bridge.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include "common.h"
  22. #include <sys/time.h>
  23. #include <signal.h>
  24. #include <string.h>
  25. #include <netinet/in.h>
  26. #include <time.h>
  27. #include <errno.h>
  28. #include <stdlib.h>
  29. #include "tcpbridge.h"
  30. #include "bridge.h"
  31. #include "tcpedit/tcpedit.h"
  32. extern tcpbridge_opt_t options;
  33. extern tcpreplay_stats_t stats;
  34. #ifdef DEBUG
  35. extern int debug;
  36. #endif
  37. volatile bool didsig;
  38. static int live_callback(struct live_data_t *,
  39. struct pcap_pkthdr *, const u_char *);
  40. static void signal_catcher(int signo);
  41. /**
  42. * First, prep our RB Tree which tracks where each (source)
  43. * MAC really lives so we don't create really nasty network
  44. * storms.
  45. */
  46. static struct macsrc_t *new_node(void);
  47. RB_HEAD(macsrc_tree, macsrc_t) macsrc_root;
  48. static int
  49. rbmacsrc_comp(struct macsrc_t *a, struct macsrc_t *b)
  50. {
  51. return (memcmp(a->key, b->key, ETHER_ADDR_LEN));
  52. }
  53. RB_PROTOTYPE(macsrc_tree, macsrc_t, node, rbmacsrc_comp)
  54. RB_GENERATE(macsrc_tree, macsrc_t, node, rbmacsrc_comp)
  55. /**
  56. * redblack init
  57. */
  58. void
  59. rbinit(void)
  60. {
  61. RB_INIT(&macsrc_root);
  62. }
  63. /**
  64. * create a new node... Malloc's memory
  65. */
  66. struct macsrc_t *
  67. new_node(void)
  68. {
  69. struct macsrc_t *node;
  70. node = (struct macsrc_t *)safe_malloc(sizeof(struct macsrc_t));
  71. memset(node, '\0', sizeof(struct macsrc_t));
  72. return (node);
  73. }
  74. /**
  75. * main loop for bridging in only one direction
  76. * optimized to not use poll(), but rather libpcap's builtin pcap_loop()
  77. */
  78. static void
  79. do_bridge_unidirectional(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  80. {
  81. struct live_data_t livedata;
  82. int retcode;
  83. assert(options);
  84. assert(tcpedit);
  85. livedata.tcpedit = tcpedit;
  86. livedata.source = PCAP_INT1;
  87. livedata.pcap = options->pcap1;
  88. livedata.options = options;
  89. if ((retcode = pcap_loop(options->pcap1, options->limit_send,
  90. (pcap_handler)live_callback, (u_char *) &livedata)) < 0) {
  91. warnx("Error in pcap_loop(): %s", pcap_geterr(options->pcap1));
  92. }
  93. }
  94. /**
  95. * main loop for bridging in both directions. Since we dealing with two handles
  96. * we need to poll() on them which isn't the most efficient
  97. */
  98. static void
  99. do_bridge_bidirectional(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  100. {
  101. struct pollfd polls[2]; /* one for left & right pcap */
  102. int pollresult, pollcount, timeout;
  103. struct live_data_t livedata;
  104. assert(options);
  105. assert(tcpedit);
  106. livedata.tcpedit = tcpedit;
  107. livedata.options = options;
  108. /*
  109. * loop until ctrl-C or we've sent enough packets
  110. * note that if -L wasn't specified, limit_send is
  111. * set to 0 so this will loop infinately
  112. */
  113. while ((options->limit_send == 0) || (options->limit_send > stats.pkts_sent)) {
  114. if (didsig)
  115. break;
  116. dbgx(3, "limit_send: " COUNTER_SPEC " \t pkts_sent: " COUNTER_SPEC,
  117. options->limit_send, stats.pkts_sent);
  118. /* reset the result codes */
  119. polls[PCAP_INT1].revents = 0;
  120. polls[PCAP_INT1].events = POLLIN;
  121. polls[PCAP_INT1].fd = pcap_fileno(options->pcap1);
  122. polls[PCAP_INT2].revents = 0;
  123. polls[PCAP_INT2].events = POLLIN;
  124. polls[PCAP_INT2].fd = pcap_fileno(options->pcap2);
  125. timeout = options->poll_timeout;
  126. pollcount = 2;
  127. /* poll for a packet on the two interfaces */
  128. pollresult = poll(polls, pollcount, timeout);
  129. /* poll has returned, process the result */
  130. if (pollresult > 0) {
  131. dbgx(3, "pollresult: %d", pollresult);
  132. /* success, got one or more packets */
  133. if (polls[PCAP_INT1].revents > 0) {
  134. dbg(5, "Processing first interface");
  135. livedata.source = PCAP_INT1;
  136. livedata.pcap = options->pcap1;
  137. pcap_dispatch(options->pcap1, -1, (pcap_handler) live_callback,
  138. (u_char *) &livedata);
  139. }
  140. /* check the other interface?? */
  141. if (polls[PCAP_INT2].revents > 0) {
  142. dbg(5, "Processing second interface");
  143. livedata.source = PCAP_INT2;
  144. livedata.pcap = options->pcap2;
  145. pcap_dispatch(options->pcap2, -1, (pcap_handler) live_callback,
  146. (u_char *) &livedata);
  147. }
  148. }
  149. else if (pollresult == 0) {
  150. dbg(3, "poll timeout exceeded...");
  151. /* do something here? */
  152. }
  153. else {
  154. /* poll error, probably a Ctrl-C */
  155. warnx("poll() error: %s", strerror(errno));
  156. }
  157. /* go back to the top of the loop */
  158. }
  159. } /* do_bridge_bidirectional() */
  160. /**
  161. * Main entry point to bridging. Does some initial setup and then calls the
  162. * correct loop (unidirectional or bidirectional)
  163. */
  164. void
  165. do_bridge(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  166. {
  167. /* do we apply a bpf filter? */
  168. if (options->bpf.filter != NULL) {
  169. /* compile filter */
  170. dbgx(2, "Try to compile pcap bpf filter: %s", options->bpf.filter);
  171. if (pcap_compile(options->pcap1, &options->bpf.program, options->bpf.filter, options->bpf.optimize, 0) != 0) {
  172. errx(-1, "Error compiling BPF filter: %s", pcap_geterr(options->pcap1));
  173. }
  174. /* apply filter */
  175. pcap_setfilter(options->pcap1, &options->bpf.program);
  176. /* same for other interface if applicable */
  177. if (options->unidir == 0) {
  178. /* compile filter */
  179. dbgx(2, "Try to compile pcap bpf filter: %s", options->bpf.filter);
  180. if (pcap_compile(options->pcap2, &options->bpf.program, options->bpf.filter, options->bpf.optimize, 0) != 0) {
  181. errx(-1, "Error compiling BPF filter: %s", pcap_geterr(options->pcap2));
  182. }
  183. /* apply filter */
  184. pcap_setfilter(options->pcap2, &options->bpf.program);
  185. }
  186. }
  187. /* register signals */
  188. didsig = 0;
  189. (void)signal(SIGINT, signal_catcher);
  190. if (options->unidir == 1) {
  191. do_bridge_unidirectional(options, tcpedit);
  192. } else {
  193. do_bridge_bidirectional(options, tcpedit);
  194. }
  195. if (gettimeofday(&stats.end_time, NULL) < 0)
  196. errx(-1, "gettimeofday() failed: %s", strerror(errno));
  197. packet_stats(&stats);
  198. }
  199. /**
  200. * This is the callback we use with pcap_dispatch to process
  201. * each packet received by libpcap on the two interfaces.
  202. * Need to return > 0 to denote success
  203. */
  204. static int
  205. live_callback(struct live_data_t *livedata, struct pcap_pkthdr *pkthdr,
  206. const u_char * nextpkt)
  207. {
  208. ipv4_hdr_t *ip_hdr = NULL;
  209. ipv6_hdr_t *ip6_hdr = NULL;
  210. pcap_t *send = NULL;
  211. static u_char *pktdata = NULL; /* full packet buffer */
  212. int cache_mode, retcode;
  213. static unsigned long packetnum = 0;
  214. struct macsrc_t *node, finder; /* rb tree nodes */
  215. #ifdef DEBUG
  216. u_char dstmac[ETHER_ADDR_LEN];
  217. #endif
  218. u_int16_t l2proto;
  219. packetnum++;
  220. dbgx(2, "packet %lu caplen %d", packetnum, pkthdr->caplen);
  221. /* only malloc the first time */
  222. if (pktdata == NULL) {
  223. /* create packet buffers */
  224. pktdata = (u_char *)safe_malloc(MAXPACKET);
  225. } else {
  226. /* zero out the old packet info */
  227. memset(pktdata, '\0', MAXPACKET);
  228. }
  229. /* copy the packet to our buffer */
  230. memcpy(pktdata, nextpkt, pkthdr->caplen);
  231. #ifdef ENABLE_VERBOSE
  232. /* decode packet? */
  233. if (livedata->options->verbose)
  234. tcpdump_print(livedata->options->tcpdump, pkthdr, nextpkt);
  235. #endif
  236. /* lookup our source MAC in the tree */
  237. memcpy(&finder.key, &pktdata[ETHER_ADDR_LEN], ETHER_ADDR_LEN);
  238. #ifdef DEBUG
  239. memcpy(&dstmac, pktdata, ETHER_ADDR_LEN);
  240. dbgx(1, "SRC MAC: " MAC_FORMAT "\tDST MAC: " MAC_FORMAT,
  241. MAC_STR(finder.key), MAC_STR(dstmac));
  242. #endif
  243. /* first, is this a packet sent locally? If so, ignore it */
  244. if ((memcmp(livedata->options->intf1_mac, &finder.key, ETHER_ADDR_LEN)) == 0) {
  245. dbgx(1, "Packet matches the MAC of %s, skipping.", livedata->options->intf1);
  246. return (1);
  247. }
  248. else if ((memcmp(livedata->options->intf2_mac, &finder.key, ETHER_ADDR_LEN)) == 0) {
  249. dbgx(1, "Packet matches the MAC of %s, skipping.", livedata->options->intf2);
  250. return (1);
  251. }
  252. node = RB_FIND(macsrc_tree, &macsrc_root, &finder);
  253. /* if we can't find the node, build a new one */
  254. if (node == NULL) {
  255. dbg(1, "Unable to find MAC in the tree");
  256. node = new_node();
  257. node->source = livedata->source;
  258. memcpy(&node->key, &finder.key, ETHER_ADDR_LEN);
  259. RB_INSERT(macsrc_tree, &macsrc_root, node);
  260. }
  261. /* otherwise compare sources */
  262. else if (node->source != livedata->source) {
  263. dbg(1, "Found the dest MAC in the tree and it doesn't match this source NIC... skipping packet");
  264. /*
  265. * IMPORTANT!!!
  266. * Never send a packet out the same interface we sourced it on!
  267. */
  268. return (1);
  269. }
  270. /* what is our cache mode? */
  271. cache_mode = livedata->source == PCAP_INT1 ? TCPR_DIR_C2S : TCPR_DIR_S2C;
  272. l2proto = tcpedit_l3proto(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  273. dbgx(2, "Packet protocol: %04hx", l2proto);
  274. /* should we skip this packet based on CIDR match? */
  275. if (l2proto == ETHERTYPE_IP) {
  276. dbg(3, "Packet is IPv4");
  277. ip_hdr = (ipv4_hdr_t *)tcpedit_l3data(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  278. /* look for include or exclude CIDR match */
  279. if (livedata->options->xX.cidr != NULL) {
  280. if (!ip_hdr ||
  281. !process_xX_by_cidr_ipv4(livedata->options->xX.mode, livedata->options->xX.cidr, ip_hdr)) {
  282. dbg(2, "Skipping IPv4 packet due to CIDR match");
  283. return (1);
  284. }
  285. }
  286. }
  287. else if (l2proto == ETHERTYPE_IP6) {
  288. dbg(3, "Packet is IPv6");
  289. ip6_hdr = (ipv6_hdr_t *)tcpedit_l3data(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  290. /* look for include or exclude CIDR match */
  291. if (livedata->options->xX.cidr != NULL) {
  292. if (!process_xX_by_cidr_ipv6(livedata->options->xX.mode, livedata->options->xX.cidr, ip6_hdr)) {
  293. dbg(2, "Skipping IPv6 packet due to CIDR match");
  294. return (1);
  295. }
  296. }
  297. }
  298. if ((retcode = tcpedit_packet(livedata->tcpedit, &pkthdr, &pktdata, cache_mode)) < 0) {
  299. if (retcode == TCPEDIT_SOFT_ERROR) {
  300. return 1;
  301. } else { /* TCPEDIT_ERROR */
  302. return -1;
  303. }
  304. }
  305. /*
  306. * send packets out the OTHER interface
  307. * and update the dst mac if necessary
  308. */
  309. switch(node->source) {
  310. case PCAP_INT1:
  311. dbgx(2, "Packet source was %s... sending out on %s", livedata->options->intf1,
  312. livedata->options->intf2);
  313. send = livedata->options->pcap2;
  314. break;
  315. case PCAP_INT2:
  316. dbgx(2, "Packet source was %s... sending out on %s", livedata->options->intf2,
  317. livedata->options->intf1);
  318. send = livedata->options->pcap1;
  319. break;
  320. default:
  321. errx(-1, "wtf? our node->source != PCAP_INT1 and != PCAP_INT2: %c",
  322. node->source);
  323. }
  324. /*
  325. * write packet out on the network
  326. */
  327. if (pcap_sendpacket(send, pktdata, pkthdr->caplen) < 0)
  328. errx(-1, "Unable to send packet out %s: %s",
  329. send == livedata->options->pcap1 ? livedata->options->intf1 : livedata->options->intf2, pcap_geterr(send));
  330. stats.bytes_sent += pkthdr->caplen;
  331. stats.pkts_sent++;
  332. dbgx(1, "Sent packet " COUNTER_SPEC, stats.pkts_sent);
  333. return (1);
  334. } /* live_callback() */
  335. static void
  336. signal_catcher(int signo)
  337. {
  338. /* stdio in signal handlers causes a race condition, instead set a flag */
  339. if (signo == SIGINT)
  340. didsig = true;
  341. }