Getting Started with libnet

In the development of network security Tools on UNIX system platform, the most popular C API library is libnet, Libpcap, Libnids and libicmp. They provide different function functions from different levels and angles respectively. So that the network developers can ignore the implementation of the low-level details of the network, thus focusing on the specific functions of the program itself design and development. which
* The interface functions provided by libnet mainly implement and encapsulate the construction and sending process of the packet.
* Libpcap provides interface functions that primarily implement and encapsulate the process associated with packet interception.
* The interface function provided by Libnids mainly realizes some necessary structure framework for developing network intrusion monitoring system.
* LIBICMP is relatively simple, it encapsulates the ICMP packet's main processing process (construction, send, receive, etc.). Using the interface of these C function libraries, network security tool developers can easily write programs with strong structure, good robustness and high portability characteristics, such as scanner, sniffer, firewall, IDS, etc.
---[[libnet]]------------------------------------------
The latest version of the Libnet Library is 1.0.0 (the latest version has been to 1.1.6), it's about 7600 lines C source code, 33 source program files, 12 C header files, more than 50 custom functions, provided interface functions include 15 packet generators and two packet senders (IP layer and Data link layer )。 Only IPV4 is currently supported and IPV6 is not supported. The tested system platforms include:
* OpenBSD 2.6snap, 2.5, 2.4, 2.3, 2.2 (i386)
* FreeBSD 4.0-stable, 3.3-stable, 3.2-release, 3.1-current, 3.0, 2.2 (i386)
* NetBSD 1.3.2 (i386)
* Bsd/os 3.x (i386)
* BSDI 3.0 (i386)
* Linux 2.2.x, 2.0.3x, 2.1.124 (i386, Alpha) (libc:2.4.x, glibc:2.0.x)
* Solaris 7 (SPARC, GCC 2.7.2[13], 2.8.2), 2.6 (SPARC, gcc 2.8.2),
2.5.x (SPARC, gcc 2.7.2[13])
* IRIX 6.2
* MacOS 5.3rhapsody (PowerPC)
The interface functions provided by Libnet can be divided into four categories according to their function:

* Memory Management (allocation and release) functions
* Address resolution function
* Packet Constructors
* Packet Send function

These interface functions and their functions are listed below (their parameter meanings are straightforward and no longer explained):

★ Memory Management functions

Single Packet Memory initialization: (These functions have been removed in the 1.1.6 version)
int Libnet_init_packet (U_short packet_size, U_char **buf);

Single Packet Memory release:
void Libnet_destroy_packet (U_char **buf);

Most of the packet memory initialization:
int Libnet_init_packet_arena (struct Libnet_arena **arena,
U_short packet_num, U_short packet_size);

To access the next packet in multiple-packet memory:
U_char *libnet_next_packet_from_arena (struct Libnet_arena **arena,
U_short packet_size);

Most packets are freed from memory:
void Libnet_destroy_packet_arena (struct Libnet_arena **arena);

★ Address Resolution function

Resolve Host Name:
U_char *libnet_host_lookup (u_long IP, u_short use_name);

Resolve Host name (Reentrant function):
void Libnet_host_lookup_r (u_long IP, u_short use_name, U_char *buf);

Domain Name resolution:
U_long libnet_name_resolve (U_char *ip, u_short use_name);

To obtain an interface device IP address:
U_long libnet_get_ipaddr (struct libnet_link_int *l,
Const U_char *device, const U_char *EBUF);

Get interface Device hardware address:
struct ether_addr *libnet_get_hwaddr (struct libnet_link_int *l,
Const U_char *device,
Const U_char *EBUF);

★ Packet Constructors

ARP protocol packet:
int Libnet_build_arp (u_short hrdw, u_short prot, U_short H_len,
U_short P_len, U_short op, U_char *s_ha,
U_char *s_pa, U_char *t_ha, U_char *t_pa,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

DNS Protocol packet:
int Libnet_build_dns (u_short ID, u_short flags, U_short num_q,
U_short NUM_ANSW_RR, U_short num_auth_rr,
U_short NUM_ADD_RR, const U_CHAR * payload,
int Payload_len, U_char *packet_buf);

Ethernet Protocol Packet:
int libnet_build_ethernet (U_char *daddr, U_char *saddr, u_short ID,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

ICMP Protocol Packet (icmp_echo/icmp_echoreply):
int Libnet_build_icmp_echo (u_char type, U_char code, u_short ID,
U_short seq, const U_char *payload,
int Payload_len, U_char *packet_buf);

ICMP Protocol Packet (icmp_maskreq/icmp_maskreply):
int Libnet_build_icmp_mask (u_char type, U_char code, u_short ID,
U_short seq, U_long Mask,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

ICMP Protocol Packet (Icmp_unreach):
int Libnet_build_icmp_unreach (u_char type, U_char code,
U_short Orig_len, U_char Orig_tos,
U_short orig_id, U_short Orig_frag,
U_char Orig_ttl, U_char Orig_prot,
U_long orig_saddr, U_long orig_daddr,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

ICMP Protocol Packet (Icmp_timexceed):
int Libnet_build_icmp_timeexceed (u_char type, U_char code,
U_short Orig_len, U_char Orig_tos,
U_short orig_id, U_short Orig_frag,
U_char Orig_ttl, U_char Orig_prot,
U_long orig_saddr, U_long orig_daddr,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

ICMP Protocol Packet (Icmp_redirect):
int Libnet_build_icmp_redirect (u_char type, U_char code, U_long Gateway,
U_short Orig_len, U_char Orig_tos,
U_short orig_id, U_short Orig_frag,
U_char Orig_ttl, U_char Orig_prot,
U_long orig_saddr, U_long orig_daddr,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

ICMP Protocol Packet (icmp_tstamp/icmp_tstampreply):
int Libnet_build_icmp_timestamp (u_char type, U_char code, u_short ID,
U_short seq, n_time otime, N_time rtime,
N_time ttime, const U_char *payload,
int Payload_len, U_char *packet_buf);

IGMP Protocol packet:
int Libnet_build_igmp (u_char type, U_char code, u_long IP,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

IP protocol Packet:
int Libnet_build_ip (U_short len, U_char tos, U_short ip_id, U_short Frag,
U_char TTL, U_char protocol, U_long Saddr,
U_long daddr, const u_char *payload, int payload_len,
U_char *packet_buf);

OSPF Routing protocol Packet:
int LIBNET_BUILD_OSPF (U_short len, U_char type, U_long router_id,
U_long area_id, U_short Auth_type,
const char *payload, int payload_s, U_char *buf);

OSPF Routing protocol Packet (Hello):
int Libnet_build_ospf_hello (u_long netmask, u_short interval,
U_char options, U_char priority,
U_int Dead_interval, U_long Des_router,
U_long Backup, U_long neighbor,
const char *payload, int payload_s,
U_char *buf);

OSPF Routing protocol Packet (database Description (DBD)):
int libnet_build_ospf_dbd (U_short len, U_char options, U_char type,
U_int sequence_num, const char *payload,
int payload_s, U_char *buf);

OSPF Routing protocol packet (Link state Request (LSR)):
int LIBNET_BUILD_OSPF_LSR (u_int type, U_int ls_id, U_long Adv_router,
const char *payload, int payload_s,
U_char *buf);

OSPF Routing protocol packet (Link state Update (LSU)):
int LIBNET_BUILD_OSPF_LSU (u_int num, const char *payload,
int payload_s, U_char *buf);

OSPF Routing protocol packet (Link State acknowledgement (LSA)):
int Libnet_build_ospf_lsa (u_short age, U_char options, U_char type,
U_int ls_id, U_long Adv_router,
U_int Sequence_num, U_short Len,
const char *payload, int payload_s,
U_char *buf);

OSPF Routing protocol Packet (OSPF Link sate Networklink State Router):
int libnet_build_ospf_lsa_net (U_long netmask, U_int router_id,
const char *payload, int payload_s,
U_char *buf);

OSPF Routing protocol packet (Link state Router):
int LIBNET_BUILD_OSPF_LSA_RTR (u_short flags, u_short num, u_int ID,
U_int data, U_char type, U_char tos,
U_short metric, const char *payload,
int payload_s, U_char *buf);

OSPF Routing protocol packet (Link state Summary):
int Libnet_build_ospf_lsa_sum (u_long netmask, U_int metric, U_int tos,
const char *payload, int payload_s,
U_char *buf);

OSPF Routing protocol packet (Link State as External):
int Libnet_build_ospf_lsa_as (u_long netmask, U_int metric,
U_long fwd_addr, u_int tag,
const char *payload, int payload_s,
U_char *buf);

RIP Routing protocol packets:
int Libnet_build_rip (u_char cmd, U_char ver, u_short domain,
U_short Addr_fam, U_short route_tag, U_long IP,
U_long Mask, u_long next_hop, U_long metric,
Const U_CHAR *payload, int payload_len,
U_char *packet_buf);

TCP protocol Packets:
int libnet_build_tcp (u_short th_sport, U_short th_dport, U_long th_seq,
U_long Th_ack, U_char th_flags, U_short Th_win,
U_short Th_urg, const U_char *payload,
int Payload_len, U_char *packet_buf);

UDP protocol Packet:
int libnet_build_udp (U_short sport, u_short dport, const U_char *payload,
int Payload_len, U_char *packet_buf);

IP Protocol Packet options:
int Libnet_insert_ipo (struct ipoption *opt, U_char Opt_len,
U_char *packet_buf);

TCP Protocol Packet options:
int LIBNET_INSERT_TCPO (struct tcpoption *opt, U_char Opt_len,
U_char *packet_buf);

★ Packet Sending function

Open RAW SOCKET:
int Libnet_open_raw_sock (int protocol);

To turn off raw sockets:
int libnet_close_raw_sock (int socket);

Select an interface device:
int Libnet_select_device (struct sockaddr_in *sin,
U_char **device, U_char *ebuf);

To open the link layer Interface device:
struct Libnet_link_int *libnet_open_link_interface (char *device,
Char *ebuf);

To turn off the link layer Interface device:
int libnet_close_link_interface (struct libnet_link_int *l);

To send an IP packet:
int libnet_write_ip (int socket, U_char *packet, int packet_size);

Send Link Layer packet:
int Libnet_write_link_layer (struct libnet_link_int *l,
Const U_char *device, U_char *packet,
int packet_size);

Inspection and calculation:
int Libnet_do_checksum (U_char *packet, int protocol, int packet_size);

★ Related support functions

Random number Seed Generator:
int Libnet_seed_prand ();

Get random Number:
U_long libnet_get_prand (int modulus);

16 Input data output:
void Libnet_hex_dump (U_char * buf, int len, int swap, FILE *stream);

Port list Chain initialization:
int libnet_plist_chain_new (struct libnet_plist_chain **plist,
Char *token_list);

Gets the next item in the port list chain (port range):
int Libnet_plist_chain_next_pair (struct libnet_plist_chain *plist,
U_short *bport, U_short *eport);

Port list chain output shows:
int libnet_plist_chain_dump (struct libnet_plist_chain *plist);

To get the port list chain:
U_char *libnet_plist_chain_dump_string (struct libnet_plist_chain *plist);

Port list chain Memory release:
void Libnet_plist_chain_free (struct libnet_plist_chain *plist);

★ Data Constants

==================================================================================
Packet header size definition:

Constant name numeric value (number of bytes)
Libnet_arp_h 28
Libnet_dns_h 12
Libnet_eth_h 14
Libnet_icmp_h 4
Libnet_icmp_echo_h 8
Libnet_icmp_mask_h 12
Libnet_icmp_unreach_h 8
Libnet_icmp_timxceed_h 8
Libnet_icmp_redirect_h 8
Libnet_icmp_ts_h 20
Libnet_igmp_h 8
Libnet_ip_h 20
Libnet_rip_h 24
Libnet_tcp_h 20
Libnet_udp_h 8

==================================================================================
Packet Memory constants:

Constant name meaning
Libnet_packet TCP/UDP packet header + IP packet header memory used
Memory used by libnet_opts IP or TCP options
Libnet_max_packet ip_maxpacket (65535 bytes) of memory used

==================================================================================
Random number generator constant (Libnet_get_prand () function used):

Constant Name Value
Libnet_prand_max 65535
LIBNET_PR2 0-2
LIBNET_PR8 0-255
Libnet_pr16 0-32767
Libnet_pru16 0-65535
Libnet_pr32 0-2147483647
Libnet_pru32 0-4294967295

==================================================================================
Error message Constants (Libnet_error () function used):

Constant name meaning
Libnet_err_warning Warning Type message
Libnet_err_critical Emergency Type Message
Libnet_err_fatal Fatal error message

==================================================================================
Constants used by the Libnet_host_lookup (), Libnet_host_lookup_r (), and Libnet_name_resolve () functions:

Constant name meaning
Libnet_dont_resolve does not resolve IP addresses to FQDN names
Libnet_resolve attempt to resolve IP address to FQDN name

==================================================================================
Macro definition

Macro name Feature
Libnet_get_arena_size (ARENA) returns the multi-packet memory buffer size (number of bytes)
Libnet_get_arena_remaining_bytes (ARENA) returns the size of the remaining space (in bytes) of the multiple-packet memory buffer
LIBNET_PRINT_ETH_ADDR (e) Output shows the Ethernet address in the ETHER_ADDR structure

==================================================================================

---[[libnet application instance]]----------------------------------

The basic steps for developing an application using the Libnet function library are simple:

1, the data packet memory initialization;
2. Initialization of network interface;
3, the construction of the required data packets;
4, the calculation of packet testing and;
5, send packets;
6, shut down the network interface;
7, release the packet memory.

Here are four packet senders that were written using the Libnet interface function. You must ensure that the Libnet Library has been successfully installed before compiling.

Example one:[CPP]  View Plain Copy/* example 1 [raw socket api - tcp packet] */   /* gcc -wall  ' Libnet-config --defines '  libnet-example-x.c -o  libnet-example-x \   ' libnet-config --libs '  */      #include   <libnet.h>      void usage (char *);      int main (int &NBSP;ARGC,&NBSP;CHAR&NBSP;**ARGV)     {        int  network, /* our network interface */             packet_size, /* packet size */             c; /* misc */        u_long src_ ip, dst_ip; /* ip addresses */        u_short  Src_prt, dst_prt; /* ports */        u_char *cp, * packet; /* misc / packet */          printf (" libnet example code:\tmodule 1\n\n ");        printf (" Packet  injection interface:\traw socket\n "