Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Libnet
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

automatic header length computation

from [Frederic Raynal] Network Security [Permanent Link]
Subject: automatic header length computation
Date: Mon, 1 Nov 2004 20:11:41 +0100 

Hi,

I add a new feature in the current devel libnet : automatic header
length computation.

Remeber the old :
udp = libnet_build_udp(
                src_prt,                    /* source port */
                dst_prt,                    /* destination port */
                LIBNET_UDP_H + payload_s,   /* packet length */
                0,                          /* checksum */
                payload,                    /* payload */
                payload_s,                  /* payload size */
                l,                          /* libnet handle */
                udp);

opt = libnet_build_ip_opt_sec(
                IP_OPT_SEC,                 /* type */
                LIBNET_IP_OPT_SEC_H,        /* len */
                IP_OPT_SEC_TOPSECRET,       /* security */
                i,                          /* compartment */
                0,                          /* restriction */
                "FHP",                      /* tcc */
                l,                          /* libnet handle */
                opt);


ip = libnet_build_ipv4(
        LIBNET_IPV4_H + LIBNET_ALIGN_SIZE(LIBNET_IP_OPT_SEC_H) +
        LIBNET_UDP_H + payload_s,           /* length */           [1]
                0,                          /* TOS */
                242,                        /* IP ID */
                0,                          /* IP Frag */
                64,                         /* TTL */
                IPPROTO_UDP,                /* proto */
                0,                          /* checksum */
                src_ip.addr_ip,
                dst_ip.addr_ip,
                NULL,                       /* payload */
                0,
                l,
                ip);


[1] When we compute the size for the IP length, we must consider the
payload, the UDP layer, the options _aligned_ (there can be some
padding added so that options are aligned), and the IP layer itself !


But now, how amazing, forget about all that ;-)

Each time there is a length to specify, you dont care anymore. 

The length  will be embedded in the header : put the value you want
(non zero), and it will appear with that value in the packet.  Put a
0, and it will be set to the proper value.

This length argument is just something to be put in the header.
However, the underlying structures also need this information (for
instance to know where to put things properly in the packet). That is
kept hidden in an internal structure (pbuf_t).

That way, it is possible to build a packet with a certain amount of
bytes, but which pretends to have less or more ... very practical for
fuzzing.

Like for the checksum, that behavior can be controled with
libnet_toggle_bit(), which replaces libnet_toggle_checksum() : you
need now to specify the bit to set/clear between
LIBNET_PACKET_IGNORE_HLEN and LIBNET_PACKET_IGNORE_CSUM (note that
there is also such a fucntion at pbuf level). 
I must confess that I do not have played that much with these bits, so
it may be buggy.



In a previous version, I have made changes so thay is _should_ work on
CPU with strict alignment. I still haven't tested that on a real
processor. That is quite high in my TODO.

Comments, feedback, bug reports, beers and so on are welcome :)

        Fred Raynal

http://www.security-labs.org/libnetng/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • automatic header length computation, Frederic Raynal <=
Next by Date:  can't iterate over context queue more than once, Irwin Tillman
Next by Thread:  can't iterate over context queue more than once, Irwin Tillman
Indexes:  [Date] [Thread] [Top] [All Lists]