libnet packet construction - wrong values = infinite loop?!

[westies870]

so i am trying to do the following using libnet & libpcap:

- sniff a specific port for a syn packet
- if detected, construct a syn/ack packet

from the sniffed packet i got out the source and destination port & address, and also the sequence number. i thought it was pretty straight forward, until something weird happens:

- A detects packet from B,
- A builds packet, send it back to B
- A detects packet it just made
- A builds packet... STUCK FOREVER

as shown in my output...

Code:

Packet detected at: Tue May 13 14:33:58 2008

From: 192.168.1.103 	39809	To: 192.168.1.102 	123
Length: 44
Flags: SYN
---------------------------------------------------

Packet detected at: Tue May 13 14:33:58 2008

From: 160.166.245.183 	123	To: 160.166.245.183 	39809
Length: 40
Flags: SYN
---------------------------------------------------

Packet detected at: Tue May 13 14:33:58 2008

From: 160.166.245.183 	39809	To: 160.166.245.183 	123
Length: 40
Flags: SYN
---------------------------------------------------

Packet detected at: Tue May 13 14:33:58 2008

From: 160.166.245.183 	123	To: 160.166.245.183 	39809
Length: 40
Flags: SYN
---------------------------------------------------

my guess is that i put in the wrong values in during the packet construction...? here's my code:

Code:

 
#include <stdlib.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <pcap.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <sys/socket.h>
#include <netdb.h>
#include <time.h>
#include <libnet.h>

void handler(char *, const struct pcap_pkthdr *, const u_char *);

int main(int argc, char **argv)
{
	struct in_addr net, mask;
	struct bpf_program filter;
	int buffsize = 65535;
	int promisc = 1;
	int timeout = 1000;
	char *dev;
	char pcap_err[PCAP_ERRBUF_SIZE];
	char filter_app[] = "port 123";
	u_char buffer[255];
	pcap_t *pcap_nic;
	time_t date_time;

	time(&date_time);
	printf("\nSession started at: %s\n", ctime(&date_time));

	//looks for valid device
	if(!(dev = pcap_lookupdev(pcap_err))){
		perror(pcap_err);
		exit (-1);
	}

	printf("Listening on device: %s\n\n", dev);

	//opens interface for live capture
	if((pcap_nic = pcap_open_live(dev, buffsize, promisc, timeout, pcap_err)) == NULL){
		perror(pcap_err);
		exit(-1);
	}
	
	//returns subnet & netmask of interface
	if(pcap_lookupnet(dev, &net.s_addr, &mask.s_addr, pcap_err) == -1){
		perror(pcap_err);
		exit(-1);
	}

	//compiles packet filter
	if(pcap_compile(pcap_nic, &filter, filter_app, 0, net.s_addr) == -1){
		perror(pcap_err);
		exit(-1);
	}
	
	//set filter for capturing
	if(pcap_setfilter(pcap_nic, &filter) == -1){
		perror(pcap_err);
		exit(-1);
	}

	//calls handler to capture packets
	//set '-1' for indefinite capture
	//handles one packet at a time
	while(1){
	pcap_loop(pcap_nic, -1, (pcap_handler)handler, buffer);
	}

	fclose(fp);
}

//captures packet
//passes src/dest port & address to injector()
void handler(char *usr, const struct pcap_pkthdr *header, const u_char *pkt)
{
	struct iphdr *ipheader = (struct iphdr *)(pkt + LIBNET_ETH_H);
	struct tcphdr *tcpheader = (struct tcphdr *)(pkt + LIBNET_IPV4_H + LIBNET_ETH_H);
	struct in_addr source, dest;
	int src_port, dest_port, seq_num;
	time_t date_time;

	time(&date_time);
	
	if(tcpheader->syn){
		source.s_addr = ipheader->saddr;
		dest.s_addr = ipheader->daddr;
			
		printf("Packet detected at: %s\n", ctime(&date_time));
		printf("From: %s \t%i\t", inet_ntoa(source), ntohs(tcpheader->source));
		printf("To: %s \t%i\n", inet_ntoa(dest), ntohs(tcpheader->dest));
		printf("Length: %i\n", ntohs(ipheader->tot_len));
		printf("Flags: SYN\n\n");

		src_port = ntohs(tcpheader->source);
		dest_port = ntohs(tcpheader->dest);
		seq_num = ntohl(tcpheader->seq);
		
		injector(src_port, dest_port, seq_num, source, dest);
	}	
}

//builds and sends tcp & ip packet
void injector(int src_port, int dest_port, int seq_num, struct in_addr source, struct in_addr dest)
{
	char *dev;
	char pcap_err[PCAP_ERRBUF_SIZE];
	char libnet_errbuf[LIBNET_ERRBUF_SIZE];
	
	//looks up valid device
	if(!(dev = pcap_lookupdev(pcap_err))){
		perror(pcap_err);
		exit (-1);
	}
	
	libnet_t *l;	//libnet context
	libnet_ptag_t tcp = 0, ipv4 = 0; //libnet protocol blocks

	//initialize libnet to interface
	l = libnet_init(LIBNET_RAW4, dev, libnet_errbuf);
	if (l == NULL){
		fprintf(stderr, "Error opening context: %s", libnet_errbuf);
		exit(1);
	}

	//builds tcp packet
	tcp = libnet_build_tcp(dest_port,		//1 src port
		src_port,				//2 dest port		
		libnet_get_prand(LIBNET_PRu16),		//3 seq num
		(seq_num + 1),				//4 ack num
		TH_SYN|TH_ACK,				//5 flags
		7,					//6 window
		0,					//7 checksum
		0,					//8 urgent
		LIBNET_TCP_H,				//9 hdr len
		NULL,					//10 payload
		0,					//11 payload len
		l,					//12 libnet context
		tcp);
	if (tcp == -1){
		fprintf(stderr, "Error building TCP header: %s\n", libnet_errbuf);
		exit(1);
	}

	//build ip packet
	ipv4 = libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, //1 length
		0, 				//2 TOS
		libnet_get_prand(LIBNET_PRu16), //3 ip id
		0, 				//4 flag offset
 		127, 				//5 ttl
		IPPROTO_TCP, 			//6 upper layer protocol
		0, 				//7 checksum
		(inet_ntoa(source)),		
		(inet_ntoa(dest)),
		NULL, 	//10 payload
		0, 	//11 payload length
		l, 	//12 libnet context
		ipv4);
	if (ipv4 == -1){
		fprintf(stderr, "Error building IP header: %s\n", libnet_errbuf);
		exit(1);
	}

	//send packets
	if ((libnet_write(l)) == -1){
		fprintf(stderr, "Error writing packet: %s\n", libnet_errbuf);
		exit(1);
	}

	//shutdown libnet
	libnet_destroy(l);	
}

thanks for your time!

[mamehmood]

Hi, Did ur problem resolved? Can you share the fixed code with me? I am student and new to linux and network programing. Also can you guide me about IP Frag? I want to fragment my data but not sure which value to use ?
Regards
Aamir