Tcp Header Problem

**nasim751** · 04-26-2008

help me how can i solve this problem. i got many feedback but dont work. please reply me
error.....................

tcpg.c: In function ‘tcpg_hping’:
tcpg.c:127: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c:128: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c: In function ‘tcpg_oob’:
tcpg.c:139: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c: In function ‘tcpg_portd’:
tcpg.c:148: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c: In function ‘tcpg_queso’:
tcpg.c:155: error: ‘struct tcphdr’ has no member named ‘th_win’
tcpg.c: In function ‘tcpg_synflood’:
tcpg.c:164: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c:164: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c:165: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg.c:165: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg.c: In function ‘tcpg_syn’:
tcpg.c:177: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c:177: error: ‘struct tcphdr’ has no member named ‘th_flags’
tcpg.c:178: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg.c:178: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c: In function ‘tcpg_land’:
tcpg.c:184: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg.c:184: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c: In function ‘tcpg_kill’:
tcpg.c:195: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c:197: error: ‘struct tcphdr’ has no member named ‘th_sport’
tcpg.c:198: error: ‘struct tcphdr’ has no member named ‘th_dport’
tcpg.c:201: error: ‘struct tcphdr’ has no member named ‘th_seq’
tcpg.c:202: error: ‘TCP_H’ undeclared (first use in this function)
tcpg.c:202: error: (Each undeclared identifier is reported only once
tcpg.c:202: error: for each function it appears in.)
tcpg.c:202: error: ‘IP_H’ undeclared (first use in this function

)

Code:

#define NO_EUID_CHECK */
  
/* If you want TCPguard to announce all connection attemps... */
#define TCPG_SYN

/* Log QUESO probes. */
#define TCPG_QUESO

/* SYN flooding detection. */
#define TCPG_SYNFLOOD

/* WinNuke detection. */
#define TCPG_OOB

/* Log LAND attacks. */
#define TCPG_LAND

/* Log HPing probes and port 0 connection packets. */
#define TCPG_HPING

/* Shell daemon default port probe detection. */
#define TCPG_PORTD

/* Kill connections to TCP port TCPG_KILL. */
#define TCPG_KILL	110 

/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */
/* DON'T CHANGE ANYTHING BELOW THIS LINE !!!!!!!!!!!!!! */

/* Biggest list of includes you've ever seen, eh?! =;-) */
#include <libnet.h>
#include <syslog.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#define __FAVOR_BSD
#include <netinet/tcp.h>


/******************* Why not make all variables global ?!************************/ 
# ifdef __FAVOR_BSD
typedef u_int32_t tcp_seq;

struct tcphdr
  {
    u_int16_t th_sport;         // source port 
    u_int16_t th_dport;         // destination port 
    tcp_seq th_seq;             // sequence number 
    tcp_seq th_ack;             // acknowledgement number 
};

#endif

struct ippkt {
 struct iphdr ip;
 struct tcphdr tcp;
 char buffer[5000];
} pkt;



/******************** Main functions of the TCPguard ***************************/


u_long prev_seq= 0;

void tcpg_die()
 {
  syslog(LOG_INFO, "TCPguard has now found a horrid death.");
  _exit(0);
} 


int s, lns;
struct in_addr src_addr;
u_char *buff;
u_int sport, dport;

void tcpg_syn();
void tcpg_hping();
void tcpg_synflood();
void tcpg_portd();
void tcpg_queso();
void tcpg_land();
void tcpg_oob();
void tcpg_die();
void tcpg_init();
void tcpg_kill(u_short);




void tcpg_init()
 {
 openlog("tcpguard", 0, LOG_DAEMON);

#ifndef NO_EUID_CHECK
 if(geteuid()!=0)
 {
  syslog(LOG_INFO, "launched by normal user (uid %d).\n", geteuid());
  printf("This program uses raw sockets. On most systems, that requires root.\n");
  printf("If you know that your systems allows usage of raw sockets by normal\n");
  printf("users, re-compile the program with -DNO_EUID_CHECK.\n");
  _exit(1);
 }
#endif

 if((s=socket(AF_INET, SOCK_RAW, IPPROTO_TCP))==-1)
 {
  perror("socket()");
 _exit(2);
  }
}

/* HPing detection. (also makes noise if it finds packets sent to port 0)
 */
void tcpg_hping()
 {
 if(pkt.tcp.th_dport==0)
 if(pkt.tcp.th_flags&TH_FIN)
  syslog(LOG_INFO, "WARNING: HPing packet detected from %s !", inet_ntoa(src_addr));
 else 
 syslog(LOG_INFO, "WARNING: Packet to TCP port 0 from %s !", inet_ntoa(src_addr));
}

/* OOB check... this usually means WinNuke...
 * There still are many kiddies out there who try to winnuke ppl...
 */
void tcpg_oob()
 {
 if(pkt.tcp.th_flags&TH_URG)
  syslog(LOG_INFO, "ATTACK: WinNuke attempt from %s !", inet_ntoa(src_addr));
}

/* A common shell daemon uses 31337 as the default TCP port...
 * Sscan tries to connect to this port...
 */
void tcpg_portd()
 {
 if(pkt.tcp.th_dport==htons(31337))
  syslog(LOG_INFO, "WARNING: Backdoor on 31337 probed from %s !", inet_ntoa(src_addr));
}

/* Queso sends all its packets with a constant window size ... */
void tcpg_queso()
 {
 if(pkt.tcp.th_win==htons(4660))
  syslog(LOG_INFO, "ATTACK: A packet probably sent by QUESO was received !");
}

/* A rather basic detector for a couple of TCP/IP-based attacks.
 * (especially SYN-flooding)
 */
void tcpg_synflood() 
{
 if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK))) 
 if(pkt.tcp.th_seq!=prev_seq) prev_seq=pkt.tcp.th_seq; 
else 
{
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !");
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!");
  syslog(LOG_INFO, "ATTACK: YOU ARE BEING SYN-FLOODED !!!");
  tcpg_die();
 }
}

void tcpg_syn()
 {
 if((pkt.tcp.th_flags&TH_SYN)&&(!(pkt.tcp.th_flags&TH_ACK)))
  syslog(LOG_INFO, "WARNING: TCP connection attempted from %s:%d to port %d.", inet_ntoa(src_addr), ntohs(pkt.tcp.th_sport), ntohs(pkt.tcp.th_dport));
}

/***************** Land attack check ***************************/
void tcpg_land() 
{
 if((pkt.ip.saddr==pkt.ip.daddr)&&(pkt.tcp.th_sport==pkt.tcp.th_dport))
  syslog(LOG_INFO, "ATTACK: LAND attack detected !!!");
}

/* Sends a RST to the client...KILLAH !.. =;-) */
void tcpg_kill(u_short kport) 
{
 u_long src_ip=0, dst_ip=0, ack;

 /* The following kills all TCP connections to port kport ! */
 /* WARNING: This part does not make any checks !!! */
 if(ntohs(pkt.tcp.th_dport)==kport)
 {
  sport=ntohs(pkt.tcp.th_sport);
  dport=ntohs(pkt.tcp.th_dport);
  src_ip=pkt.ip.daddr;
  dst_ip=pkt.ip.saddr;
  ack=ntohl(pkt.tcp.th_seq)+1;
  buff=malloc(TCP_H+IP_H);
  bzero(buff, TCP_H+IP_H);
  build_ip(TCP_H, IPTOS_LOWDELAY | IPTOS_THROUGHPUT, 242, 0, 64, IPPROTO_TCP, src_ip, dst_ip, NULL, 0, buff);
  build_tcp(sport, dport, ack, ack, TH_RST, 4096, 0, NULL, 0, buff+IP_H);
  do_checksum(buff, IPPROTO_TCP, TCP_H);
  lns=open_raw_sock(IPPROTO_RAW);
  syslog(LOG_INFO, "WARNING: Killing connection from %s to port %d.", inet_ntoa(src_addr), kport);
  write_ip(lns, buff, IP_H+TCP_H);
  close(lns);
 }
}
/***************************************************************************************/
int main()
 {
 tcpg_init();
 
 if(fork()!=0)
 _exit(0);
 setsid();

 syslog(LOG_INFO, "TCPGUARD");
 syslog(LOG_INFO, "launched with pid %d.\n", getpid());
 
 while(1) 
{
  read(s, (struct ippkt *)&pkt, 5000);

  src_addr.s_addr=0;
  src_addr.s_addr=pkt.ip.saddr;
 
#ifdef TCPG_SYN 
  tcpg_syn();
#endif
#ifdef TCPG_HPING
  tcpg_hping();
#endif
#ifdef TCPG_QUESO
  tcpg_queso();
#endif
#ifdef TCPG_SYNFLOOD
  tcpg_synflood();
#endif
#ifdef TCPG_KILL
  tcpg_kill(TCPG_KILL);
#endif
#ifdef TCPG_LAND
  tcpg_land();
#endif
#ifdef TCPG_OOB
  tcpg_oob();
#endif
#ifdef TCPG_PORTD
  tcpg_portd();
#endif
 }
}
/

********************************END*************** *****************************************/

Thread Tools

Display

Tcp Header Problem

Posting Permissions