tcpedit.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487
  1. /* $Id: tcpedit.c 2040 2008-05-20 22:37:40Z aturner $ */
  2. /*
  3. * Copyright (c) 2001-2007 Aaron Turner.
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions
  8. * are met:
  9. *
  10. * 1. Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. * 2. Redistributions in binary form must reproduce the above copyright
  13. * notice, this list of conditions and the following disclaimer in the
  14. * documentation and/or other materials provided with the distribution.
  15. * 3. Neither the names of the copyright owners nor the names of its
  16. * contributors may be used to endorse or promote products derived from
  17. * this software without specific prior written permission.
  18. *
  19. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  20. * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  21. * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  22. * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
  23. * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  24. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  25. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  26. * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
  27. * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  28. * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  29. * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  30. */
  31. #include "config.h"
  32. #include "defines.h"
  33. #include <ctype.h>
  34. #include <fcntl.h>
  35. #include <stdio.h>
  36. #include <stdlib.h>
  37. #include <string.h>
  38. #include <sys/types.h>
  39. #include <unistd.h>
  40. #include <stdarg.h>
  41. #include "tcpedit-int.h"
  42. #include "tcpedit_stub.h"
  43. #include "portmap.h"
  44. #include "common.h"
  45. #include "edit_packet.h"
  46. #include "parse_args.h"
  47. #include "plugins/dlt_plugins.h"
  48. #include "lib/sll.h"
  49. #include "dlt.h"
  50. tOptDesc *const tcpedit_tcpedit_optDesc_p;
  51. /**
  52. * \brief Edit the given packet
  53. *
  54. * Processs a given packet and edit the pkthdr/pktdata structures
  55. * according to the rules in tcpedit
  56. * Returns: TCPEDIT_ERROR on error
  57. * TCPEDIT_SOFT_ERROR on remove packet
  58. * 0 on no change
  59. * 1 on change
  60. */
  61. int
  62. tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr,
  63. u_char **pktdata, tcpr_dir_t direction)
  64. {
  65. ipv4_hdr_t *ip_hdr = NULL;
  66. arp_hdr_t *arp_hdr = NULL;
  67. int l2len = 0, l2proto, retval = 0, dlt, pktlen, lendiff;
  68. int needtorecalc = 0; /* did the packet change? if so, checksum */
  69. static u_char *packet = NULL; /* static buffer to hold packet data when padding out */
  70. assert(tcpedit);
  71. assert(pkthdr);
  72. assert(*pkthdr);
  73. assert(pktdata);
  74. assert(*pktdata);
  75. assert(tcpedit->validated);
  76. tcpedit->runtime.packetnum++;
  77. dbgx(2, "packet " COUNTER_SPEC " caplen %d",
  78. tcpedit->runtime.packetnum, (*pkthdr)->caplen);
  79. /*
  80. * copy over our packet data. Necessary because many options like padding or
  81. * adding VLAN tags makes the packet size increase and we'll get segfaults
  82. * later on
  83. */
  84. /* allocate our buffer the first time */
  85. if (packet == NULL)
  86. packet = safe_malloc(MAX_SNAPLEN);
  87. /* and copy over the packet data... */
  88. memcpy(packet, *pktdata, (*pkthdr)->caplen);
  89. *pktdata = packet;
  90. /*
  91. * remove the Ethernet FCS (checksum)?
  92. * note that this feature requires the end user to be smart and
  93. * only set this flag IFF the pcap has the FCS. If not, then they
  94. * just removed 2 bytes of ACTUAL PACKET DATA. Sucks to be them.
  95. */
  96. if (tcpedit->efcs > 0) {
  97. (*pkthdr)->caplen -= 4;
  98. (*pkthdr)->len -= 4;
  99. }
  100. /* rewrite DLT */
  101. if ((pktlen = tcpedit_dlt_process(tcpedit->dlt_ctx, *pktdata, (*pkthdr)->caplen, direction)) == TCPEDIT_ERROR)
  102. errx(1, "%s", tcpedit_geterr(tcpedit));
  103. /* unable to edit packet, most likely 802.11 management frame */
  104. if (pktlen == TCPEDIT_SOFT_ERROR) {
  105. dbgx(1, "%s", tcpedit_geterr(tcpedit));
  106. return TCPEDIT_SOFT_ERROR;
  107. }
  108. /* update our packet lengths (real/captured) based on L2 length changes */
  109. lendiff = pktlen - (*pkthdr)->caplen;
  110. (*pkthdr)->caplen += lendiff;
  111. (*pkthdr)->len += lendiff;
  112. dlt = tcpedit_dlt_dst(tcpedit->dlt_ctx);
  113. l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, dlt, *pktdata, (*pkthdr)->caplen);
  114. l2len = tcpedit_dlt_l2len(tcpedit->dlt_ctx, dlt, *pktdata, (*pkthdr)->caplen);
  115. /* does packet have an IP header? if so set our pointer to it */
  116. if (l2proto == htons(ETHERTYPE_IP)) {
  117. ip_hdr = (ipv4_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dlt, *pktdata, (*pkthdr)->caplen);
  118. if (ip_hdr == NULL) {
  119. return TCPEDIT_ERROR;
  120. }
  121. dbg(3, "Packet has an IPv4 header...");
  122. } else {
  123. dbgx(3, "Packet isn't IPv4: 0x%02x", l2proto);
  124. /* non-IP packets have a NULL ip_hdr struct */
  125. ip_hdr = NULL;
  126. }
  127. /* rewrite the TTL */
  128. needtorecalc += rewrite_ipv4_ttl(tcpedit, ip_hdr);
  129. /* rewrite IP addresses */
  130. if (tcpedit->rewrite_ip) {
  131. /* IP packets */
  132. if (ip_hdr != NULL) {
  133. if ((retval = rewrite_ipv4l3(tcpedit, ip_hdr, direction)) < 0)
  134. return TCPEDIT_ERROR;
  135. needtorecalc += retval;
  136. }
  137. /* ARP packets */
  138. else if (l2proto == htons(ETHERTYPE_ARP)) {
  139. arp_hdr = (arp_hdr_t *)(&(*pktdata)[l2len]);
  140. /* unlike, rewrite_ipl3, we don't care if the packet changed
  141. * because we never need to recalc the checksums for an ARP
  142. * packet. So ignore the return value
  143. */
  144. if (rewrite_iparp(tcpedit, arp_hdr, direction) < 0)
  145. return TCPEDIT_ERROR;
  146. }
  147. }
  148. /* rewrite ports */
  149. if (tcpedit->portmap != NULL && (ip_hdr != NULL)) {
  150. if ((retval = rewrite_ports(tcpedit, &ip_hdr)) < 0)
  151. return TCPEDIT_ERROR;
  152. needtorecalc += retval;
  153. }
  154. /* Untruncate packet? Only for IP packets */
  155. if ((tcpedit->fixlen) && (ip_hdr != NULL)) {
  156. if ((retval = untrunc_packet(tcpedit, *pkthdr, *pktdata, ip_hdr)) < 0)
  157. return TCPEDIT_ERROR;
  158. needtorecalc += retval;
  159. }
  160. /* do we need to spoof the src/dst IP address? */
  161. if (tcpedit->seed) {
  162. if (ip_hdr != NULL) {
  163. if ((retval = randomize_ipv4(tcpedit, *pkthdr, *pktdata,
  164. ip_hdr)) < 0)
  165. return TCPEDIT_ERROR;
  166. needtorecalc += retval;
  167. } else {
  168. if (direction == TCPR_DIR_C2S) {
  169. if (randomize_iparp(tcpedit, *pkthdr, *pktdata,
  170. tcpedit->runtime.dlt1) < 0)
  171. return TCPEDIT_ERROR;
  172. } else {
  173. if (randomize_iparp(tcpedit, *pkthdr, *pktdata,
  174. tcpedit->runtime.dlt2) < 0)
  175. return TCPEDIT_ERROR;
  176. }
  177. }
  178. }
  179. /* do we need to fix checksums? */
  180. if ((tcpedit->fixcsum || needtorecalc) && (ip_hdr != NULL)) {
  181. retval = fix_checksums(tcpedit, *pkthdr, ip_hdr);
  182. if (retval < 0) {
  183. return TCPEDIT_ERROR;
  184. } else if (retval == TCPEDIT_WARN) {
  185. warnx("%s", tcpedit_getwarn(tcpedit));
  186. }
  187. }
  188. tcpedit_dlt_merge_l3data(tcpedit->dlt_ctx, dlt, *pktdata, (*pkthdr)->caplen, (u_char *)ip_hdr);
  189. tcpedit->runtime.total_bytes += (*pkthdr)->caplen;
  190. tcpedit->runtime.pkts_edited ++;
  191. return retval;
  192. }
  193. /**
  194. * initializes the tcpedit library. returns 0 on success, -1 on error.
  195. */
  196. int
  197. tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
  198. {
  199. tcpedit_t *tcpedit;
  200. *tcpedit_ex = safe_malloc(sizeof(tcpedit_t));
  201. tcpedit = *tcpedit_ex;
  202. if ((tcpedit->dlt_ctx = tcpedit_dlt_init(tcpedit, dlt)) == NULL)
  203. return TCPEDIT_ERROR;
  204. tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
  205. memset(&(tcpedit->runtime), 0, sizeof(tcpedit_runtime_t));
  206. tcpedit->runtime.dlt1 = dlt;
  207. tcpedit->runtime.dlt2 = dlt;
  208. dbgx(1, "Input file (1) datalink type is %s\n",
  209. pcap_datalink_val_to_name(dlt));
  210. #ifdef FORCE_ALIGN
  211. tcpedit->runtime.l3buff = (u_char *)safe_malloc(MAXPACKET);
  212. #endif
  213. return TCPEDIT_OK;
  214. }
  215. /**
  216. * return the output DLT type
  217. */
  218. int
  219. tcpedit_get_output_dlt(tcpedit_t *tcpedit)
  220. {
  221. assert(tcpedit);
  222. return tcpedit_dlt_output_dlt(tcpedit->dlt_ctx);
  223. }
  224. /**
  225. * \brief tcpedit option validator. Call after tcpedit_init()
  226. *
  227. * Validates that given the current state of tcpedit that the given
  228. * pcap source and destination (based on DLT) can be properly rewritten
  229. * return 0 on sucess
  230. * return -1 on error
  231. * DO NOT USE!
  232. */
  233. int
  234. tcpedit_validate(tcpedit_t *tcpedit)
  235. {
  236. assert(tcpedit);
  237. tcpedit->validated = 1;
  238. /* we used to do a bunch of things here, but not anymore...
  239. * maybe I should find something to do or just get ride of it
  240. */
  241. return 0;
  242. }
  243. /**
  244. * return the error string when a tcpedit() function returns
  245. * TCPEDIT_ERROR
  246. */
  247. char *
  248. tcpedit_geterr(tcpedit_t *tcpedit)
  249. {
  250. assert(tcpedit);
  251. return tcpedit->runtime.errstr;
  252. }
  253. /**
  254. * \brief Internal function to set the tcpedit error string
  255. *
  256. * Used to set the error string when there is an error, result is retrieved
  257. * using tcpedit_geterr(). You shouldn't ever actually call this, but use
  258. * tcpedit_seterr() which is a macro wrapping this instead.
  259. */
  260. void
  261. __tcpedit_seterr(tcpedit_t *tcpedit, const char *func, const int line, const char *file, const char *fmt, ...)
  262. {
  263. va_list ap;
  264. char errormsg[TCPEDIT_ERRSTR_LEN];
  265. assert(tcpedit);
  266. va_start(ap, fmt);
  267. if (fmt != NULL) {
  268. (void)vsnprintf(errormsg,
  269. (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  270. }
  271. va_end(ap);
  272. snprintf(tcpedit->runtime.errstr, (TCPEDIT_ERRSTR_LEN -1), "From %s:%s() line %d:\n%s",
  273. file, func, line, errormsg);
  274. }
  275. /**
  276. * return the warning string when a tcpedit() function returns
  277. * TCPEDIT_WARN
  278. */
  279. char *
  280. tcpedit_getwarn(tcpedit_t *tcpedit)
  281. {
  282. assert(tcpedit);
  283. return tcpedit->runtime.warnstr;
  284. }
  285. /**
  286. * used to set the warning string when there is an warning
  287. */
  288. void
  289. tcpedit_setwarn(tcpedit_t *tcpedit, const char *fmt, ...)
  290. {
  291. va_list ap;
  292. assert(tcpedit);
  293. va_start(ap, fmt);
  294. if (fmt != NULL) {
  295. dbgx(1, fmt, ap);
  296. (void)vsnprintf(tcpedit->runtime.warnstr,
  297. (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  298. }
  299. va_end(ap);
  300. }
  301. /**
  302. * \brief Checks the given error code and does the right thing
  303. *
  304. * Generic function which checks the TCPEDIT_* error code
  305. * and always returns OK or ERROR. For warnings, prints the
  306. * warning message and returns OK. For any other value, fails with
  307. * an assert.
  308. *
  309. * prefix is a string prepended to the error/warning
  310. */
  311. int
  312. tcpedit_checkerror(tcpedit_t *tcpedit, const int rcode, const char *prefix) {
  313. assert(tcpedit);
  314. switch (rcode) {
  315. case TCPEDIT_OK:
  316. case TCPEDIT_ERROR:
  317. return rcode;
  318. break;
  319. case TCPEDIT_SOFT_ERROR:
  320. if (prefix != NULL) {
  321. fprintf(stderr, "Error %s: %s\n", prefix, tcpedit_geterr(tcpedit));
  322. } else {
  323. fprintf(stderr, "Error: %s\n", tcpedit_geterr(tcpedit));
  324. }
  325. break;
  326. case TCPEDIT_WARN:
  327. if (prefix != NULL) {
  328. fprintf(stderr, "Warning %s: %s\n", prefix, tcpedit_getwarn(tcpedit));
  329. } else {
  330. fprintf(stderr, "Warning: %s\n", tcpedit_getwarn(tcpedit));
  331. }
  332. return TCPEDIT_OK;
  333. break;
  334. default:
  335. assert(0 == 1); /* this should never happen! */
  336. break;
  337. }
  338. return TCPEDIT_ERROR;
  339. }
  340. /**
  341. * \brief Cleans up after ourselves. Return 0 on success.
  342. *
  343. * Clean up after ourselves, but does not actually free the ptr.
  344. */
  345. int
  346. tcpedit_close(tcpedit_t *tcpedit)
  347. {
  348. assert(tcpedit);
  349. dbgx(1, "tcpedit processed " COUNTER_SPEC " bytes in " COUNTER_SPEC
  350. " packets.\n", tcpedit->runtime.total_bytes,
  351. tcpedit->runtime.pkts_edited);
  352. /* free buffer if required */
  353. #ifdef FORCE_ALIGN
  354. safe_free(tcpedit->runtime.l3buff);
  355. #endif
  356. return 0;
  357. }
  358. /**
  359. * Return a ptr to the Layer 3 data. Returns TCPEDIT_ERROR on error
  360. */
  361. const u_char *
  362. tcpedit_l3data(tcpedit_t *tcpedit, tcpedit_coder_t code, u_char *packet, const int pktlen)
  363. {
  364. u_char *result = NULL;
  365. if (code == BEFORE_PROCESS) {
  366. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  367. } else {
  368. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  369. }
  370. return result;
  371. }
  372. /**
  373. * return the length of the layer 2 header. Returns TCPEDIT_ERROR on error
  374. */
  375. int
  376. tcpedit_l2len(tcpedit_t *tcpedit, tcpedit_coder_t code, u_char *packet, const int pktlen)
  377. {
  378. int result = 0;
  379. if (code == BEFORE_PROCESS) {
  380. result = tcpedit_dlt_l2len(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  381. } else {
  382. result = tcpedit_dlt_l2len(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  383. }
  384. return result;
  385. }
  386. /**
  387. * Returns the layer 3 type, often encoded as the layer2.proto field
  388. */
  389. int
  390. tcpedit_l3proto(tcpedit_t *tcpedit, tcpedit_coder_t code, const u_char *packet, const int pktlen)
  391. {
  392. int result = 0;
  393. if (code == BEFORE_PROCESS) {
  394. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  395. } else {
  396. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  397. }
  398. return ntohs(result);
  399. }
  400. /*
  401. u_char *
  402. tcpedit_srcmac(tcpedit_t *tcpedit, tcpedit_coder_t code, u_char *packet, const int pktlen)
  403. {
  404. }
  405. u_char *
  406. tcpedit_dstmac(tcpedit_t *tcpedit, tcpedit_coder_t code, u_char *packet, const int pktlen)
  407. {
  408. }
  409. int
  410. tcpedit_maclen(tcpedit_t *tcpedit, tcpedit_coder_t code)
  411. {
  412. }
  413. */