public
/
dhcp_protect
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 2 Wiki Activiteit
A userspace application that filters DHCP floods to protect a DHCP server. It uses the Netfilter userspace packet queuing API.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
Tree: 9260847e83
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '9260847e83'
${ noResults }
dhcp_protect/perftest.pl

perftest.pl 4.0KB
Ruw Blame Geschiedenis

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. #!/usr/bin/perl

  2. #   Copyright 2019 Pascal Gloor

  3. #

  4. #   Licensed under the Apache License, Version 2.0 (the "License");

  5. #   you may not use this file except in compliance with the License.

  6. #   You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. #   Unless required by applicable law or agreed to in writing, software

  11. #   distributed under the License is distributed on an "AS IS" BASIS,

  12. #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. #   See the License for the specific language governing permissions and

  14. #   limitations under the License.

  15. 

  16. 

  17. use strict;

  18. use IO::Socket::INET;

  19. use Time::HiRes qw(sleep);

  20. use warnings;

  21. 

  22. $| = 1;

  23. 

  24. 

  25. 

  26. my($clients, $leasetime, $floodclients, $floodpps, $dest, $destport) = @ARGV;

  27. 

  28. usage() if !defined $destport;

  29. 

  30. if ( $clients !~ /^\d+$/ || $clients < 1 ) {

  31. 	print STDERR "clients count must be a positive integer\n";

  32. 	exit 1;

  33. }

  34. 

  35. if ( $leasetime !~ /^\d+$/ || $leasetime < 3 ) {

  36. 	print STDERR "leasetime must be at least 3\n";

  37. 	exit 1;

  38. }

  39. 

  40. if ( $floodclients !~ /^\d+$/ || $floodclients < 0 ) {

  41. 	print STDERR "floodclients must be a 0 or more\n";

  42. 	exit 1;

  43. }

  44. 

  45. if ( $floodpps !~ /^\d+$/ || $floodpps < 0 ) {

  46. 	print STDERR "floodpps must be 0 or more\n";

  47. 	exit 1;

  48. }

  49. 

  50. if ( $dest !~ /^(\d+\.\d+\.\d+\.\d+)$/ ) {

  51. 	print STDERR "destination IP must be a valid IPv4 address\n";

  52. 	exit 1;

  53. }

  54. 

  55. if ( $destport !~ /^\d+$/ || $destport < 1 || $destport > 65535 ) {

  56. 	print STDERR "destport must be between 1 and 65535\n";

  57. 	exit 1;

  58. }

  59. 

  60. main($clients, $leasetime, $floodclients, $floodpps, $dest, $destport);

  61. 

  62. sub usage {

  63. 	print STDERR <<EOF;

  64. 

  65. ==============================================

  66. = DHCP Protect testing client                =

  67. = This is only to test dhcp_protect          =

  68. = DO NOT SEND THIS TO YOUR DHCP SERVER !!!!  =

  69. ==============================================

  70. 

  71. Usage: $0 <clients> <leasetime> <floodclients> <floodpps> <destination> <port>

  72. 

  73. clients      : number of 'normal' dhcp clients to simulator.

  74. leasetime    : the desired leasetime.

  75. floodclients : number of client flood the server.

  76. floodpps     : packet rate at which the floodclients flood the server (per client).

  77. destination  : target IP address.

  78. port         : targer UDP port.

  79. EOF

  80. 	exit 1;

  81. }

  82. 

  83. 

  84. sub main {

  85. 	my($clients, $leasetime, $floodclients, $floodpps, $dest, $destport)=@_;

  86. 

  87. 	# pseudo packet, the only really relevant thing

  88. 	# is that option 82 is present and at the right place

  89. 	my $hdr = "";

  90. 

  91. 	$hdr .= pack("H2","01"); # Opcode, bootrequest

  92. 	$hdr .= pack("H2","01"); # Hardware type, ethernet

  93. 	$hdr .= pack("H2","06"); # HW addr len, MAC = 6

  94. 	$hdr .= pack("H2","01"); # hops, 1 relay

  95. 	$hdr .= pack("H8","00000000"); # transaction ID

  96. 	$hdr .= pack("H4","0000"); # secs

  97. 	$hdr .= pack("H4","0000"); # flags

  98. 	$hdr .= pack("H8","00000000"); # ciaddr

  99. 	$hdr .= pack("H8","00000000"); # yiaddr

  100. 	$hdr .= pack("H8","00000000"); # siaddr

  101. 	$hdr .= pack("H8","00000000"); # giaddr

  102. 	$hdr .= pack("H32","0"x32); # cihwaddr

  103. 	$hdr .= pack("H128","0"x128); # hostname

  104. 	$hdr .= pack("H256","0"x256); # boot filename

  105. 	$hdr .= pack("H8","63825363"); # magic cookie

  106. 

  107. 	$hdr .= pack("C", 82); # opt 82

  108. 	$hdr .= pack("C", 21); # opt 82 len

  109. 	$hdr .= pack("C", 1); # subopt 1 (circuitid)

  110. 	$hdr .= pack("C", 11); # subopt 1 len

  111. 	$hdr .= "Hello World";

  112. 	$hdr .= pack("C", 2); # subopt 2 (remoteid)

  113. 	$hdr .= pack("C", 6); # subopt 2 len (mac)

  114. 

  115. 

  116. 	if ( $floodclients > 0 ) {

  117. 		my $pid = fork();

  118. 		# flood client

  119. 		if ( !$pid ) {

  120. 

  121. 			my $int = 1/$floodpps/$floodclients;

  122. 			my $sock = IO::Socket::INET->new(

  123. 				Proto => 'udp',

  124. 				PeerAddr => "$dest:$destport",

  125. 			);

  126. 

  127. 			while(1) {

  128. 				for(my $i=0; $i<$floodclients; $i++) {

  129. 					my $pkt = $hdr;

  130. 					$pkt .= pack("H12", sprintf("66666666%04x", $i));

  131. 					$sock->send($pkt);

  132. 					sleep($int);

  133. 				}

  134. 			}

  135. 			exit;

  136. 		}

  137. 	}

  138. 

  139. 	my $int = $leasetime/3/$clients;

  140. 	my $sock = IO::Socket::INET->new(

  141. 		Proto => 'udp',

  142. 		PeerAddr => "$dest:$destport",

  143. 	);

  144. 

  145. 	while(1) {

  146. 		for(my $i=0; $i<$clients; $i++) {

  147. 			my $pkt = $hdr;

  148. 			$pkt .= pack("H12", sprintf("00112233%04x",$i));

  149. 			$sock->send($pkt);

  150. 			sleep($int);

  151. 		}

  152. 	}

  153. }