Forwarding a RREQ received message over Ethernet [OMNET++ and INET]

0
votes

I'm in trouble trying to forward a RREQ packet (received over a MANET simulated network) over it's Ethernet interface. What I'm looking for is a way to send said packet (received from an wireless interface) to another host which is directly connected over ethernet.

Let's say I receive a packet from wireless interface in host A, Host A has also an ethernet interface directly connected to host B, I want to forward that packet over the ethernet interface, so that host B receives this packet through it's ethernet interface.

I don't know what function to use in order to do that.

The project I'm working on is a big one, so I'll include code if specifically required as soon as it will be needed in order to answer my question.

EDIT:

So, the final goal is to implement a wormhole attack in MANET networks. In basic words, a wormhole attack involvs two attackers (ATTACKER_A and ATTACKER_B) that are directly connected to each other through an high speed conection, i.e. ethernet. As soon as the neighborhood of ATTACKER_A sends a RREQ, and ATTACKER_A receivs it, it will forward the RREQ to ATTACKER_B through the ethernet instead of simply broadcasting it in the network. When ATTACKER_B receives the RREQ, it will forward the RREQ over the air to it's neighborhood, acting as a normal node in a AODV manet network.

The result is that the neighborhood of ATTACKER_A is tricked to think that the hosts thar are near ATTACKER_B are part of it's own neighborhood, thus creating a wormhole between two distan part of the network.

Really, the theory is not that complicated.

So, this is the network schema wormhole schema

This is the SimpleWormhole.ned

package nesg.netattacks.simulations.SimpleAttackScenarios.SimpleWormholeAttackScenario;

import inet.networklayer.autorouting.ipv4.IPv4NetworkConfigurator;
import inet.world.radio.ChannelControl;

import ned.DatarateChannel;

import nesg.netattacks.nodes.NA_AttackerAdhocHost;
import nesg.netattacks.nodes.NA_AdhocHost;

network SimpleWormhole
{
    @display("bgb=600,477,grey75");
    int test_ivo;

    types:
        channel ethline extends DatarateChannel
        {
            delay = 50ns;
            datarate = 100Mbps;
        }

    submodules:
        nodeA: NA_AdhocHost {
            @display("p=79,310");
        }
        nodeB: NA_AdhocHost {
            @display("p=240,366");
        }
        nodeC: NA_AdhocHost {
            @display("p=380,120");
        }
        nodeD: NA_AdhocHost {
            @display("p=518,159");
        }
        nodeE: NA_AdhocHost {
            @display("p=240,186");
        }
        nodeF: NA_AdhocHost {
            @display("p=380,286");
        } 
        attackerA: NA_AttackerAdhocHost {
            @display("p=165,310");
        }

        attackerB: NA_AttackerAdhocHost {
            @display("p=450,159");
        }
        configurator: IPv4NetworkConfigurator {
            @display("p=80,20");
        }
        channelControl: ChannelControl {
            @display("p=80,70;i=misc/sun");
        }

    connections:
        attackerA.ethg++ <--> eth_ivo: ethline <--> attackerB.ethg++;
}

The NA_ATTACKERADHOCHOST is a ned file that inherits from other ned files in succession, looking back in the inherit chain, i found the first ned file to be NA_NODEBASE who contains some part related to ethernet gates

NA_NODEBASE.ned

package nesg.netattacks.nodes;

import inet.util.PcapRecorder;
import inet.networklayer.ipv4.RoutingTable;
import inet.networklayer.common.InterfaceTable;
import inet.mobility.IMobility;
import inet.linklayer.IWirelessNic;
import inet.linklayer.IWiredNic;
import inet.linklayer.IExternalNic;
import inet.base.NotificationBoard;
import inet.nodes.inet.NetworkLayer;

import nesg.netattacks.hackedmodules.networklayer.NA_NetworkLayer;

module NA_NodeBase
{
    parameters:
        @display("bgb=611,448");
        @node;
        @labels(node,ethernet-node,wireless-node);
        int numExtInterfaces = default(0);
        int numRadios = default(0);               // the number of radios in the router. by default no wireless
        int numPcapRecorders = default(0); // no of PcapRecorders.
        string mobilityType = default("StationaryMobility");
        string routingFile = default("");
        bool IPForward = default(true);
    gates:
        input radioIn[numRadios] @directIn;
        inout pppg[] @labels(PPPFrame-conn);
        inout ethg[] @labels(EtherFrame-conn);
    submodules:
        notificationBoard: NotificationBoard {
            parameters:
                @display("p=53,194");
        }

        // optional mobility module. Required only if wireless cards are present
        mobility: <mobilityType> like IMobility if mobilityType != "" && numRadios > 0 {
            parameters:
                @display("p=53,121");
        }

        //# Hacked module replacing the normal NetworkLayer INET module for attack purposes.
        networkLayer: NA_NetworkLayer {
            parameters:
                @display("p=329,287;q=queue");
        }

        routingTable: RoutingTable {
            parameters:
                @display("p=53,287");
                IPForward = IPForward;
                routingFile = routingFile;
        }

        // linklayer
        interfaceTable: InterfaceTable {
            parameters:
                @display("p=53,386");
        }

        pcapRecorder[numPcapRecorders]: PcapRecorder {
            @display("p=159,259");
        }

        wlan[numRadios]: <default("Ieee80211Nic")> like IWirelessNic {
            parameters:
                @display("p=159,386;q=queue");
        }
        eth[sizeof(ethg)]: <default("EthernetInterface")> like IWiredNic {
            parameters:
                @display("p=282,386,row,90;q=txQueue");
        }
        ppp[sizeof(pppg)]: <default("PPPInterface")> like IWiredNic {
            parameters:
                @display("p=407,386,row,90;q=txQueue");
        }
        ext[numExtInterfaces]: <default("ExtInterface")> like IExternalNic {
            parameters:
                @display("p=547,386,row,90;q=txQueue;i=block/ifcard");
        }

    connections allowunconnected:
        // connections to network outside
        for i=0..sizeof(radioIn)-1 {
            radioIn[i] --> wlan[i].radioIn;
            wlan[i].upperLayerOut --> networkLayer.ifIn++;
            wlan[i].upperLayerIn <-- networkLayer.ifOut++;
        }

        for i=0..sizeof(ethg)-1 {
            ethg[i] <--> eth[i].phys;
            eth[i].upperLayerOut --> networkLayer.ifIn++;
            eth[i].upperLayerIn <-- networkLayer.ifOut++;
        }

        for i=0..sizeof(pppg)-1 {
            pppg[i] <--> ppp[i].phys;
            ppp[i].upperLayerOut --> networkLayer.ifIn++;
            ppp[i].upperLayerIn <-- networkLayer.ifOut++;
        }

        for i=0..numExtInterfaces-1 {
            ext[i].upperLayerOut --> networkLayer.ifIn++;
            ext[i].upperLayerIn <-- networkLayer.ifOut++;
        }
}

Finally, the attacker uses an implementation of the AODV protocol which is the code I need to edit in order to make it work. The code is taken from INET framework.

I searched into all the aodv code in order to find the valuables functions I need to edit in order to implement that wormhole behaviour, and it turned out that I probably need to modify part of this function here

NA_AODV_rreq.cc

void NS_CLASS rreq_process(RREQ * rreq, int rreqlen, struct in_addr ip_src,
                           struct in_addr ip_dst, int ip_ttl,
                           unsigned int ifindex)
{

    -- some code here -- 

    // BEGIN NA_WORMHOLE
    // if wormhole is active print it
    if (wormholeAttackIsActive) {
        LOG << "\n sending rreq forward to other attacker \n";
        //send(rreq, "ethg$o");
        if (!ev.isDisabled())
                ev.printf("ip_src=%s rreq_orig=%s rreq_dest=%s\n",ip_to_str(ip_src),
                          ip_to_str(rreq_orig), ip_to_str(rreq_dest));
        LOG << "\n\nsent\n\n";
        LOG << ip_ttl;
        //return;
    }
    // END NA_WORMHOLE

As you can see, the real problem is that all the code is inside the AODV source file, and cause of the high modularity I'm in trouble looking for the right way to implement that. Also, the lack of documentiation is not helping at all.

1
omnet++inet

1 Answers

1
votes

The send() function is used for sending messages. You can learn more about it from OMNeT++'s manual page.

To use the send() function you need at least two parameters.

  1. The message you want to send.
  2. The interface name through which you want to send it.

In your case the message is the RREQ packet and the the interface is the the Ethernet interface of Host A. Since you have the RREQ packet in hand you only need to figure out the Ethernet interface name. For that you need to check the .ned file of the network which you are simulatiing.

The .ned file will contain some declaration in the format given below.

network Network_Name
{
    parameters:
        ...
    submodules:
        ...
    connections:
        ...
}

This is just an example. But the depending on your simulation model the .ned file may contain more complicated declarations. But you should focus on what is declared under connections:.

Usually under connections: you will find some declarations like.

Host_A.portX <--> Host_B.portY;

Here portX is the interface name you are looking for. Again this is a simple example, the declaration under connections: may contain more than that. So if you are not able to figure out by yourself, you need to upload your connections: section of your .ned file of the network here.

Once you have done that you can use send() like this.

send(RREQ, "portX")

Just make sure portX is declared as an inout or out gate in Host A's .ned file. Otherwise send() won't work. In case portX is declared as an inout gate use portX$o in your send(), this specifies send() to use the output interface of portX.