libnet入门

　

libnet

在Unix系统平台上的网络安全工具开发中，目前最为流行的C API library有libnet、libpcap、libnids和libicmp等。它们分别从不同层次和角度提供了不同的功能函数。使网络开发人员能够忽略网络底层细节的实现，从而专注于程序本身具体功能的设计与开发。其中，

* libnet提供的接口函数主要实现和封装了数据包的构造和发送过程。

* libpcap提供的接口函数主要实现和封装了与数据包截获有关的过程。

* libnids提供的接口函数主要实现了开发网络入侵监测系统所必须的一些结构框架。

* libicmp等相对较为简单，它封装的是ICMP数据包的主要处理过程(构造、发送、接收等)。 利用这些C函数库的接口，网络安全工具开发人员可以很方便地编写出具有结构化强、健壮性好、可移植性高等特点的程序，如scanner、sniffer、firewall、IDS等。

---[[ libnet ]]------------------------------------------

libnet库的最新版本为1.0.0，它一共约7600行C源代码，33个源程序文件，12个C头文件，50余个自定义函数，提供的接口函数包含15种数据包生成器和两种数据包发送器(ip层和数据链路层)。目前只支持IPv4，不支持IPv6。已经过测试的系统平台包括：

* OpenBSD 2.6snap, 2.5, 2.4, 2.3, 2.2 (i386)

* FreeBSD 4.0-STABLE, 3.3-STABLE, 3.2-RElease, 3.1-CURRENT, 3.0, 2.2 (i386)

* NetBSD 1.3.2 (i386)

* BSD/OS 3.x (i386)

* BSDi 3.0 (i386)

* linux 2.2.x, 2.0.3x, 2.1.124 (i386, alpha) (libc: 2.4.x, glibc: 2.0.x)

* Solaris 7 (SPARC, gcc 2.7.2[13], 2.8.2), 2.6 (SPARC, gcc 2.8.2),

2.5.x (SPARC, gcc 2.7.2[13])

* IRIX 6.2

* MacOS 5.3rhapsody (powerpc)

libnet提供的接口函数按其作用可分为四类：

* 内存管理(分配和释放)函数

* 地址解析函数

* 数据包构造函数

* 数据包发送函数

以下分别列出这些接口函数及其功能(其参数含义简单易懂，不再解释)：

★ 内存管理函数

单数据包内存初始化：

int libnet_init_packet(u_short packet_size, u_char **buf);

单数据包内存释放：

void libnet_destroy_packet(u_char **buf);

多数据包内存初始化：

int libnet_init_packet_arena(struct libnet_arena **arena,

u_short packet_num, u_short packet_size);

访问多数据包内存中的下一个数据包：

u_char *libnet_next_packet_from_arena(struct libnet_arena **arena,

u_short packet_size);

多数据包内存释放：

void libnet_destroy_packet_arena(struct libnet_arena **arena);

★ 地址解析函数

解析主机名：

u_char *libnet_host_lookup(u_long ip, u_short use_name);

解析主机名(可重入函数)：

void libnet_host_lookup_r(u_long ip, u_short use_name, u_char *buf);

域名解析：

u_long libnet_name_resolve(u_char *ip, u_short use_name);

获取接口设备IP地址：

u_long libnet_get_Ipaddr(struct libnet_link_int *l,

const u_char *device, const u_char *ebuf);

获取接口设备硬件地址：

struct ether_addr *libnet_get_hwaddr(struct libnet_link_int *l,

const u_char *device,

const u_char *ebuf);

★ 数据包构造函数

ARP协议数据包：

int libnet_build_arp(u_short hrdw, u_short prot, u_short h_len,

u_short p_len, u_short op, u_char *s_ha,

u_char *s_pa, u_char *t_ha, u_char *t_pa,

const u_char *payload, int payload_len,

u_char *packet_buf);

DNS协议数据包：

int libnet_build_dns(u_short id, u_short flags, u_short num_q,

u_short num_answ_rr, u_short num_auth_rr,

u_short num_add_rr, const u_char * payload,

int payload_len, u_char *packet_buf);

以太网协议数据包：

int libnet_build_ethernet(u_char *daddr, u_char *saddr, u_short id,

const u_char *payload, int payload_len,

u_char *packet_buf);

icmp协议数据包(ICMP_ECHO / ICMP_ECHOREPLY)：

int libnet_build_icmp_echo(u_char type, u_char code, u_short id,

u_short seq, const u_char *payload,

int payload_len, u_char *packet_buf);

ICMP协议数据包(ICMP_MASKREQ / ICMP_MASKREPLY)：

int libnet_build_icmp_mask(u_char type, u_char code, u_short id,

u_short seq, u_long mask,

const u_char *payload, int payload_len,

u_char *packet_buf);

ICMP协议数据包(ICMP_UNREACH)：

int libnet_build_icmp_unreach(u_char type, u_char code,

u_short orig_len, u_char orig_tos,

u_short orig_id, u_short orig_frag,

u_char orig_ttl, u_char orig_prot,

u_long orig_saddr, u_long orig_daddr,

const u_char *payload, int payload_len,

u_char *packet_buf);

ICMP协议数据包(ICMP_TIMEXCEED)：

int libnet_build_icmp_timeexceed(u_char type, u_char code,

u_short orig_len, u_char orig_tos,

u_short orig_id, u_short orig_frag,

u_char orig_ttl, u_char orig_prot,

u_long orig_saddr, u_long orig_daddr,

const u_char *payload, int payload_len,

u_char *packet_buf);

ICMP协议数据包(ICMP_REDIRECT)：

int libnet_build_icmp_redirect(u_char type, u_char code, u_long gateway,

u_short orig_len, u_char orig_tos,

u_short orig_id, u_short orig_frag,

u_char orig_ttl, u_char orig_prot,

u_long orig_saddr, u_long orig_daddr,

const u_char *payload, int payload_len,

u_char *packet_buf);

ICMP协议数据包(ICMP_TSTAMP / ICMP_TSTAMPREPLY)：

int libnet_build_icmp_timestamp(u_char type, u_char code, u_short id,

u_short seq, n_time otime, n_time rtime,

n_time ttime, const u_char *payload,

int payload_len, u_char *packet_buf);

IGMP协议数据包：

int libnet_build_igmp(u_char type, u_char code, u_long ip,

const u_char *payload, int payload_len,

u_char *packet_buf);

ip协议数据包：

int libnet_build_ip(u_short len, u_char tos, u_short ip_id, u_short frag,

u_char ttl, u_char protocol, u_long saddr,

u_long daddr, const u_char *payload, int payload_len,

u_char *packet_buf);

OSPF路由协议数据包：

int libnet_build_ospf(u_short len, u_char type, u_long router_id,

u_long area_id, u_short auth_type,

const char *payload, int payload_s, u_char *buf);

OSPF路由协议数据包(Hello)：

int libnet_build_ospf_hello(u_long netmask, u_short Interval,

u_char options, u_char priority,

u_int dead_interval, u_long des_router,

u_long backup, u_long neighbor,

const char *payload, int payload_s,

u_char *buf);

OSPF路由协议数据包(DataBase Description (DBD))：

int libnet_build_ospf_dbd(u_short len, u_char options, u_char type,

u_int sequence_num, const char *payload,

int payload_s, u_char *buf);

OSPF路由协议数据包(Link State request (LSR))：

int libnet_build_ospf_lsr(u_int type, u_int ls_id, u_long adv_router,

const char *payload, int payload_s,

u_char *buf);

OSPF路由协议数据包(Link State Update (LSU))：

int libnet_build_ospf_lsu(u_int num, const char *payload,

int payload_s, u_char *buf);

OSPF路由协议数据包(Link State Acknowledgement (LSA))：

int libnet_build_ospf_lsa(u_short age, u_char options, u_char type,

u_int ls_id, u_long adv_router,

u_int sequence_num, u_short len,

const char *payload, int payload_s,

u_char *buf);

OSPF路由协议数据包(OSPF Link Sate NetworkLink State Router)：

int libnet_build_ospf_lsa_net(u_long netmask, u_int router_id,

const char *payload, int payload_s,

u_char *buf);

OSPF路由协议数据包(Link State Router)：

int libnet_build_ospf_lsa_rtr(u_short flags, u_short num, u_int id,

u_int data, u_char type, u_char tos,

u_short metric, const char *payload,

int payload_s, u_char *buf);

OSPF路由协议数据包(Link State Summary)：

int libnet_build_ospf_lsa_sum(u_long netmask, u_int metric, u_int tos,

const char *payload, int payload_s,

u_char *buf);

OSPF路由协议数据包(Link State AS External)：

int libnet_build_ospf_lsa_as(u_long netmask, u_int metric,

u_long fwd_addr, u_int tag,

const char *payload, int payload_s,

u_char *buf);

RIP路由协议数据包：

int libnet_build_rip(u_char cmd, u_char ver, u_short domain,

u_short addr_fam, u_short route_tag, u_long ip,

u_long mask, u_long next_hop, u_long metric,

const u_char *payload, int payload_len,

u_char *packet_buf);

TCP协议数据包：

int libnet_build_tcp(u_short th_sport, u_short th_dport, u_long th_seq,

u_long th_ack, u_char th_flags, u_short th_win,

u_short th_urg, const u_char *payload,

int payload_len, u_char *packet_buf);

udp协议数据包：

int libnet_build_udp(u_short sport, u_short dport, const u_char *payload,

int payload_len, u_char *packet_buf);

IP协议数据包选项：

int libnet_insert_ipo(struct ipoption *opt, u_char opt_len,

u_char *packet_buf);

TCP协议数据包选项：

int libnet_insert_tcpo(struct tcpoption *opt, u_char opt_len,

u_char *packet_buf);

★ 数据包发送函数

打开raw socket：

int libnet_open_raw_sock(int protocol);

关闭raw socket：

int libnet_close_raw_sock(int socket);

选择接口设备：

int libnet_select_device(struct sockaddr_in *sin,

u_char **device, u_char *ebuf);

打开链路层接口设备：

struct libnet_link_int *libnet_open_link_interface(char *device,

char *ebuf);

关闭链路层接口设备：

int libnet_close_link_interface(struct libnet_link_int *l);

发送IP数据包：

int libnet_write_ip(int socket, u_char *packet, int packet_size);

发送链路层数据包：

int libnet_write_link_layer(struct libnet_link_int *l,

const u_char *device, u_char *packet,

int packet_size);

检验和计算：

int libnet_do_checksum(u_char *packet, int protocol, int packet_size);

★ 相关的支持函数

随机数种子生成器：

int libnet_seed_prand();

获取随机数：

u_long libnet_get_prand(int modulus);

16进制数据输出：

void libnet_hex_dump(u_char * buf, int len, int swap, FILE *stream);

端口列表链初始化：

int libnet_plist_chain_new(struct libnet_plist_chain **plist,

char *token_list);

获取端口列表链的下一项(端口范围)：

int libnet_plist_chain_next_pair(struct libnet_plist_chain *plist,

u_short *bport, u_short *eport);

端口列表链输出显示：

int libnet_plist_chain_dump(struct libnet_plist_chain *plist);

获取端口列表链：

u_char *libnet_plist_chain_dump_string(struct libnet_plist_chain *plist);

端口列表链内存释放：

void libnet_plist_chain_free(struct libnet_plist_chain *plist);

★ 数据常量

==================================================================================

数据包头大小定义：

常量名 数值(字节数)

LIBNET_ARP_H 28

LIBNET_DNS_H 12

LIBNET_ETH_H 14

LIBNET_ICMP_H 4

LIBNET_ICMP_ECHO_H 8

LIBNET_ICMP_MASK_H 12

LIBNET_ICMP_UNREACH_H 8

LIBNET_ICMP_TIMXCEED_H 8

LIBNET_ICMP_REDIRECT_H 8

LIBNET_ICMP_TS_H 20

LIBNET_IGMP_H 8

LIBNET_IP_H 20

LIBNET_RIP_H 24

LIBNET_TCP_H 20

LIBNET_UDP_H 8

==================================================================================

数据包内存常量：

常量名 含义

LIBNET_PACKET TCP/UDP数据包头 + IP数据包头使用的内存

LIBNET_OPTS IP或TCP选项使用的内存

LIBNET_MAX_PACKET IP_MAXPACKET (65535字节)使用的内存

==================================================================================

随机数发生器常量(libnet_get_prand()函数使用)：

常量名 数值

LIBNET_PRAND_MAX 65535

LIBNET_PR2 0 - 2

LIBNET_PR8 0 - 255

LIBNET_PR16 0 - 32767

LIBNET_PRu16 0 - 65535

LIBNET_PR32 0 - 2147483647

LIBNET_PRu32 0 - 4294967295

==================================================================================

错误消息常量(libnet_ERROR()函数使用)：

常量名 含义

LIBNET_ERR_WARNING 警告类型消息

LIBNET_ERR_critical 紧急类型消息

LIBNET_ERR_FATAL 致命错误消息

==================================================================================

libnet_host_lookup()、libnet_host_lookup_r()和libnet_name_resolve()函数使用的常量：

常量名 含义

LIBNET_DONT_RESOLVE 不将IP地址解析为FQDN名

LIBNET_RESOLVE 尝试将IP地址解析为FQDN名

==================================================================================

宏定义

宏名 功能

LIBNET_GET_ARENA_SIZE(arena) 返回多数据包内存缓冲区大小(字节数)

LIBNET_GET_ARENA_REMAINING_BYTES(arena) 返回多数据包内存缓冲区剩余空间大小(字节数)

LIBNET_print_ETH_ADDR(e) 输出显示ether_addr结构中的以太网地址

==================================================================================

---[[ libnet应用实例 ]]----------------------------------

利用libnet函数库开发应用程序的基本步骤非常简单：

1、数据包内存初始化；

2、网络接口初始化；

3、构造所需数据包；

4、计算数据包检验和；

5、发送数据包；

6、关闭网络接口；

7、释放数据包内存。

以下是四个使用了libnet接口函数编写的数据包发送程序。在编译前必须确保libnet库已成功安装。

例一：

[cpp] view plain copy

1. /*example1[rawsocketapi-TCPpacket]*/
2. /*gcc-Wall`libnet-config--defines`libnet-example-x.c-olibnet-example-x\
3. `libnet-config--libs`*/
5. #include<libnet.h>
7. voidusage(char*);
9. intmain(intargc,char**argv)
10. {
11. intnetwork,/*ournetworkinterface*/
12. packet_size,/*packetsize*/
13. c;/*misc*/
14. u_longsrc_ip,dst_ip;/*ipaddresses*/
15. u_shortsrc_prt,dst_prt;/*ports*/
16. u_char*cp,*packet;/*misc/packet*/
18. printf("libnetexamplecode:\tmodule1\n\n");
19. printf("packetinjectioninterface:\trawsocket\n");
20. printf("packettype:\t\t\tTCP[nopayload]\n");
22. src_ip=0;
23. dst_ip=0;
24. src_prt=0;
25. dst_prt=0;
27. while((c=getopt(argc,argv,"d:s:"))!=EOF)
28. {
29. switch(c)
30. {
31. /*
32. *Weexpecttheinputtobeoftheform`ip.ip.ip.ip.port`.We
33. *pointcptothelastdotoftheIPaddress/portstringand
34. *thenseperatethemwithaNULLbyte.Theoptargnowpointsto
35. *justtheIPaddress,andcppointstotheport.
36. */
37. case'd':
38. if(!(cp=strrchr(optarg,'.')))
39. {
40. usage(argv[0]);
41. }
42. *cp++=0;
43. dst_prt=(u_short)atoi(cp);
44. if(!(dst_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
45. {
46. libnet_error(LIBNET_ERR_FATAL,
47. "BaddestinationIPaddress:%s\n",optarg);
48. }
49. break;
50. case's':
51. if(!(cp=strrchr(optarg,'.')))
52. {
53. usage(argv[0]);
54. }
55. *cp++=0;
56. src_prt=(u_short)atoi(cp);
57. if(!(src_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
58. {
59. libnet_error(LIBNET_ERR_FATAL,
60. "BadsourceIPaddress:%s\n",optarg);
61. }
62. break;
63. }
64. }
65. if(!src_ip||!src_prt||!dst_ip||!dst_prt)
66. {
67. usage(argv[0]);
68. exit(EXIT_FAILURE);
69. }
71. /*
72. *We'rejustgoingtobuildaTCPpacketwithnopayloadusingthe
73. *rawsocketsAPI,soweonlyneedmemoryforaTCPheaderandanIP
74. *header.
75. */
76. packet_size=LIBNET_IP_H+LIBNET_TCP_H;
78. /*
79. *step1:Memoryinitialization(interchangablewithstep2).
80. */
81. libnet_init_packet(packet_size,&packet);
82. if(packet==NULL)
83. {
84. libnet_error(LIBNET_ERR_FATAL,"libnet_init_packetfailed\n");
85. }
87. /*
88. *Step2:Networkinitialization(interchangablewithstep1).
89. */
90. network=libnet_open_raw_sock(IPPROTO_RAW);
91. if(network==-1)
92. {
93. libnet_error(LIBNET_ERR_FATAL,"Can'topennetwork.\n");
94. }
96. /*
97. *Step3:Packetconstruction(IPheader).
98. */
99. libnet_build_ip(LIBNET_TCP_H,/*sizeofthepacketsansIPheader*/
100. IPTOS_LOWDELAY,/*IPtos*/
101. 242,/*IPID*/
102. 0,/*fragstuff*/
103. 48,/*TTL*/
104. IPPROTO_TCP,/*transportprotocol*/
105. src_ip,/*sourceIP*/
106. dst_ip,/*destinationIP*/
107. NULL,/*payload(none)*/
108. 0,/*payloadlength*/
109. packet);/*packetheadermemory*/
111. /*
112. *Step3:Packetconstruction(TCPheader).
113. */
114. libnet_build_tcp(src_prt,/*sourceTCPport*/
115. dst_prt,/*destinationTCPport*/
116. 0xa1d95,/*sequencenumber*/
117. 0x53,/*acknowledgementnumber*/
118. TH_SYN,/*controlflags*/
119. 1024,/*windowsize*/
120. 0,/*urgentpointer*/
121. NULL,/*payload(none)*/
122. 0,/*payloadlength*/
123. packet+LIBNET_IP_H);/*packetheadermemory*/
125. /*
126. *Step4:Packetchecksums(TCPheaderonly).
127. */
128. if(libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_TCP_H)==-1)
129. {
130. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
131. }
133. /*
134. *Step5:Packetinjection.
135. */
136. c=libnet_write_ip(network,packet,packet_size);
137. if(c<packet_size)
138. {
139. libnet_error(LN_ERR_WARNING,
140. "libnet_write_iponlywrote%dbytes\n",c);
141. }
142. else
143. {
144. printf("constructionandinjectioncompleted,wroteall%dbytes\n",c);
145. }
147. /*
148. *Shutdowntheinterface.
149. */
150. if(libnet_close_raw_sock(network)==-1)
151. {
152. libnet_error(LN_ERR_WARNING,
153. "libnet_close_raw_sockcouldn'tclosetheinterface");
154. }
157. /*
158. *Freepacketmemory.
159. */
160. libnet_destroy_packet(&packet);
162. return(c==-1?EXIT_FAILURE:EXIT_SUCCESS);
163. }
166. voidusage(char*name)
167. {
168. fprintf(stderr,"usage:%s-ss_ip.s_port-dd_ip.d_port\n",name);
169. }

例二：

[cpp] view plain copy

1. /*Example2[linklayerapi-ICMP_MASK]*/
2. /*gcc-Wall`libnet-config--defines`libnet-example-x.c-olibnet-example-x`libnet-config--libs`*/
4. #include<libnet.h>
6. voidusage(char*);
8. u_charenet_src[6]={0x0d,0x0e,0x0a,0x0d,0x00,0x00};
9. u_charenet_dst[6]={0xff,0xff,0xff,0xff,0xff,0xff};
11. int
12. main(intargc,char*argv[])
13. {
14. intpacket_size,/*sizeofourpacket*/
15. c;/*misc*/
16. u_longsrc_ip,dst_ip;/*sourceip,destip*/
17. u_char*packet;/*pointertoourpacketbuffer*/
18. charerr_buf[LIBNET_ERRBUF_SIZE];/*errorbuffer*/
19. u_char*device;/*pointertothedevicetouse*/
20. structlibnet_link_int*network;/*pointertolinkinterfacestruct*/
22. printf("libnetexamplecode:\tmodule2\n\n");
23. printf("packetinjectioninterface:\tlinklayer\n");
24. printf("packettype:\t\t\tICMPnetmask[nopayload]\n");
26. device=NULL;
27. src_ip=0;
28. dst_ip=0;
30. while((c=getopt(argc,argv,"i:d:s:"))!=EOF)
31. {
32. switch(c)
33. {
34. case'd':
35. if(!(dst_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
36. {
37. libnet_error(LIBNET_ERR_FATAL,
38. "BaddestinationIPaddress:%s\n",optarg);
40. }
41. break;
42. case'i':
43. device=optarg;
44. break;
45. case's':
46. if(!(src_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
47. {
48. libnet_error(LIBNET_ERR_FATAL,
49. "BadsourceIPaddress:%s\n",optarg);
50. }
51. break;
52. default:
53. exit(EXIT_FAILURE);
54. }
55. }
57. if(!src_ip||!dst_ip)
58. {
59. usage(argv[0]);
60. exit(EXIT_FAILURE);
61. }
63. /*
64. *Step1:NetworkInitialization(interchangablewithstep2).
65. */
66. if(device==NULL)
67. {
68. structsockaddr_insin;
69. /*
70. *Trytolocateadevice.
71. */
72. if(libnet_select_device(&sin,&device,err_buf)==-1)
73. {
74. libnet_error(LIBNET_ERR_FATAL,
75. "libnet_select_devicefailed:%s\n",err_buf);
76. }
77. printf("device:\t\t\t\t%s\n",device);
78. }
80. if((network=libnet_open_link_interface(device,err_buf))==NULL)
81. {
82. libnet_error(LIBNET_ERR_FATAL,
83. "libnet_open_link_interface:%s\n",err_buf);
84. }
86. /*
87. *We'regoingtobuildanICMPpacketwithnopayloadusingthe
88. *link-layerAPI,sothistimeweneedmemoryforaethernetheader
89. *aswellasmemoryfortheICMPandIPheaders.
90. */
91. packet_size=LIBNET_IP_H+LIBNET_ETH_H+LIBNET_ICMP_MASK_H;
94. /*
95. *Step2:MemoryInitialization(interchangablewithstep1).
96. */
97. if(libnet_init_packet(packet_size,&packet)==-1)
98. {
99. libnet_error(LIBNET_ERR_FATAL,"libnet_init_packetfailed\n");
100. }
103. /*
104. *Step3:Packetconstruction(ethernetheader).
105. */
106. libnet_build_ethernet(enet_dst,
107. enet_src,
108. ETHERTYPE_IP,
109. NULL,
110. 0,
111. packet);
113. /*
114. *Step3:Packetconstruction(ICMPheader).
115. */
116. libnet_build_icmp_mask(ICMP_MASKREPLY,/*type*/
117. 0,/*code*/
118. 242,/*id*/
119. 0,/*seq*/
120. 0xffffffff,/*mask*/
121. NULL,/*payload*/
122. 0,/*payload_s*/
123. packet+LIBNET_ETH_H+LIBNET_IP_H);
126. /*
127. *Step3:Packetconstruction(IPheader).
128. */
129. libnet_build_ip(ICMP_MASK_H,
130. 0,/*IPtos*/
131. 242,/*IPID*/
132. 0,/*Frag*/
133. 64,/*TTL*/
134. IPPROTO_ICMP,/*Transportprotocol*/
135. src_ip,/*SourceIP*/
136. dst_ip,/*DestinationIP*/
137. NULL,/*Pointertopayload(none)*/
138. 0,
139. packet+LIBNET_ETH_H);/*Packetheadermemory*/
141. /*
142. *Step4:Packetchecksums(ICMPheader*AND*IPheader).
143. */
144. if(libnet_do_checksum(packet+ETH_H,IPPROTO_ICMP,LIBNET_ICMP_MASK_H)==-1)
145. {
146. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
147. }
148. if(libnet_do_checksum(packet+ETH_H,IPPROTO_IP,LIBNET_IP_H)==-1)
149. {
150. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
151. }
154. /*
155. *Step5:Packetinjection.
156. */
157. c=libnet_write_link_layer(network,device,packet,packet_size);
158. if(c<packet_size)
159. {
160. libnet_error(LN_ERR_WARNING,
161. "libnet_write_link_layeronlywrote%dbytes\n",c);
162. }
163. else
164. {
165. printf("constructionandinjectioncompleted,wroteall%dbytes\n",c);
166. }
169. /*
170. *Shutdowntheinterface.
171. */
172. if(libnet_close_link_interface(network)==-1)
173. {
174. libnet_error(LN_ERR_WARNING,
175. "libnet_close_link_interfacecouldn'tclosetheinterface");
176. }
179. /*
180. *Freepacketmemory.
181. */
182. libnet_destroy_packet(&packet);
184. return(c==-1?EXIT_FAILURE:EXIT_SUCCESS);
185. }
187. voidusage(char*name)
188. {
189. fprintf(stderr,"usage:%s[-iinterface]-ss_ip-dd_ip\n",name);
190. }

例三：

[cpp] view plain copy

1. /*Example3[rawsocketapi-ICMP_ECHOusinganarena]*/
2. /*gcc-Wall`libnet-config--defines`libnet-example-x.c-olibnet-example-x\
3. `libnet-config--libs`*/
5. #include<libnet.h>
7. voidusage(char*);
10. intmain(intargc,char**argv)
11. {
12. intnetwork,n,c,number_of_packets,packet_size;
13. structlibnet_arenaarena,*arena_p;
14. u_char*packets[10];
15. u_longsrc_ip,dst_ip;
17. printf("libnetexamplecode:\tmodule3\n\n");
18. printf("packetinjectioninterface:\tlinklayer\n");
19. printf("packettype:\t\t\tICMP_ECHO[nopayload]usinganarena\n");
21. src_ip=0;
22. dst_ip=0;
23. while((c=getopt(argc,argv,"d:s:"))!=EOF)
24. {
25. switch(c)
26. {
27. case'd':
28. if(!(dst_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
29. {
30. libnet_error(LIBNET_ERR_FATAL,
31. "BaddestinationIPaddress:%s\n",optarg);
32. }
33. break;
34. case's':
35. if(!(src_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
36. {
37. libnet_error(LIBNET_ERR_FATAL,
38. "BadsourceIPaddress:%s\n",optarg);
39. }
40. break;
41. }
42. }
43. if(!src_ip||!dst_ip)
44. {
45. usage(argv[0]);
46. exit(EXIT_FAILURE);
47. }
49. /*
50. *We'rejustgoingtobuildanICMPpacketwithnopayloadusingthe
51. *rawsocketsAPI,soweonlyneedmemoryforaICMPheaderandanIP
52. *header.
53. */
54. packet_size=LIBNET_IP_H+LIBNET_ICMP_ECHO_H;
56. /*
57. *Let'sjustbuildsay,10packets.
58. */
59. number_of_packets=10;
61. arena_p=&arena;
62. if(libnet_init_packet_arena(&arena_p,number_of_packets,packet_size)==-1)
63. {
64. libnet_error(LIBNET_ERR_FATAL,"libnet_init_packet_arenafailed\n");
65. }
66. else
67. {
68. printf("Allocatedanarenaof%ldbytes..\n",
69. LIBNET_GET_ARENA_SIZE(arena));
70. }
72. network=libnet_open_raw_sock(IPPROTO_RAW);
73. if(network==-1)
74. {
75. libnet_error(LIBNET_ERR_FATAL,"Can'topenthenetwork.\n");
76. }
78. for(n=0;n<number_of_packets;n++)
79. {
80. printf("%ldbytesremaininginarena\n",
81. LIBNET_GET_ARENA_REMAINING_BYTES(arena));
82. packets[n]=libnet_next_packet_from_arena(&arena_p,packet_size);
83. if(!packets[n])
84. {
85. libnet_error(LIBNET_ERR_WARNING,"Arenaisempty\n");
86. continue;
87. }
89. libnet_build_ip(ICMP_ECHO_H,/*Sizeofthepayload*/
90. IPTOS_LOWDELAY|IPTOS_THROUGHPUT,/*IPtos*/
91. 242,/*IPID*/
92. 0,/*fragstuff*/
93. 48,/*TTL*/
94. IPPROTO_ICMP,/*transportprotocol*/
95. src_ip,/*sourceIP*/
96. dst_ip,/*destinationIP*/
97. NULL,/*pointertopayload*/
98. 0,/*payloadlength*/
99. packets[n]);/*packetheadermemory*/
101. libnet_build_icmp_echo(ICMP_ECHO,/*type*/
102. 0,/*code*/
103. 242,/*id*/
104. 5,/*seq*/
105. NULL,/*pointertopayload*/
106. 0,/*payloadlength*/
107. packets[n]+LIBNET_IP_H);/*packetheadermemory*/
109. if(libnet_do_checksum(packets[n],IPPROTO_ICMP,LIBNET_ICMP_ECHO_H)==-1)
110. {
111. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
112. }
114. c=libnet_write_ip(network,packets[n],packet_size);
115. if(c<packet_size)
116. {
117. libnet_error(LN_ERR_WARNING,
118. "libnet_write_iponlywrote%dbytes\n",c);
119. }
120. else
121. {
122. printf("constructionandinjectionofpacket%dof%dcompleted,wroteall%dbytes\n",
123. n+1,number_of_packets,c);
124. }
125. }
127. libnet_destroy_packet_arena(&arena_p);
128. return(c==-1?EXIT_FAILURE:EXIT_SUCCESS);
129. }
132. voidusage(char*name)
133. {
134. fprintf(stderr,"usage:%s-ssource_ip-ddestination_ip\n",name);
135. }

例四：

[cpp] view plain copy

1. /*Example4[link-layerapi-UDPpacketusingportlistchaining]*/
2. /*gcc-Wall`libnet-config--defines`libnet-example-x.c-olibnet-example-x\
3. `libnet-config--libs`*/
5. #include<libnet.h>
7. #defineMAX_PAYLOAD_SIZE1024
9. voidusage(char*);
11. u_charenet_src[6]={0x0d,0x0e,0x0a,0x0d,0x00,0x00};
12. u_charenet_dst[6]={0xff,0xff,0xff,0xff,0xff,0xff};
14. intmain(intargc,char*argv[])
15. {
16. intpacket_size,/*sizeofourpacket*/
17. payload_size,/*sizeofourpacket*/
18. c;/*misc*/
19. u_longsrc_ip,dst_ip;/*sourceip,destip*/
20. u_shortbport,eport;/*beginningandendports*/
21. u_shortcport;/*currentport*/
22. u_charpayload[MAX_PAYLOAD_SIZE];/*packetpayload*/
23. u_char*packet;/*pointertoourpacketbuffer*/
24. charerr_buf[LIBNET_ERRBUF_SIZE];/*errorbuffer*/
25. u_char*device;/*pointertothedevicetouse*/
26. structlibnet_link_int*network;/*pointertolinkinterfacestruct*/
27. structlibnet_plist_chainplist;/*plistchain*/
28. structlibnet_plist_chain*plist_p;/*plistchainpointer*/
30. printf("libnetexamplecode:\tmodule4\n\n");
31. printf("packetinjectioninterface:\tlinklayer\n");
32. printf("packettype:\t\t\tUDP[withpayload]usingportlistchaining\n");
34. plist_p=NULL;
35. device=NULL;
36. src_ip=0;
37. dst_ip=0;
39. while((c=getopt(argc,argv,"i:d:s:p:"))!=EOF)
40. {
41. switch(c)
42. {
43. case'd':
44. if(!(dst_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
45. {
46. libnet_error(LIBNET_ERR_FATAL,
47. "BaddestinationIPaddress:%s\n",optarg);
49. }
50. break;
51. case'i':
52. device=optarg;
53. break;
54. case's':
55. if(!(src_ip=libnet_name_resolve(optarg,LIBNET_RESOLVE)))
56. {
57. libnet_error(LIBNET_ERR_FATAL,
58. "BadsourceIPaddress:%s\n",optarg);
59. }
60. break;
61. case'p':
62. plist_p=&plist;
63. if(libnet_plist_chain_new(&plist_p,optarg)==-1)
64. {
65. libnet_error(LIBNET_ERR_FATAL,
66. "Couldnotbuildportlist\n");
67. }
68. break;
69. default:
70. usage(argv[0]);
71. exit(EXIT_FAILURE);
72. }
73. }
75. if(!src_ip||!dst_ip||!plist_p)
76. {
77. usage(argv[0]);
78. exit(EXIT_FAILURE);
79. }
81. c=argc-optind;
82. if(c!=1)
83. {
84. usage(argv[0]);
85. exit(EXIT_FAILURE);
86. }
87. memset(payload,0,sizeof(payload));
88. strncpy(payload,argv[optind],strlen(argv[optind]));
91. /*
92. *Step1:NetworkInitialization(interchangablewithstep2).
93. */
94. if(device==NULL)
95. {
96. structsockaddr_insin;
97. /*
98. *Trytolocateadevice.
99. */
100. if(libnet_select_device(&sin,&device,err_buf)==-1)
101. {
102. libnet_error(LIBNET_ERR_FATAL,
103. "libnet_select_devicefailed:%s\n",err_buf);
104. }
105. printf("device:\t\t\t\t%s\n",device);
106. }
107. if((network=libnet_open_link_interface(device,err_buf))==NULL)
108. {
109. libnet_error(LIBNET_ERR_FATAL,
110. "libnet_open_link_interface:%s\n",err_buf);
111. }
113. /*
114. *Getthepayloadfromtheuser.Hrm.ThismightfailonaSparc
115. *ifbytealignmentisoff...
116. */
117. payload_size=strlen(payload);
119. /*
120. *We'regoingtobuildaUDPpacketwithapayloadusingthe
121. *link-layerAPI,sothistimeweneedmemoryforaethernetheader
122. *aswellasmemoryfortheICMPandIPheadersandourpayload.
123. */
124. packet_size=LIBNET_IP_H+LIBNET_ETH_H+LIBNET_UDP_H+payload_size;
126. /*
127. *Step2:MemoryInitialization(interchangablewithstep1).
128. */
129. if(libnet_init_packet(packet_size,&packet)==-1)
130. {
131. libnet_error(LIBNET_ERR_FATAL,"libnet_init_packetfailed\n");
132. }
135. /*
136. *Step3:Packetconstruction(ethernetheader).
137. */
138. libnet_build_ethernet(enet_dst,
139. enet_src,
140. ETHERTYPE_IP,
141. NULL,
142. 0,
143. packet);
145. /*
146. *Step3:Packetconstruction(IPheader).
147. */
148. libnet_build_ip(LIBNET_UDP_H+payload_size,
149. 0,/*IPtos*/
150. 242,/*IPID*/
151. 0,/*Frag*/
152. 64,/*TTL*/
153. IPPROTO_UDP,/*Transportprotocol*/
154. src_ip,/*SourceIP*/
155. dst_ip,/*DestinationIP*/
156. NULL,/*Pointertopayload(none)*/
157. 0,
158. packet+LIBNET_ETH_H);/*Packetheadermemory*/
160. while(libnet_plist_chain_next_pair(plist_p,&bport,&eport))
161. {
163. while(!(bport>eport)&&bport!=0)
164. {
165. cport=bport++;
166. /*
167. *Step3:Packetconstruction(UDPheader).
168. */
169. libnet_build_udp(242,/*sourceport*/
170. cport,/*dest.port*/
171. payload,/*payload*/
172. payload_size,/*payloadlength*/
173. packet+LIBNET_ETH_H+LIBNET_IP_H);
175. /*
176. *Step4:Packetchecksums(ICMPheader*AND*IPheader).
177. */
178. if(libnet_do_checksum(packet+ETH_H,IPPROTO_UDP,LIBNET_UDP_H+payload_size)==-1)
179. {
180. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
181. }
182. if(libnet_do_checksum(packet+ETH_H,IPPROTO_IP,LIBNET_IP_H)==-1)
183. {
184. libnet_error(LIBNET_ERR_FATAL,"libnet_do_checksumfailed\n");
185. }
187. /*
188. *Step5:Packetinjection.
189. */
190. c=libnet_write_link_layer(network,device,packet,packet_size);
191. if(c<packet_size)
192. {
193. libnet_error(LN_ERR_WARNING,
194. "libnet_write_link_layeronlywrote%dbytes\n",c);
195. }
196. else
197. {
198. printf("constructionandinjectioncompleted,wroteall%dbytes,port%d\n",
199. c,cport);
200. }
201. }
202. }
203. /*
204. *Shutdowntheinterface.
205. */
206. if(libnet_close_link_interface(network)==-1)
207. {
208. libnet_error(LN_ERR_WARNING,
209. "libnet_close_link_interfacecouldn'tclosetheinterface");
210. }
213. /*
214. *Freepacketmemory.
215. */
216. libnet_destroy_packet(&packet);
218. return(c==-1?EXIT_FAILURE:EXIT_SUCCESS);
219. }
222. voidusage(char*name)
223. {
224. fprintf(stderr,"usage:%s[-iinterface]-ss_ip-dd_ip-pportlistpayload\n",name);
225. }

例五：

[cpp] view plain copy

1. 给出一个综合应用libnet和libpcap的简单例程，其功能是在接收到一个来自特定主机的ARP请求报文之后，发出ARP回应报文，通知该主机请求的IP地址对应的MAC地址。这个程序实现了标准的ARP协议，但是却不同于操作系统内核中标准的实现方法：该程序利用了libpcap在数据链路层抓包，利用了libnet向数据链路层发包，是使用libnet和libpcap构造TCP/IP协议软件的一个例程。该程序很简单，但已经可以说明libnet和libpcap的综合使用方法：
3. /*telldestinationhostwithip'dstip'thatthehostwith
4. *requestip'srcip'iswithmacaddresssrcmac
5. *author:whitecpf2003.5.15.
6. *compile:gccarp.c-lnet-lpcap-oarp
7. */
8. #include"/usr/include/libnet.h"
9. #include<pcap.h>
10. voidusage(char*exename){
11. printf("telldstipwithdstmacthatsrcipisatsrcmac.\n");
12. printf("usage:%s-ddstip-ssrcip-Ddstmac-Ssrcmac\n",exename);
13. return;
14. }
15. //程序输入：来自命令行参数
16. u_charip_src[4],ip_dst[4];
17. u_charenet_src[6],enet_dst[6];
18. externintmac_strtochar6(u_char*enet,char*macstr);
19. //将字符串格式的MAC地址转换为6字节类型r
20. intget_cmdline(intargc,char*argv[]);//命令行参数处理函数
21. intmain(intargc,char*argv[]){
22. libnet_t*l;
23. libnet_ptag_tt;
24. u_char*packet;
25. u_longpacket_s;
26. chardevice[5]="eth0";
27. charerrbuf[LIBNET_ERRBUF_SIZE];
28. charfilter_str[100]="";
29. structbpf_programfp;/*holdcompiledprogram*/
30. char*dev;
31. pcap_t*descr;
32. structpcap_pkthdrhdr;/*pcap.h*/
33. u_char*packet;
34. bpf_u_int32maskp;/*subnetmask*/
35. bpf_u_int32netp;/*ip*/
36. intpromisc=0;/*settopromiscmode?*/
37. intpcap_time_out=5;
38. intc,ret;
39. u_longi;
40. if(get_cmdline(argc,argv)<=0){
41. usage(argv[0]);
42. exit(0);
43. }
45. dev=pcap_lookupdev(errbuf);
46. if(dev==NULL){
47. fprintf(stderr,"%s\n",errbuf);
48. return-1;
49. }
50. ret=pcap_lookupnet(dev,&netp,&maskp,errbuf);
51. if(ret==-1){
52. fprintf(stderr,"%s\n",errbuf);
53. return-1;
54. }
55. descr=pcap_open_live(dev,BUFSIZ,promisc,pcap_time_out,errbuf);
56. if(descr==NULL){
57. printf("pcap_open_live():%s\n",errbuf);
58. return-1;
59. }
60. sprintf(filter_str,"arpand(srcnet%d.%d.%d.%d)",ip_dst[0],ip_dst[1],
61. ip_dst[2],ip_dst[3]);
62. if(pcap_compile(descr,&fp,filter_str,0,netp)==-1){
63. printf("Errorcallingpcap_compile\n");
64. return-1;
65. }
66. if(pcap_setfilter(descr,&fp)==-1){
67. printf("Errorsettingfilter\n");
68. return-1;
69. }
70. while(1){
71. printf("waitpacket:filter:%s\n",filter_str);
72. packet=pcap_next(descr,&hdr);
73. if(packet==NULL){
74. continue;
75. }
76. l=libnet_init(LIBNET_LINK_ADV,device,errbuf);
77. if(l==NULL){
78. fprintf(stderr,"libnet_init()failed:%s",errbuf);
79. exit(EXIT_FAILURE);
80. }
81. t=libnet_build_arp(
82. ARPHRD_ETHER,/*hardwareaddr*/
83. ETHERTYPE_IP,/*protocoladdr*/
84. 6,/*hardwareaddrsize*/
85. 4,/*protocoladdrsize*/
86. ARPOP_REPLY,/*operationtype*/
87. enet_src,/*senderhardwareaddr*/
88. ip_src,/*senderprotocoladdr*/
89. enet_dst,/*targethardwareaddr*/
90. ip_dst,/*targetprotocoladdr*/
91. NULL,/*payload*/
92. 0,/*payloadsize*/
93. l,/*libnethandle*/
94. 0);/*libnetid*/
95. if(t==-1){
96. fprintf(stderr,"Can'tbuildARPheader:%s\n",libnet_geterror(l));
97. gotobad;
98. }
99. t=libnet_autobuild_ethernet(
100. enet_dst,/*ethernetdestination*/
101. ETHERTYPE_ARP,/*protocoltype*/
102. l);/*libnethandle*/
103. if(t==-1){
104. fprintf(stderr,"Can'tbuildethernetheader:%s\n",libnet_geterror(l));
105. gotobad;
106. }
107. c=libnet_adv_cull_packet(l,&packet,&packet_s);
108. if(c==-1){
109. fprintf(stderr,"libnet_adv_cull_packet:%s\n",libnet_geterror(l));
110. gotobad;
111. }
112. c=libnet_write(l);
113. if(c==-1){
114. fprintf(stderr,"Writeerror:%s\n",libnet_geterror(l));
115. gotobad;
116. }
117. continue;
118. bad:
119. libnet_destroy(l);
120. return(EXIT_FAILURE);
121. }
122. libnet_destroy(l);
123. return(EXIT_FAILURE);
124. }
125. intget_cmdline(intargc,char*argv[]){
126. charc;
127. charstring[]="d:s:D:S:h";
128. while((c=getopt(argc,argv,string))!=EOF){
129. if(c=='d')
130. *((unsignedint*)ip_dst)=(unsignedint)inet_addr(optarg);
131. elseif(c=='s')
132. *((unsignedint*)ip_src)=(unsignedint)inet_addr(optarg);
133. elseif(c=='D')
134. mac_strtochar6(enet_dst,optarg);
135. elseif(c=='S')
136. mac_strtochar6(enet_dst,optarg);
137. elseif(c=='h')
138. return0;
139. else
140. return-1;
141. }
142. return1;
143. }

例六：

[cpp] view plain copy

1. #include<win32/libnet.h>
2. #pragmacomment(lib,"libnet.lib")
4. voidmain()
5. {
6. intpacket_size;//存放数据包长度的变量
7. libnet_t*l;//libnet句柄
8. libnet_ptag_tprotocol_tag;//协议块标记
9. char*device=NULL;//设备名字，此时为NULL
10. charerror_information[LIBNET_ERRBUF_SIZE];//用来存放错误信息
11. char*destination_ip_str="192.168.0.2";//目的IP地址字符串变量，可以指定任意一个合法的IP地址
12. char*source_ip_str="192.168.0.3";//源IP地址字符串变量，可以指定任意一个合法的IP地址
14. u_charhardware_source[6]={0x01,0x02,0x03,0x04,0x05,0x06};//源MAC地址，可以是任意指定
15. u_charhardware_destination[6]={0x06,0x05,0x04,0x03,0x02,0x01};//目的MAC地址，可以是任意指定
17. u_longdestination_ip;//目的IP地址
18. u_longsource_ip;//源IP地址
20. l=libnet_init(
21. LIBNET_LINK_ADV,//libnet类型*/
22. device,//网络设备
23. error_information);
25. destination_ip=libnet_name2addr4(l,destination_ip_str,LIBNET_RESOLVE);
26. //把目的IP地址字符串形式转化成网络顺序字节形式的数据
27. source_ip=libnet_name2addr4(l,source_ip_str,LIBNET_RESOLVE);
28. //把源IP地址字符串形式转化成网络顺序字节形式的数据
30. protocol_tag=libnet_build_arp(
31. //构造ARP协议块，函数的返回值是代表新生成的ARP协议块的一个协议块标记
32. ARPHRD_ETHER,
33. //硬件地址类型，在这里是以太网
34. ETHERTYPE_IP,
35. //协议地址类型，在这里是IP协议
36. 6,
37. //硬件地址长度，MAC地址的长度为6
38. 4,
39. //协议地址长度，IP地址的长度为4
40. ARPOP_REPLY,
41. //操作类型，在这里是ARP应答类型
42. hardware_source,
43. //源硬件地址
44. (u_int8_t*)&source_ip,
45. //源IP地址
46. hardware_destination,
47. //目标硬件地址
48. (u_int8_t*)&destination_ip,
49. //目标协议地址
50. NULL,
51. //负载，此时为NULL
52. 0,
53. //负载的长度，此时为0
54. l,
55. //libnet句柄，此句柄由libnet_init()函数生成
56. 0
57. //协议块标记，此时为0，表示构造一个新的ARP协议块，而不是修改已经存在的协议块
58. );
60. protocol_tag=libnet_autobuild_ethernet(
61. //以auto的形式构造一个以太网协议块，返回一个指向此协议块的标记
62. hardware_destination,
63. //目的硬件地址
64. ETHERTYPE_ARP,
65. //以太网上层协议类型，此时为ARP类型
66. l//libnet句柄
67. );
69. packet_size=libnet_write(l);//发送已经构造的ARP数据包
70. printf("发送一个%d字节长度的ARP应答数据包",packet_size);//输出发送的ARP数据包的字节数
72. libnet_destroy(l);//销毁libnet
73. }

相关阅读