tcpedit.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2022 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include <ctype.h>
  22. #include <fcntl.h>
  23. #include <stdio.h>
  24. #include <stdlib.h>
  25. #include <string.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <stdarg.h>
  29. #include "tcpedit_stub.h"
  30. #include "portmap.h"
  31. #include "common.h"
  32. #include "incremental_checksum.h"
  33. #include "edit_packet.h"
  34. #include "parse_args.h"
  35. #include "fuzzing.h"
  36. #include "rewrite_sequence.h"
  37. #include "lib/sll.h"
  38. #include "dlt.h"
  39. extern tOptDesc *const tcpedit_tcpedit_optDesc_p;
  40. /**
  41. * \brief Checks to see if you should make an edit
  42. *
  43. * Given the packet direction, this lets you know if you should make an edit
  44. *
  45. * packet: C2S & editdir = client == 1
  46. * packet: C2S & editdir = server == 0
  47. * packet: S2C & editdir = client == 0
  48. * packet: S2C & editdir = server == 1
  49. * packet: S2C & editdir = both == 1
  50. * packet: C2S & editdir = both == 1
  51. */
  52. int
  53. tcpedit_checkdir(tcpedit_t *tcpedit, tcpr_dir_t direction)
  54. {
  55. /* Should we edit this packet? */
  56. if ((tcpedit->editdir == TCPEDIT_EDIT_BOTH) ||
  57. (tcpedit->editdir == TCPEDIT_EDIT_C2S && direction == TCPR_DIR_C2S) ||
  58. (tcpedit->editdir == TCPEDIT_EDIT_S2C && direction == TCPR_DIR_S2C)) {
  59. return 1;
  60. }
  61. return 0;
  62. }
  63. /**
  64. * \brief Edit the given packet
  65. *
  66. * Process a given packet and edit the pkthdr/pktdata structures
  67. * according to the rules in tcpedit
  68. * Returns: TCPEDIT_ERROR on error
  69. * TCPEDIT_SOFT_ERROR on remove packet
  70. * 0 on no change
  71. * 1 on change
  72. */
  73. int
  74. tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr,
  75. u_char **pktdata, tcpr_dir_t direction)
  76. {
  77. bool fuzz_once = tcpedit->fuzz_seed != 0;
  78. ipv4_hdr_t *ip_hdr;
  79. ipv6_hdr_t *ip6_hdr;
  80. arp_hdr_t *arp_hdr;
  81. int l2len, l2proto, retval;
  82. int dst_dlt, src_dlt, pktlen, lendiff;
  83. int ipflags, tclass;
  84. int needtorecalc; /* did the packet change? if so, checksum */
  85. u_char *packet;
  86. assert(tcpedit);
  87. assert(pkthdr);
  88. assert(*pkthdr);
  89. assert(pktdata);
  90. assert(*pktdata);
  91. assert(tcpedit->validated);
  92. packet = *pktdata;
  93. tcpedit->runtime.packetnum++;
  94. dbgx(3, "packet " COUNTER_SPEC " caplen %d",
  95. tcpedit->runtime.packetnum, (*pkthdr)->caplen);
  96. /*
  97. * remove the Ethernet FCS (checksum)?
  98. * note that this feature requires the end user to be smart and
  99. * only set this flag IFF the pcap has the FCS. If not, then they
  100. * just removed 2 bytes of ACTUAL PACKET DATA. Sucks to be them.
  101. */
  102. if (tcpedit->efcs > 0 &&(*pkthdr)->len > 4) {
  103. if ((*pkthdr)->caplen == (*pkthdr)->len) {
  104. (*pkthdr)->caplen -= 4;
  105. }
  106. (*pkthdr)->len -= 4;
  107. }
  108. src_dlt = tcpedit_dlt_src(tcpedit->dlt_ctx);
  109. needtorecalc = 0;
  110. again:
  111. ip_hdr = NULL;
  112. ip6_hdr = NULL;
  113. arp_hdr = NULL;
  114. retval = 0;
  115. ipflags = 0;
  116. tclass = 0;
  117. /* not everything has a L3 header, so check for errors. returns proto in network byte order */
  118. if ((l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, src_dlt, packet, (*pkthdr)->caplen)) < 0) {
  119. dbgx(2, "Packet has no L3+ header: %s", tcpedit_geterr(tcpedit));
  120. return TCPEDIT_SOFT_ERROR;
  121. } else {
  122. dbgx(2, "Layer 3 protocol type is: 0x%04x", ntohs(l2proto));
  123. }
  124. /* rewrite Layer 2 */
  125. if ((pktlen = tcpedit_dlt_process(tcpedit->dlt_ctx, pktdata, (*pkthdr)->caplen, direction)) < 0) {
  126. /* unable to edit packet, most likely 802.11 management or data QoS frame */
  127. dbgx(3, "Failed to edit DLT: %s", tcpedit_geterr(tcpedit));
  128. return TCPEDIT_SOFT_ERROR;
  129. }
  130. /* update our packet lengths (real/captured) based on L2 length changes */
  131. lendiff = pktlen - (*pkthdr)->caplen;
  132. (*pkthdr)->caplen += lendiff;
  133. (*pkthdr)->len += lendiff;
  134. dst_dlt = tcpedit_dlt_dst(tcpedit->dlt_ctx);
  135. l2len = tcpedit_dlt_l2len(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  136. if (l2len == -1)
  137. return TCPEDIT_SOFT_ERROR;
  138. dbgx(2, "dst_dlt = %04x\tsrc_dlt = %04x\tproto = %04x\tl2len = %d", dst_dlt, src_dlt, ntohs(l2proto), l2len);
  139. /* does packet have an IP header? if so set our pointer to it */
  140. if (l2proto == htons(ETHERTYPE_IP)) {
  141. u_char *p;
  142. if ((*pkthdr)->caplen < l2len + sizeof(*ip_hdr)) {
  143. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer IP header for DLT 0x%04x",
  144. pktlen, dst_dlt);
  145. return TCPEDIT_SOFT_ERROR;
  146. }
  147. ip_hdr = (ipv4_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  148. if (ip_hdr == NULL)
  149. return TCPEDIT_SOFT_ERROR;
  150. p = get_layer4_v4(ip_hdr, (u_char*)ip_hdr + (*pkthdr)->caplen - l2len);
  151. if (!p) {
  152. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer %d byte IP header for DLT 0x%04x",
  153. pktlen, ip_hdr->ip_hl << 2, dst_dlt);
  154. return TCPEDIT_SOFT_ERROR;
  155. }
  156. dbgx(3, "Packet has an IPv4 header: 0x%p...", ip_hdr);
  157. } else if (l2proto == htons(ETHERTYPE_IP6)) {
  158. u_char *p;
  159. if ((*pkthdr)->caplen < l2len + sizeof(*ip6_hdr)) {
  160. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer IPv6 header for DLT 0x%04x",
  161. pktlen, dst_dlt);
  162. return TCPEDIT_SOFT_ERROR;
  163. }
  164. ip6_hdr = (ipv6_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  165. if (ip6_hdr == NULL)
  166. return TCPEDIT_SOFT_ERROR;
  167. p = get_layer4_v6(ip6_hdr, (u_char*)ip6_hdr + (*pkthdr)->caplen - l2len);
  168. if (!p) {
  169. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain an IPv6 header for DLT 0x%04x",
  170. pktlen, dst_dlt);
  171. return TCPEDIT_SOFT_ERROR;
  172. }
  173. dbgx(3, "Packet has an IPv6 header: 0x%p...", ip6_hdr);
  174. } else {
  175. dbgx(3, "Packet isn't IPv4 or IPv6: 0x%04x", l2proto);
  176. /* non-IP packets have a NULL ip_hdr struct */
  177. ip_hdr = NULL;
  178. ip6_hdr = NULL;
  179. }
  180. /* The following edits only apply for IPv4 */
  181. if (ip_hdr != NULL) {
  182. /* set TOS ? */
  183. if (tcpedit->tos > -1) {
  184. volatile uint16_t oldval = *((uint16_t*)ip_hdr);
  185. volatile uint16_t newval;
  186. ip_hdr->ip_tos = tcpedit->tos;
  187. newval = *((uint16_t*)ip_hdr);
  188. csum_replace2(&ip_hdr->ip_sum, oldval, newval);
  189. }
  190. /* rewrite the TTL */
  191. needtorecalc += rewrite_ipv4_ttl(tcpedit, ip_hdr);
  192. /* rewrite TCP/UDP ports */
  193. if (tcpedit->portmap != NULL) {
  194. if ((retval = rewrite_ipv4_ports(tcpedit, &ip_hdr,
  195. (*pkthdr)->caplen - l2len)) < 0)
  196. return TCPEDIT_ERROR;
  197. needtorecalc += retval;
  198. }
  199. if (tcpedit->tcp_sequence_enable)
  200. rewrite_ipv4_tcp_sequence(tcpedit, &ip_hdr,
  201. (*pkthdr)->caplen - l2len);
  202. }
  203. /* IPv6 edits */
  204. else if (ip6_hdr != NULL) {
  205. /* rewrite the hop limit */
  206. needtorecalc += rewrite_ipv6_hlim(tcpedit, ip6_hdr);
  207. /* set traffic class? */
  208. if (tcpedit->tclass > -1) {
  209. /* calculate the bits */
  210. tclass = tcpedit->tclass << 20;
  211. /* convert our 4 bytes to an int */
  212. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  213. /* strip out the old tclass bits */
  214. ipflags = ntohl(ipflags) & 0xf00fffff;
  215. /* add the tclass bits back */
  216. ipflags += tclass;
  217. ipflags = htonl(ipflags);
  218. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  219. }
  220. /* set the flow label? */
  221. if (tcpedit->flowlabel > -1) {
  222. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  223. ipflags = ntohl(ipflags) & 0xfff00000;
  224. ipflags += tcpedit->flowlabel;
  225. ipflags = htonl(ipflags);
  226. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  227. }
  228. /* rewrite TCP/UDP ports */
  229. if (tcpedit->portmap != NULL) {
  230. if ((retval = rewrite_ipv6_ports(tcpedit, &ip6_hdr,
  231. (*pkthdr)->caplen - l2len)) < 0)
  232. return TCPEDIT_ERROR;
  233. needtorecalc += retval;
  234. }
  235. if (tcpedit->tcp_sequence_enable)
  236. rewrite_ipv6_tcp_sequence(tcpedit, &ip6_hdr, (*pkthdr)->caplen - l2len);
  237. }
  238. if (fuzz_once) {
  239. fuzz_once = false;
  240. retval = fuzzing(tcpedit, *pkthdr, pktdata);
  241. if (retval < 0) {
  242. return TCPEDIT_ERROR;
  243. }
  244. needtorecalc += retval;
  245. goto again;
  246. }
  247. /* (Un)truncate or MTU truncate packet? */
  248. if (tcpedit->fixlen || tcpedit->mtu_truncate) {
  249. if ((retval = untrunc_packet(tcpedit, *pkthdr, pktdata, ip_hdr, ip6_hdr)) < 0)
  250. return TCPEDIT_ERROR;
  251. needtorecalc += retval;
  252. }
  253. /* rewrite IP addresses in IPv4/IPv6 or ARP */
  254. if (tcpedit->rewrite_ip) {
  255. /* IP packets */
  256. if (ip_hdr != NULL) {
  257. if ((retval = rewrite_ipv4l3(tcpedit, ip_hdr, direction,
  258. (*pkthdr)->caplen - l2len)) < 0)
  259. return TCPEDIT_ERROR;
  260. needtorecalc += retval;
  261. } else if (ip6_hdr != NULL) {
  262. if ((retval = rewrite_ipv6l3(tcpedit, ip6_hdr, direction,
  263. (*pkthdr)->caplen - l2len)) < 0)
  264. return TCPEDIT_ERROR;
  265. needtorecalc += retval;
  266. }
  267. /* ARP packets */
  268. else if (l2proto == htons(ETHERTYPE_ARP)) {
  269. arp_hdr = (arp_hdr_t *)&(packet[l2len]);
  270. /* unlike, rewrite_ipl3, we don't care if the packet changed
  271. * because we never need to recalc the checksums for an ARP
  272. * packet. So ignore the return value
  273. */
  274. if (rewrite_iparp(tcpedit, arp_hdr, direction) < 0)
  275. return TCPEDIT_ERROR;
  276. }
  277. }
  278. /* do we need to spoof the src/dst IP address in IPv4 or ARP? */
  279. if (tcpedit->seed) {
  280. /* IPv4 Packets */
  281. if (ip_hdr != NULL) {
  282. if ((retval = randomize_ipv4(tcpedit, *pkthdr, packet,
  283. ip_hdr, (*pkthdr)->caplen - l2len)) < 0)
  284. return TCPEDIT_ERROR;
  285. needtorecalc += retval;
  286. } else if (ip6_hdr != NULL) {
  287. if ((retval = randomize_ipv6(tcpedit, *pkthdr, packet,
  288. ip6_hdr, (*pkthdr)->caplen - l2len)) < 0)
  289. return TCPEDIT_ERROR;
  290. needtorecalc += retval;
  291. /* ARP packets */
  292. } else if (l2proto == htons(ETHERTYPE_ARP)) {
  293. if (direction == TCPR_DIR_C2S) {
  294. if (randomize_iparp(tcpedit, *pkthdr, packet,
  295. tcpedit->runtime.dlt1, (*pkthdr)->caplen - l2len) < 0)
  296. return TCPEDIT_ERROR;
  297. } else {
  298. if (randomize_iparp(tcpedit, *pkthdr, packet,
  299. tcpedit->runtime.dlt2, (*pkthdr)->caplen - l2len) < 0)
  300. return TCPEDIT_ERROR;
  301. }
  302. }
  303. }
  304. /* ensure IP header length is correct */
  305. if (ip_hdr != NULL) {
  306. needtorecalc |= fix_ipv4_length(*pkthdr, ip_hdr, l2len);
  307. needtorecalc = 1;
  308. } else if (ip6_hdr != NULL) {
  309. needtorecalc |= fix_ipv6_length(*pkthdr, ip6_hdr, l2len);
  310. }
  311. /* do we need to fix checksums? -- must always do this last! */
  312. if ((tcpedit->fixcsum || needtorecalc > 0)) {
  313. if (ip_hdr != NULL) {
  314. dbgx(3, "doing IPv4 checksum: needtorecalc=%d", needtorecalc);
  315. retval = fix_ipv4_checksums(tcpedit, *pkthdr, ip_hdr, l2len);
  316. } else if (ip6_hdr != NULL) {
  317. dbgx(3, "doing IPv6 checksum: needtorecalc=%d", needtorecalc);
  318. retval = fix_ipv6_checksums(tcpedit, *pkthdr, ip6_hdr, l2len);
  319. } else {
  320. dbgx(3, "checksum not performed: needtorecalc=%d", needtorecalc);
  321. retval = TCPEDIT_OK;
  322. }
  323. if (retval < 0) {
  324. return TCPEDIT_ERROR;
  325. } else if (retval == TCPEDIT_WARN) {
  326. warnx("%s", tcpedit_getwarn(tcpedit));
  327. }
  328. }
  329. tcpedit_dlt_merge_l3data(tcpedit->dlt_ctx,
  330. dst_dlt, packet,
  331. (*pkthdr)->caplen,
  332. (u_char*)ip_hdr,
  333. (u_char*)ip6_hdr);
  334. tcpedit->runtime.total_bytes += (*pkthdr)->caplen;
  335. tcpedit->runtime.pkts_edited ++;
  336. return retval;
  337. }
  338. /**
  339. * initializes the tcpedit library. returns 0 on success, -1 on error.
  340. */
  341. int
  342. tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
  343. {
  344. tcpedit_t *tcpedit;
  345. *tcpedit_ex = safe_malloc(sizeof(tcpedit_t));
  346. tcpedit = *tcpedit_ex;
  347. if ((tcpedit->dlt_ctx = tcpedit_dlt_init(tcpedit, dlt)) == NULL)
  348. return TCPEDIT_ERROR;
  349. tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
  350. tcpedit->fuzz_factor = DEFAULT_FUZZ_FACTOR;
  351. /* disabled by default */
  352. tcpedit->tos = -1;
  353. tcpedit->tclass = -1;
  354. tcpedit->flowlabel = -1;
  355. tcpedit->editdir = TCPEDIT_EDIT_BOTH;
  356. memset(&(tcpedit->runtime), 0, sizeof(tcpedit_runtime_t));
  357. tcpedit->runtime.dlt1 = dlt;
  358. tcpedit->runtime.dlt2 = dlt;
  359. dbgx(1, "Input file (1) datalink type is %s",
  360. pcap_datalink_val_to_name(dlt));
  361. #ifdef FORCE_ALIGN
  362. tcpedit->runtime.l3buff = (u_char *)safe_malloc(MAXPACKET);
  363. #endif
  364. return TCPEDIT_OK;
  365. }
  366. /**
  367. * return the output DLT type
  368. */
  369. int
  370. tcpedit_get_output_dlt(tcpedit_t *tcpedit)
  371. {
  372. assert(tcpedit);
  373. return tcpedit_dlt_output_dlt(tcpedit->dlt_ctx);
  374. }
  375. /**
  376. * \brief tcpedit option validator. Call after tcpedit_init()
  377. *
  378. * Validates that given the current state of tcpedit that the given
  379. * pcap source and destination (based on DLT) can be properly rewritten
  380. * return 0 on success
  381. * return -1 on error
  382. * DO NOT USE!
  383. */
  384. int
  385. tcpedit_validate(tcpedit_t *tcpedit)
  386. {
  387. assert(tcpedit);
  388. tcpedit->validated = 1;
  389. /* we used to do a bunch of things here, but not anymore...
  390. * maybe I should find something to do or just get ride of it
  391. */
  392. return 0;
  393. }
  394. /**
  395. * return the error string when a tcpedit() function returns
  396. * TCPEDIT_ERROR
  397. */
  398. char *
  399. tcpedit_geterr(tcpedit_t *tcpedit)
  400. {
  401. assert(tcpedit);
  402. return tcpedit->runtime.errstr;
  403. }
  404. /**
  405. * \brief Internal function to set the tcpedit error string
  406. *
  407. * Used to set the error string when there is an error, result is retrieved
  408. * using tcpedit_geterr(). You shouldn't ever actually call this, but use
  409. * tcpedit_seterr() which is a macro wrapping this instead.
  410. */
  411. void
  412. __tcpedit_seterr(tcpedit_t *tcpedit, const char *func, const int line, const char *file, const char *fmt, ...)
  413. {
  414. va_list ap;
  415. char errormsg[TCPEDIT_ERRSTR_LEN - 32];
  416. assert(tcpedit);
  417. va_start(ap, fmt);
  418. if (fmt != NULL) {
  419. (void)vsnprintf(errormsg, sizeof(errormsg), fmt, ap);
  420. }
  421. va_end(ap);
  422. snprintf(tcpedit->runtime.errstr, sizeof(tcpedit->runtime.errstr),
  423. "From %s:%s() line %d:\n%s",
  424. file, func, line, errormsg);
  425. }
  426. /**
  427. * return the warning string when a tcpedit() function returns
  428. * TCPEDIT_WARN
  429. */
  430. char *
  431. tcpedit_getwarn(tcpedit_t *tcpedit)
  432. {
  433. assert(tcpedit);
  434. return tcpedit->runtime.warnstr;
  435. }
  436. /**
  437. * used to set the warning string when there is an warning
  438. */
  439. void
  440. tcpedit_setwarn(tcpedit_t *tcpedit, const char *fmt, ...)
  441. {
  442. va_list ap;
  443. assert(tcpedit);
  444. va_start(ap, fmt);
  445. if (fmt != NULL)
  446. (void)vsnprintf(tcpedit->runtime.warnstr,
  447. sizeof(tcpedit->runtime.warnstr), fmt, ap);
  448. va_end(ap);
  449. }
  450. /**
  451. * \brief Checks the given error code and does the right thing
  452. *
  453. * Generic function which checks the TCPEDIT_* error code
  454. * and always returns OK or ERROR. For warnings, prints the
  455. * warning message and returns OK. For any other value, fails with
  456. * an assert.
  457. *
  458. * prefix is a string prepended to the error/warning
  459. */
  460. int
  461. tcpedit_checkerror(tcpedit_t *tcpedit, const int rcode, const char *prefix) {
  462. assert(tcpedit);
  463. switch (rcode) {
  464. case TCPEDIT_OK:
  465. case TCPEDIT_ERROR:
  466. return rcode;
  467. break;
  468. case TCPEDIT_SOFT_ERROR:
  469. if (prefix != NULL) {
  470. fprintf(stderr, "Error %s: %s\n", prefix, tcpedit_geterr(tcpedit));
  471. } else {
  472. fprintf(stderr, "Error: %s\n", tcpedit_geterr(tcpedit));
  473. }
  474. break;
  475. case TCPEDIT_WARN:
  476. if (prefix != NULL) {
  477. fprintf(stderr, "Warning %s: %s\n", prefix, tcpedit_getwarn(tcpedit));
  478. } else {
  479. fprintf(stderr, "Warning: %s\n", tcpedit_getwarn(tcpedit));
  480. }
  481. return TCPEDIT_OK;
  482. break;
  483. default:
  484. assert(0 == 1); /* this should never happen! */
  485. break;
  486. }
  487. return TCPEDIT_ERROR;
  488. }
  489. /**
  490. * \brief Cleans up after ourselves. Return 0 on success.
  491. *
  492. * Clean up after ourselves and free the ptr.
  493. */
  494. int
  495. tcpedit_close(tcpedit_t **tcpedit_ex)
  496. {
  497. assert(*tcpedit_ex);
  498. tcpedit_t *tcpedit;
  499. tcpedit = *tcpedit_ex;
  500. dbgx(1, "tcpedit processed " COUNTER_SPEC " bytes in " COUNTER_SPEC
  501. " packets.", tcpedit->runtime.total_bytes,
  502. tcpedit->runtime.pkts_edited);
  503. /* free if required */
  504. if (tcpedit->dlt_ctx) {
  505. tcpedit_dlt_cleanup(tcpedit->dlt_ctx);
  506. tcpedit->dlt_ctx = NULL;
  507. }
  508. if (tcpedit->cidrmap1) {
  509. destroy_cidr(tcpedit->cidrmap1->from);
  510. tcpedit->cidrmap1->from = NULL;
  511. destroy_cidr(tcpedit->cidrmap1->to);
  512. tcpedit->cidrmap1->to = NULL;
  513. }
  514. if (tcpedit->cidrmap2 && tcpedit->cidrmap2 != tcpedit->cidrmap1) {
  515. destroy_cidr(tcpedit->cidrmap2->from);
  516. tcpedit->cidrmap2->from = NULL;
  517. destroy_cidr(tcpedit->cidrmap2->to);
  518. tcpedit->cidrmap2->to = NULL;
  519. safe_free(tcpedit->cidrmap2);
  520. tcpedit->cidrmap2 = NULL;
  521. }
  522. safe_free(tcpedit->cidrmap1);
  523. tcpedit->cidrmap1 = NULL;
  524. if (tcpedit->srcipmap) {
  525. destroy_cidr(tcpedit->srcipmap->from);
  526. tcpedit->srcipmap->from = NULL;
  527. destroy_cidr(tcpedit->srcipmap->to);
  528. tcpedit->srcipmap->to = NULL;
  529. }
  530. if (tcpedit->dstipmap && tcpedit->dstipmap != tcpedit->srcipmap) {
  531. destroy_cidr(tcpedit->dstipmap->from);
  532. tcpedit->dstipmap->from = NULL;
  533. destroy_cidr(tcpedit->dstipmap->to);
  534. tcpedit->dstipmap->to = NULL;
  535. safe_free(tcpedit->dstipmap);
  536. tcpedit->dstipmap = NULL;
  537. }
  538. safe_free(tcpedit->srcipmap);
  539. tcpedit->srcipmap = NULL;
  540. if (tcpedit->portmap) {
  541. free_portmap(tcpedit->portmap);
  542. tcpedit->portmap = NULL;
  543. }
  544. #ifdef FORCE_ALIGN
  545. safe_free(tcpedit->runtime.l3buff);
  546. tcpedit->runtime.l3buff = NULL;
  547. #endif
  548. safe_free(*tcpedit_ex);
  549. *tcpedit_ex = NULL;
  550. return 0;
  551. }
  552. /**
  553. * Return a ptr to the Layer 3 data. Returns TCPEDIT_ERROR on error
  554. */
  555. const u_char *
  556. tcpedit_l3data(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  557. {
  558. u_char *result = NULL;
  559. if (code == BEFORE_PROCESS) {
  560. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  561. } else {
  562. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  563. }
  564. return result;
  565. }
  566. /**
  567. * Returns the layer 3 type, often encoded as the layer2.proto field
  568. */
  569. int
  570. tcpedit_l3proto(tcpedit_t *tcpedit, tcpedit_coder code, const u_char *packet, const int pktlen)
  571. {
  572. int result = 0;
  573. if (code == BEFORE_PROCESS) {
  574. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  575. } else {
  576. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  577. }
  578. return ntohs(result);
  579. }