Hi,
I haven't written any code for a long time, but I have some comments, (in
addition to Mike's comments, which solve the cause of the error message you
get). I see some other bugs in the code though.
What I understand here is that you just want so send back the packet to the
originating IP (correct me if i am wrong).
================================================
udp_hdr = ( struct udphdr *) ( packet + size_eth + size_ip );
are you sure you took the IP header options into consideration in size_ip?
size_ip should not just be 20, it should be size_ip = ip_hdr->ip_hl *4
================================================
udp = libnet_build_udp( ntohs( udp_hdr->uh_dport ),
ntohs( udp_hdr->uh_sport ),
LIBNET_UDP_H + strlen( payload ), <<<<<
0,
payload,
strlen(payload), <<<<<<<<<<<
lnet,
udp );
You can't just use strlen() here, if there is any byte with the value NULL
before the end of the packet you will not get the real payload length.
Strlen counts the number of chars in a string starting from the first
character in the buffer till the first NULL it sees.
you could get the payload lenght by doing: pkt_length - size_eth - size_ip
- size_udp
pkt_length you get from libpcap hdr structure.
==========================================
ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H +
strlen( payload ), 0, <<< agian a
strlen()!!
ip_hdr->ip_id,
0,
64,
IPPROTO_UDP,
0,
libnet_name2addr4(lnet, (char *) <<<<<<
inet_ntop(AF_INET, &ip_hdr->ip_dst, dst, sizeof(dst)), LIBNET_RESOLVE),
libnet_name2addr4(lnet, (char *)
inet_ntop(AF_INET, &ip_hdr->ip_src, src, sizeof(src)), <<<<<<
LIBNET_RESOLVE),
NULL,
0,
lnet,
ip );
if you are just trying to put the src IP of the captured into the dest IP
and vice versa you can grab them directly by acessing the value in the
ip_hdr struct: ip_hdr->ip_src.s_addr.
actually the struct in_addr has no more than a 4 byte unsigned integer as a
member. so u can use it directly withoiut doing this painful turnaround :)
==============================================
I hope I could help a little.
Regards,
Mustaffa
From: Mike Schiffman <mike@infonexus.com>
To: Victor Lima <sena@urbi.com.br>
CC: libnet@securityfocus.com
Subject: Re: FreeBSD libnet_pblock_find() problem
Date: Tue, 1 Mar 2005 12:53:34 -0800
Try initializing the ptag values:
libnet_ptag_t udp, ip;
udp = ip = LIBNET_PTAG_INITIALIZER;
On Feb 28, 2005, at 6:30 PM, Victor Lima wrote:
Hello list,
Im trying to build an application that will forge UDP packets based
on
information retrieved by libpcap. The box that I'm using is a FreeBSD
5.3-REL with ports retrieved from the instalation CD. The libnet version
is: libnet-devel-1.1.2.1.
The problem lies somewhere in this code ( or maybe its a bug in libnet
itself ) :
Whenever I run it, it first blocks on libpcap listening for
packets, after it recieves one it sends the packet to echo_server, where
the appropriate headers are pointed to the correct places in the packet,
so that I can build a response based on the received information. The
code compiles with no problem except that when I run it,
libnet_build_udp
returns -1 and the following error message appears:
---
libnet_pblock_find() - couldn't find protocol block
---
Ive googled a bit, and found a few misleading answers none that
solved my problem, so I came here. Hope you guys can help me...
thanks in advance,
--
Victor Lima
--
Mike Schiffman, CISSP
http://www.packetfactory.net/schiffman
Doveryay No Proveryay
