//---cat rawtcp.c---// Run as root or SUID 0, just datagram no data/payload#i

1. //---cat rawtcp.c---
2. // Run as root or SUID 0, just datagram no data/payload
3.  
4. #include <stdlib.h>
5. #include <string.h>
6. #include <unistd.h>
7. #include <stdio.h>
8. #include <sys/socket.h>
9. #include <netinet/ip.h>
10. #include <netinet/tcp.h>
11.  
12. // Packet length
13. #define PCKT_LEN 8192
14. #pragma pack(pop)
15. // May create separate header file (.h) for all
16. // headers' structures
17. // IP header's structure
18. struct ipheader {
19. unsigned char iph_ihl:4, /* Little-endian */
20. iph_ver:4;
21. unsigned char iph_tos;
22. unsigned short int iph_len;
23. unsigned short int iph_ident;
24. unsigned char iph_flags;
25. unsigned short int iph_offset;
26. unsigned char iph_ttl;
27. unsigned char iph_protocol;
28. unsigned short int iph_chksum;
29. unsigned int iph_sourceip;
30. unsigned int iph_destip;
31. };
32.  
33. /* Structure of a TCP header */
34. struct tcpheader {
35. unsigned short int tcph_srcport;
36. unsigned short int tcph_destport;
37. unsigned int tcph_seqnum;
38. unsigned int tcph_acknum;
39. unsigned char tcph_reserved:4, tcph_offset:4;
40. // unsigned char tcph_flags;
41. unsigned int
42. tcp_res1:4, /*little-endian*/
43. tcph_hlen:4, /*length of tcp header in 32-bit words*/
44. tcph_fin:1, /*Finish flag "fin"*/
45. tcph_syn:1, /*Synchronize sequence numbers to start a connection*/
46. tcph_rst:1, /*Reset flag */
47. tcph_psh:1, /*Push, sends data to the application*/
48. tcph_ack:1, /*acknowledge*/
49. tcph_urg:1, /*urgent pointer*/
50. tcph_res2:2;
51.  
52. unsigned short int tcph_win;
53. unsigned short int tcph_chksum;
54. unsigned short int tcph_urgptr;
55. };
56.  
57. // Simple checksum function, may use others such as Cyclic Redundancy Check, CRC
58. unsigned short csum(unsigned short *buf, int len)
59. {
60. unsigned long sum;
61. for(sum=0; len>0; len--)
62. sum += *buf++;
63. sum = (sum >> 16) + (sum &0xffff);
64. sum += (sum >> 16);
65. return (unsigned short)(~sum);
66. }
67.  
68. int main(int argc, char *argv[])
69. {
70. int sd;
71.  
72. // No data, just datagram
73. char buffer[PCKT_LEN];
74.  
75. // The size of the headers
76. struct ipheader *ip = (struct ipheader *) buffer;
77. struct tcpheader *tcp = (struct tcpheader *) (buffer + sizeof(struct ipheader));
78. struct sockaddr_in sin, din;
79.  
80. int one = 1;
81. const int *val = &one;
82. memset(buffer, 0, PCKT_LEN);
83.  
84. if(argc != 5)
85. {
86. printf("- Invalid parameters!!!n");
87. printf("- Usage: %s <source hostname/IP> <source port> <target hostname/IP> <target port>n", argv[0]);
88. exit(-1);
89. }
90.  
91. sd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
92. if(sd < 0)
93. {
94. perror("socket() error");
95. exit(-1);
96. } else
97. printf("socket()-SOCK_RAW and tcp protocol is OK.n");
98.  
99. // The source is redundant, may be used later if needed
100. // Address family
101. sin.sin_family = AF_INET;
102. din.sin_family = AF_INET;
103.  
104. // Source port, can be any, modify as needed
105. sin.sin_port = htons(atoi(argv[2]));
106. din.sin_port = htons(atoi(argv[4]));
107.  
108. // Source IP, can be any, modify as needed
109. sin.sin_addr.s_addr = inet_addr(argv[1]);
110. din.sin_addr.s_addr = inet_addr(argv[3]);
111.  
112. // IP structure
113. ip->iph_ihl = 5;
114. ip->iph_ver = 4;
115. ip->iph_tos = 16;
116. ip->iph_len = htons(sizeof(struct ipheader) + sizeof(struct tcpheader));
117. ip->iph_ident = htons(54321);
118. ip->iph_offset = 0;
119. ip->iph_ttl = 64;
120. ip->iph_protocol = 6; // TCP
121. ip->iph_chksum = 0; // Done by kernel
122.  
123. // Source IP, modify as needed, spoofed, we accept through command line argument
124. ip->iph_sourceip = inet_addr(argv[1]);
125.  
126. // Destination IP, modify as needed, but here we accept through command line argument
127. ip->iph_destip = inet_addr(argv[3]);
128.  
129. // The TCP structure. The source port, spoofed, we accept through the command line
130. tcp->tcph_srcport = htons(atoi(argv[2]));
131.  
132. // The destination port, we accept through command line
133. tcp->tcph_destport = htons(atoi(argv[4]));
134. tcp->tcph_seqnum = htonl(1);
135. tcp->tcph_acknum = 0;
136. tcp->tcph_offset = 5;
137. tcp->tcph_syn = 1;
138. tcp->tcph_ack = 0;
139. tcp->tcph_win = htons(32767);
140. tcp->tcph_chksum = 0; // Done by kernel
141. tcp->tcph_urgptr = 0;
142.  
143. // IP checksum calculation
144. ip->iph_chksum = htons(csum((unsigned short *) buffer, (sizeof(struct ipheader) + sizeof(struct tcpheader))));
145.  
146. // Inform the kernel do not fill up the headers' structure, we fabricated our own
147. if(setsockopt(sd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
148. {
149. perror("setsockopt() error");
150. exit(-1);
151. } else
152. printf("setsockopt() is OKn");
153. printf("Using:::::Destination IP: %s port: %u, Source IP: %s port: %u.n", argv[1], atoi(argv[2]), argv[3], atoi(argv[4]));
154.  
155. // sendto() loop, send every 2 second for 50 counts
156. unsigned int count;
157. for(count = 0; count < 20; count++)
158. {
159. if(sendto(sd, buffer, ip->iph_len, 0, (struct sockaddr *)&din, sizeof(din)) < 0)
160. // Verify
161. {
162. perror("sendto() error");
163. exit(-1);
164. } else
165. printf("Count #%u - sendto() is OKn", count);
166.  
167. sleep(2);
168. }
169. close(sd);
170. return 0;
171. }
172.  
173. socket()-SOCK_RAW and tcp protocol is OK.
174. setsockopt() is OK
175. Using:::::Destination IP: 192.168.1.151 port: 1000, Source IP: 192.168.1.152 port: 1000.
176. Count #0 - sendto() is OK
177. Count #1 - sendto() is OK