Design and implementation of a user-extensible network packet generator

The security problems of network equipment are becoming more and more important with the fast development of the Internet. Aiming at the security, stability and protocol consistency of network security equipment, a user extensible network security device testing framework is proposed, and a user extensible network packet generator is designed based on Libnet and Libpcap library. The system uses the extensibility of XML document and metadata-based reflection technology to design a set of extensible protocol template, which is composed of user-defined data and data length to construct a specific network data packet to meet the specific network security equipment testing. The security, stability and protocol consistency of the network security equipment are tested by the test method through the test in the LAN simulation environment to ensure the security of the network equipment and the network environment.


Introduction
Internet services are increasingly rich, online banking, online shopping, mobile office and other increasingly popular, at the same time a growing number of hidden security risks, viruses, worms, and other malicious attacks get endless.IN the actual network environment, network security devices, such as firewall, virtual private network (VPN), intrusion detection system (IDS) and various encryption machines are all essential parts of the network, however, if the network security equipment itself is attacked, it may cause the entire network paralyzed.Therefore, the security of network security equipment is an important guarantee for network system security [1].
During the safety equipment leave factory or security overhaul, the equipment reliability and security of targeted testing is needed.The network packet generator is an important means of network devices permeability tests to find potential safety problems.At the same time, in order to ensure that network security equipment from external virus attacks, the network protocol used in network security equipment is usually opaque, or of protocol customization.Although the traditional network packet generator can send TCP /IP data packets, it cannot meet so many requirements of network security equipment security, stability testing and protocol conformance testing.So this article designed a user-expandable network packet generator for the above problems.The test results show that the network packet generator can not only send TCP /IP packet simulation attacks, but also can send scalable custom protocol packets, in order to ensure the security, stability and protocol consistency of network security devices.

MATEC Web of Conferences 139, 00197 (2017)
The network packet generator, the traffic generator, is a tool for detecting devices in the access network, by generating protocol packets through the network packet generator, the real network environment is simulated and the network equipment is tested for security protocol consistency, equipment reliability and performance stability.At present, there are many commonly used tools to generate IP packets, the mainstream tools are sendip, Nessus and sniffer [3].
Sendip is relatively short and more complete, more suitable for use in daily testing.Sniffer tool is easy to use; you can send any possible data packets.The function of Nessus tool is more comprehensive, but in terms of contract awarding sendip.At present, many users develop the network packet generator with automatic simulation attack function, which can tailor the attack time, quantity and so on for a few attacks.However, these test tools, with single function and limited application scope, can only send fixed-protocol packets.They are powerless for application layer protocol data packets and user-defined protocol packets and cannot make consistency tests for a variety of security device protocol, and the network equipment is not suitable for complex test requirements.Furthermore, most of these tools are based on Socket with the inefficient code, also affected by other tasks, the traffic rate and attack effects produced greatly reduced as well.The use of Libnet library can not only simplify programming, and can directly construct the packet and send it to the network, do not need server/client mode [4].Therefore; this paper designs an extensible the network packet generator based on Libnet open source library on the embedded development board platform.

Introduction to scalability technology
To implement software scalability, techniques used include: Extensible mark-up Language (XML),plug-in, code automatically generated, dynamic compilation, metadata-based reflection technology and so on [5,6],.The extensible network packet generator designed in this paper achieves scalable design by using extensible mark-up language, JAXB technology, and metadata-based reflection techniques.

XML extensible mark-up language
A mark-up language used to mark an electronic file to make it structural; XML (Extensible Mark-up Language) is an extensible mark-up language, a subset of the

Flective technology based on metadata
The basic meaning of Metadata is "data about data".
In the field of software configuration, metadata is defined as an object in the program is not being processed.use the acquired attributes and methods for dynamic scalable development.

Libnet open source library introduction
Libnet is a small interface library implemented by the C language that provides the construction, processing and sending of low-level network packets.The purpose of Libnet's development is to create a simple and unified network programming interface to block the differences in the underlying network programming of different operating systems, allowing programmers to focus on solving key issues [10,11].Based on the reusable and highly portable Libnet library, this paper generates network packets at a constant rate on the embedded development platform to detect the device security, stability and protocol consistency.

Design and implementation of system function
The network packet generator which can be expanded by users using the upper and lower machine running mode, the host computer is responsible for interactive control, the slave computer to achieve the contract Constant rate output is an indicator of the performance of the network packet generator, through the constant rate output algorithm, making the lower machine in accordance with the upper computer to send network packets according to a constant rate.

Scalability design
In order to achieve the universality of custom pro- The network protocol application layer header contains several fields, each field has a different data length, and the application layer protocol is based on the TCP/UDP transport layer protocol, so the custom protocol requires the field name, field length, and the transport layer of the protocol to be marked in the template file.
The custom protocol can specify 1024 to 65535 any port number, but the standard network protocol already specified has a specified port number, for example, the DNS port number is 53 and the HTTP port number is 80, so the source port number and destination port number should be specified in the template file.In addition, the default value of each field also needs to be listed in the template file, and the system will determine the field attribute data type and create a custom protocol POJO class based on the default value.In short, the XML template file is the field specification for each upper layer protocol and the default padding.The attribute field and field description are shown in Table 1:  (3) After constructing, use the function Libnet_write () to send the packet through the network card; (4) Then use the function libnet_destroy () to destroy the applied memory space and initialize the environment.
The specific process design shown in Figure 2:  For the application layer protocol, Libnet only provides some of the protocol head of the construction methods such as DNS, and the use of existing protocol header construction method also limits the scalability of the scaler.In order to meet the scalability of the scaler, this paper chooses the LIBNET_RAW4 primitive socket injection type so that it will be from the network layer to  3:

TCP / IP packet authentication
This network packet generator implements basic contracting capabilities and can simulate network attacks such as Syn Flood, UDP Flood, and Land Attack to detect against network devices.Extensible network packet generator implementation the function of sending TCP/IP packet, the packet interface shown in Figure 4:  4 and Table 5 respectively.6 and Figure 7: Reflective technology is in the program running state, for any class or object; you can know all the attributes and methods of this class, this dynamic access to information and dynamic call object method technology called reflection technology [9].In this paper, through the reflection technology based on the metadata, you can easily access all attributes and methods of the running class or object, and then MATEC Web of Conferences 139, 00197 (2017)

4 . 1
function to ordinary PC and embedded board hardware platform, on which the software part running is developed by JAVA language and C Language correspondingly, the core part are the construction of the scalability of the design of the upper computer and the network protocol development package based on Libnet of the lower computer.The system integrates the general contractor's contracting capabilities with scalable service in a test system, to realize automatic test, multi-function testing and scenario testing, can detect including but not limited to, the IDS, encryption machine and other network security equipment.Functional module design The network packet generator, which can be expanded by user, consists of the upper computer interaction module and the lower computer simulation contract module, (1) The upper computer interaction module includes the subcontract module input sub-module, the interac-tive command set construction and sending sub-module, in which the sub-module can be subdivided into interface definition input and XML definition input, but the interface definition input only can complete the simple TCP / IP contract.The sub-module is the core of the upper computer, mainly to complete the network security equipment online detection structure of the contract command interface display, XML document upload and the corresponding parameter settings.XML document includes network security device custom protocol template document and custom protocol test document, the former document is used to make the system to resolve the agreement corresponding to the POJO class, and the latter document parses the attribute values of the test protocol based on the template class to construct the interactive command set.The interactive command set construction and delivery sub-module is used to convert multiple groups of packet commands into byte stream group, and send it to the lower machine through the upper and lower machine custom communication protocol.(2) Lower machine simulation contract module includes control command set processing sub-module, network packet generation sub-module and constant rate output sub-module.Control command set processing sub-module is mainly for processing the command set sent by the upper computer, including command set split, command recognition and other operations.Network packet generation sub-module is the core of the lower machine, mainly based on TCP/IP network protocol and custom protocol, network data packets are generated, and the data packet function of the specified command is implemented on the base of Libnet library.

Figure 1 .
Figure 1.Custom protocol XML template tree structure model

4 . 3
enumeration of the number of bytes in the protocol header of each protocol field.The sequence of each protocol corresponds to the order in which the order appears.is the field description of extensible protocols, and also the key to stitching scalable protocols.MATEC Web of Conferences 139, 00197 (2017) DOI: 10.1051/matecconf/201713900197 ICMITE 2017 Network packet generation module design The network packet generation sub-module is the core of the lower computer, and it is also one of the core of the whole scalable network packet generator.The generation of network packets mainly uses the functions of the construction data provided by the Libnet open source library.This system not only realizes the function of sending the TCP/IP layer network packet by the ordinary sender, but also realizes the application layer network packet which can be extended to send to user.The specific process of the sub-module is: (1) First, use the function libnet_init () for memory initialization and environment establishment.What is supposed to be noted here is if the command structure provides the content in the underlying protocol header field, parameter injection type use LIBNET_LINK.If the protocol is above the IP layer and the command structure only provides the application layer protocol header.The parameter injection type uses LIBNET_RAW4; (2) Packet structure.The principle is from the upper to the lower, the contract unit network packets can be divided into four categories: the link layer packets (MAC, LLC, the SNAP packets),network layer, data packets (IP,ARP packets/RARP),packet transport layer (ICMP,TCP,UDP packets) and application layer packet packets (custom).The concrete structure is to construct the load first, then construct the upper layer protocol header and the lower layer packet header, then assemble each part into a byte array to complete the structure of the packet.

Figure 2 .
Figure 2.The network data package sub module constructs the packet flowThe table of concrete protocol constructs and protocols as follows:

5 System test results and analysis 5 . 1 Fig 3 .
Fig 3.Testing environment for network security de-

Figure 4 .Figure 5 .
Figure 4.TCP/IP packet sending interface The network packet generator can send any protocol packets in the TCP / IP protocol stack and send the generated packet command for the above figure.The experimental results are shown in Figure5 below:

Figure 6 .
Figure 6.SSL protocol for custom protocol testing

Figure 7 .
Figure 7. SSH protocol for custom protocol testing

Table 2 .
Protocol headers and constructors

Table 3 .
Computer configuration and tools