NAME

Net::RawIP - Perl extension for manipulate raw ip packets with interface to libpcap

SYNOPSIS

use Net::RawIP;
$a = new Net::RawIP;
$a->set({ip => {saddr => 'my.target.lan',daddr => 'my.target.lan'},
         tcp => {source => 139,dest => 139,psh => 1, syn => 1}});
$a->send;
$a->ethnew("eth0");
$a->ethset(source => 'my.target.lan',dest =>'my.target.lan');	   
$a->ethsend;
$p = $a->pcapinit("eth0","dst port 21",1500,30);
$f = dump_open($p,"/my/home/log");
loop $p,10,\&dump,$f;

DESCRIPTION

This package provides a class object which can be used for creating, manipulating and sending a raw ip packets with optional feature for manipulating ethernet headers.

NOTE: Ethernet related methods now imlemented only on Linux

Exported constants

PCAP_ERRBUF_SIZE
PCAP_VERSION_MAJOR
PCAP_VERSION_MINOR
lib_pcap_h

Exported functions

open_live open_offline dump_open lookupdev lookupnet dispatch loop dump compile setfilter next datalink snapshot is_swapped major_version minor_version stats file fileno perror geterr strerror close dump_close timem

By default exported functions is a loop,dispatch,dump_open, dump,open_live,timem. Use export tag pcap for export all pcap functions. Please read the docs for libpcap. Exported functions loop and dispatch can run perl code refs as callback for packet analyzing and printing. If dump_open open and return a valid file descriptor,this descriptor can be used in perlcallback as perl filehandle.Also fourth parameter for loop and dispatch can be array or hash reference and it can be unreferensed in perl callback. Function next return a string scalar (next packet).Function timem() return a string scalar which looking like sec.microsec, where sec and microsec is values returned by gettimeofday(3). Please look at examples.

CONSTRUCTOR

new ({ ip => {IPKEY => IPVALUE,...}, ARGPROTO => {PROTOKEY => PROTOVALUE,...} })

ip is a key of hash which value is a reference of hash with parameters iphdr in current ip packet.

IPKEY is one of they (version ihl tos tot_len id frag_off ttl protocol check saddr daddr). You may specify all parameters even check.If you not specify parameter, default value is used.Default values is (4,5,16,0,0,0x4000,64,6,0,0,0). Of course checksum will be calculated if you not specify non-zero value. Values of saddr and daddr may look like www.oracle.com or 205.227.44.16, even this may look like integer if you know how look 205.227.44.16 as unsigned int ;).

ARGPROTO is one of they (tcp udp icmp generic), this key define subclass of Net::RawIP. Default value is tcp.

PROTOKEY is one of (source dest seq ack_seq doff res1 res2 urg ack psh rst syn fin window check urg_ptr data) for tcp and one of (type code check gateway id sequence unused mtu data) for icmp and one of (source dest len check data) for udp and just data for generic. You must specify only gateway - (int) or (id and sequence) - (short and short) or (mtu and unused) - (short and short) for icmp because in real icmp packet it's C union. Default values is (0,0,0,0,5,0,0,0,0,0,0,0,0,0xffff,0,0,'') for tcp and (0,0,0,0,0,0,0,0,'') for icmp and (0,0,0,0,'') for udp and ('') for generic. Valid values for urg ack psh rst syn fin is 0 or 1. Value of data is a string. Length of result packet will be calculated if you not specify non-zero value for tot_len.

METHODS

proto

return name of subclass current object e.g. tcp. No input parameters.

packet

return scalar which contain packed ip packet of current object. No input parameters.

set

is a method for setting parameters current object. Given parameters must look like parameters for constructor.

bset($packet,$eth)

is a method for setting parameters current object. $packet is a scalar which contain binary structure (ip or eth packet). This scalar must match with subclass current object. If $eth given and have non-zero value then assumed that packet is a ethernet packet,otherwise ip packet.

get

is a method for getting parameters from current object. This method return array which filled with asked parameters in order as it ordered in packet. Input parameter is a hash reference. In this hash may be three keys. They is a ip and one of ARGPROTOs. Value must be a array reference. This array contain asked parameters. E.g. you want know current value of tos from iphdr and flags which contain tcphdr. Here is a code :

  ($tos,$urg,$ack,$psh,$rst,$syn,$fin) = $packet->get({
            ip => [qw(tos)],
	    tcp => [qw(psh syn urg ack rst fin)]
	    });
Members in array can be given in any order.

For getting ethernet parameters use key eth and values of array (dest,source,proto). Values of dest and source look like output of ifconfig(8) e.g. 00:00:E8:43:0B:2A.

send($delay,$times)

is a method which used for send raw ip packet. Input parameters is a delay seconds and a times for repeat sending. If you not specifies parameters for send,then packet will be send once without delay. If you specifies for times negative value then packet will be send forever. E.g. you want send packet 10 times with delay equal 1 second. Here is a code :

$packet->send(1,10);

pcapinit($device,$filter,$psize,$timeout)

is a method for some pcap init. Input parameters is a device,string with program for filter,packet size,timeout. This method call pcap function open_live,then compile filter string, set filter and return pcap_t *.

ethnew($device,dest => ARGOFDEST,source => ARGOFSOURCE)

is a method for init ethernet subclass for current object, $device is a required parameter,dest and source is optional, $device is ethernet device e.g. eth0, ARGOFDEST and ARGOFSOURCE is a ethernet addresses in the ethernet header for current object.

ARGOFDEST and ARGOFSOURCE may be given as string which contain just 6 bytes real ethernet adress or as it look in ifconfig(8) output e.g. 00:00:E8:43:0B:2A or just ip adress or hostname of target, then mac adress will be discovered automatically.

Ethernet frame will be send with given adresses. By default source and dest will be filled with hardware address of $device.

NOTE: For using methods related for ethernet you must before initializing ethernet subclass by ethnew.

ethset

is a method for setting ethernet parameters for current object. Given parameters must look like parameters for ethnew without $device.

ethsend

is a method for sending ethernet frame. Given parameters must look like parameters for send.

optset(OPTPROTO => { type => [...],data => [...] },...)

is a method for setting IP and TCP options. Parameters for optset must be given as key-value pairs. OPTPROTO,s is the prototypes of options(ip,tcp),values is the hash references.The keys in this hashes is type and data. Value of type is the array reference. This array must be filled with integers.Refer to RFC for valid types.Value of data also is the array reference. This array must be filled with strings which must contain all bytes from option except bytes with type and length of option.Of course indexes in this arrays must be equal for one option.

optget(OPTPROTO => { type => [...] },...)

is a method for getting IP and TCP options. Parameters for optset must be given as key-value pairs. OPTPROTO is the prototype of options(ip,tcp),values is the hash reference.The key is type.Value of type is the array reference. Return value is the array which will be filled with asked type,length,data for each type of option in order as you asked.If you not specify type then all types,length,datas of options will be returned. E.g. you want know all IP options from current object. Here is a code:

@opts = $a->optget(ip => {});

E.g. you want know just IP options with type equal to 131 and 137. Here is a code:

($t131,$l131,$d131,$t137,$l137,$d137) = $a->optget( ip =>{ type =>[(131,137)] } );

optunset

is a method for unsetting subclass of IP or TCP options from current object.It can be used if you won't use options in current object. This method must be used only after optset. Parameters for this method is the OPTPROTO's. E.g. you want unset IP options. Here is a code:

$a->optunset('ip');

E.g. you want unset TCP and IP options. Here is a code:

$a->optunset('ip','tcp');

AUTHOR

Sergey Kolychev <ksv@al.lg.ua>

COPYRIGHT

Copyright (c) 1998,1999 Sergey Kolychev. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

perl(1) ,tcpdump(1),RFC 791-793,RFC 768.