The version of nemesis is 1.4. On amd64 (x86_64) i have the following issue with the tcp Packet injection: ✘ ⚡ root@gentoo ⮀ /usr/portage/net-misc/nemesis ⮀ nemesis tcp -v -y 1494 -S 1.1.1.1 -D 1.2.3.4 TCP Packet Injection -=- The NEMESIS Project Version 1.4 (Build 26) [IP] 1.1.1.1 > 1.2.3.4 [IP ID] 58260 [IP Proto] TCP (6) [IP TTL] 255 [IP TOS] 0x00 [IP Frag offset] 0x0000 [IP Frag flags] [TCP Ports] 24232 > 1494 [TCP Flags] SYN [TCP Urgent Pointer] 0 [TCP Window Size] 4096 [TCP Seq number] 844393914 Wrote 40 byte TCP packet. *** glibc detected *** nemesis: free(): invalid next size (fast): 0x0000000000615050 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7d3e6)[0x7f11e17063e6] nemesis[0x40cab1] nemesis[0x4095de] nemesis[0x40af13] nemesis[0x401af4] /lib64/libc.so.6(__libc_start_main+0xed)[0x7f11e16ad60d] nemesis[0x401b41] ======= Memory map: ======== 00400000-00414000 r-xp 00000000 08:03 474101 /usr/bin/nemesis 00613000-00614000 r--p 00013000 08:03 474101 /usr/bin/nemesis 00614000-00615000 rw-p 00014000 08:03 474101 /usr/bin/nemesis 00615000-00636000 rw-p 00000000 00:00 0 [heap] 7f11e1473000-7f11e1488000 r-xp 00000000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f11e1488000-7f11e1687000 ---p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f11e1687000-7f11e1688000 r--p 00014000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f11e1688000-7f11e1689000 rw-p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f11e1689000-7f11e1828000 r-xp 00000000 08:03 565662 /lib64/libc-2.15.so 7f11e1828000-7f11e1a27000 ---p 0019f000 08:03 565662 /lib64/libc-2.15.so 7f11e1a27000-7f11e1a2b000 r--p 0019e000 08:03 565662 /lib64/libc-2.15.so 7f11e1a2b000-7f11e1a2d000 rw-p 001a2000 08:03 565662 /lib64/libc-2.15.so 7f11e1a2d000-7f11e1a31000 rw-p 00000000 00:00 0 7f11e1a31000-7f11e1b25000 r-xp 00000000 08:03 566023 /lib64/libm-2.15.so 7f11e1b25000-7f11e1d24000 ---p 000f4000 08:03 566023 /lib64/libm-2.15.so 7f11e1d24000-7f11e1d25000 r--p 000f3000 08:03 566023 /lib64/libm-2.15.so 7f11e1d25000-7f11e1d26000 rw-p 000f4000 08:03 566023 /lib64/libm-2.15.so 7f11e1d26000-7f11e1d47000 r-xp 00000000 08:03 566101 /lib64/ld-2.15.so 7f11e1f10000-7f11e1f13000 rw-p 00000000 00:00 0 7f11e1f44000-7f11e1f47000 rw-p 00000000 00:00 0 7f11e1f47000-7f11e1f48000 r--p 00021000 08:03 566101 /lib64/ld-2.15.so 7f11e1f48000-7f11e1f49000 rw-p 00022000 08:03 566101 /lib64/ld-2.15.so 7f11e1f49000-7f11e1f4a000 rw-p 00000000 00:00 0 7fff14ee9000-7fff14f0a000 rw-p 00000000 00:00 0 [stack] 7fff14fff000-7fff15000000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] [1] 28025 abort nemesis tcp -v -y 1494 -S 1.1.1.1 -D 1.2.3.4 Using gdb: ⚡ root@gentoo ⮀ /usr/portage/net-misc/nemesis ⮀ gdb -q nemesis Reading symbols from /usr/bin/nemesis...done. (gdb) r tcp Starting program: /usr/bin/nemesis tcp warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? *** glibc detected *** /usr/bin/nemesis: free(): invalid next size (fast): 0x0000000000615010 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7d3e6)[0x7ffff77bb3e6] /usr/bin/nemesis[0x40cab1] /usr/bin/nemesis[0x4095de] /usr/bin/nemesis[0x40af13] /usr/bin/nemesis[0x401af4] /lib64/libc.so.6(__libc_start_main+0xed)[0x7ffff776260d] /usr/bin/nemesis[0x401b41] ======= Memory map: ======== 00400000-00414000 r-xp 00000000 08:03 474101 /usr/bin/nemesis 00613000-00614000 r--p 00013000 08:03 474101 /usr/bin/nemesis 00614000-00615000 rw-p 00014000 08:03 474101 /usr/bin/nemesis 00615000-00636000 rw-p 00000000 00:00 0 [heap] 7ffff7528000-7ffff753d000 r-xp 00000000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ffff753d000-7ffff773c000 ---p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ffff773c000-7ffff773d000 r--p 00014000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ffff773d000-7ffff773e000 rw-p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ffff773e000-7ffff78dd000 r-xp 00000000 08:03 565662 /lib64/libc-2.15.so 7ffff78dd000-7ffff7adc000 ---p 0019f000 08:03 565662 /lib64/libc-2.15.so 7ffff7adc000-7ffff7ae0000 r--p 0019e000 08:03 565662 /lib64/libc-2.15.so 7ffff7ae0000-7ffff7ae2000 rw-p 001a2000 08:03 565662 /lib64/libc-2.15.so 7ffff7ae2000-7ffff7ae6000 rw-p 00000000 00:00 0 7ffff7ae6000-7ffff7bda000 r-xp 00000000 08:03 566023 /lib64/libm-2.15.so 7ffff7bda000-7ffff7dd9000 ---p 000f4000 08:03 566023 /lib64/libm-2.15.so 7ffff7dd9000-7ffff7dda000 r--p 000f3000 08:03 566023 /lib64/libm-2.15.so 7ffff7dda000-7ffff7ddb000 rw-p 000f4000 08:03 566023 /lib64/libm-2.15.so 7ffff7ddb000-7ffff7dfc000 r-xp 00000000 08:03 566101 /lib64/ld-2.15.so 7ffff7fc4000-7ffff7fc7000 rw-p 00000000 00:00 0 7ffff7ff9000-7ffff7ffb000 rw-p 00000000 00:00 0 7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 00021000 08:03 566101 /lib64/ld-2.15.so 7ffff7ffd000-7ffff7ffe000 rw-p 00022000 08:03 566101 /lib64/ld-2.15.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff7775b95 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff7775b95 in __GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff777700b in __GI_abort () at abort.c:91 #2 0x00007ffff77b566e in __libc_message (do_abort=2, fmt=0x7ffff78a9088 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:198 #3 0x00007ffff77bb3e6 in malloc_printerr (action=3, str=0x7ffff78a9250 "free(): invalid next size (fast)", ptr=<optimized out>) at malloc.c:5007 #4 0x000000000040cab1 in libnet_destroy_packet () #5 0x00000000004095de in buildtcp (eth=0x614670 <etherhdr>, ip=<optimized out>, tcp=<optimized out>, pd=<optimized out>, ipod=0x6146e0 <ipod>, tcpod=<optimized out>, device=0x0) at nemesis-proto_tcp.c:144 #6 0x000000000040af13 in nemesis_tcp (argc=<optimized out>, argv=<optimized out>) at nemesis-tcp.c:82 #7 0x0000000000401af4 in main (argc=<optimized out>, argv=<optimized out>) at nemesis.c:114 libnet-1.0 looks deprecated by upstream, and it behaves poorly on x86_64 machines. It defines much `u_long` for where should be 4 byte...but I have not examined nemesis's source code...
("/usr/bin/nemesis", ["nemesis", "tcp"], [/* 48 vars */]) = 0 brk(0) = 0x615000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47d126000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=207048, ...}) = 0 mmap(NULL, 207048, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff47d0f3000 close(3) = 0 open("/lib64/libm.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pg\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1001728, ...}) = 0 mmap(NULL, 3096840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ff47cc11000 mprotect(0x7ff47cd05000, 2093056, PROT_NONE) = 0 mmap(0x7ff47cf04000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf3000) = 0x7ff47cf04000 close(3) = 0 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 G\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1720640, ...}) = 0 mmap(NULL, 3832928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ff47c869000 mprotect(0x7ff47ca08000, 2093056, PROT_NONE) = 0 mmap(0x7ff47cc07000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19e000) = 0x7ff47cc07000 mmap(0x7ff47cc0d000, 15456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ff47cc0d000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47d0f2000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47d0f1000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47d0f0000 arch_prctl(ARCH_SET_FS, 0x7ff47d0f1700) = 0 mprotect(0x7ff47cc07000, 16384, PROT_READ) = 0 mprotect(0x7ff47cf04000, 4096, PROT_READ) = 0 mprotect(0x613000, 4096, PROT_READ) = 0 mprotect(0x7ff47d127000, 4096, PROT_READ) = 0 munmap(0x7ff47d0f3000, 207048) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3 setsockopt(3, SOL_IP, IP_HDRINCL, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_BROADCAST, [1], 4) = 0 setsockopt(3, SOL_SOCKET, SO_SNDBUF, [65535], 4) = 0 brk(0) = 0x615000 brk(0x636000) = 0x636000 sendto(3, "E\0\0(E$\0\0\377\6\0\0\16k\333_\213DE+g\37\221\336E$\0\0-k\10G"..., 40, 0, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("139.68.69.43")}, 16) = 40 open("/dev/tty", O_RDWR|O_NOCTTY|O_NONBLOCK) = 4 writev(4, [{"*** glibc detected *** ", 23}, {"nemesis", 7}, {": ", 2}, {"free(): invalid next size (fast)", 32}, {": 0x", 4}, {"0000000000615010", 16}, {" ***\n", 5}], 7*** glibc detected *** nemesis: free(): invalid next size (fast): 0x0000000000615010 *** ) = 89 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff47d125000 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=207048, ...}) = 0 mmap(NULL, 207048, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7ff47d0bd000 close(5) = 0 open("/usr/lib/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1", O_RDONLY|O_CLOEXEC) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P-\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=88264, ...}) = 0 mmap(NULL, 2184216, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7ff47c653000 mprotect(0x7ff47c668000, 2093056, PROT_NONE) = 0 mmap(0x7ff47c867000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x14000) = 0x7ff47c867000 close(5) = 0 mprotect(0x7ff47c867000, 4096, PROT_READ) = 0 munmap(0x7ff47d0bd000, 207048) = 0 write(4, "======= Backtrace: =========\n", 29======= Backtrace: ========= ) = 29 writev(4, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"+0x", 3}, {"7d3e6", 5}, {")", 1}, {"[0x", 3}, {"7ff47c8e63e6", 12}, {"]\n", 2}], 8/lib64/libc.so.6(+0x7d3e6)[0x7ff47c8e63e6] ) = 43 writev(4, [{"nemesis", 7}, {"[0x", 3}, {"40cab1", 6}, {"]\n", 2}], 4nemesis[0x40cab1] ) = 18 writev(4, [{"nemesis", 7}, {"[0x", 3}, {"4095de", 6}, {"]\n", 2}], 4nemesis[0x4095de] ) = 18 writev(4, [{"nemesis", 7}, {"[0x", 3}, {"40af13", 6}, {"]\n", 2}], 4nemesis[0x40af13] ) = 18 writev(4, [{"nemesis", 7}, {"[0x", 3}, {"401af4", 6}, {"]\n", 2}], 4nemesis[0x401af4] ) = 18 writev(4, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"__libc_start_main", 17}, {"+0x", 3}, {"ed", 2}, {")", 1}, {"[0x", 3}, {"7ff47c88d60d", 12}, {"]\n", 2}], 9/lib64/libc.so.6(__libc_start_main+0xed)[0x7ff47c88d60d] ) = 57 writev(4, [{"nemesis", 7}, {"[0x", 3}, {"401b41", 6}, {"]\n", 2}], 4nemesis[0x401b41] ) = 18 write(4, "======= Memory map: ========\n", 29======= Memory map: ======== ) = 29 open("/proc/self/maps", O_RDONLY) = 5 read(5, "00400000-00414000 r-xp 00000000 "..., 1024) = 1024 write(4, "00400000-00414000 r-xp 00000000 "..., 102400400000-00414000 r-xp 00000000 08:03 474101 /usr/bin/nemesis 00613000-00614000 r--p 00013000 08:03 474101 /usr/bin/nemesis 00614000-00615000 rw-p 00014000 08:03 474101 /usr/bin/nemesis 00615000-00636000 rw-p 00000000 00:00 0 [heap] 7ff47c653000-7ff47c668000 r-xp 00000000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ff47c668000-7ff47c867000 ---p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ff47c867000-7ff47c868000 r--p 00014000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ff47c868000-7ff47c869000 rw-p 00015000 08:03 975570 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7ff47c869000-7ff47ca08000 r-xp 00000000 08:03 565662 /lib64/libc-2.15.so 7ff47ca08000-7ff47cc07000 ---p 0019f000 08:03 565662 ) = 1024 read(5, " /lib64/libc-2.15.so\n7ff47cc0"..., 1024) = 1024 write(4, " /lib64/libc-2.15.so\n7ff47cc0"..., 1024 /lib64/libc-2.15.so 7ff47cc07000-7ff47cc0b000 r--p 0019e000 08:03 565662 /lib64/libc-2.15.so 7ff47cc0b000-7ff47cc0d000 rw-p 001a2000 08:03 565662 /lib64/libc-2.15.so 7ff47cc0d000-7ff47cc11000 rw-p 00000000 00:00 0 7ff47cc11000-7ff47cd05000 r-xp 00000000 08:03 566023 /lib64/libm-2.15.so 7ff47cd05000-7ff47cf04000 ---p 000f4000 08:03 566023 /lib64/libm-2.15.so 7ff47cf04000-7ff47cf05000 r--p 000f3000 08:03 566023 /lib64/libm-2.15.so 7ff47cf05000-7ff47cf06000 rw-p 000f4000 08:03 566023 /lib64/libm-2.15.so 7ff47cf06000-7ff47cf27000 r-xp 00000000 08:03 566101 /lib64/ld-2.15.so 7ff47d0f0000-7ff47d0f3000 rw-p 00000000 00:00 0 7ff47d125000-7ff47d127000 rw-p 00000000 00:00 0 7ff47d127000-7ff47d128000 r--p 00021000 08:03 566101 /lib64/ld-2.15.so 7ff47d128000-7ff47d129000 rw-p 00022000 08:03 566101 /lib64/ld-2.15.so 7ff47d129000-7ff47d12a) = 1024 read(5, "000 rw-p 00000000 00:00 0 \n7fffb"..., 1024) = 272 write(4, "000 rw-p 00000000 00:00 0 \n7fffb"..., 272000 rw-p 00000000 00:00 0 7fffbb6ae000-7fffbb6cf000 rw-p 00000000 00:00 0 [stack] 7fffbb7ff000-7fffbb800000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] ) = 272 read(5, "", 1024) = 0 close(5) = 0 rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0 gettid() = 28074 tgkill(28074, 28074, SIGABRT) = 0 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=28074, si_uid=0} --- +++ killed by SIGABRT +++ [1] 28072 abort strace nemesis tcp
# nemesis tcp -v -y 1494 -S 1.1.1.1 -D 1.2.3.4 TCP Packet Injection -=- The NEMESIS Project Version 1.4 (Build 26) [IP] 1.1.1.1 > 1.2.3.4 [IP ID] 44516 [IP Proto] TCP (6) [IP TTL] 255 [IP TOS] 0x00 [IP Frag offset] 0x0000 [IP Frag flags] [TCP Ports] 25989 > 1494 [TCP Flags] SYN [TCP Urgent Pointer] 0 [TCP Window Size] 4096 [TCP Seq number] 363863173 Wrote 40 byte TCP packet. *** glibc detected *** nemesis: free(): invalid next size (fast): 0x00000000008eb050 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x7d426)[0x7f71f0883426] nemesis[0x40caa1] nemesis[0x4095d0] nemesis[0x40af02] nemesis[0x401af4] /lib64/libc.so.6(__libc_start_main+0xed)[0x7f71f082a60d] nemesis[0x401b41] ======= Memory map: ======== 00400000-00414000 r-xp 00000000 08:03 4498486 /usr/bin/nemesis 00613000-00614000 r--p 00013000 08:03 4498486 /usr/bin/nemesis 00614000-00615000 rw-p 00014000 08:03 4498486 /usr/bin/nemesis 008eb000-0090c000 rw-p 00000000 00:00 0 [heap] 7f71f05f0000-7f71f0605000 r-xp 00000000 08:03 4634680 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f71f0605000-7f71f0804000 ---p 00015000 08:03 4634680 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f71f0804000-7f71f0805000 r--p 00014000 08:03 4634680 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f71f0805000-7f71f0806000 rw-p 00015000 08:03 4634680 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.6.3/libgcc_s.so.1 7f71f0806000-7f71f09a5000 r-xp 00000000 08:03 4500086 /lib64/libc-2.15.so 7f71f09a5000-7f71f0ba4000 ---p 0019f000 08:03 4500086 /lib64/libc-2.15.so 7f71f0ba4000-7f71f0ba8000 r--p 0019e000 08:03 4500086 /lib64/libc-2.15.so 7f71f0ba8000-7f71f0baa000 rw-p 001a2000 08:03 4500086 /lib64/libc-2.15.so 7f71f0baa000-7f71f0bae000 rw-p 00000000 00:00 0 7f71f0bae000-7f71f0ca2000 r-xp 00000000 08:03 4498635 /lib64/libm-2.15.so 7f71f0ca2000-7f71f0ea1000 ---p 000f4000 08:03 4498635 /lib64/libm-2.15.so 7f71f0ea1000-7f71f0ea2000 r--p 000f3000 08:03 4498635 /lib64/libm-2.15.so 7f71f0ea2000-7f71f0ea3000 rw-p 000f4000 08:03 4498635 /lib64/libm-2.15.so 7f71f0ea3000-7f71f0ec4000 r-xp 00000000 08:03 4500076 /lib64/ld-2.15.so 7f71f109c000-7f71f109f000 rw-p 00000000 00:00 0 7f71f10c1000-7f71f10c4000 rw-p 00000000 00:00 0 7f71f10c4000-7f71f10c5000 r--p 00021000 08:03 4500076 /lib64/ld-2.15.so 7f71f10c5000-7f71f10c6000 rw-p 00022000 08:03 4500076 /lib64/ld-2.15.so 7f71f10c6000-7f71f10c7000 rw-p 00000000 00:00 0 7fffda791000-7fffda7b3000 rw-p 00000000 00:00 0 [stack] 7fffda7ff000-7fffda800000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted
/usr/share/doc/libnet-1.0.2a-r5/example/libnet-example-1.c.bz2 runs libnet_destroy_packet after libnet_close_raw_sock, whereas nemesis does it the other way round. I tested this patch but I am not sure it is the correct solution: --- a/src/nemesis-proto_tcp.c +++ b/src/nemesis-proto_tcp.c @@ -148,10 +148,10 @@ printf("Wrote %d byte TCP packet.\n", n); } } - libnet_destroy_packet(&pkt); if (got_link) libnet_close_link_interface(l2); else libnet_close_raw_sock(sockfd); return n; + libnet_destroy_packet(&pkt); }
(In reply to Jeroen Roovers from comment #3) # nemesis tcp -v -y 1494 -S 1.1.1.1 -D 1.2.3.4 TCP Packet Injection -=- The NEMESIS Project Version 1.4 (Build 26) [IP] 1.1.1.1 > 1.2.3.4 [IP ID] 34480 [IP Proto] TCP (6) [IP TTL] 255 [IP TOS] 0x00 [IP Frag offset] 0x0000 [IP Frag flags] [TCP Ports] 4883 > 1494 [TCP Flags] SYN [TCP Urgent Pointer] 0 [TCP Window Size] 4096 [TCP Seq number] 1958351357 Wrote 40 byte TCP packet. TCP Packet Injected
(In reply to Jeroen Roovers from comment #3) > /usr/share/doc/libnet-1.0.2a-r5/example/libnet-example-1.c.bz2 runs > libnet_destroy_packet after libnet_close_raw_sock, whereas nemesis does it > the other way round. I tested this patch but I am not sure it is the correct > solution: > > --- a/src/nemesis-proto_tcp.c > +++ b/src/nemesis-proto_tcp.c > @@ -148,10 +148,10 @@ > printf("Wrote %d byte TCP packet.\n", n); > } > } > - libnet_destroy_packet(&pkt); > if (got_link) > libnet_close_link_interface(l2); > else > libnet_close_raw_sock(sockfd); > return n; > + libnet_destroy_packet(&pkt); > } libnet_destroy_packet should of course go /before/ return n :)
Maybe forget that patch. The nemesis project page ships a libnet-1.02g.zip which is probably key to this problem...
(In reply to Jeroen Roovers from comment #6) > Maybe forget that patch. The nemesis project page ships a libnet-1.02g.zip > which is probably key to this problem... So, maybe we can try to put this version in tree? Or it is some kind of fork?
No one answer for a long time. Can I do something? Maybe tests libnet-1.02g? In any case, I see some trouble to use the nemesis-made libnet in net-libs/libnet; am i wrong?
Arch linux uses https://arch.p5n.pp.ru/~sergej/dl/2016/libnet-1.0.2a.tar.gz (see: https://aur.archlinux.org/packages/nemesis) Does this help?
I don't think we should bundle that old libnet version in nemesis, specially seeing that this looks dead since 2004 and, hence, probably that libnet tarball is so unmaintained as nemesis itself
Was this package forgotten? The package is still in the tree and not masked.
Michael: hum, you're right. jer cleaned it up and unmasked it on 2018-06-21 and forgot to update this bug's status.
