|---|---|
|
|
|||
|
payload |
u_char * |
Pointer to a byte array containing a payload |
Yes (NULL) |
|
|
|||
|
payload_s |
u_long |
Size of the payload |
Yes (0) |
|
|
|||
|
1 |
libnet_t |
Pointer to the libnet descriptor |
No |
|
|
|||
|
ptag |
libnet_ptag_t |
ID of the protocol unit to modify |
Yes (0) |
The optional arguments are just that, and the value in parentheses can replace them if they are not to be used.
The four libnet_build() functions that do not take the same final four arguments are as follows:
libnet_autobuild_ethernet(). No payload or ptag
libnet_autobuild_ipv4(). No payload, payload_s, or ptag
libnet_build_ipv4_options(). No payload or payload_s
libnet_build_tcp_options(). No payload or payload_s
The payload interface specifies an optional way to include data directly after the protocol header in question. You can use this function for a variety of purposes, including the following:
Including additional or arbitrary protocol header information that is not available from a libnet interface
Including a packet payload (data segment)
Building another protocol header that is not available from a libnet interface
To employ the interface, the application programmer should construct the payload data and pass a u_char * to this data and its size to the desired libnet_build() function. Libnet handles the rest. The example code at the end of this chapter employs this interface to include a packet payload after a UDP header.
Certain libnet_build() functions require packet length arguments. For example, libnet_build_ipv4() requires the application programmer to specify the entire IP packet length as the first argument. To make this process easier, libnet includes a list of symbolic constants corresponding to header length values in bytes for every supported protocol (for protocols with variable sized headers, the only base header size is defined). This list appears in Table 3.4.
|
PROTOCOL |
HEADER SIZE |
SYMBOLIC CONSTANT |
|---|---|---|
|
|
||
|
802.1q |
18 bytes |
LIBNET_802_1Q_H |
|
|
||
|
802.2 (LLC) |
3 bytes |
LIBNET_802_2_H |
|
|
||
|
802.2 (LLC/SNAP) |
8 bytes |
LIBNET_802_2SNAP_H |
|
|
||
|
802.3 |
14 bytes |
LIBNET_802_3_H |
|
|
||
|
ARP (base) |
8 bytes |
LIBNET_ARP_H |
|
|
||
|
ARP (Ethernet) |
28 bytes |
LIBNET_ARP_ETH_H |
|
|
||
|
CDP |
8 bytes |
LIBNET_CDP_H |
|
|
||
|
DHCPv4 |
240 bytes |
LIBNET_DHCPV4_H |
|
|
||
|
DNSv4 |
12 bytes |
LIBNET_DNS_H |
|
|
||
|
DIX Ethernet II |
14 bytes |
LIBNET_ETHERNET_H |
|
|
||
|
ICMPv4 echo |
8 bytes |
LIBNET_ICMPV4_ECHO_H |
|
|
||
|
ICMPv4 mask |
12 bytes |
LIBNET_ICMPV4_MASK_H |
|
|
||
|
ICMPv4 unreachable |
8 bytes |
LIBNET_ICMPV4_UNREACH_H |
|
|
||
|
ICMPv4 time-exceeded |
8 bytes |
LIBNET_ICMPV4_TIMEXCEED_H |
|
|
||
|
ICMPv4 redirect |
8 bytes |
LIBNET_ICMPV4_REDIRECT_H |
|
|
||
|
ICMPv4 timestamp |
20 bytes |
LIBNET_ICMPV4_TS_H |
|
|
||
|
IGMP |
8 bytes |
LIBNET_IGMP_H |
|
|
||
|
IPv4 |
20 bytes |
LIBNET_IPV4_H |
|
|
||
|
IPv6 |
40 bytes |
LIBNET_IPV6_H |
|
|
||
|
IPSEC ESP header |
12 bytes |
LIBNET_IPSEC_ESP_HDR_H |
|
|
||
|
IPSEC ESP trailer |
2 bytes |
LIBNET_IPSEC_ESP_FTR_H |
|
|
||
|
IPSEC AH |
16 bytes |
LIBNET_IPSEC_AH_H |
|
|
||
|
OSPFv2 |
16 bytes |
LIBNET_OSPF_H |
|
|
||
|
OSPFv2 hello |
24 bytes |
LIBNET_OSPF_HELLO_H |
|
|
||
|
OSPFv2 DBD |
8 bytes |
LIBNET_DBD_H |
|
|
||
|
OSPFv2 LSR |
12 bytes |
LIBNET_LSR_H |
|
|
||
|
OSPFv2 LSU |
4 bytes |
LIBNET_LSU_H |
|
|
||
|
OSPFv2 LSA |
20 bytes |
LIBNET_LSA_H |
|
|
||
|
NTP |
48 bytes |
LIBNET_NTP_H |
|
|
||
|
RIP |
24 bytes |
LIBNET_RIP_H |
|
|
||
|
STP |
35 bytes |
LIBNET_STP_H |
|
|
||
|
TCP |
20 bytes |
LIBNET_TCP_H |
|
|
||
|
UDP |
8 bytes |
LIBNET_UDP_H |
|
|
||
|
VRRP |
8 bytes |
LIBNET_VRRP_H |
Libnet uses the protocol tag (ptag) to identify individual pieces of a packet after being created. A new ptag results every time a libnet_ build() function with an empty (0) ptag argument completes successfully. This new ptag now refers to the packet piece just created. The application programmer's responsibility is to save this value if he or she plans to modify this particular portion later on in the program. If the application programmer needs to modify some values of that particular packet piece again, he or she calls the same libnet_build() function specifying the saved ptag argument. Libnet then searches for that packet piece and modifies it rather than creating a new one. Upon failure for any reason, libnet_build() functions return -1; libnet_geterror() tells you why.
libnet_ptag_t libnet_build_802_lq(u_char *dst, u_char *src, u_short tpi, u_char priority, u_char cfi, u_short vid, u_short len, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_802_lq() builds an IEEE 802.lq VLAN tagging header. Depending on the value of len, the function wraps the 802.lq header inside either an IEEE 802.3 header or an RFC 894 Ethernet II (DIX) header (both resulting in an 18-byte frame). If len is 1500 or less, most receiving protocol stacks parse the frame as an IEEE 802.3 encapsulated frame. If len is one of the Ethernet types in Table 3.6, most protocol stacks parse the frame as an RFC 894 Ethernet II encapsulated frame. The function takes arguments (see Table 3.5).
|
ARGUMENT |
MEANING |
|
|
|
|
dst |
destination MAC address |
|
|
|
|
src |
source MAC address |
|
|
|
|
tpi |
tag protocol identifier |
|
|
|
|
priority |
priority |
|
|
|
|
cfi |
canonical format indicator, should be 1 or 0 |
|
|
|
|
vid |
VLAN identifier |
|
|
|
|
len |
802.3: length of the frame (SANS 802.1 q), Ethernet II: layer 3 protocol |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
ETHERTYPE_PUP |
PUP protocol |
|
|
|
|
ETHERTYPE_IP |
IP protocol |
|
|
|
|
ETHERTYPE_ARP |
ARP protocol |
|
|
|
|
ETHERTYPE_REVARP |
RARP protocol |
|
|
|
|
ETHERTYPE_VLAN |
IEEE 802. 1Q VLAN tagging |
|
|
|
|
ETHERTYPE_LOOPBACK |
test |
Table 3.6 summarizes the different Ethernet-type symbolic constants associated with len (for an RFC 894 encapsulated frame). These constants specify the layer 3 protocol in several link-layer protocols, including 802.lq., 802.2, ARP, RARP, and Ethernet II.
libnet_ptag_t libnet_build_802_2(u_char dsap, u_char dsap, u_char control, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_802_2() builds an IEEE 802.2 link-layer control (LLC) header. The function takes arguments (see Table 3.7).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
dsap |
destination service access point |
|
|
|
|
ssap |
destination service access point |
|
|
|
|
control |
control |
Table 3.6 summarizes the different symbolic constants for type. Table 3.8 summarizes the different values for some of the service access point values.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_SAP_STP |
spanning tree protocol header follows |
|
|
|
|
LIBNET_SAP_SNAP |
SNAP header follows |
libnet_ptag_t libnet_build_802_2snap(u_char dsap, u_char dsap, u_char control, u_char *oui, u_short type, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_802_2snap() builds an IEEE 802.2 Link-Layer Control/Subnetwork Attachment Point (LLC/SNAP) header. The function takes arguments (see Table 3.9).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
dsap |
destination service access point (should be Oxaa) |
|
|
|
|
ssap |
destination service access point (should be Oxaa) |
|
|
|
|
control |
control |
|
|
|
|
oui |
3-byte organizationally unique identifier |
|
|
|
|
type |
upper layer protocol |
Table 3.6 summarizes the different symbolic constants for type.
libnet_ptag_t libnet_build_802_3(u_char *dst, u_char *src, u_short tpi, u_char priority, u_char cfi, u_short vid, u_short len, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_802_3() builds an IEEE 802.3 header. The 802.3 header is almost identical to the RFC 894 Ethernet II header-the exception being that the field immediately following the source address holds the frame's length (as opposed to the layer 3 protocol). You should only use this function when libnet is initialized with the LIBNET_LINK interface. The function takes arguments (see Table 3.10).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
dst |
destination MAC address |
|
|
|
|
src |
source MAC address |
|
|
|
|
len |
frame's entire length SANS 802.3 header |
The reader should note that an 802.2 LLC/SNAP header generally always proceeds the 802.3 header.
libnet_ptag_t libnet_build_arp(u_short hrd, u_short pro, u_short hln, u_short pln, u_short op, u_char *sha, u_char *spa, u_char *tpa, u_char *tpa, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_arp() builds an Address Resolution Protocol (ARP) header. Depending on the op value, the function builds one of several different types of RFC 826 ARP or RFC 903 RARP packets. The function takes arguments (see Table 3.11).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
hrd |
hardware address format |
|
|
|
|
pro |
protocol address format |
|
|
|
|
hln |
hardware address length |
|
|
|
|
pln |
protocol address length |
|
|
|
|
op |
ARP operation type |
|
|
|
|
sha |
sender's hardware address |
|
|
|
|
spa |
sender's protocol address |
|
|
|
|
tha |
target's hardware address |
|
|
|
|
tpa |
target's protocol address |
Table 3.12 summarizes the different symbolic constants associated with hrd.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
ARPHRD_NETROM |
KA9Q: NET/ROM pseudo |
|
|
|
|
ARPHRD_ETHER |
Ethernet (10Mbps and higher) |
|
|
|
|
ARPHRD_EETHER |
Experimental Ethernet (3Mbps) |
|
|
|
|
ARPHRD_AX25 |
Amateur Radio AX.25 Level 2 |
|
|
|
|
ARPHRD_PRONET |
PROnet token ring |
|
|
|
|
ARPHRD_CHAOS |
Chaosnet |
|
|
|
|
ARPHRD_IEEE802 |
IEEE 802.2 networks |
|
|
|
|
ARPHRD_ARCNET |
ARCnet |
|
|
|
|
ARPHRD_APPLETLK |
APPLEtalk |
|
|
|
|
ARPHRD_DLCI |
Frame Relay DLCI |
|
|
|
|
ARPHRD_ATM |
ATM |
|
|
|
|
ARPHRD_METRICOM |
Metricom STRIP |
|
|
|
|
ARPHRD_IPSEC |
IP sec tunnel |
Table 3.6 summarizes the different symbolic constants for pro. Table 3.13 summarizes the different symbolic constants associated with op.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
ARPOP_REQUEST |
request |
|
|
|
|
ARPOP_REPLY |
reply |
|
|
|
|
ARPOP_REVREQUEST |
request reverse (RARP) |
|
|
|
|
ARPOP_REVREPLY |
reply reverse (RARP) |
|
|
|
|
ARPOP_INVREQUEST |
InARP request |
|
|
|
|
ARPOP_INVREPLY |
InARP reply |
libnet_ptag_t libnet_build_bootpv4(u_char opcode, u_char htype, u_char hlen, u_char hopcount, u_long xid, u_short secs, u_short unused, u_long cip, u_long yip, u_long sip, u_long gip, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_bootpv4() builds an IP version 4 RFC 951 Bootstrap Protocol header. The function takes arguments (see Table 3.14).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
opcode |
operation code |
|
|
|
|
htype |
hardware address type |
|
|
|
|
hlen |
hardware length |
|
|
|
|
hopcount |
hop count used by proxy servers |
|
|
|
|
xid |
transaction id |
|
|
|
|
secs |
number of seconds since transaction began |
|
|
|
|
unused |
unused or used as flags |
|
|
|
|
cip |
client IP address |
|
|
|
|
yip |
your IP address |
|
|
|
|
sip |
server IP address |
|
|
|
|
gip |
gateway IP address |
The BOOTP protocol also accepts optional additional variable length and size arguments. To include these, the programmer uses the payload interface. Table 3.15 summarizes the opcode symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_DHCP_REQUEST |
DHCP/BOOTP request |
|
|
|
|
LIBNET_DHCP_REPLY |
DHCP/BOOTP reply |
libnet_ptag_t libnet_build_cdp(u_char version, u_char ttl, u_short sum, u_short type, u_short len, u_char *value, u_char *payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);
libnet_build_cdp() builds a Cisco Discovery Protocol (CDP) header. Cisco Systems designed CDP to aid in the network management of adjacent Cisco devices. The function takes arguments (see Table 3.16).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
version |
version |
|
|
|
|
ttl |
time information in the packet should be retained by the recipient |
|
|
|
|
sum |
checksum |
|
|
|
|
type |
packet type |
|
|
|
|
len |
length of the value argument in bytes |
|
|
|
|
value |
a type defined byte string |
The CDP protocol also accepts an arbitrary number of additional "type / length / value" arguments. To include these, the programmer could either use the payload interface or libnet_build_data() to construct them. Table 3.17 summarizes the type symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_CDP_DEVID |
device id |
|
|
|
|
LIBNET_CDP_ADDRESS |
address(es) for the interface the CDP packet is being sent on |
|
|
|
|
LIBNET_CDP_PORTID |
port id for the interface the CDP packet is being sent on |
|
|
|
|
LIBNET_CDP_CAPABIL |
device capabilities |
|
|
|
|
LIBNET_CDP_VERSION |
software version |
|
|
|
|
LIBNET_CDP_PLATFORM |
hardware platform |
|
|
|
|
LIBNET_CDP_IPPREFIX |
ip prefix |
libnet_ptag_t libnet_build_data(u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_data() builds a generic data unit. This function does not build a specific protocol header; rather, it appends an application programmer-specified block of data to the end of the packet list. Other than having no header arguments, it behaves exactly the same as every other protocol builder function.
libnet_ptag_t libnet_build_dhcpv4(u_char opcode, u_char htype, u_char hlen, u_char hopcount, u_long xid, u_short secs, u_short flags, u_long cip, u_long yip, u_long sip, u_long gip, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_dhcpv4() builds an IP version 4 RFC 2131 Dynamic Host Configuration Protocol header. The use of this function is identical to libnet_build_bootpv4().
libnet_ptag_t libnet_build_dnsv4(u_short id, u_short flags, u_short num_q, u_short num_anws_rr, u_short num_auth_rr, u_short num_addi_rr, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_dnsv4() builds an RFC 1035 IP version 4 DNS header. The function takes arguments (see Table 3.18).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
id |
ID |
|
|
|
|
flags |
control flags |
|
|
|
|
num_q |
number of questions |
|
|
|
|
num_anws_rr |
number of answer resource records |
|
|
|
|
num_auth_rr |
number of authority resource records |
|
|
|
|
num_addi_rr |
number of additional resource records |
libnet_ptag_t libnet_build_ethernet(u_char *dst, u_char *src, u_short type, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ethernet() builds an RFC 894 Ethernet II header. The RFC 894 Ethernet II header is almost identical to the IEEE 802.3 header, with the exception that the field immediately following the source address holds the layer 3 protocol (as opposed to frame's length). You should only use this function when libnet is initialized with the LIBNET_LINK interface. The function takes arguments (see Table 3.19).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
dst |
destination Ethernet address |
|
|
|
|
src |
source Ethernet address |
|
|
|
|
type |
type of data to follow (upper layer protocol) |
The type symbolic constants are the Ethernet type symbolic constants in Table 3.6.
libnet_ptag_t libnet_autobuild_ethernet(u_char *dst, u_short type, libnet_t *1);
libnet_autobuild_ethernet() auto builds an Ethernet protocol header. The function is useful to build an Ethernet header quickly when the extra functionality is not needed. The function takes the same dst and type arguments (see Table 3.19). The function does not accept a ptag argument, but it does return a ptag. In other words, you can use it to build a new Ethernet header but not to modify an existing one.
libnet_ptag_t libnet_build_icmpv4_echo(u_char type, u_char code, u_short sum, u_short id, u_short seq, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_icmpv4_echo() builds an IP version 4 RFC 792 Internet Control Message Protocol echo request/reply header. The function takes arguments (see Table 3.20).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_ECHOREPLY or ICMP_ECHO) |
|
|
|
|
code |
code of ICMP packet (should be 0) |
|
|
|
|
sum |
checksum |
|
|
|
|
id |
identification number |
|
|
|
|
seq |
sequence number |
libnet_ptag_t libnet_build_icmpv4_mask(u_char type, u_char code, u_short sum, u_short id, u_short seq, u_long mask, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_icmpv4_mask() builds an IP version 4 RFC 792 Internet Control Message Protocol IP netmask request/reply header. The function takes arguments (see Table 3.21).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_MASKREQ or ICMP_MASKREPLY) |
|
|
|
|
code |
code of ICMP packet (should be 0) |
|
|
|
|
sum |
checksum |
|
|
|
|
id |
identification number |
|
|
|
|
seq |
sequence number |
|
|
|
|
mask |
subnet mask |
libnet_ptag_t libnet_build_icmpv4_timestamp(u_char type, u_char code, u_short sum, u_short id, u_short seq, n_time otime, n_time rtime, n_time ttime, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_icmpv4_timestamp() builds an IP version 4 RFC 792 Internet Control Message Protocol timestamp request/reply header. The function takes arguments (see Table 3.22).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_TSTAMP or ICMP_TSTAMPREPLY) |
|
|
|
|
code |
code of ICMP packet (should be 0) |
|
|
|
|
sum |
checksum |
|
|
|
|
id |
identification number |
|
|
|
|
seq |
sequence number |
|
|
|
|
otime |
originate timestamp |
|
|
|
|
rtime |
receive timestamp |
|
|
|
|
ttime |
transmit timestamp |
libnet_ptag_t libnet_build_icmpv4_unreach(u_char type, u_char code, u_short sum, u_short orig_len, u_char orig_tos, u_short orig_id, u_short orig_frag, u_char orig_ttl, u_char orig_prot, u_short orig_check, u_long orig_src, u_long orig_dst, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_icmpv4_unreach() builds an IP version 4 RFC 792 Internet Control Message Protocol unreachable header. The function takes arguments (see Table 3.23). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP unreachable message in the first place).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_UNREACH) |
|
|
|
|
code |
code of ICMP packet (should be one of the 16 unreachable codes) |
|
|
|
|
sum |
checksum |
|
|
|
|
orig_id |
original IP header identification |
|
|
|
|
orig_frag |
original IP header fragmentation information |
|
|
|
|
orig_ttl |
orginal IP header time to live |
|
|
|
|
orig_prot |
original IP header protocol |
|
|
|
|
orig_check |
original IP header checksum |
|
|
|
|
orig_src |
original IP header source address |
|
|
|
|
orig_dst |
original IP header destination address |
libnet_ptag_t libnet_build_icmpv4_timeexceed(u_char type, u_char code, u_short sum, u_short orig_len, u_char orig_tos, u_short orig_id, u_short orig_frag, u_char orig_ttl, u_char orig_prot, u_short orig_check, u_long orig_src, u_long orig_dst, u_char *payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);
libnet_build_icmpv4_timeexceed() builds an IP version 4 RFC 792 Internet Control Message Protocol time exceeded header. The function takes arguments (see Table 3.24). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP time exceeded message in the first place).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_TIMXCEED) |
|
|
|
|
code |
code of ICMP packet (should be either ICMP_TIMXCEED_INTRANS or ICMP_TIMXCEED_REASS) |
|
|
|
|
sum |
checksum |
|
|
|
|
orig_id |
original IP header identification |
|
|
|
|
orig_frag |
original IP header fragmentation information |
|
|
|
|
orig_ttl |
orginal IP header time to live |
|
|
|
|
orig_prot |
original IP header protocol |
|
|
|
|
orig_check |
original IP header checksum |
|
|
|
|
orig_src |
original IP header source address |
|
|
|
|
orig_dst |
original IP header destination address |
libnet_ptag_t libnet_build_icmpv4_redirect(u_char type, u_char code, u_short sum, u_long gateway, u_short orig_len, u_char orig_tos, u_short orig_id, u_short orig_frag, u_char orig_ttl, u_char orig_prot, u_short orig_check, u_long orig_src, u_long orig_dst, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_icmpv4_redirect() builds an IP version 4 RFC 792 Internet Message Control Protocol redirect header. The function takes arguments (see Table 3.25). The additional arguments enable the application programmer to easily specify the original IP header values (the IP header of the packet that supposedly caused the ICMP redirect message in the first place).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of ICMP packet (should be ICMP_REDIRECT) |
|
|
|
|
code |
code of ICMP packet (should be one of the four redirect codes) |
|
|
|
|
sum |
checksum |
|
|
|
|
orig_id |
original IP header identification |
|
|
|
|
orig_frag |
original IP header fragmentation information |
|
|
|
|
orig_ttl |
original IP header time to live |
|
|
|
|
orig_prot |
original IP header protocol |
|
|
|
|
orig_check |
original IP header checksum |
|
|
|
|
orig_src |
original IP header source address |
|
|
|
|
orig_dst |
original IP header destination address |
libnet_ptag_t libnet_build_ipv4(u_short len, u_char tos, u_short id, u_short frag, u_char ttl, u_char prot, u_short sum, u_long src, u_long dst, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ipv4() builds a version 4 RFC 791 Internet Protocol header. The function takes arguments (see Table 3.26). Table 3.27 summarizes the tos symbolic constants. Table 3.28 summarizes the frag symbolic constants.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
len |
total length of the IP packet |
|
|
|
|
tos |
type of service bits |
|
|
|
|
id |
IP identification number |
|
|
|
|
frag |
fragmentation bits and offset |
|
|
|
|
ttl |
time to live in the network |
|
|
|
|
prot |
upper layer protocol |
|
|
|
|
sum |
checksum |
|
|
|
|
src |
source IPv4 address (little endian) |
|
|
|
|
dst |
destination IPv4 address (little endian) |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
IPTOS_LOWDELAY |
type of service, minimize delay |
|
|
|
|
IPTOS_THROUGHPUT |
type of service, maximize throughput |
|
|
|
|
IPTOS_RELIABILITY |
type of service, maximize reliability |
|
|
|
|
IPTOS_LOWCOST |
type of service, minimize monetary cost |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
IP_RF |
reserved fragmentation bit |
|
|
|
|
IP_DF |
don't fragment this datagram |
|
|
|
|
IP_MF |
more fragments coming |
|
|
|
|
IP_OFFMASK |
mask used to get offset |
The protocol field can be any upper-layer protocol number found in /etc/protocols on any modern UNIX system. For example, a TCP packet would have this field set to IPPROTO_TCP, and a UDP packet would have this field set to IPPROTO_UDP.
libnet_ptag_t libnet_autobuild_ipv4(u_short len, u_char prot, u_long dst, libnet_t *1);
libnet_autobuild_ipv4() auto builds a version 4 Internet Protocol header. The function is useful to build an IP header quickly when you do not need a granular level of control. The function takes the same len, prot, and dst arguments (see Table 3.26). The function does not accept a ptag argument, but it does return a ptag. In other words, you can use it to build a new IP header but not to modify an existing one.
libnet_ptag_t libnet_build_ipv4_options(u_char *options, u_long options_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ipv4_options() builds an IP version 4 options header. The function takes arguments (see Table 3.29).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
options |
the byte string of options |
|
|
|
|
options_s |
the length of the options string |
The function expects options to be a valid IP options string of size options_s, no larger than 40 bytes (the maximum size of an options string). The function checks to make sure that the preceding header is an IPv4 header and that the options string would not result in a packet larger than 65,535 bytes (IPMAXPACKET). The function counts up the number of 32-bit words in the options string and adjusts the IP header length value as necessary.
libnet_ptag_t libnet_build_ipv6(u_char tc, u_long fl, u_short len, u_char nh, u_char hl, struct libnet_in6_addr src, struct libnet_in6_addr dst, u_char *payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);
libnet_build_ipv6() builds a version 6 RFC 2460 Internet Protocol header. The function takes arguments (see Table 3.30).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
tc |
traffic class |
|
|
|
|
fl |
flow label |
|
|
|
|
len |
total length of the IP packet |
|
|
|
|
nh |
next header |
|
|
|
|
hl |
hop limit |
|
|
|
|
src |
source IPv6 address |
|
|
|
|
dst |
destination IPv6 address |
libnet_ptag_t libnet_build_ntp(u_char leap_indicator, u_char version, u_char mode, u_char stratum, u_char poll, u_char precision, u_short delay_int, u_short delay_frac, u_short dispersion_int, u_short dispersion_frac, u_long reference_id, u_long ref_ts_int, u_long ref_ts_frac, u_long orig_ts_int, u_long orig_ts_frac, u_long rec_ts_int, u_long rec_ts_frac, u_long xmt_ts_int, u_long xmt_ts_frac, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ntp() builds a Network Time Protocol header (RFCs 1119 and 1305). The function's massive argument list appears in Table 3.31.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
leap_indicator |
leap indicator |
|
|
|
|
version |
version |
|
|
|
|
mode |
mode |
|
|
|
|
stratum |
stratum |
|
|
|
|
poll |
polling interval (should be between 4–12) |
|
|
|
|
precision |
precision |
|
|
|
|
delay_int |
root delay integer |
|
|
|
|
delay_frac |
root delay fraction |
|
|
|
|
dispersion_int |
dispersion integer |
|
|
|
|
dispersion_frac |
dispersion fraction |
|
|
|
|
reference_id |
reference id |
|
|
|
|
ref_ts_int |
reference timestamp integer |
|
|
|
|
ref_ts_frac |
reference timestamp fraction |
|
|
|
|
orig_ts_int |
originate timestamp integer |
|
|
|
|
orig_ts_frac |
originate timestamp fraction |
|
|
|
|
rec_ts_int |
receive timestamp integer |
|
|
|
|
rec_ts_frac |
receive timestamp fraction |
|
|
|
|
xmt_ts_int |
transmit timestamp integer |
|
|
|
|
xmt_ts_frac |
transmit timestamp fraction |
Table 3.32 summarizes the leap_indicator symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_NTP_LI_NW |
no warning |
|
|
|
|
LIBNET_NTP_LI_AS |
the last minute has 61 seconds |
|
|
|
|
LIBNET_NTP_LI_DS |
the last minute has 59 seconds |
|
|
|
|
LIBNET_NTP_LI_AC |
alarm condition |
Table 3.33 summarizes the version symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_NTP_VN_2 |
version 2 |
|
|
|
|
LIBNET_NTP_VN_3 |
version 3 |
|
|
|
|
LIBNET_NTP_VN_4 |
version 4 |
Table 3.34 summarizes the mode symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_NTP_MODE_R |
reserved |
|
|
|
|
LIBNET_NTP_MODE_A |
symmetric active |
|
|
|
|
LIBNET_NTP_MODE_P |
symmetric passive |
|
|
|
|
LIBNET_NTP_MODE_C |
client |
|
|
|
|
LIBNET_NTP_MODE_S |
server |
|
|
|
|
LIBNET_NTP_MODE_B |
broadcast |
|
|
|
|
LIBNET_NTP_MODE_RC |
reserved for NTP control messages |
|
|
|
|
LIBNET_NTP_MODE_RP |
reserved for private use |
Table 3.35 summarizes the stratum symbolic constants. In addition to those listed, the NTP protocol specifies that stratum values from 0x2-0xf are considered secondary, and values from 0x10-0xff are reserved.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_NTP_STRATUM_UNAVAIL |
unspecified or unavailable |
|
|
|
|
LIBNET_NTP_STRATUM_PRIMARY |
primary reference (radio clock) |
Table 3.36 summarizes the reference_id symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_NTP_REF_LOCAL |
uncalibrated local clock |
|
|
|
|
LIBNET_NTP_REF_PPS |
atomic / pps clock |
|
|
|
|
LIBNET_NTP_REF_ACTS |
NIST dial-up modem |
|
|
|
|
LIBNET_NTP_REF_USNO |
USNO modem service |
|
|
|
|
LIBNET_NTP_REF_PTB |
PTB (German) modem service |
|
|
|
|
LIBNET_NTP_REF_TDF |
Allouis (French) radio |
|
|
|
|
LIBNET_NTP_REF_DCF |
MainFlingen (German) radio |
|
|
|
|
LIBNET_NTP_REF_MSF |
Rugby (UK) radio |
|
|
|
|
LIBNET_NTP_REF_WWV |
Ft. Collins (US) radio |
|
|
|
|
LIBNET_NTP_REF_WWVB |
Boulder (US) radio |
|
|
|
|
LIBNET_NTP_REF_WWVH |
Kaui Hawaii (US) radio |
|
|
|
|
LIBNET_NTP_REF_CHU |
Ottawa (Canada) radio |
|
|
|
|
LIBNET_NTP_REF_LORC |
LORAN-C radionavigation |
|
|
|
|
LIBNET_NTP_REF_OMEG |
OMEGA radionavigation |
|
|
|
|
LIBNET_NTP_REF_GPS |
global positioning system |
|
|
|
|
LIBNET_NTP_REF_GOES |
geostationary orbit environment satellite |
libnet_ptag_t libnet_build_ospfv2(u_short len, u_char type, u_long rtr_id, u_long area_id, u_short sum, u_short autype, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ospfv2() builds a version 2 RFC 2328 Open Shortest Path First Protocol header. This function builds the top level OSPF header while the functions following it build OSPF subheaders. The function takes arguments (see Table 3.37). Table 3.38 summarizes the type symbolic constants. Table 3.39 summarizes the autype symbolic constants.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
len |
total length of the OSPF packet |
|
|
|
|
type |
type of OSPF packet |
|
|
|
|
rtr_id |
source router id |
|
|
|
|
area_id |
roaming id |
|
|
|
|
sum |
checksum |
|
|
|
|
autype |
authentication type |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_OSPF_HELLO |
hello packet |
|
|
|
|
LIBNET_OSPF_DBD |
database description packet |
|
|
|
|
LIBNET_OSPF_LSR |
link state request packet |
|
|
|
|
LIBNET_OSPF_LSU |
link state update packet |
|
|
|
|
LIBNET_OSPF_LSA |
link state acknowledgement packet |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_OSPF_AUTH_NULL |
no authentication |
|
|
|
|
LIBNET_OSPF_AUTH_SIMPLE |
simple eight character password |
|
|
|
|
LIBNET_OSPF_AUTH_MD5 |
MD5 hash |
libnet_ptag_t libnet_build_ospfv2_hello(u_long netmask, u_short interval, u_char opts, u_char priority, u_int dead_int, u_long des_rtr, u_long bkup_rtr, u_long neighbor, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ospfv2_hello() builds an Open Shortest Path First Protocol Hello header. The function takes arguments (see Table 3.40).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
netmask |
netmask associated with the interface |
|
|
|
|
interval |
number of seconds between the router's last packet |
|
|
|
|
opts |
options |
|
|
|
|
priority |
router priority |
|
|
|
|
dead_int |
number of seconds of silence before router is deemed down |
|
|
|
|
des_rtr |
designated router |
|
|
|
|
bkup_rtr |
backup router |
|
|
|
|
neighbor |
neighbor router |
You can add additional neighbor routers as needed by using either the pay-load interface or libnet_build_data().
libnet_ptag_t libnet_build_ospfv2_dbd(u_short dgram_len, u_char opts, u_char type, u_int seqnum, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ospfv2_dbd() builds an OSPF database description header. The function takes arguments (see Table 3.41). The type symbolic constants appear in Table 3.42.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
dgram_len |
MTU of interface |
|
|
|
|
opts |
options |
|
|
|
|
type |
type of exchange |
|
|
|
|
seqnum |
dbd sequence number |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_DBD_IBI |
initialization |
|
|
|
|
LIBNET_DBD_MBIT |
more DBD packets en route |
|
|
|
|
LIBNET_DBD_MSBIT |
sender is master during this exchange |
libnet_ptag_t libnet_build_ospfv2_lsr(u_int type, u_int lsid, u_long advrtr, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ospfv2_lsr() builds an OSPF link state request header. The function takes arguments (see Table 3.43).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
type |
type of link state |
|
|
|
|
lsid |
link state id |
|
|
|
|
advrtr |
advertising router |
All link state packets use type symbolic constants summarized in Table 3.44. You can add additional advrtr routers as needed by using the payload interface or libnet_build_data().
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_LS_TYPE_RTR |
router LSA |
|
|
|
|
LIBNET_LS_TYPE_NET |
network LSA |
|
|
|
|
LIBNET_LS_TYPE_IP |
summary LSA (IP Network) |
|
|
|
|
LIBNET_LS_TYPE_ASBR |
summary-LSA (ASBR) |
|
|
|
|
LIBNET_LS_TYPE_ASEXT |
AS external LSA |
libnet_ptag_t libnet_build_ospfv2_lsu(u_int num, u_char *payload, u_long payload_s, libnet_t *l, libnet_ptag_t ptag);
libnet_build_ospfv2_lsu() builds an OSPF link state update header. num contains the number of link state advertisements to be broadcasted.
libnet_ptag_t libnet_build_ospfv2_lsa(u_short age, u_char opts, u_char type, u_int lsid, u_long advrtr, u_int seqnum, u_short sum, u_short len, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_ospfv2_lsa() builds an OSPF link state acknowledgment header. The function takes arguments (see Table 3.45).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
age |
time in seconds since LSA originated |
|
|
|
|
opts |
options |
|
|
|
|
type |
type |
|
|
|
|
lsid |
link state id |
|
|
|
|
advrtr |
advertising router |
|
|
|
|
seqnum |
sequence number |
|
|
|
|
sum |
checksum |
|
|
|
|
len |
length of LSA packet |
libnet_ptag_t libnet_build_rip(u_char cmd, u_char version, u_short rd, u_short af, u_short rt, u_long addr, u_long mask, u_long next_hop, u_long metric, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_rip() builds a Routing Information Protocol header (RFCs 1058 and 2453). The function takes arguments (see Table 3.46). Table 3.47 summarizes the RIP cmd symbolic constants.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
cmd |
command |
|
|
|
|
version |
version |
|
|
|
|
rd |
zero (vl) or routing domain (v2) |
|
|
|
|
af |
address family |
|
|
|
|
rt |
zero (v1) or route tag (v2) |
|
|
|
|
addr |
IP address |
|
|
|
|
mask |
zero (vl) or subnet mask (v2) |
|
|
|
|
next_hop |
zero (vl) or next hop IP address (v2) |
|
|
|
|
metric |
routing metric |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
RIPCMD_REQUEST |
request |
|
|
|
|
RIPCMD_RESPONSE |
response |
|
|
|
|
RIPCMD_TRACEON |
turn tracing on |
|
|
|
|
RIPCMD_TRACEOFF |
turn tracing off |
|
|
|
|
RIPCMD_POLL |
like a request, but anyone answers |
|
|
|
|
RIPCMD_POLLENTRY |
like a poll, but for entire entry |
libnet_ptag_t libnet_build_stp(u_short id, u_char version, u_char bpdu_type, u_char flags, u_char *root_id, u_long root_pc, u_char *bridge_id, u_short port_id, u_short
message_age, u_short max_age, u_short hello_time, u_short f_delay, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_stp() builds an IEEE 802.1d Spanning Tree Protocol header. The function takes arguments (see Table 3.48).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
id |
protocol id |
|
|
|
|
version |
protocol version |
|
|
|
|
bpdu_type |
bridge protocol data unit type |
|
|
|
|
flags |
flags |
|
|
|
|
root_id |
root id |
|
|
|
|
root_pc |
root path cost |
|
|
|
|
bridge_id |
bridge id |
|
|
|
|
port_id |
port id |
|
|
|
|
message_age |
message age |
|
|
|
|
max_age |
max age |
|
|
|
|
hello_time |
hello time |
|
|
|
|
f_delay |
forward delay |
libnet_ptag_t libnet_ptag_t libnet_build_tcp(u_short sp, u_short dp, u_long seq, u_long ack, u_char control, u_short win, u_short sum, u_short urg, u_short len, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_tcp() builds an RFC 793 Transmission Control Protocol header. The function takes arguments (see Table 3.49). Table 3.50 summarizes the TCP control flag symbolic constants.
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
sp |
source port |
|
|
|
|
dp |
destination port |
|
|
|
|
seq |
sequence number |
|
|
|
|
ack |
acknowledgment number |
|
|
|
|
control |
control flags |
|
|
|
|
win |
window size |
|
|
|
|
sum |
checksum |
|
|
|
|
len |
total length of the TCP packet |
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
TH_FIN |
finished sending data |
|
|
|
|
TH_SYN |
synchronize sequence numbers |
|
|
|
|
TH_RST |
reset the connection |
|
|
|
|
TH_PUSH |
push data to the application layer |
|
|
|
|
TH_ACK |
acknowledgment field should be checked |
|
|
|
|
TH_URG |
packet contains urgent data pointed to by the urgent pointer |
libnet_ptag_t libnet_build_tcp_options(u_char *options, u_long options_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_tcp_options() builds a TCP options header. The function takes arguments (see Table 3.51).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
options |
the byte string of options |
|
|
|
|
options_s |
the length of the options string |
The function expects options to be a valid TCP options string of size options_s, which is no larger than 40 bytes (the maximum size of an options string). The function checks to make sure that the packet consists of a TCP header preceded by an IPv4 header and that the addition of the options string would not result in a packet larger than 65,535 bytes (IPMAXPACKET). The function counts the number of 32-bit words in the options string and adjusts the TCP header length value as necessary.
libnet_ptag_t libnet_build_udp(u_short sp, u_short dp, u_short len, u_short sum, u_char *payload, u_long payload_s, libnet_t *1, libnet_ptag_t ptag);
libnet_build_udp() builds an RFC 768 User Datagram Protocol (UDP) header. The function takes arguments (see Table 3.52).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
sp |
source port |
|
|
|
|
dp |
destination port |
|
|
|
|
len |
total length of the UDP packet |
|
|
|
|
sum |
checksum |
libnet_ptag_t libnet_build_vrrp(u_char version, u_char type, u_char vrouter_id, u_char priority, u_char ip_count, u_char auth_type, u_char advert_int, u_short sum, u_char *payload, u_long payload_s, libnet_t *l,libnet_ptag_t ptag);
libnet_build_vrrp() builds an RFC 2338 Virtual Router Redundancy Protocol header. The function takes arguments (see Table 3.53).
|
ARGUMENT |
MEANING |
|---|---|
|
|
|
|
version |
version |
|
|
|
|
type |
type of VRRP packet |
|
|
|
|
vrouter_id |
virtual router id |
|
|
|
|
priority |
priority |
|
|
|
|
ip_count |
number of IP addresses |
|
|
|
|
auth_type |
authentication type |
|
|
|
|
advert_int |
advertisement interval |
|
|
|
|
sum |
checksum |
ver should either be LIBNET_VERP_VERSION_01 for version one or LIB-NET_VRRP_VERSION_02 for version two. At this writing, libnet only has intrinsic support for VRRP advertisements; the type should be LIBNET_VRRP_TYPE_ADVERT. You can add IP addresses as needed by using the pay-load interface or libnet_build_data(). Table 3.54 summarizes the auth_type symbolic constants.
|
CONSTANT |
MEANING |
|---|---|
|
|
|
|
LIBNET_VRRP_AUTH_NONE |
No authentication |
|
|
|
|
LIBNET_VRRP_AUTH_PASSWD |
Password authentication |
|
|
|
|
LIBNET_VRRP_AUTH_IPAH |
IPsec-based authentication |
int libnet_toggle_checksum(libnet_t *1, libnet_ptag_t ptag, int mode);
libnet_toggle_checksum() controls the disposition of libnet's automatic checksum calculation feature for the protocol block that ptag referenced. If mode is LIBNET_ON, then libnet computes the proper checksum for the ptag in question (assuming that it has a checksum field). If mode is LIB-NET_OFF, libnet will not compute the checksum. Upon success, the function returns 1; upon failure, the function returns -1 and libnet_geterror() tells you why.