FreeBSD libnet_pblock_find() problem Mar 01 2005 02:30AM
Victor Lima (sena urbi com br) (2 replies)
Re: FreeBSD libnet_pblock_find() problem Mar 01 2005 08:53PM
Mike Schiffman (mike infonexus com) (1 replies)
Re: FreeBSD libnet_pblock_find() problem Mar 03 2005 07:21PM
Mustafa Abu Sedera (tifa_80 hotmail com)

I haven't written any code for a long time, but I have some comments, (in
addition to Mike's comments, which solve the cause of the error message you
get). I see some other bugs in the code though.
What I understand here is that you just want so send back the packet to the
originating IP (correct me if i am wrong).

>> udp_hdr = ( struct udphdr *) ( packet + size_eth + size_ip );

are you sure you took the IP header options into consideration in size_ip?

size_ip should not just be 20, it should be size_ip = ip_hdr->ip_hl *4

>> udp = libnet_build_udp( ntohs( udp_hdr->uh_dport ),
>> ntohs( udp_hdr->uh_sport ),
>> LIBNET_UDP_H + strlen( payload ), <<<<<
>> 0,
>> payload,
>> strlen(payload), <<<<<<<<<<<
>> lnet,
>> udp );

You can't just use strlen() here, if there is any byte with the value NULL
before the end of the packet you will not get the real payload length.
Strlen counts the number of chars in a string starting from the first
character in the buffer till the first NULL it sees.

you could get the payload lenght by doing: pkt_length - size_eth - size_ip
- size_udp
pkt_length you get from libpcap hdr structure.


>> ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H +
>> strlen( payload ), 0, <<< agian a
>> ip_hdr->ip_id,
>> 0,
>> 64,
>> 0,
>> libnet_name2addr4(lnet, (char *) <<<<<<
>>inet_ntop(AF_INET, &ip_hdr->ip_dst, dst, sizeof(dst)), LIBNET_RESOLVE),
>> libnet_name2addr4(lnet, (char *)
>>inet_ntop(AF_INET, &ip_hdr->ip_src, src, sizeof(src)), <<<<<<
>> NULL,
>> 0,
>> lnet,
>> ip );

if you are just trying to put the src IP of the captured into the dest IP
and vice versa you can grab them directly by acessing the value in the
ip_hdr struct: ip_hdr->ip_src.s_addr.

actually the struct in_addr has no more than a 4 byte unsigned integer as a
member. so u can use it directly withoiut doing this painful turnaround :)


I hope I could help a little.


>From: Mike Schiffman <mike (at) infonexus (dot) com [email concealed]>
>To: Victor Lima <sena (at) (dot) br [email concealed]>
>CC: libnet (at) securityfocus (dot) com [email concealed]
>Subject: Re: FreeBSD libnet_pblock_find() problem
>Date: Tue, 1 Mar 2005 12:53:34 -0800
>Try initializing the ptag values:
>libnet_ptag_t udp, ip;
>On Feb 28, 2005, at 6:30 PM, Victor Lima wrote:
>>Hello list,
>> Im trying to build an application that will forge UDP packets based
>> information retrieved by libpcap. The box that I'm using is a FreeBSD
>> 5.3-REL with ports retrieved from the instalation CD. The libnet version
>> is: libnet-devel-
>> The problem lies somewhere in this code ( or maybe its a bug in libnet
>> itself ) :
>> Whenever I run it, it first blocks on libpcap listening for
>> packets, after it recieves one it sends the packet to echo_server, where
>> the appropriate headers are pointed to the correct places in the packet,
>> so that I can build a response based on the received information. The
>> code compiles with no problem except that when I run it,
>> returns -1 and the following error message appears:
>>libnet_pblock_find() - couldn't find protocol block
>> Ive googled a bit, and found a few misleading answers none that
>> solved my problem, so I came here. Hope you guys can help me...
>> thanks in advance,
>>Victor Lima
>Mike Schiffman, CISSP
>Doveryay No Proveryay

[ reply ]
Re: FreeBSD libnet_pblock_find() problem Mar 01 2005 07:16PM
Frédéric Raynal (frederic raynal security-labs org)


Privacy Statement
Copyright 2010, SecurityFocus