|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* Regression test for bugs in ipv4 ip_offset and h_len handling, such as
|
|
Packit Service |
b25606 |
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418975
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Copyright (c) 2009 Sam Roberts <sroberts@wurldtech.com>
|
|
Packit Service |
b25606 |
* All rights reserved.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
b25606 |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
b25606 |
* are met:
|
|
Packit Service |
b25606 |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
b25606 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit Service |
b25606 |
* documentation and/or other materials provided with the distribution.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
Packit Service |
b25606 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit Service |
b25606 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
Packit Service |
b25606 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
Packit Service |
b25606 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
Packit Service |
b25606 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
Packit Service |
b25606 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit Service |
b25606 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
Packit Service |
b25606 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
Packit Service |
b25606 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
Packit Service |
b25606 |
* SUCH DAMAGE.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
#if (HAVE_CONFIG_H)
|
|
Packit Service |
b25606 |
#include "../include/config.h"
|
|
Packit Service |
b25606 |
#endif
|
|
Packit Service |
b25606 |
#include "./libnet_test.h"
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
#include <assert.h>
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
static void print_pblocks(libnet_t* l)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
libnet_pblock_t* p = l->protocol_blocks;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
while(p) {
|
|
Packit Service |
b25606 |
/* h_len is header length for checksumming? "chksum length"? */
|
|
Packit Service |
b25606 |
printf(" tag %d flags %d type %20s/%#x buf %p b_len %2u h_len %2u copied %2u\n",
|
|
Packit Service |
b25606 |
p->ptag, p->flags,
|
|
Packit Service |
b25606 |
libnet_diag_dump_pblock_type(p->type), p->type,
|
|
Packit Service |
b25606 |
p->buf, p->b_len, p->h_len, p->copied);
|
|
Packit Service |
b25606 |
p = p->next;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
printf(" link_offset %d aligner %d total_size %u nblocks %d\n",
|
|
Packit Service |
b25606 |
l->link_offset, l->aligner, l->total_size, l->n_pblocks);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
static int build_ipv4(libnet_t* l, libnet_ptag_t ip_ptag, int payload_s)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
u_long src_ip = 0xf101f1f1;
|
|
Packit Service |
b25606 |
u_long dst_ip = 0xf102f1f1;
|
|
Packit Service |
b25606 |
uint8_t* payload = malloc(payload_s);
|
|
Packit Service |
b25606 |
assert(payload);
|
|
Packit Service |
b25606 |
memset(payload, '\x00', payload_s);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ip_ptag = libnet_build_ipv4(
|
|
Packit Service |
b25606 |
LIBNET_IPV4_H + payload_s, /* length */
|
|
Packit Service |
b25606 |
0, /* TOS */
|
|
Packit Service |
b25606 |
0xbbbb, /* IP ID */
|
|
Packit Service |
b25606 |
0, /* IP Frag */
|
|
Packit Service |
b25606 |
0xcc, /* TTL */
|
|
Packit Service |
b25606 |
IPPROTO_UDP, /* protocol */
|
|
Packit Service |
b25606 |
0, /* checksum */
|
|
Packit Service |
b25606 |
src_ip, /* source IP */
|
|
Packit Service |
b25606 |
dst_ip, /* destination IP */
|
|
Packit Service |
b25606 |
payload, /* payload */
|
|
Packit Service |
b25606 |
payload_s, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
ip_ptag); /* libnet id */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
assert(ip_ptag > 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
free(payload);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
return ip_ptag;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
int
|
|
Packit Service |
b25606 |
main(int argc, char *argv[])
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
libnet_t *l;
|
|
Packit Service |
b25606 |
int r;
|
|
Packit Service |
b25606 |
char *device = "eth0";
|
|
Packit Service |
b25606 |
uint8_t enet_src[6] = {0x11, 0x11, 0x11, 0x11, 0x11, 0x11};
|
|
Packit Service |
b25606 |
uint8_t enet_dst[6] = {0x22, 0x22, 0x22, 0x22, 0x22, 0x22};
|
|
Packit Service |
b25606 |
char errbuf[LIBNET_ERRBUF_SIZE];
|
|
Packit Service |
b25606 |
libnet_ptag_t ip_ptag = 0;
|
|
Packit Service |
b25606 |
libnet_ptag_t eth_ptag = 0;
|
|
Packit Service |
b25606 |
int pkt1_payload = 10;
|
|
Packit Service |
b25606 |
uint8_t* pkt1 = NULL;
|
|
Packit Service |
b25606 |
uint32_t pkt1_sz = 0;
|
|
Packit Service |
b25606 |
struct libnet_ipv4_hdr* h1;
|
|
Packit Service |
b25606 |
int pkt2_payload = 2;
|
|
Packit Service |
b25606 |
uint8_t* pkt2 = NULL;
|
|
Packit Service |
b25606 |
uint32_t pkt2_sz = 0;
|
|
Packit Service |
b25606 |
struct libnet_ipv4_hdr* h2;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
l = libnet_init( LIBNET_LINK, device, errbuf);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
assert(l);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/* Bug is triggered when rebuilding the ipv4 blocks with smaller payload.
|
|
Packit Service |
b25606 |
* If change in payload size is larger than 20 (iph) + 14 (ether) +
|
|
Packit Service |
b25606 |
* aligner, it will cause checksum to be written into the unallocated
|
|
Packit Service |
b25606 |
* memory before the packet, possibly corrupting glib's memory allocation
|
|
Packit Service |
b25606 |
* structures.
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
printf("Packet 1:\n");
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ip_ptag = build_ipv4(l, ip_ptag, pkt1_payload);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
eth_ptag = libnet_build_ethernet(
|
|
Packit Service |
b25606 |
enet_dst, /* ethernet destination */
|
|
Packit Service |
b25606 |
enet_src, /* ethernet source */
|
|
Packit Service |
b25606 |
ETHERTYPE_IP, /* protocol type */
|
|
Packit Service |
b25606 |
NULL, /* payload */
|
|
Packit Service |
b25606 |
0, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
0); /* libnet id */
|
|
Packit Service |
b25606 |
assert(eth_ptag > 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
r = libnet_pblock_coalesce(l, &pkt1, &pkt1_sz);
|
|
Packit Service |
b25606 |
assert(r >= 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
print_pblocks(l);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
libnet_diag_dump_hex(pkt1, 14, 0, stdout);
|
|
Packit Service |
b25606 |
libnet_diag_dump_hex(pkt1+14, pkt1_sz-14, 0, stdout);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
printf("Packet 2:\n");
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ip_ptag = build_ipv4(l, ip_ptag, pkt2_payload);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
r = libnet_pblock_coalesce(l, &pkt2, &pkt2_sz);
|
|
Packit Service |
b25606 |
assert(r >= 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
print_pblocks(l);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
libnet_diag_dump_hex(pkt2, 14, 0, stdout);
|
|
Packit Service |
b25606 |
libnet_diag_dump_hex(pkt2+14, pkt2_sz-14, 0, stdout);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/* Packets should differ only in the total length and cksum. */
|
|
Packit Service |
b25606 |
h1 = (struct libnet_ipv4_hdr*) (pkt1+14);
|
|
Packit Service |
b25606 |
h2 = (struct libnet_ipv4_hdr*) (pkt2+14);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
assert(h1->ip_len == htons(20+pkt1_payload));
|
|
Packit Service |
b25606 |
assert(h2->ip_len == htons(20+pkt2_payload));
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
h1->ip_len = h2->ip_len = 0x5555;
|
|
Packit Service |
b25606 |
h1->ip_sum = h2->ip_sum = 0x6666;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
assert(memcmp(pkt1, pkt2, 14 + 20) == 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
return (EXIT_SUCCESS);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|