Hey *myself* *chuckles*,
Well, as I promised, I bring you another post of nothing interesting, and this time, even I ain’t interested. But I thought that this experiment was necessary, to make sure that we are all comfortable with using ioctl for the interface.
But before that, another thing. You guys would be inspired to write codes like me (kudos), well don’t. Yeah, indent, and name ur vars properly, thats me, but ALWAYS error check, especially when calling library functions which might have a damn good chance of returning errors. I leave the error writing to your part, mainly cause I want to make my code concise, and filled with what I want. Never ever, however in reality, go without error checking!

A little personal (please skip):
Well, today, went to watch this movie, naqaab, and it sucked on ice, atleast, thats what I felt. Other than that, when I came back from movie, I was chatted 2 by 6 people simultaneously, whao is me! And lastly, some1 called anuda met me on orkut today, and I “guess” that she knows quite alot… for some1 who knows asm, I think C advanced is a pre-requisite. Plus, she’s a student, so not a network professional like susam or sudeep. Yeah, there’s vipul, he’s cool and all, but we engage in different styles of security. Lets see what frequency is anuda @.
Oh, and another thing, I am searching for some1 to help me write articles for my blog… just for the fun of it. Right now, I know, I am the only 1 who reads and writes it, but I hope that in future, when I get time to SEO, the blog will really come up, as it deals with a very rare subject.

Back to the code:
Well, this code is just a whole lot of ioctl’s all put together into one code, to get complete information about the interface. Its quite documented, and the principles and stuff are already explained in the previous entries.

//self_interfaceall.c - Get complete information about interfaces
//Yup, made by me, Gaurav aka Silver
#include "libnethead.h"
#define MAXADDR 10
//Just an array for max ip addresses
//For some reason, cannot make this allocate dynamically.... If we do, then we don't get any interfaces reported?
//Asked devsheds, lets see what happens.
int main(){
int fd;
int flags,i;
struct ifreq *ifr,*ifend;
struct ifreq ifmax[MAXADDR];
struct ifconf iflist;
struct sockaddr_in sin;
char buffer[25],devname[IFNAMSIZ];
struct ether_addr ea;
memset(&buffer,0,25);
fd=socket(AF_INET,SOCK_DGRAM,0);
//dummy socket, but created on IPv4 (note). Sock type isnt as important as the protocol family
//For this call, which gets the number of interfaces, ifc_req/ifc_buf MUST be 0
if(ioctl(fd,SIOCGIFCONF,(char*)&iflist)<0){ printf("ioctl failed for SIOCGIFCONF"); exit(0); }
//We know that my machine doesnt have sa_len , so skip that char buffer stuff
printf("Total number of interfaces: %d\n\n",(iflist.ifc_len)/sizeof(struct ifreq));
iflist.ifc_req=ifmax; //Put the interface list in a large enough location.
if(ioctl(fd,SIOCGIFCONF,(char*)&iflist)<0){ printf("ioctl failed for SIOCGIFCONF"); exit(0); }
ifr=iflist.ifc_req; //These lines for traversing the array
ifend=(struct ifreq *)(iflist.ifc_buf+iflist.ifc_len);
for(;ifrifr_name);
strncpy(devname,ifr->ifr_name,sizeof(ifr->ifr_name)); //Store it just for now
//Get the flags
printf("The device is: "); //Get the flags
if(ioctl(fd,SIOCGIFFLAGS,(char*)ifr)ifr_flags;
if(flags & IFF_UP){ printf("Up "); }
if(flags & IFF_LOOPBACK){ printf("Loopback "); }
if(flags & IFF_BROADCAST){ printf("Broadcast_supported "); }
if(flags & IFF_MULTICAST){ printf("Multicast_supported"); }
printf("\n"); if(flags & IFF_LOOPBACK) continue; //We cant get the hwaddr and stuff for loopback
//Get the ip address-
if(ioctl(fd,SIOCGIFADDR,(char*)ifr)ifr_addr));
inet_ntop(AF_INET,&(sin.sin_addr.s_addr),buffer,INET_ADDRSTRLEN);
printf("IP Address: %s\n",buffer);
if(flags & IFF_BROADCAST){ //find the broadcast address, if it exists
if(ioctl(fd,SIOCGIFBRDADDR,(char*)ifr)ifr_broadaddr));
inet_ntop(AF_INET,&(sin.sin_addr.s_addr),buffer,INET_ADDRSTRLEN);
printf("Broadcast Address: %s\n",buffer);
}
//Now get the hardware address
if(ioctl(fd,SIOCGIFHWADDR,(char*)ifr)ifr_hwaddr.sa_data),6);
printf("Hardware Address: ");
for(i=0;i<6;i++){ //This is the normal printing, I told in the last blog entry.
sprintf(buffer,"%x",ea.ether_addr_octet[i]);
if(strlen(buffer)<2){ printf("0"); }
printf("%s",buffer);
if(i!=5) printf(":");
}
printf("\n");
}
return 0;
}


Yeah, just compile that code, and run it… It should return the interfaces present, as well as their states… Feel free to add extra stuff if needed or applicable, such masters and slaves (for load balancers), and etc. That one code should be enough for a somewhat thorough understanding of using ioctl’s with the network interface devices.

Code 2:
Now we try and do something different. All this while, we just queried and found out about network devices, but now, we are going to set them…. In general, the steps for SIOC….. are-
1. To get devices, set ifr.ifr_name string to the device name, and all the other fields can contain any value, including blank. Then, call ioctl, with the appropriate request and (char*) pointer to the ifreq object (except in case of SIOCGIFCONF). In that call, ifreq object gets modified and the appropriate member of the union will have the corresponding data that is needed. All these requests begin with SIOCGIF___ , S for sumthing, IO probably interface, C, dunno…. G is probably for GET, and IF for interface.
2. To set device characteristics, set ifr.ifr_name string to the device name, but this time, set the appropriate union member in ifreq object to the new value which you want to set to…. Then call the ioctl command with the request and argument… if successful, ioctl wouldnt return -1, and that way, you know that the parameter has been changed successfully. All these requests begin with SIOCSIF___, that latter S probably standing for “set”

Note:
One more thing I found out, from mailing lists of tcpdump. In linux, there are something called flags and gflags associated with the device, which specify its operation. While setting device flags with ioctl, only the “gflags” field is set. Whereas, setting the flags using setsockopt() (yeah, you can set characteristics of the socket/interface with setsockopt as well, right), only the “flags” field is set, but not the “gflags”.
Now, there is one more difference. When we set a flag with socksetopt() , with socket SOL_PACKET, and request type as PACKET_ADD_MEMBERSHIP (dont worry, all this coming soon), and the binding to put in promiscious mode, PACKET_MR_PROMISC, we can put the device in promiscious mode as well. But in this case, the kernel associates this with the socket, and hence keeps track of which process put the device in promiscious mode. So, when the socket closes, the device is put back to the normal state (as stored in the gflags field), if there is not another socket thats using it.
What i mean is that, consider A process starts, puts the device in promiscious mode (using setsockopt). Now, B starts, and using setsockopt, decides to put the socket in promiscious mode as well (which it already is in). Now, A stops… In this case, the kernel keeps track of the request to set device in promiscious mode, and hence, since B is using that mode, it doesnt shut it off… However, if A put the device using flags IFF_PROMISC and ioctl, to first put, and then remove the promiscious mode, then even if B uses that mode, the mode will be shut off when A shuts off.
Hence, it is advisable to normally use setsockopt for promiscious mode setting, or flag setting. However, ioctl’s sometimes offer more flexibility.

The code (finally):
Again, I believe well commented, and explains the general method for doing these sortof things.

//self_interfacechange.c - Attempts to change characteristics of the interface
//Yup, guessed it right, its made by Silver, aka Gaurav
#include "libnethead.h"
#define device "eth0"
#define newip "172.16.38.53"
//Earlier IP address was .52
int main(){
int fd;
char flagset=0;
struct ifreq ifr;
struct sockaddr_in sin;
struct ether_addr ea={0x00,0x16,0x36,0x7b,0xa6,0x0a}; //Last change from 0b to 0a
strcpy(ifr.ifr_name,device); //The thing that gonna be the info source.
//First, lets change the mac address .
fd=socket(PF_INET,SOCK_DGRAM,0);
memcpy(&(ifr.ifr_hwaddr.sa_data),&ea,6); //Load the hard ware address.
ifr.ifr_hwaddr.sa_family=ARPHRD_ETHER; //Forgot this earlier.
if(ioctl(fd,SIOCSIFHWADDR,(char*)&ifr)<0){ printf("Error. Unable to change\n"); exit(0); }
printf("Changed ethernet address\n");
//Now change the IP address.
memset(&sin,0,sizeof(struct sockaddr_in));
sin.sin_family=AF_INET; if(inet_pton(AF_INET,newip,&sin.sin_addr)<0){ printf("error\n"); exit(0); }
//port should be zero
ifr.ifr_addr=*(struct sockaddr *)&sin;
if(ioctl(fd,SIOCSIFADDR,(char*)&ifr)<0){ printf("Error. Unable to change\n"); exit(0); }
printf("Changed ip address\n");
//Put off the device.
if(ioctl(fd,SIOCGIFFLAGS,(char*)&ifr)<0){ printf("Error. Unable to get flags\n"); exit(0); }
ifr.ifr_flags=ifr.ifr_flags&(~IFF_UP); //Disables device
//ifr.ifr_flags=ifr.ifr_flags | IFF_UP; //Enable device (heh, I knew I had to include this )
if(ioctl(fd,SIOCSIFFLAGS,(char*)&ifr)<0){ printf("Error. Unable to set flags\n"); exit(0); }
printf("Flags set\n");
return 0;
}

As you can well see, there are 3 objectives of this code: 1. To change the Hardware address, 2. To change the IP address, 3. To put off/on the device.
You may change the code as you wish, all 3 parameters. Just run it, and if you’re lucky (or smart), the code will give 3 success messages! Yup, you are set. To test whether the script really was successful, just run the first code, self_interfaceall . W00T, your all set!

Post-face:
Well, what else would you it, ya? Well, the code I wrote was probably comprehensive enough for explaining all the concepts that were developed till now… From now on, we won’t lay any special importance to getting or setting interface name/characteristics. Just note, that to change the name of the device, simply fill in ifr.ifr_name with the new name, and ifr.ifr_ifindex with the previous index… see, this parts a bit different. And thats about the end of our special discussion of ioctl’s for getting interface details.

Whats next:
Well, I said that I’d be forming the ethernet packet… However, I’m in confusion, “maybe” I might post about ethernet packets, or perhaps, I might post a bit about broadcasting and multicasting concepts in general and specific.
If you’re not me, and your reading this blog, well, you’d be 1 of the rare ones . This deals with quite a rare topic, so I hope that this blog comes up in search engines .

Hey *myself* *chucles*,
Well, its what I promised, finding out the ethernet address, and all I say is that its really quite lame. ah well, anyways, before we get into that, some other things I learnt (actually, learnt alot, but this is 1 of the newer more relevent things)-

Modifications to program:
Well, last time I posted a program that would give you the list of interfaces right? Well, there, I outputted the raw ip address, ie, the numerical host order ip address (yes, cause its getting it off the interface). So, here is the modification I made (you should know where it is, right?)-

...
int temp=(address_list[i].addr);
char str[INET_ADDRSTRLEN+1];
inet_ntop(AF_INET,&(temp),str,INET_ADDRSTRLEN);
prinf("Device: %s ,\t Address: %s\n",(address_list[i]).device,ipaddr);
....

Now compile the code and run it… Yup, you’d get a nice output of the IP address.
Now, some of you might be asking: Hey, I thought IP address was at a higher layer, right? Well, ya, same doubt. But then I realised that ioctl fetches all the required information from that socket/interface. It doesnt depend on what level your asking. The socket file descriptor is associated with numerous things, like IP address, device hardware address, interface index (the device desriptor kinda, to the linux kernel), device name (human readable), etc. Btw, remember that this “ip address” which we get is the unicast IP address. It will be shown as a different ip address if the device is used in broadcast mode.

Modifications to my teaching style:
Well, the version of libnet that I have in source is quite old really. And a really bad part is that till now, it was perhaps only source of information. But nope, not anymore . I found a library on sourceforge, called libdnet, which does essentially similar things like libnet, except that libdnet is in active development, and actually has a working site backing it. So from now on, although I will still “de-assemble” libnet, I will use libdnet as a reference as well.

De-assemble libnet_get_hwaddr:
Pre-requisites are less. All that is known is that how to use ioctl SIOCGIFHWADDR, which is very similar to how we used SIOCGIFADDR to find the logical address associated with that interface socket.

Pre-requisite’d code:
1. struct ether_addr definition: Although it isnt totally necessary, yet, its better we mention it anyways.
struct ether_addr{
u_int8_t ether_addr_octet[ETH_ALEN];
}; //u_int8_t is a typedef of unsigned char.

Well, um… thats it. Other than that, the pre-requisites of the previous blog entry, ie, the ifreq structure.

Code Dissection
struct ether_addr *
libnet_get_hwaddr(struct libnet_link_int *l, const u_char *device, char *ebuf)
{
The libnet_get_hwaddr accepts a “libnet_link_int” pointer… Well don’t worry, this thing is just retarded, cause its not used anywhere. You could well have passed an empty generic pointer cast to libnet_link_int . However, I suspect the reason for doing this. For future compatibility: The libnet_link_int contains the type of link layer protocol which could be used by the device. Perhaps, to make this function more generalised, this argument was passed, so that depending on the type of protocol used, the corresponding hard ware address should be returned… probably for some future edition.
As for the current moment, no, we don’t need it. So lets ignore it.

int fd;
struct ifreq ifr;
struct ether_addr *eap;
/*
* XXX - non-re-entrant!
*/
static struct ether_addr ea;

ifreq structure object ifr is used to query the kernel using the ioctl. It is the place where the result is returned. The ether_addr is a temporary object pointer, and it is passed back to the calling function (remember, the return value is a pointer). It gets its value from ifr object. The last struct ea is an object of ether_addr. The *eap is just a pointer to the ea object, kinda like an alias. ea is the name of da memory location. eap is just a pointer to it. So in the end, ea is returned back.

/*
* Create dummy socket to perform an ioctl upon.
*/
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0)
{
sprintf(ebuf, "get_hwaddr: %s", strerror(errno));
return (NULL);
}

The comments are appropriate. We need a sample socket to query for the ioctl, to act as the resource for ioctl. It could be of any type, even PACKET if we wanted it. Remember, btw, ideally, that AF_INET should be PF_INET, cause socket’s first argument is protocol family, not address family, but since 1 PF=1 AF, they are equivalent. In the end, just do some lame error checking to make sure that socket didnt fail (It won’t normally anyways)


memset(&ifr, 0, sizeof(ifr));
eap = &ea;
strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));

Just empty the ifr object in the first line… its always better to, before passing it off to ioctl. remember, that some members of the ioctl union are smaller than union max size, so if we don’t do this, some other part of the union might be filled by junk, so we will have problems if we try access other members of the union (which would be foolish, and 0′ing still won’t do much good . Maybe its in case sockaddr is not filled completely ). The second line is just making sure that ea Pointer points to ea (I find this damn foolish really, oh well!). The last part seems trivial but is important. It copies the device name to the ifr obj. That way, ioctl realises which device’s hard ware address to find, resourced by the socket file descriptor (the socket file descriptor points to a number of devices, so this is a must). I doubt whether filling any other thing, like interface name would have the same effect (the union is prob Ignored while reading ifr object, since kernel doesnt know which information we provided. for eg, for 1 value of ifindex, the corresponding logical address might also be in a proper format, so kernel would be confused on which to operate. However, union filling would be done if you had to SET an hardware address, by SIOSGIFHWADDR (note the S instead of C), so the kernel knows where to look. Actually, this is what probably is done, right? Else how would u supply the new values anyways?)


if (ioctl(fd, SIOCGIFHWADDR, (char *)&ifr) < 0)
{
close(fd);
sprintf(ebuf, "get_hwaddr: %s", strerror(errno));
return (NULL);
}

This is the code which does the main part. It gets the hard ware address. As always, ioctl takes the socket file descriptor in the first argument. The second is the request: SIOCGIFHWADDR – Catch the Hardware address. The next argument that it takes is a pointer to ifreq (but since ioctl takes only character arguments, it must be cast). Note that ifr.ifr_name should be filled with the correct device name (no extra spaces, not deleted 0s or anything… it should match ditto ditto. If not, check libnet_ifaddrlist program last time’s blog). If the device is filled, and valid, and if you have proper priviledges (perhaps) then this ioctl call neednt fail. But if it does, libnet does the error checking. If all went correctly, the hard ware address should be stored in the ifr_hwaddr sockaddr struct’s sa_data .
What confused me earlier was the format in which it would be returned. It turns out that there is no formatting, the raw mac address is passed (yup, 1->1 bits). So, sa_data should be filled only with 6 bytes of data, cause mac addresses are 6 bytes.


memcpy(eap, &ifr.ifr_hwaddr.sa_data, ETHER_ADDR_LEN);
close(fd);
return (eap);
}

This is the last part, quite simple. It does a 1 to 1 memory copy from ifr_hwaddr. Remember that ethernet (mac) addresses are 6 bytes, so you will have to say 6 as last parameter (ETHER_ADDR_LEN is a macro of libnet). The first arg is a pointer to the object of ether_addr , &ea. The second is the actual data, which was retrieved from ioctl.

Well, thats it, we discussed how to get the mac address.

Usage
Yeah, this is how you could use what you learnt to learn about a device’s mac address.

#include "libnethead.h"
int main(){
//Let us get the ethernet hw address from the supplied device name.
int fd,i;
struct ether_addr ea;
struct ifreq ifr;
char buf[3];
printf("Enter the device name: ");
scanf("%s",ifr.ifr_name);
//lets init a nice socket
fd=socket(AF_INET,SOCK_DGRAM,0);
if(ioctl(fd,SIOCGIFHWADDR,(char*)&ifr)<0){ close(fd); printf("Error\n"); exit(0); }
memcpy(&ea,&ifr.ifr_hwaddr.sa_data,6); //Ethernet address is 6
for(i=0;i<6;i++){
sprintf(buf,"%x",ea.ether_addr_octet[i]);
if(strlen(buf)<2){ printf("0"); } //If there is preceeding 0, print it out
printf("%s",buf);
if(i!=5) printf(":"); //The colon in between the output.
}
printf("\b\n");
return 0;
}

As usual, we use the header we made last time, libnethead.h . As you see, most part of the code was just initialising, getting input, and then correctly formatting and stupid stuff like that… Nothing real meaty (slurp)!
Oh, btw, forgot to mention, that although I used memcpy to ea, you couldve done it better, just memcpy to a char hwaddr[IFNAMSIZ]; . I just wanted to show u the concepts used in the libnet script. Eventually, ether_addr_octet is just a character string itself.

Whats next:
Good question. There are a few functions resembling getting the ethernet hwaddr, so I think I’ll just skim through some of them, in the next blog. That will be up soon. Probably the next (true) 1 will be totally different from what we did till now. Next time, we will create a function to make a nice little (empty) ethernet packet. I was in conflict to show how to open a socket for reading and writing to the line, but decided against it, since it would be no use if we don’t know what to send, right?

Hey *myself*,
I slept at 7 am today, and woke up at 4 pm. really long, and wanted to get up by 12 actually. Oh well, things don’t always work out the way we planned. Kinda like my internet as well. It aint working. I’m writing this on wordpad (I don’t like microsoft office for these things).
Today, I thought we could discuss about libnet_ifaddrlist today. But that requires some real hardware structuring using linux. It requires quite some background. While I ain’t going to provide a complete i/o communications manual, I’ll try to explain you what happens in some things-

Introduction to the pre-requisites-
Approach: We can’t directly pinpoint the hardware, right? Unless we somehow could, we don’t (I dunno how to anyways). So, here’s what we do: The socket function sets up a connection using underlying devices, for a nice little connection. This connection has different parameters. We hence, back-track: getting the socket, then reading its attributes to get the lower level devices.
socket() function: It accepts 3 arguments: The first is the family. Its usually set to AF_INET for internet sockets (which we use for even ethernet networks) although there are abt 10 other standards as well. The 2nd is the type of connection: Using streams or datagrams. The 3rd is the type: We use IPPROTO_RAW (0) for setting a raw IP packet (note: IP headers already included, TCP headers arent). Others are IPPROTO_TCP and IPPROTO_UDP.
The most important thing about this however, is that it returns a file descriptor to the connection. This file is a special file (since its a network connection).
ioctl() function: The ioctl function manipulates or reports the underlying device parameters of special files. For our purpose, we have the protocol (its actually variable argumnets in general tho): int ioctl(int [FILE DESCRIPTOR],int [REQUEST],[SOME WAY TO GET BACK or PROVIDE INFORMATION]); The last parameter depends on the [REQUEST].
To get a nice little list of all possible [REQUEST] (for network interfaces), read: /include/bits/ioctls.h . I’ll describe only what we will use now though (since thats what I know)-
SIOCGIFADDR: This gets the network interface list. It accepts an argument of struct ifconf (described later). the ifc_len of the ifconf structure object should be set to the maximum size of the return. If its 0, then when ioctl is called, ifc_len would contain the length. That could be used to set an appropriate buffer. If its not 0, then the ifc_buf (and ifcu_req array, since they are part of union) is filled with the interface list: It is an array of ifreq structures, cast into a character array (or ifcu_req, in which case, its not cast ).
SIOCHIFFLAGS: Used to get the flags, or, the status of the device. It returns the short int ifr_flags. It accepts a ifreq structure pointer (yes, not ifconf), and returns the result in it. Note that the ifreq structure passed SHOULD contain the name of the device to be queried for. It could be written over, so its better to copy the device name, and especially the other parameters (like the address) before the ioctl call.
SIOCGIFADDR: Used to get the “PA” address. Not sure whats PA address, probably the logical IP address. It gets the result in the ifr_addr sockaddr. It accepts a ifreq structure pointer (yes, not ifconf), and returns the result in it. Note that the ifreq structure passed SHOULD contain the name of the device to be queried for. It could be written over, so its better to copy the device name, and especially the other parameters (like the address) before the ioctl call.

IFF_ flags: Don’t ask me what they are called, I think they are called if flags as well. See, ifreq structure contains an int for flags. These flags are used to test that integer (and hence the device status). IFF flags are employed by using the AND bitwise (if that bit in integer is set) and concatenated with OR (if multiple bits are set.). You might guess that flags probably contain only 1 true bit, and the location of that 1, determines the flag. Thats my guess. For a list of flags, see /linux/if.h (which I found after quite some searching)
About SA_LEN: Some o/s’ , I think openBSD old versions are 1 of them, include a sa_len parameter in sockaddr definition. My version of OpenSuSE doesnt, but this is a short explaination to what I understood- Sometimes, on these systems, the sockaddr size could run OVER the expected size of sa_data (which is 14 bytes). In this case, the sa_len holds the length of the sockaddr array. However, if sa_len is smaller than sizeof(sockaddr), then nothing happens, cause sizeof(sockaddr) is like a minimum size of sockaddr. sa_len is kinda like the size, if sa_len > sizeof(sockaddr). Atleast, thats what I understood. Perhaps, to keep this code compatibility, the ifc_buf is used, instead of directly reading the req.

Pre-requisite’ed code-
The following is some code which I consider reading pre-requisite, before jumping into the function.
1. structure libnet_ifaddrlist
struct libnet_ifaddr_list
{
u_long addr; //The address of device (probably not physical, may be logical. Physical would need 6 bytes)
char *device; //The device name, which is usually referenced.
};
Defined in libnet directory->includes/libnet/libnet-structures.h

2. structure ifreq (careful, big)-
struct ifreq{
#define IFHWADDRLEN 6
//hwaddrlen must probably be the number of bytes for MAC address. 6 bytes is the no. of
//bytes taken by ethernet mac address.
#define IFNAMESIZ IF_NAMESIZE
union{
char ifrn_name[IFNAMESIZ];
} ifr_ifrn;
union{
struct sockaddr ifru_addr;
struct sockaddr ifru_dstaddr
struct sockaddr ifru_broadaddr
struct sockaddr ifru_netmask;
struct sockaddr ifru_hwaddr;
short int ifru_flags;
int ifru_ivalue;
int ifru_mtu;
struct ifmap ifru_map;
char ifru_slave[IFNAMSIZ];
char ifru_newname[IFNAMESIZ];
__caddr_t ifru_data
} ifr_ifru
};
#define ifr_name ifr_ifrn.ifrn_name /*Interface name (device name)*/
#define ifr_hwaddr ifr_ifru_hwaddr /*Mac address*/
#define ifr_addr ifr_ifru.ifru_addr /*address??? , perhaps the higher address. */
#define ifr_dstaddr ifr_ifru.ifru_dstaddr /*Other end of the p-p link (would be null, in out case, right?)*/
#define ifr_broadaddr ifr_ifru.ifru_broadaddr /* broadcast address */
#define ifr_netmask ifr_ifru.ifru_netmask /*Interface net mask*/
#define ifr_flags ifr_ifru_flags /*Flags*/
… Some other stuff. not important in our current discussion atleast.
The ifreq structure is defined in /net/if.h as well as /linux/if.h , altho in /linux/ there is an additional param in ifr_ifru union: if_settings structure object ifru_settings . The ifreq is used to get the information of a particular interface.

3. definition of structure ifconf
struct ifconf{
int ifc_len;
union{
char __user *ifcu_buf
struct ifreq __user *ifcu_req;
} ifc_ifcu;
};
#define ifc_buf ifc_ifcu.ifcu_buf /*Buffer address*/
#define ifc_req ifc_ifcu.ifcu_req /*array of structures*/
This structure is defined in /linux/if.h (yup, da same). The ifconf is used to get the interface list.

4. IFF flags: God damn difficult to trace where they were. But anyways, here is a list (of commonly used ones). (I’ve described using them earlier)-
IFF_UP – If the interface is up
IFF_LOOPBACK – If the interface is a loopback net
IFF_POINTOPOINT – If device has point-point link. Probably used when the device is already on a virtual circuit/streaming a connection
IFF_RUNNING – The device works, as in, it can successfully send and recieve packets.

Code Dissection:
Read the original code of libnet_ifaddrlist from libnet_if_addr list found in libnet directory->/src/ subdirectory. I’ll explain the function part by part. Keep up (btw, this function is skipped during compilation on solaris, since there, the default network device is le0. Its valid only for BSD and linux)-
int
libnet_ifaddrlist(register struct libnet_ifaddr_list **ipaddrp,
register char *errbuf)
{
The definition: The function takes the libnet_ifaddr_list array pointer, and modifies it with the return. errbuf char string is used in case of erros. It returns the number of network interfaces found.

register int fd, nipaddr;
#ifdef HAVE_SOCKADDR_SA_LEN
register int n;
#endif
register struct ifreq *ifrp, *ifend, *ifnext, *mp;
register struct sockaddr_in *sin;
register struct libnet_ifaddr_list *al;

struct ifconf ifc;
struct ifreq ibuf[MAX_IPADDR], ifr;
char device[sizeof(ifr.ifr_name) + 1];
static struct libnet_ifaddr_list ifaddrlist[MAX_IPADDR];
The fd is file descriptor for return value of socket(). nipaddr is to store number of interfaces found. ifrp, ifend,ifnext are used for traversing the interface list. ifrp is the current interface in question, ifrp is next stores the next address for the loop, and ifend is the end of the array. mp, well, I dont know why its there, cause I don’t find it used anywhere. The sockaddr_in *sin is that internet socket structure used for getting the logical address of device (the IP address as opposed to the raw logical address). The al is where all the interfaces will be sorted into at the end. The argument **ipaddrp is actually like a dummy. ipaddrp (the double pointer) is assigned to *al (array) (which coincidently also holds ifaddrlist). The ifc structure is used to get the interface listing (raw listing) and is passed via the ioctl. The ibuf is kinda like an alias to the buffer @ ifc. The device character string is used to store the logical device name. ifaddrlist, as mentioned, is used in conjunction to al, cause ifaddrlist is @ the beginning of the array, al keeps traversing the array (I know nothing made sense now, but reading this description over again later on will help). MAX_IPADDR is prob some macro for some arbit max size (didnt bother finding out where)

fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0)
{
sprintf(errbuf, "socket: %s", strerror(errno));
return (-1);
}
ifc.ifc_len = sizeof(ibuf);
ifc.ifc_buf = (caddr_t)ibuf;
The first line, gets the file descriptor. A simple socket() function performs a great deal, including setting up a nice little connection point, and a file descriptor to it. The next few lines are error check if socket couldnt be initialised. ifc.ifc_len is set to the maximum length of the interface listing that should be returned. Thats required as a part of the SIOCGIFCONF request. The last line, well, it sets the ifc_buf pointer to the same memory as ibuf. So ibuf could access the same memory location as that buffer returned from ioctl call. Kinda like an alias.

if (ioctl(fd,SIOCGIFCONF,(char *)&ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq))
{
sprintf(errbuf, "SIOCGIFCONF: %s", strerror(errno));
close(fd);
return (-1);
}
ifrp = ibuf;
ifend = (struct ifreq *)((char *)ibuf + ifc.ifc_len);
ioctl function call is used to get the devices acting below the special file descriptor. The fd is the FD passed to the ioctl function. The fd is over the network device, and hence becomes ideal for this. SIOCGIFCONF is used to get the list of interfaces. It takes a pointer to the ifconf object. In our case, thats ifc. If ioctl turns out 0 (or not -1), then success. If it returns -1, then you got problems. Maybe the method is not supported on that hardware, or something. The ioctl hence, comes in the if statement. The other part, it part after or, is confirmation that what is returned is atleast not junk. If ifc_len is less than even 1 ifreq structure, that means 1/2 a device is returned? lol, ofcourse not, its prob junk. So again, some error happened.
Now the next part (after if error checking)- ifrp is the current ifreq structure under interrogation, which is set to the beginning of the list. (remember, ibuf and ifc.ifc_buf refer to the same location, but call it by different types: 1 by char, other by ifreq struct, wherein the ifreq struct is the right interpretation). The ifend refers to the memory location immediately AFTER the interfaces list. ifc_len is the length of bytes of list, and ibuf is the start. Ofcourse, what could be easier could be-: ifend=ibuf+(ifc.ifc_len)/sizeof(struct ifreq); or ifend=(struct ifreq*)(ifc.ifc_buf+ifc.ifc_len);

al = ifaddrlist;
mp = NULL;
nipaddr = 0;
Just initialising. al is set to the beginning of ifaddrlist array (dunno why u need a pointer for tranversing the array, when we could use the index, but hell). mp, god knows why its there. nipaddr is the number of interfaces.

for (; ifrp < ifend; ifrp = ifnext)
{
#ifdef HAVE_SOCKADDR_SA_LEN
n = ifrp->ifr_addr.sa_len + sizeof(ifrp->ifr_name);
if (n < sizeof(*ifrp))
{
ifnext = ifrp + 1;
}
else
{
ifnext = (struct ifreq *)((char *)ifrp + n);
}
if (ifrp->ifr_addr.sa_family != AF_INET) continue;
Here, the loop starts for traversing each address. ifrp already refers to the beginning. ifnext is known in the loop, and ifrp is set to it, kinda like an increment. So, this just goes through each of the network interfaces.
The rest of it is if sa_len member is present in the sockaddr structure, which normally isnt (isnt for me). Skip. The n will get the the number of bytes supposed to be the sizeof the memory of the interface. Since ifr_addr is part of the union, and is the biggest of the structures (sockaddr). There are only 2 memory location units in ifreq: The union (whose max size is sizeof sockaddr) and the name buffer. Both are accounted for. But the sa_len extends the memory of the sockaddr. If sa_len>sizeof(sockaddr), then ifnext would be set to the next valid location, which goes over the expected size. Else, ifnext is set to the next immediate location.

#else
ifnext = ifrp + 1;
#endif
dude, you must know this. Its the regular increment . Thats what normally happens. Infact, if sa_len was not declared, the loop would be easier, much easier.

/*
* Need a template to preserve address info that is
* used below to locate the next entry. (Otherwise,
* SIOCGIFFLAGS stomps over it because the requests
* are returned in a union.)
*/
strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0)
{
if (errno == ENXIO) continue;
sprintf(errbuf,
"SIOCGIFFLAGS: %.*s: %s",
(int)sizeof(ifr.ifr_name),
ifr.ifr_name,
strerror(errno));
close(fd);
return (-1);
}
Read the comment if u want. I didnt understand a shit out of it. The strncpy, um…. strange as it is, cause ifr and ifrp are part of the same ifreq struct, and its like copying the entire string. Nyways, strncpy is always a better practice (buffer overflow prevention). As for why the copying, perhaps to prevent the ifr_name from getting overwritten. ioctl could become notorious for losing data. It takes in data and outputs it in the same argument. So its always better to copy all the stuff iin ifreq before passing it to ioctl. (or in this case, just copy the device name to another struct instead of passing the original)
The next call is to get the status of the particular device. For that, again ioctl, but this time, with the SIOCGIFFLAGS request, and the corresponding ifr pointer. If its not successful, an error message is set, using global errno (as in normal socket operations). If errno== ENXIO , which means, that the device is offline/inaccessible, then its ok to continue the loop, cause multiple devices may be offline. But if its some other error, then it must be reported and function failed (like, microprocessor starts acting funny by passing interrupt to keyboard or sumthing instead )

/* Must be up and not the loopback */
if ((ifr.ifr_flags & IFF_UP) == 0 || LIBNET_ISLOOPBACK(&ifr))
{
continue;
}
This checks up the correct flags to make sure that the device is valid. Though online, the device might not be up. This is possible if the device is powered and connected to comp, but not to the network. The first part of the if expression checks if the device is up (common sense tells us how flags work, esp. bit flags. So, if they return 0, the flag was not set, and hence, comparison failed). The second is actually a macro, in ->/include/libnet/libnet-macro.h .
The first expression checks if device is NOT up. The second checks if device IS loopback. LIBNET_ISLOOKBACK is equivalent to: (ifr.ifr_flags & IFF_LOOPBACK) != 0 . If the device is not up or loopback proceed with next device, with next iteration.

strncpy(device, ifr.ifr_name, sizeof(ifr.ifr_name));
device[sizeof(device) - 1] = '';
if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0)
{
sprintf(errbuf, "SIOCGIFADDR: %s: %s", device, strerror(errno));
close(fd);
return (-1);
}
This resembles the earlier ioctl call alot. The last 1 got the flags, this 1 gets the the address . This 1 calls up the SIOCCGIFADDR request with ioctl. But first, just saves the device name before the ioctl call, in device string (lol, atlast, a normal character string). Then, we query ioctl, and do the bogus error checking the same way. Now, the ifr.ifr_addr is filled with the “PA” address of the device, probably the joint IP address+port+family or sumthing. Casting it to sockaddr_in , we should be able to get the ip address!

sin = (struct sockaddr_in *)&ifr.ifr_addr;
al->addr = sin->sin_addr.s_addr;
/*
* Replaced savestr() with strdup(). -- MDS
*/
al->device = strdup(device);
++al;
++nipaddr;
}
close(fd);
And as I said earlier, it was cast to sockaddr_in for internet sockets. sin_addr is a part of in_addr, which is a structure containing only 1 element: s_addr, which is a 32 bit int (4 bytes) ) (numeric ip address. To get the presentation Ip address, use inet_ntop(AF_INET,&(sin->sin_addr.s_addr),dest,sizeof(dest)) where dest is a character string of 12+1 characters.
Then the rest is simple. Just add that device to the ifaddrlist array (through the al pointer). (strdup just copies the string and returns a pointer to the copied) Also, update the number of records, by nipaddr increment.

*ipaddrp = ifaddrlist;
return (nipaddr);
}
#endif /* !__solaris__ */
That just repoints the passed argument to the interface list, which now contains a nice little list of device name and associated ip address. Also, return the number of records, from nipaddr. Finally, endif the solaris, cause this full function shouldnt be compiled under solaris.

Usage:
Lets use this function we learnt to output the interface device names.
#include "libnethead.h"
#define MAX_IPADDR 15
//Let the max number of interfaces be 15. Put something arbit big.
struct libnet_ifaddr_list{
long addr;
char *device;
};
int main(){
struct libnet_ifaddr_list *address_list;
char errbuf[100];
int i;
int no;
no=libnet_ifaddrlist(&address_list,errbuf);
if(no==-1){ printf("Error: %s",errbuf); exit(1); }
for(i=0;i<no;i++){
printf("Device: %s ,\t Address: %d\n",(address_list[i]).device,(address_list[i]).addr);
}
return 0;
}
//Below is more or less copy-paste, with a bit of editing to make it independent of libnet constants
int libnet_ifaddrlist(register struct libnet_ifaddr_list **ipaddrp,register char *errbuf){
register int fd, nipaddr;
register struct ifreq *ifrp, *ifend, *ifnext, *mp;
register struct sockaddr_in *sin;
register struct libnet_ifaddr_list *al;
struct ifconf ifc;
struct ifreq ibuf[MAX_IPADDR], ifr;
char device[sizeof(ifr.ifr_name) + 1];
static struct libnet_ifaddr_list ifaddrlist[MAX_IPADDR];
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd < 0)
{
sprintf(errbuf, "socket: %s", strerror(errno));
return (-1);
}
ifc.ifc_len = sizeof(ibuf);
ifc.ifc_buf = (caddr_t)ibuf;
if (ioctl(fd,
SIOCGIFCONF,
(char *)&ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq))
{
sprintf(errbuf, "SIOCGIFCONF: %s", strerror(errno));
close(fd);
return (-1);
}
ifrp = ibuf;
ifend = (struct ifreq *)((char *)ibuf + ifc.ifc_len);
al = ifaddrlist;
mp = NULL;
nipaddr = 0;
for (; ifrp < ifend; ifrp = ifnext)
{
ifnext = ifrp + 1;
strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name));
if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0)
{
if (errno == ENXIO) continue;
sprintf(errbuf,
"SIOCGIFFLAGS: %.*s: %s",
(int)sizeof(ifr.ifr_name),
ifr.ifr_name,
strerror(errno));
close(fd);
return (-1);
}
/* Must be up and not the loopback */
if (((ifr.ifr_flags & IFF_UP) == 0) || ((ifr.ifr_flags & IFF_LOOPBACK)==1))
{
continue;
}
strncpy(device, ifr.ifr_name, sizeof(ifr.ifr_name));
device[sizeof(device) - 1] = '';
if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0)
{
sprintf(errbuf, "SIOCGIFADDR: %s: %s", device, strerror(errno));
close(fd);
return (-1);
}
sin = (struct sockaddr_in *)&ifr.ifr_addr;
al->addr = sin->sin_addr.s_addr;
al->device = strdup(device);
++al;
++nipaddr;
}
close(fd);
*ipaddrp = ifaddrlist;
return (nipaddr);
}
//EOF//
You would ofcourse need the file libnethead.h . Dont worry, it aint something mysterious, its just a holy bunch of includes we have. I know that most of them arent necessary for this program, but having a common template helps (also, I didnt bother figuring out which were needed, which werent ). Here is libnethead.h (just put it in the same directory as the file above).

#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <signal.h>
#include <stdlib.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <ctype.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <net/if.h>
#include <net/ethernet.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <linux/igmp.h>
#include <arpa/inet.h>
#include <sys/time.h>
#include <netdb.h>
#include <errno.h>
#include <stdarg.h>

Note that no additional stuff is required, other than this. Also, note that this file is not universal. It works with my build of OpenSuSE 10.2, on a IA32 platform. It may be a bit different on others. Modify/clip ur version of libnet.h (in libnet folder) to suite ur suite.
Compile the code, and voila! If you get nothing, don’t worry, you prob dont have any up (or nonloopback) network devices connected to ur computer at the moment. To check for loopback devices as well, remove that IFF_LOOPBACK thing.

Congratulations: You’ve communicated with “super” low level network jumble and got what you needed! Take a break. I know I need 1 .

Whats Next:
Perhaps a movie (:D) . Seriously, if your anything like me, u’d wanna watch 1 now, cause this stuff was heavy but damn important. I’m glad its out of the way, because these sort of things are perhaps the most undocumented things available. Once we are able to setup and transmit a ethernet line, we’re made, cause then is left all that packet creation crap, stuff for which the rfc’s are golden source’s of info.
As for whats next on the blog (whenever I post this, after that): Probably the function: libnet_get_hwaddr for getting the ethernet address (MAC address) . I expect it to be real small though, resembling ioctl to get the device hwaddr in that ifreq structure. What will be interesting is actually getting that and parsing it to make it human readable.

Update on internet (rofl, personal): Well, talked to you telecom ppl. Shitty stuff, they blocked the internet for sum ugly overusgae or sumthing. No warning, and way before due date. I couldnt hear them properly on phone, so heck, didnt bother listening to pukeface talking on the other end of the line anyways. Lets see, I’ll try to upload this asap, perhaps from my fathers’ reliance connection.
Update: Well, its almost perfectly 24 hours since I wrote this article, and now I get internet and time to post it. Next is getting the interface’s mac address, damm simple.

Firstly, have a look at the IP stack @ http://en.wikipedia.org/wiki/Internet_protocol_suite . It explains stuff. Though its wikipedia, its quite detailed and technical, which is brilliant. I am really bothered abt the figure, btw, that 5 layer table.

Anyways, lets explore libnet. We see a doc folder. Go, and see the HTML documents, serial order ofcourse. You’d understand the first 3-4 pages. If you don’t, fuck off- either u aint concentrating, or you don’t know enough. If its the first, good, thats what happened to me the first time. But if its 2nd, you need to wait for another 1/2 year to get and read material pre-requisite to this blog.

Now, in your opera/firefox , open 2 tabs, 1 having 5.html and other 6.html . These are by far the 2 most important documents you’d need to be open.

Since we’re dissecting the source, we wouldnt bother much with the memory management part of libnet, atleast as yet. We are more interested in the communication with the modem/router/card, and how to form and send packet headers (along with payload if any). I DONT know the entire process as yet, so I might make some mistakes here, and rectify/negate them later. Don’t scream @ me, I aint accountable to you, its my blog!

Anyways, I assume that basic IP headers are easier to construct. So, lets start off with link layer instead, which is definately much more complex, but is found “NOWHERE” (no book, very very few source codes, no articles, hardly any papers, nothing abt link layer programming)

So, we see that the basic way to start a link layer communication is by libnet_open_link_interface. Read 5.html. It takes 2 arguments. The first is important, its the device. The second is merely an error buffer for error message. From the practical point of view, we must first find out which device is to be used. We must use a non-loopback device, which is up (ie, working). To do this, lets use the libnet_select_device() function.

libnet_select_device -
It takes the form: int libnet_select_device(struct sockaddr_in *sin, u_char **device, u_char *ebuf); . Dont be perplexed. Breaking it down-
sockaddr_in is that SOCKADDR structure for the Internet suite. Its basically sockaddr but casted better, in more human readable form.
**device : No sweat. Make a blank string. Pass the address of the string (ye, address of pointer of first character of string). I realise this is pretty retarded however, since you could modify the string without the pointer address.
*ebuf: Just an empty string, which could have an error message if there is some error.
On failure, the function returns -1. Else, contains true (1).

For example

.....
char *device=NULL,*buf=NULL;
struct sockaddr_in sin; //lame
if(libnet_select_device(&sin,&device,buf)==-1){ printf("Your interface is down or sumthing: %s",buf); exit(1); }
.... //Use device for the rest of the time.


That was a for example. You could use the pcap interface (remember, libnet is useful for sending packets, but usually with libpcat for sniffing the net, libnet’s power increases manifolds), Cause thats whats done in dniff (which is a open source sniffer)

(sideline note: Just running thru connecting with devices routines, ahem, very complex guys… all distinct and stuff)

The libnet_select_device is present in /src/libnet_if_addr.c file. Opening that, here’s libnet_select_device function-
int
libnet_select_device(struct sockaddr_in *sin, u_char **device, u_char *errbuf)
{
int c, i;
char err_buf[BUFSIZ];
struct libnet_ifaddr_list *address_list;
#if (__solaris__)
/*
* XXX - this is temporary and needs to be better documented.
*/
*device = "le0";
return (1);
#else
/*
* Number of interfaces.
*/
c = libnet_ifaddrlist(&address_list, err_buf);
if (c < 0)
{
sprintf(errbuf, "ifaddrlist : %s\n", err_buf);
return (-1);
}
else if (c == 0)
{
sprintf(errbuf, "No network interfaces found.\n");
return (-1);
}
if (*device)
{
for (i = c; i; --i, ++address_list)
{
if (!(strncmp(*device, address_list->device, strlen(address_list->device))))
{
break;
}
}
if (i <= 0)
{
sprintf(errbuf, "Can't find interface %s\n", *device);
return (-1);
}
}
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = address_list->addr;
/*
* Do we need to assign a name to device?
*/
if (!*device)
{
if (c > 1)
{
#if (__DEBUG)
fprintf(stdout,
"Multiple interfaces found, using %s @ %s.\n",
host_lookup(sin->sin_addr.s_addr, 0),
address_list->device);
#endif
}
*device = address_list->device;
}
return (1);
}
#endif /* __solaris__ */

We see that script has support for solaris: A system we don’t bother exploring. But looks like the default active modem device is set by the handle le0 automatically. lol, solaris rox for this.
But linux aint so lucky. First, it checks through ifaddrlist for some stuff…. Yeah, I’m looking at that function now… check it out, its right above select_device (I’d describe it in my next post perhaps. This 1 is for select_device)

Deviation: Since this is taking longer then anticipated, here are links which I used to find out how stuff is done:
http://docs.sun.com/app/docs/doc/802-1930-07/6i5u9741f?a=view – Cool link.
http://ecos.sourceware.org/docs-latest/ref/openbsd-manpages-netintro.html – BSD reference for ifreq and ioctl
http://www.delorie.com/gnu/docs/glibc/libc_305.html – If sa_len is not defined (if defined, then see first link)

And done (phew), after abt 1/2-1 hour. I’ll admit it, I never used ioctl ever in my life before, and finding out stuff about it is hard.

Anyways, back to the code. The libnet_ifaddrlist() takes a regular double pointer to libnet_ifaddr_list and in that pointer, returns a list of active interfaces (non-loopback). Each entry of the array returned contains a device name, and the mac address of the interface. It returns the number of interfaces.

So, c is returned the number of interfaces (back in libnet_select_device btw). As you can see, it select device does some bogus checks at first. Then, it goes and checks if a particular device is working or not. This is simple to check really. Just go through the devices returned by libnet_ifaddrlist , and compare if any of the devices in that list match the device passed. This is, ofcourse, followed, only if device argument is not null (we normally use null right, to GET the device. But this function can also check the validity of a device).

Then it merely copies the device(s), if multiple, then the first device in the array. This device is simply copied to the passed **device argument, and a nice “true” is returned.

Sorry: Sorry to disappoint. I thought the function will be more involved, but turns out that the libnet_ifaddrlist is the beast, not select_device. I realised that WHEN I was writing this post.

Use: Not much, I’ll give you that. The function itself is quite easy to understand if you know about libnet structures and stuff in general, and I’m happy it turned out to be the first I discussed, cause it was easy. However, I can’t help to say, it was more like a wrapper function+”little” functionality+error reporting . But this is a very useful function in general, for getting the most convenient interface. However, we havent discussed enough for a full fledged program to exploit this function.

Whats next: Duh, next post, which will be prob after much much more extensive research (lol, most of it, done today, but I prefer real EXTENSIVE.) is about lib_ifaddrlist . Wish me luck about finding about Ifflags in linux.

The obvious question is why this blog? Well, this isn’t for you, its for me. In these holidays (which are coming to an end) I learnt, and am learning so much, but am also forgetting a lot. So, this blog is to help me remember. This will be a personal cum super technical blog, technical being dealing with complex stuff, mainly networking related, especially networking in C.

Its a shame that soo.. so… few references are available for low level networking. Any1 who needs that interface really needs to work themselves from ground up, which is kinda sad, when you think about it. I had the same problem.But since yesterday, I worked myself up this ladder, and atlast, I am in a position where I have all I need to understand the topic.

This blog is mainly for posting daily notes about those topics. For people who understand what I am doing (alot of ethernet and IP protocol and packets programming), reading this blog, you will be grateful to me for making it. But I know no1 reads about this stuff. No1 bothers how stuff works below, as long as @ high level, stuff is as simple as a button click.

Here is the libnet library which is my main/ultimate reference. Unlike the libnet in linux, which is precompiled, this 1 is source, so you could actually explore it, and generate routines by yourself even without libnet. But a hearty thanx to the creator of libnet. And I’d be ever so in debt to him.

Here’s a copy of libnet source: http://rapidshare.com/files/41646085/libnet-1.0.1b.tar.gz.html

And so, the experiment starts.

My original personal blog @ fh-net.com seems to be down cause fh-net.com is down. So here’s a copy of that post I made on orkut/google login schemas

Firstly, only those with deep understanding of cookies and sessions and logins, please view this. This is totally original article, trying to figure out all about orkut. Its more like a “Hey, it happens this way” than “Whao, I found out sumthing amazing”
Firstly, lets what happens when you visit orkut.com . You get to a screen which sets the tracker google analytic cookies and TZ cookie (both of which, we dont bother with). On the login page, is a iframe pointing to: https://www.google.com/accounts/ServiceLoginBox . It contains the (important) parameters-
service=orkut
skipll=true&skipvpage=true
continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D0%26page%3Dhttp%253A%252F%252Fwww.orkut.com%252F
followup=http%3A%2F%2Fwww.orkut.com%2FGLogin.aspx
hl=en-US (lang)
Just decoding the continue string, we see-
http://www.orkut.com/RedirLogin.aspx?msg=1&page=http%3A%2F%2Fwww.orkut.com%2F
Go there and try out. Looks like a normal login page, but the service box is redundant. You see, that now, the continue will be like-
http://www.orkut.com/RedirLogin.aspx?msg=0&page=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D1%26page%3Dhttp%253A%252F%252Fwww.orkut.com%252F%26followup%3Dhttp%3A%2F%2Fwww.orkut.com%2FGLogin.aspx
Decoding the “page” variable-
http://www.orkut.com/RedirLogin.aspx?msg=1&page=http%3A%2F%2Fwww.orkut.com%2F&followup=http://www.orkut.com/GLogin.aspx

Recognise it? It means that when we send the form to google for login, the referer page is also sent along with it. And note, that this is totally independent of whether u’ve logged in or not to orkut already (you will see where I am going with this later). Also, just note the address of the page. Its Glogin.aspx?done=[page] . Think!

Alright, thats preliminary check. Now lets see what gets sent when you submit the form (yeah, I’m lazy to read source)-
continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D0%26page%3D%252FHome.aspx%253Fxid%253D5239296434780423392 & followup=http%3A%2F%2Fwww.orkut.com%2FGLogin.aspx & service=orkut & nui=2 & skipvpage=true & skipll=true & hl=en-US & GA3T=CQ78r8M_LWU & Email=[something] & Passwd=[something] & PersistentCookie=yes & rmShown = 1 & null=Sign+in

Most things we remember. The GA3T prob is Google Accounts **, not sure what, but there is a seemingly random value associated with it, probably some sortof checksum (perhaps google skips referer check for cross browser compatibility). Most other stuff is either due to browser settings, or that “remember me” option.

Posting this, we get a nice lil response from google, which firstly sets the following cookies-
SID= Some TREMENDOUSLY LONG case-sensitive alphanumeric but having hyphens at regular intervals (prob consists of number of components concatenated) (expires sumwhere in 2017)
GA3T=CQ78r8M_LWU (recognise this ) . It prob may be a checksum for making cookies a bit more secure or sumthing
GoogleAccountsLocale_session= en (english)
LSID= Now this one is strange. Viewing the headers, it shows some real crap. It sets this multiple times, but makes sure it expires in 1990. And eventually, it gets set to= DQAAAI****AIqgK9HyWnrp9wJnJnXKIkXu4CYxpgoloNv5i8I*zOaFD7oPenHC_yxaAXobufNmpYq113BsqoFfDJ7YiIgahYLm5F1*K4Dude2ms4rcNcNcDOzCyAYg9othn1Ii1yvrKkPGXAG9E2jBm8Um*U5towqpD1D10PCdizJvwU3LAg1Q , but via a secure connection. All I see is the word: Dude which makes sense
Then, it decently outputs sum javascript to redirect to TokenAuth

The TokenAuth
The GET query_string is long, so I break it up as (and decode)-
continue=https://www.google.com/accounts/CheckCookie?continue=http%3A%2F%2Fwww.orkut.com%2FRedirLogin.aspx%3Fmsg%3D0%26page%3D%252FHome.aspx%253Fxid%253D5239296434780423392&followup=http%3A%2F%2Fwww.orkut.com%2FGLogin.aspx&service=orkut&hl=en-US&chtml=LoginDoneHtml&skipvpage=true
auth=TREMEMDOUSLY long string again.

We are more interested in the outcome. The script AGAIN set the SID and LSID cookie to the values earlier (again, LSID has those bogus expires as well), with everything the same. It sends a 302 (relocated) message, and redirects to CheckCookie with the query string parameters-
continue=http://www.orkut.com/RedirLogin.aspx?msg=0&page=%2FHome.aspx%3Fxid%3D5239296434780423392
followup=http://www.orkut.com/GLogin.aspx
service=orkut
hl=en-US
chtml=LoginDoneHtml
skipvpage=true (no clue abt this 1)

SO, we find that TokenAuth probably had no sense to be there in the first place. It places the same old cookies back with the same old values, and redirects to checkcookie, even without any other token.
And voila, still nothing, yet another seemingly useless redirection, cause checkcookie, although might be “checking” the cookies, doesnt modify any values as such. The value of SID aint changed, and LSID is reset in the same lame manner as it is earlier. But look beyond and see that there is a redirection on this page, to SetSID , which accepts a long query-string.
ssdc=1
sidt=NCWYYhMBAAA=.D9uKQk+/7Um5yenrm0f6GQwd2bccekqTV744ZrWxuXzF4Y6KMUYk4Wj331p9BEuw4MHl5RR7CnPemACZoXdiG66p/2d8kehVu6rzsLoCSVmGV9/yMRZg7uJjJx/ib95mIGFZ4qsR0gecJMsjOBYlteWUrDJFw+h6tS9qIOmIeJY2bx8e7796UgkoLieDQJXGFY5eYYPM53Ksm4r9v/Z8Zhm4Eb/Q8RHVcAwYGlHpB5OZtLckrb4j+kFcj0g0hRXZhSW8UCr2+PPp4gDE7dmJIA==.2kc6T4NPnriT3TQkIlxU1A==
continue=http://www.orkut.com/RedirLogin.aspx?msg=0&page=%2FHome.aspx%3Fxid%3D5239296434780423392&auth=DQAAAIIAAAAnN0_ENJwCttMyPV6Tz6wRh8JSrbvAJzGNB1SWMO65UoC7fcT9CzmmFxFp_SXfesrvrWV0H5e1Amzd8kNe25kFDhwfsITasPcXHQ0oX4qzzQ1eyJvixiCrb8oN_agAE5WSaY150HBhdzwhFx8RwuTkAHz6y2SwdCjursc_NgaTvGZD2mbkRwSdEJ_erYroUNE
the sidt, well, cant say much, except that it looks encoded before just being a session id. Those ==, doesnt that remind us of base64 encoding? Well, this looks sumthing “like” that (no, it aint base64). Its to make sure that the page isnt requested directly, but only after Checkcookie, which is fair enough, since it seems rather hard to guess the sidt
The continue part now seems to look interesting though. Lets de-hex it once more-
http://www.orkut.com/RedirLogin.aspx?msg=0&page=/Home.aspx?xid=5239296434780423392&auth=DQAAAIIAAAAnN0_ENJwCttMyPV6Tz6wRh8JSrbvAJzGNB1SWMO65UoC7fcT9CzmmFxFp_SXfesrvrWV0H5e1Amzd8kNe25kFDhwfsITasPcXHQ0oX4qzzQ1eyJvixiCrb8oN_agAE5WSaY150HBhdzwhFx8RwuTkAHz6y2SwdCjursc_NgaTvGZD2mbkRwSdEJ_erYroUNE

Did some research on this part now, since this looks like the entry point to orkut login system. The auth which was issued by ServiceLoginBoxAuth was used throughout.
Now this is probably a backend part of the script. You see the xid, right. Well, that might be a token id issued by ServiceLoginAuthBox . RedirLogin.aspx probably sends the data it gets from the query string to google servers, to check that firstly, the auth is correct; This is kinda like a checksum/session_id(for the login part). The xid is probably first checked against that auth on the google server, and then the profile id is probably returned.
Once thats done, then orkut loads up a session cookie (along with sum other additional stuff) as okrut_state, which contains multiple parameters. Yup, thats right, 1 cookie, various things, but eventually, a nice session id.. its like various fields with : as the delimiter-

ORKUTPREF=ID=[Session id]
INF=0
SET=[some other number]
LNG=[no clue, but looks boolean]
CNT=[country telephone code. Like mines 91 for india):RM=(probably remember option):
USR=[login email address] (base 64 encoded)
PHS=[no clue of this, since it was blank for me]
TS=[no clue of this, since it was blank for me]
LCL=[Language]
NET=[prob the type of connection- direct or via proxy (depending on proxy-alive header)]
TOS=[clueless]
GC=[AHA, the google auth]
E=[Again the login address?] (base 64 encoded)
GTI=[some boolean value, perhaps a preference or sumthing]:
GID=[login email address] (base 64 encoded) (again?)
VER=[version?]
S=[dunno ]

And then, the backend body removes the auth from the outstanding list, after logging into the service. (confirmed)

So thats about how orkut login takes place.
(I know the last part was especially shabby, but I thought I would continue this is another blog entry)

W00t! I got r00t!