hi!
I just start to read the network of source code.
I get a test module program.But I can understand how
and where it handles the packet. The code is put in
accessory.
THX.
/*
* Obscure Transport Protocol
*
* Goal: Change TCP behavior to evade IDS and firewall policies.
*
* lifeline (c) 1999
* <arai@hackers-pt.org>
*
* gcc -O6 -c otp.c -I/usr/src/linux/include
* insmod otp.o dev=eth0 ip=123.123.123.123
*
* In ip= use only numerical dotted ip's!!
* Btw, this is the ip of the other machine that also has the module.
*
* Load this module in both machines putting in the ip= argument each other's
* machine numerical dotted ip.
*
* Oh, and don't even think about flaming me if this fucks up your machine,
* it works fine on mine with kernel 2.2.5.
* This tool stands on its own. I'm not responsible for any damage caused by it.
*
* You will probably want to make some arrangements with the #define's below.
*
*/
#define MODULE
#define __KERNEL__
#include <linux/config.h>
#include <linux/module.h>
#include <linux/version.h>
#include <linux/byteorder/generic.h>
#include <linux/netdevice.h>
#include <net/protocol.h>
#include <net/pkt_sched.h>
#include <net/tcp.h>
#include <net/ip.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/skbuff.h>
#include <linux/icmp.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/file.h>
#include <asm/uaccess.h>
/* Define here if you want to swap ports also */
#define REALPORT 23 /* port you which to communicate */
#define FAKEPORT 80 /* port that appears on the wire */
char *dev, *ip;
MODULE_PARM(dev, "s");
MODULE_PARM(ip, "s");
struct device *d;
struct packet_type otp_proto;
__u32 in_aton(const char *);
/* Packet Handler Function */
int otp_func(struct sk_buff *skb, struct device *dv, struct packet_type *pt) {
unsigned long int magic_ip;
unsigned int fin = skb->h.th->fin;
unsigned int syn = skb->h.th->syn;
magic_ip = in_aton(ip);
if ((skb->pkt_type == PACKET_HOST || skb->pkt_type == PACKET_OUTGOING)
&& (skb->nh.iph->saddr == magic_ip || skb->nh.iph->daddr == magic_ip)
&& (skb->h.th->source == FAKEPORT) || (skb->h.th->dest == FAKEPORT)) {
if (skb->h.th->source == FAKEPORT) skb->h.th->source = htons(REALPORT);
if (skb->h.th->dest == FAKEPORT) skb->h.th->dest = htons(REALPORT);
if (skb->h.th->fin == 1) {
skb->h.th->fin = 0;
skb->h.th->syn = 1;
goto bye;
}
if (skb->h.th->syn == 1) {
skb->h.th->fin = 1;
skb->h.th->syn = 0;
}
}
bye:
kfree_skb(skb);
return 0;
}
/*
* Convert an ASCII string to binary IP.
*/
__u32 in_aton(const char *str) {
unsigned long l;
unsigned int val;
int i;
l = 0;
for (i = 0; i < 4; i++) {
l <<= 8;
if (*str != '\0') {
val = 0;
while (*str != '\0' && *str != '.') {
val *= 10;
val += *str - '0';
str++;
}
l |= val;
if (*str != '\0')
str++;
}
}
return(htonl(l));
}
int init_module() {
if(!ip) {
printk("Error: missing end-host ip.\n");
printk("Usage: insmod otp.o ip=x.x.x.x [dev=devname]\n\n");
return -ENXIO;
}
if (dev) {
d = dev_get(dev);
if (!d) {
printk("Did not find device %s!\n", dev);
printk("Using all known devices...");
}
else {
printk("Using device %s, ifindex: %i\n",
dev, d->ifindex);
otp_proto.dev = d;
}
}
else
printk("Using all known devices(wildcarded)...\n");
otp_proto.type = htons(ETH_P_ALL);
otp_proto.func = otp_func;
dev_add_pack(&otp_proto);
return(0);
}
void cleanup_module() {
dev_remove_pack(&otp_proto);
printk("OTP unloaded\n");
}
