#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include int main(int argc, char **argv) { int ret, sockfd, tunfd; syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); // socket(AF_PACKET, SOCK_DGRAM|SOCK_NONBLOCK, 0) sockfd = syscall(__NR_socket, 0x11, 0x100000802, 0); if (sockfd < 0) { perror("socket()"); ret = 1; goto exit_end; } memcpy((void*)0x20000240, "/dev/net/tun", 13); tunfd = open((char *)0x20000240, 0); if (tunfd < 0) { perror("open()"); ret = 2; goto exit_sock_close; } memcpy((void*)0x200000c0, "\x69\x67\x62\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x200000d0 = 0x4012; ret = syscall(__NR_ioctl, tunfd, 0x400454ca, 0x200000c0); // TUNSETIFF _IOW('T', 202, int) if (ret < 0) { perror("ioctl(TUNSETIFF)"); ret = 3; goto exit_tun_close; } // TUNSETLINK _IOW('T', 205, int) / 0x30a = 778 = ARPHRD_IPGRE if (argc < 2) ret = syscall(__NR_ioctl, tunfd, 0x400454cd, 0x30a); else ret = syscall(__NR_ioctl, tunfd, 0x400454cd, atoi(argv[1])); if (ret < 0) { perror("ioctl(TUNSETLINK)"); ret = 4; goto exit_tun_close; } memcpy((void*)0x20000040, "\x69\x67\x62\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 16); *(uint16_t*)0x20000050 = 0xa201; ret = syscall(__NR_ioctl, sockfd, 0x8914, 0x20000040); // SIOCSIFFLAGS 0x8914 if (ret < 0) { perror("ioctl(SIOCSIFFLAGS)"); ret = 5; goto exit_tun_close; } printf("done:\n"); system("/usr/sbin/ip -details link show igb0"); exit_tun_close: close(tunfd); exit_sock_close: close(sockfd); exit_end: munmap((void *)0x20000000, 0x1000000); return 0; }