tcpedit.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2022 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include <ctype.h>
  22. #include <fcntl.h>
  23. #include <stdio.h>
  24. #include <stdlib.h>
  25. #include <string.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <stdarg.h>
  29. #include "tcpedit_stub.h"
  30. #include "portmap.h"
  31. #include "common.h"
  32. #include "incremental_checksum.h"
  33. #include "edit_packet.h"
  34. #include "parse_args.h"
  35. #include "fuzzing.h"
  36. #include "rewrite_sequence.h"
  37. #include "lib/sll.h"
  38. #include "dlt.h"
  39. extern tOptDesc *const tcpedit_tcpedit_optDesc_p;
  40. /**
  41. * \brief Checks to see if you should make an edit
  42. *
  43. * Given the packet direction, this lets you know if you should make an edit
  44. *
  45. * packet: C2S & editdir = client == 1
  46. * packet: C2S & editdir = server == 0
  47. * packet: S2C & editdir = client == 0
  48. * packet: S2C & editdir = server == 1
  49. * packet: S2C & editdir = both == 1
  50. * packet: C2S & editdir = both == 1
  51. */
  52. int
  53. tcpedit_checkdir(tcpedit_t *tcpedit, tcpr_dir_t direction)
  54. {
  55. /* Should we edit this packet? */
  56. if ((tcpedit->editdir == TCPEDIT_EDIT_BOTH) ||
  57. (tcpedit->editdir == TCPEDIT_EDIT_C2S && direction == TCPR_DIR_C2S) ||
  58. (tcpedit->editdir == TCPEDIT_EDIT_S2C && direction == TCPR_DIR_S2C)) {
  59. return 1;
  60. }
  61. return 0;
  62. }
  63. /**
  64. * \brief Edit the given packet
  65. *
  66. * Process a given packet and edit the pkthdr/pktdata structures
  67. * according to the rules in tcpedit
  68. * Returns: TCPEDIT_ERROR on error
  69. * TCPEDIT_SOFT_ERROR on remove packet
  70. * 0 on no change
  71. * 1 on change
  72. */
  73. int
  74. tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr,
  75. u_char **pktdata, tcpr_dir_t direction)
  76. {
  77. ipv4_hdr_t *ip_hdr = NULL;
  78. ipv6_hdr_t *ip6_hdr = NULL;
  79. arp_hdr_t *arp_hdr = NULL;
  80. int l2len, l2proto, retval = 0;
  81. int dst_dlt, src_dlt, pktlen, lendiff;
  82. int ipflags = 0, tclass = 0;
  83. int needtorecalc = 0; /* did the packet change? if so, checksum */
  84. u_char *packet;
  85. assert(tcpedit);
  86. assert(pkthdr);
  87. assert(*pkthdr);
  88. assert(pktdata);
  89. assert(*pktdata);
  90. assert(tcpedit->validated);
  91. packet = *pktdata;
  92. tcpedit->runtime.packetnum++;
  93. dbgx(3, "packet " COUNTER_SPEC " caplen %d",
  94. tcpedit->runtime.packetnum, (*pkthdr)->caplen);
  95. /*
  96. * remove the Ethernet FCS (checksum)?
  97. * note that this feature requires the end user to be smart and
  98. * only set this flag IFF the pcap has the FCS. If not, then they
  99. * just removed 2 bytes of ACTUAL PACKET DATA. Sucks to be them.
  100. */
  101. if (tcpedit->efcs > 0 &&(*pkthdr)->len > 4) {
  102. if ((*pkthdr)->caplen == (*pkthdr)->len) {
  103. (*pkthdr)->caplen -= 4;
  104. }
  105. (*pkthdr)->len -= 4;
  106. }
  107. src_dlt = tcpedit_dlt_src(tcpedit->dlt_ctx);
  108. /* not everything has a L3 header, so check for errors. returns proto in network byte order */
  109. if ((l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, src_dlt, packet, (*pkthdr)->caplen)) < 0) {
  110. dbgx(2, "Packet has no L3+ header: %s", tcpedit_geterr(tcpedit));
  111. return TCPEDIT_SOFT_ERROR;
  112. } else {
  113. dbgx(2, "Layer 3 protocol type is: 0x%04x", ntohs(l2proto));
  114. }
  115. /* rewrite Layer 2 */
  116. if ((pktlen = tcpedit_dlt_process(tcpedit->dlt_ctx, pktdata, (*pkthdr)->caplen, direction)) < 0) {
  117. /* unable to edit packet, most likely 802.11 management or data QoS frame */
  118. dbgx(3, "Failed to edit DLT: %s", tcpedit_geterr(tcpedit));
  119. return TCPEDIT_SOFT_ERROR;
  120. }
  121. /* update our packet lengths (real/captured) based on L2 length changes */
  122. lendiff = pktlen - (*pkthdr)->caplen;
  123. (*pkthdr)->caplen += lendiff;
  124. (*pkthdr)->len += lendiff;
  125. dst_dlt = tcpedit_dlt_dst(tcpedit->dlt_ctx);
  126. l2len = tcpedit_dlt_l2len(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  127. if (l2len == -1)
  128. return TCPEDIT_SOFT_ERROR;
  129. dbgx(2, "dst_dlt = %04x\tsrc_dlt = %04x\tproto = %04x\tl2len = %d", dst_dlt, src_dlt, ntohs(l2proto), l2len);
  130. /* does packet have an IP header? if so set our pointer to it */
  131. if (l2proto == htons(ETHERTYPE_IP)) {
  132. u_char *p;
  133. if ((*pkthdr)->caplen < l2len + sizeof(*ip_hdr)) {
  134. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer IP header for DLT 0x%04x",
  135. pktlen, dst_dlt);
  136. return TCPEDIT_SOFT_ERROR;
  137. }
  138. ip_hdr = (ipv4_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  139. if (ip_hdr == NULL)
  140. return TCPEDIT_SOFT_ERROR;
  141. p = get_layer4_v4(ip_hdr, (*pkthdr)->caplen - l2len);
  142. if (!p) {
  143. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer %d byte IP header for DLT 0x%04x",
  144. pktlen, ip_hdr->ip_hl << 2, dst_dlt);
  145. return TCPEDIT_SOFT_ERROR;
  146. }
  147. dbgx(3, "Packet has an IPv4 header: 0x%p...", ip_hdr);
  148. } else if (l2proto == htons(ETHERTYPE_IP6)) {
  149. u_char *p;
  150. if ((*pkthdr)->caplen < l2len + sizeof(*ip6_hdr)) {
  151. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain a layer IPv6 header for DLT 0x%04x",
  152. pktlen, dst_dlt);
  153. return TCPEDIT_SOFT_ERROR;
  154. }
  155. ip6_hdr = (ipv6_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  156. if (ip6_hdr == NULL)
  157. return TCPEDIT_SOFT_ERROR;
  158. p = get_layer4_v6(ip6_hdr, (*pkthdr)->caplen - l2len);
  159. if (!p) {
  160. tcpedit_seterr(tcpedit, "Packet length %d is too short to contain an IPv6 header for DLT 0x%04x",
  161. pktlen, dst_dlt);
  162. return TCPEDIT_SOFT_ERROR;
  163. }
  164. dbgx(3, "Packet has an IPv6 header: 0x%p...", ip6_hdr);
  165. } else {
  166. dbgx(3, "Packet isn't IPv4 or IPv6: 0x%04x", l2proto);
  167. /* non-IP packets have a NULL ip_hdr struct */
  168. ip_hdr = NULL;
  169. ip6_hdr = NULL;
  170. }
  171. /* The following edits only apply for IPv4 */
  172. if (ip_hdr != NULL) {
  173. /* set TOS ? */
  174. if (tcpedit->tos > -1) {
  175. volatile uint16_t oldval = *((uint16_t*)ip_hdr);
  176. volatile uint16_t newval;
  177. ip_hdr->ip_tos = tcpedit->tos;
  178. newval = *((uint16_t*)ip_hdr);
  179. csum_replace2(&ip_hdr->ip_sum, oldval, newval);
  180. }
  181. /* rewrite the TTL */
  182. needtorecalc += rewrite_ipv4_ttl(tcpedit, ip_hdr);
  183. /* rewrite TCP/UDP ports */
  184. if (tcpedit->portmap != NULL) {
  185. if ((retval = rewrite_ipv4_ports(tcpedit, &ip_hdr,
  186. (*pkthdr)->caplen - l2len)) < 0)
  187. return TCPEDIT_ERROR;
  188. needtorecalc += retval;
  189. }
  190. if (tcpedit->tcp_sequence_enable)
  191. rewrite_ipv4_tcp_sequence(tcpedit, &ip_hdr,
  192. (*pkthdr)->caplen - l2len);
  193. }
  194. /* IPv6 edits */
  195. else if (ip6_hdr != NULL) {
  196. /* rewrite the hop limit */
  197. needtorecalc += rewrite_ipv6_hlim(tcpedit, ip6_hdr);
  198. /* set traffic class? */
  199. if (tcpedit->tclass > -1) {
  200. /* calculate the bits */
  201. tclass = tcpedit->tclass << 20;
  202. /* convert our 4 bytes to an int */
  203. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  204. /* strip out the old tclass bits */
  205. ipflags = ntohl(ipflags) & 0xf00fffff;
  206. /* add the tclass bits back */
  207. ipflags += tclass;
  208. ipflags = htonl(ipflags);
  209. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  210. }
  211. /* set the flow label? */
  212. if (tcpedit->flowlabel > -1) {
  213. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  214. ipflags = ntohl(ipflags) & 0xfff00000;
  215. ipflags += tcpedit->flowlabel;
  216. ipflags = htonl(ipflags);
  217. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  218. }
  219. /* rewrite TCP/UDP ports */
  220. if (tcpedit->portmap != NULL) {
  221. if ((retval = rewrite_ipv6_ports(tcpedit, &ip6_hdr,
  222. (*pkthdr)->caplen - l2len)) < 0)
  223. return TCPEDIT_ERROR;
  224. needtorecalc += retval;
  225. }
  226. if (tcpedit->tcp_sequence_enable)
  227. rewrite_ipv6_tcp_sequence(tcpedit, &ip6_hdr, (*pkthdr)->caplen - l2len);
  228. }
  229. if (tcpedit->fuzz_seed != 0) {
  230. retval = fuzzing(tcpedit, *pkthdr, pktdata);
  231. if (retval < 0) {
  232. return TCPEDIT_ERROR;
  233. }
  234. needtorecalc += retval;
  235. }
  236. /* (Un)truncate or MTU truncate packet? */
  237. if (tcpedit->fixlen || tcpedit->mtu_truncate) {
  238. if ((retval = untrunc_packet(tcpedit, *pkthdr, pktdata, ip_hdr, ip6_hdr)) < 0)
  239. return TCPEDIT_ERROR;
  240. needtorecalc += retval;
  241. }
  242. /* rewrite IP addresses in IPv4/IPv6 or ARP */
  243. if (tcpedit->rewrite_ip) {
  244. /* IP packets */
  245. if (ip_hdr != NULL) {
  246. if ((retval = rewrite_ipv4l3(tcpedit, ip_hdr, direction,
  247. (*pkthdr)->caplen - l2len)) < 0)
  248. return TCPEDIT_ERROR;
  249. needtorecalc += retval;
  250. } else if (ip6_hdr != NULL) {
  251. if ((retval = rewrite_ipv6l3(tcpedit, ip6_hdr, direction,
  252. (*pkthdr)->caplen - l2len)) < 0)
  253. return TCPEDIT_ERROR;
  254. needtorecalc += retval;
  255. }
  256. /* ARP packets */
  257. else if (l2proto == htons(ETHERTYPE_ARP)) {
  258. arp_hdr = (arp_hdr_t *)&(packet[l2len]);
  259. /* unlike, rewrite_ipl3, we don't care if the packet changed
  260. * because we never need to recalc the checksums for an ARP
  261. * packet. So ignore the return value
  262. */
  263. if (rewrite_iparp(tcpedit, arp_hdr, direction) < 0)
  264. return TCPEDIT_ERROR;
  265. }
  266. }
  267. /* do we need to spoof the src/dst IP address in IPv4 or ARP? */
  268. if (tcpedit->seed) {
  269. /* IPv4 Packets */
  270. if (ip_hdr != NULL) {
  271. if ((retval = randomize_ipv4(tcpedit, *pkthdr, packet,
  272. ip_hdr, (*pkthdr)->caplen - l2len)) < 0)
  273. return TCPEDIT_ERROR;
  274. needtorecalc += retval;
  275. } else if (ip6_hdr != NULL) {
  276. if ((retval = randomize_ipv6(tcpedit, *pkthdr, packet,
  277. ip6_hdr, (*pkthdr)->caplen - l2len)) < 0)
  278. return TCPEDIT_ERROR;
  279. needtorecalc += retval;
  280. /* ARP packets */
  281. } else if (l2proto == htons(ETHERTYPE_ARP)) {
  282. if (direction == TCPR_DIR_C2S) {
  283. if (randomize_iparp(tcpedit, *pkthdr, packet,
  284. tcpedit->runtime.dlt1, (*pkthdr)->caplen - l2len) < 0)
  285. return TCPEDIT_ERROR;
  286. } else {
  287. if (randomize_iparp(tcpedit, *pkthdr, packet,
  288. tcpedit->runtime.dlt2, (*pkthdr)->caplen - l2len) < 0)
  289. return TCPEDIT_ERROR;
  290. }
  291. }
  292. }
  293. /* do we need to fix checksums? -- must always do this last! */
  294. if ((tcpedit->fixcsum || needtorecalc)) {
  295. if (ip_hdr != NULL) {
  296. dbgx(3, "doing IPv4 checksum: needtorecalc=%d", needtorecalc);
  297. retval = fix_ipv4_checksums(tcpedit, *pkthdr, ip_hdr);
  298. } else if (ip6_hdr != NULL) {
  299. dbgx(3, "doing IPv6 checksum: needtorecalc=%d", needtorecalc);
  300. retval = fix_ipv6_checksums(tcpedit, *pkthdr, ip6_hdr);
  301. } else {
  302. dbgx(3, "checksum not performed: needtorecalc=%d", needtorecalc);
  303. retval = TCPEDIT_OK;
  304. }
  305. if (retval < 0) {
  306. return TCPEDIT_ERROR;
  307. } else if (retval == TCPEDIT_WARN) {
  308. warnx("%s", tcpedit_getwarn(tcpedit));
  309. }
  310. }
  311. tcpedit_dlt_merge_l3data(tcpedit->dlt_ctx,
  312. dst_dlt, packet,
  313. (*pkthdr)->caplen,
  314. (u_char*)ip_hdr,
  315. (u_char*)ip6_hdr);
  316. tcpedit->runtime.total_bytes += (*pkthdr)->caplen;
  317. tcpedit->runtime.pkts_edited ++;
  318. return retval;
  319. }
  320. /**
  321. * initializes the tcpedit library. returns 0 on success, -1 on error.
  322. */
  323. int
  324. tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
  325. {
  326. tcpedit_t *tcpedit;
  327. *tcpedit_ex = safe_malloc(sizeof(tcpedit_t));
  328. tcpedit = *tcpedit_ex;
  329. if ((tcpedit->dlt_ctx = tcpedit_dlt_init(tcpedit, dlt)) == NULL)
  330. return TCPEDIT_ERROR;
  331. tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
  332. tcpedit->fuzz_factor = DEFAULT_FUZZ_FACTOR;
  333. /* disabled by default */
  334. tcpedit->tos = -1;
  335. tcpedit->tclass = -1;
  336. tcpedit->flowlabel = -1;
  337. tcpedit->editdir = TCPEDIT_EDIT_BOTH;
  338. memset(&(tcpedit->runtime), 0, sizeof(tcpedit_runtime_t));
  339. tcpedit->runtime.dlt1 = dlt;
  340. tcpedit->runtime.dlt2 = dlt;
  341. dbgx(1, "Input file (1) datalink type is %s",
  342. pcap_datalink_val_to_name(dlt));
  343. return TCPEDIT_OK;
  344. }
  345. /**
  346. * return the output DLT type
  347. */
  348. int
  349. tcpedit_get_output_dlt(tcpedit_t *tcpedit)
  350. {
  351. assert(tcpedit);
  352. return tcpedit_dlt_output_dlt(tcpedit->dlt_ctx);
  353. }
  354. /**
  355. * \brief tcpedit option validator. Call after tcpedit_init()
  356. *
  357. * Validates that given the current state of tcpedit that the given
  358. * pcap source and destination (based on DLT) can be properly rewritten
  359. * return 0 on success
  360. * return -1 on error
  361. * DO NOT USE!
  362. */
  363. int
  364. tcpedit_validate(tcpedit_t *tcpedit)
  365. {
  366. assert(tcpedit);
  367. tcpedit->validated = 1;
  368. /* we used to do a bunch of things here, but not anymore...
  369. * maybe I should find something to do or just get ride of it
  370. */
  371. return 0;
  372. }
  373. /**
  374. * return the error string when a tcpedit() function returns
  375. * TCPEDIT_ERROR
  376. */
  377. char *
  378. tcpedit_geterr(tcpedit_t *tcpedit)
  379. {
  380. assert(tcpedit);
  381. return tcpedit->runtime.errstr;
  382. }
  383. /**
  384. * \brief Internal function to set the tcpedit error string
  385. *
  386. * Used to set the error string when there is an error, result is retrieved
  387. * using tcpedit_geterr(). You shouldn't ever actually call this, but use
  388. * tcpedit_seterr() which is a macro wrapping this instead.
  389. */
  390. void
  391. __tcpedit_seterr(tcpedit_t *tcpedit, const char *func, const int line, const char *file, const char *fmt, ...)
  392. {
  393. va_list ap;
  394. char errormsg[TCPEDIT_ERRSTR_LEN - 32];
  395. assert(tcpedit);
  396. va_start(ap, fmt);
  397. if (fmt != NULL) {
  398. (void)vsnprintf(errormsg, sizeof(errormsg), fmt, ap);
  399. }
  400. va_end(ap);
  401. snprintf(tcpedit->runtime.errstr, sizeof(tcpedit->runtime.errstr),
  402. "From %s:%s() line %d:\n%s",
  403. file, func, line, errormsg);
  404. }
  405. /**
  406. * return the warning string when a tcpedit() function returns
  407. * TCPEDIT_WARN
  408. */
  409. char *
  410. tcpedit_getwarn(tcpedit_t *tcpedit)
  411. {
  412. assert(tcpedit);
  413. return tcpedit->runtime.warnstr;
  414. }
  415. /**
  416. * used to set the warning string when there is an warning
  417. */
  418. void
  419. tcpedit_setwarn(tcpedit_t *tcpedit, const char *fmt, ...)
  420. {
  421. va_list ap;
  422. assert(tcpedit);
  423. va_start(ap, fmt);
  424. if (fmt != NULL)
  425. (void)vsnprintf(tcpedit->runtime.warnstr,
  426. sizeof(tcpedit->runtime.warnstr), fmt, ap);
  427. va_end(ap);
  428. }
  429. /**
  430. * \brief Checks the given error code and does the right thing
  431. *
  432. * Generic function which checks the TCPEDIT_* error code
  433. * and always returns OK or ERROR. For warnings, prints the
  434. * warning message and returns OK. For any other value, fails with
  435. * an assert.
  436. *
  437. * prefix is a string prepended to the error/warning
  438. */
  439. int
  440. tcpedit_checkerror(tcpedit_t *tcpedit, const int rcode, const char *prefix) {
  441. assert(tcpedit);
  442. switch (rcode) {
  443. case TCPEDIT_OK:
  444. case TCPEDIT_ERROR:
  445. return rcode;
  446. break;
  447. case TCPEDIT_SOFT_ERROR:
  448. if (prefix != NULL) {
  449. fprintf(stderr, "Error %s: %s\n", prefix, tcpedit_geterr(tcpedit));
  450. } else {
  451. fprintf(stderr, "Error: %s\n", tcpedit_geterr(tcpedit));
  452. }
  453. break;
  454. case TCPEDIT_WARN:
  455. if (prefix != NULL) {
  456. fprintf(stderr, "Warning %s: %s\n", prefix, tcpedit_getwarn(tcpedit));
  457. } else {
  458. fprintf(stderr, "Warning: %s\n", tcpedit_getwarn(tcpedit));
  459. }
  460. return TCPEDIT_OK;
  461. break;
  462. default:
  463. assert(0 == 1); /* this should never happen! */
  464. break;
  465. }
  466. return TCPEDIT_ERROR;
  467. }
  468. /**
  469. * \brief Cleans up after ourselves. Return 0 on success.
  470. *
  471. * Clean up after ourselves and free the ptr.
  472. */
  473. int
  474. tcpedit_close(tcpedit_t **tcpedit_ex)
  475. {
  476. assert(*tcpedit_ex);
  477. tcpedit_t *tcpedit;
  478. tcpedit = *tcpedit_ex;
  479. dbgx(1, "tcpedit processed " COUNTER_SPEC " bytes in " COUNTER_SPEC
  480. " packets.", tcpedit->runtime.total_bytes,
  481. tcpedit->runtime.pkts_edited);
  482. /* free if required */
  483. if (tcpedit->dlt_ctx) {
  484. tcpedit_dlt_cleanup(tcpedit->dlt_ctx);
  485. tcpedit->dlt_ctx = NULL;
  486. }
  487. if (tcpedit->cidrmap1) {
  488. destroy_cidr(tcpedit->cidrmap1->from);
  489. tcpedit->cidrmap1->from = NULL;
  490. destroy_cidr(tcpedit->cidrmap1->to);
  491. tcpedit->cidrmap1->to = NULL;
  492. }
  493. if (tcpedit->cidrmap2 && tcpedit->cidrmap2 != tcpedit->cidrmap1) {
  494. destroy_cidr(tcpedit->cidrmap2->from);
  495. tcpedit->cidrmap2->from = NULL;
  496. destroy_cidr(tcpedit->cidrmap2->to);
  497. tcpedit->cidrmap2->to = NULL;
  498. safe_free(tcpedit->cidrmap2);
  499. tcpedit->cidrmap2 = NULL;
  500. }
  501. safe_free(tcpedit->cidrmap1);
  502. tcpedit->cidrmap1 = NULL;
  503. if (tcpedit->srcipmap) {
  504. destroy_cidr(tcpedit->srcipmap->from);
  505. tcpedit->srcipmap->from = NULL;
  506. destroy_cidr(tcpedit->srcipmap->to);
  507. tcpedit->srcipmap->to = NULL;
  508. }
  509. if (tcpedit->dstipmap && tcpedit->dstipmap != tcpedit->srcipmap) {
  510. destroy_cidr(tcpedit->dstipmap->from);
  511. tcpedit->dstipmap->from = NULL;
  512. destroy_cidr(tcpedit->dstipmap->to);
  513. tcpedit->dstipmap->to = NULL;
  514. safe_free(tcpedit->dstipmap);
  515. tcpedit->dstipmap = NULL;
  516. }
  517. safe_free(tcpedit->srcipmap);
  518. tcpedit->srcipmap = NULL;
  519. if (tcpedit->portmap) {
  520. free_portmap(tcpedit->portmap);
  521. tcpedit->portmap = NULL;
  522. }
  523. safe_free(*tcpedit_ex);
  524. *tcpedit_ex = NULL;
  525. return 0;
  526. }
  527. /**
  528. * Return a ptr to the Layer 3 data. Returns TCPEDIT_ERROR on error
  529. */
  530. const u_char *
  531. tcpedit_l3data(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  532. {
  533. u_char *result = NULL;
  534. if (code == BEFORE_PROCESS) {
  535. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  536. } else {
  537. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  538. }
  539. return result;
  540. }
  541. /**
  542. * Returns the layer 3 type, often encoded as the layer2.proto field
  543. */
  544. int
  545. tcpedit_l3proto(tcpedit_t *tcpedit, tcpedit_coder code, const u_char *packet, const int pktlen)
  546. {
  547. int result = 0;
  548. if (code == BEFORE_PROCESS) {
  549. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  550. } else {
  551. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  552. }
  553. return ntohs(result);
  554. }