tcpedit.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2017 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include <ctype.h>
  22. #include <fcntl.h>
  23. #include <stdio.h>
  24. #include <stdlib.h>
  25. #include <string.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <stdarg.h>
  29. #include "tcpedit_stub.h"
  30. #include "portmap.h"
  31. #include "common.h"
  32. #include "incremental_checksum.h"
  33. #include "edit_packet.h"
  34. #include "parse_args.h"
  35. #include "fuzzing.h"
  36. #include "lib/sll.h"
  37. #include "dlt.h"
  38. tOptDesc *const tcpedit_tcpedit_optDesc_p;
  39. /**
  40. * \brief Checks to see if you should make an edit
  41. *
  42. * Given the packet direction, this lets you know if you should make an edit
  43. *
  44. * packet: C2S & editdir = client == 1
  45. * packet: C2S & editdir = server == 0
  46. * packet: S2C & editdir = client == 0
  47. * packet: S2C & editdir = server == 1
  48. * packet: S2C & editdir = both == 1
  49. * packet: C2S & editdir = both == 1
  50. */
  51. int
  52. tcpedit_checkdir(tcpedit_t *tcpedit, tcpr_dir_t direction)
  53. {
  54. /* Should we edit this packet? */
  55. if ((tcpedit->editdir == TCPEDIT_EDIT_BOTH) ||
  56. (tcpedit->editdir == TCPEDIT_EDIT_C2S && direction == TCPR_DIR_C2S) ||
  57. (tcpedit->editdir == TCPEDIT_EDIT_S2C && direction == TCPR_DIR_S2C)) {
  58. return 1;
  59. }
  60. return 0;
  61. }
  62. /**
  63. * \brief Edit the given packet
  64. *
  65. * Processs a given packet and edit the pkthdr/pktdata structures
  66. * according to the rules in tcpedit
  67. * Returns: TCPEDIT_ERROR on error
  68. * TCPEDIT_SOFT_ERROR on remove packet
  69. * 0 on no change
  70. * 1 on change
  71. */
  72. int
  73. tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr,
  74. u_char **pktdata, tcpr_dir_t direction)
  75. {
  76. ipv4_hdr_t *ip_hdr = NULL;
  77. ipv6_hdr_t *ip6_hdr = NULL;
  78. arp_hdr_t *arp_hdr = NULL;
  79. int l2len = 0, l2proto, retval = 0, dst_dlt, src_dlt, pktlen, lendiff;
  80. int ipflags = 0, tclass = 0;
  81. int needtorecalc = 0; /* did the packet change? if so, checksum */
  82. u_char *packet = *pktdata;
  83. assert(tcpedit);
  84. assert(pkthdr);
  85. assert(*pkthdr);
  86. assert(pktdata);
  87. assert(packet);
  88. assert(tcpedit->validated);
  89. tcpedit->runtime.packetnum++;
  90. dbgx(3, "packet " COUNTER_SPEC " caplen %d",
  91. tcpedit->runtime.packetnum, (*pkthdr)->caplen);
  92. /*
  93. * remove the Ethernet FCS (checksum)?
  94. * note that this feature requires the end user to be smart and
  95. * only set this flag IFF the pcap has the FCS. If not, then they
  96. * just removed 2 bytes of ACTUAL PACKET DATA. Sucks to be them.
  97. */
  98. if (tcpedit->efcs > 0) {
  99. (*pkthdr)->caplen -= 4;
  100. (*pkthdr)->len -= 4;
  101. }
  102. src_dlt = tcpedit_dlt_src(tcpedit->dlt_ctx);
  103. /* not everything has a L3 header, so check for errors. returns proto in network byte order */
  104. if ((l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, src_dlt, packet, (*pkthdr)->caplen)) < 0) {
  105. dbg(2, "Packet has no L3+ header");
  106. } else {
  107. dbgx(2, "Layer 3 protocol type is: 0x%04x", ntohs(l2proto));
  108. }
  109. /* rewrite Layer 2 */
  110. if ((pktlen = tcpedit_dlt_process(tcpedit->dlt_ctx, pktdata, (*pkthdr)->caplen, direction)) == TCPEDIT_ERROR)
  111. errx(-1, "%s", tcpedit_geterr(tcpedit));
  112. /* unable to edit packet, most likely 802.11 management or data QoS frame */
  113. if (pktlen == TCPEDIT_SOFT_ERROR) {
  114. dbgx(3, "%s", tcpedit_geterr(tcpedit));
  115. return TCPEDIT_SOFT_ERROR;
  116. }
  117. /* update our packet lengths (real/captured) based on L2 length changes */
  118. lendiff = pktlen - (*pkthdr)->caplen;
  119. (*pkthdr)->caplen += lendiff;
  120. (*pkthdr)->len += lendiff;
  121. dst_dlt = tcpedit_dlt_dst(tcpedit->dlt_ctx);
  122. l2len = tcpedit_dlt_l2len(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  123. dbgx(2, "dst_dlt = %04x\tsrc_dlt = %04x\tproto = %04x\tl2len = %d", dst_dlt, src_dlt, ntohs(l2proto), l2len);
  124. /* does packet have an IP header? if so set our pointer to it */
  125. if (l2proto == htons(ETHERTYPE_IP)) {
  126. ip_hdr = (ipv4_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  127. if (ip_hdr == NULL) {
  128. return TCPEDIT_ERROR;
  129. }
  130. dbgx(3, "Packet has an IPv4 header: %p...", ip_hdr);
  131. } else if (l2proto == htons(ETHERTYPE_IP6)) {
  132. ip6_hdr = (ipv6_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  133. if (ip6_hdr == NULL) {
  134. return TCPEDIT_ERROR;
  135. }
  136. dbgx(3, "Packet has an IPv6 header: %p...", ip6_hdr);
  137. } else {
  138. dbgx(3, "Packet isn't IPv4 or IPv6: 0x%04x", l2proto);
  139. /* non-IP packets have a NULL ip_hdr struct */
  140. ip_hdr = NULL;
  141. }
  142. /* The following edits only apply for IPv4 */
  143. if (ip_hdr != NULL) {
  144. /* set TOS ? */
  145. if (tcpedit->tos > -1) {
  146. uint16_t newval, oldval = *((uint16_t*)ip_hdr);
  147. ip_hdr->ip_tos = tcpedit->tos;
  148. newval = *((uint16_t*)ip_hdr);
  149. csum_replace2(&ip_hdr->ip_sum, oldval, newval);
  150. }
  151. /* rewrite the TTL */
  152. rewrite_ipv4_ttl(tcpedit, ip_hdr);
  153. /* rewrite TCP/UDP ports */
  154. if (tcpedit->portmap != NULL) {
  155. if ((retval = rewrite_ipv4_ports(tcpedit, &ip_hdr)) < 0)
  156. return TCPEDIT_ERROR;
  157. }
  158. }
  159. /* IPv6 edits */
  160. else if (ip6_hdr != NULL) {
  161. /* rewrite the hop limit */
  162. rewrite_ipv6_hlim(tcpedit, ip6_hdr);
  163. /* set traffic class? */
  164. if (tcpedit->tclass > -1) {
  165. /* calculate the bits */
  166. tclass = tcpedit->tclass << 20;
  167. /* convert our 4 bytes to an int */
  168. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  169. /* strip out the old tclass bits */
  170. ipflags = ntohl(ipflags) & 0xf00fffff;
  171. /* add the tclass bits back */
  172. ipflags += tclass;
  173. ipflags = htonl(ipflags);
  174. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  175. }
  176. /* set the flow label? */
  177. if (tcpedit->flowlabel > -1) {
  178. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  179. ipflags = ntohl(ipflags) & 0xfff00000;
  180. ipflags += tcpedit->flowlabel;
  181. ipflags = htonl(ipflags);
  182. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  183. }
  184. /* rewrite TCP/UDP ports */
  185. if (tcpedit->portmap != NULL) {
  186. if ((retval = rewrite_ipv6_ports(tcpedit, &ip6_hdr)) < 0)
  187. return TCPEDIT_ERROR;
  188. }
  189. }
  190. if (tcpedit->fuzz_seed != 0) {
  191. retval = fuzzing(tcpedit, *pkthdr, pktdata);
  192. if (retval < 0) {
  193. return TCPEDIT_ERROR;
  194. }
  195. needtorecalc += retval;
  196. }
  197. /* (Un)truncate or MTU truncate packet? */
  198. if (tcpedit->fixlen || tcpedit->mtu_truncate) {
  199. if ((retval = untrunc_packet(tcpedit, *pkthdr, pktdata, ip_hdr, ip6_hdr)) < 0)
  200. return TCPEDIT_ERROR;
  201. needtorecalc += retval;
  202. }
  203. /* rewrite IP addresses in IPv4/IPv6 or ARP */
  204. if (tcpedit->rewrite_ip) {
  205. /* IP packets */
  206. if (ip_hdr != NULL) {
  207. if ((retval = rewrite_ipv4l3(tcpedit, ip_hdr, direction)) < 0)
  208. return TCPEDIT_ERROR;
  209. } else if (ip6_hdr != NULL) {
  210. if ((retval = rewrite_ipv6l3(tcpedit, ip6_hdr, direction)) < 0)
  211. return TCPEDIT_ERROR;
  212. }
  213. /* ARP packets */
  214. else if (l2proto == htons(ETHERTYPE_ARP)) {
  215. arp_hdr = (arp_hdr_t *)&(packet[l2len]);
  216. /* unlike, rewrite_ipl3, we don't care if the packet changed
  217. * because we never need to recalc the checksums for an ARP
  218. * packet. So ignore the return value
  219. */
  220. if (rewrite_iparp(tcpedit, arp_hdr, direction) < 0)
  221. return TCPEDIT_ERROR;
  222. }
  223. }
  224. /* do we need to spoof the src/dst IP address in IPv4 or ARP? */
  225. if (tcpedit->seed) {
  226. /* IPv4 Packets */
  227. if (ip_hdr != NULL) {
  228. if ((retval = randomize_ipv4(tcpedit, *pkthdr, packet,
  229. ip_hdr)) < 0)
  230. return TCPEDIT_ERROR;
  231. } else if (ip6_hdr != NULL) {
  232. if ((retval = randomize_ipv6(tcpedit, *pkthdr, packet,
  233. ip6_hdr)) < 0)
  234. return TCPEDIT_ERROR;
  235. /* ARP packets */
  236. } else if (l2proto == htons(ETHERTYPE_ARP)) {
  237. if (direction == TCPR_DIR_C2S) {
  238. if (randomize_iparp(tcpedit, *pkthdr, packet,
  239. tcpedit->runtime.dlt1) < 0)
  240. return TCPEDIT_ERROR;
  241. } else {
  242. if (randomize_iparp(tcpedit, *pkthdr, packet,
  243. tcpedit->runtime.dlt2) < 0)
  244. return TCPEDIT_ERROR;
  245. }
  246. }
  247. }
  248. /* do we need to fix checksums? -- must always do this last! */
  249. if ((tcpedit->fixcsum || needtorecalc)) {
  250. if (ip_hdr != NULL) {
  251. dbgx(3, "doing IPv4 checksum: needtorecalc=%d", needtorecalc);
  252. retval = fix_ipv4_checksums(tcpedit, *pkthdr, ip_hdr);
  253. } else if (ip6_hdr != NULL) {
  254. dbgx(3, "doing IPv6 checksum: needtorecalc=%d", needtorecalc);
  255. retval = fix_ipv6_checksums(tcpedit, *pkthdr, ip6_hdr);
  256. } else {
  257. dbgx(3, "checksum not performed: needtorecalc=%d", needtorecalc);
  258. retval = TCPEDIT_OK;
  259. }
  260. if (retval < 0) {
  261. return TCPEDIT_ERROR;
  262. } else if (retval == TCPEDIT_WARN) {
  263. dbgx(3, "%s", tcpedit_getwarn(tcpedit));
  264. }
  265. }
  266. tcpedit_dlt_merge_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen, (u_char *)ip_hdr);
  267. tcpedit->runtime.total_bytes += (*pkthdr)->caplen;
  268. tcpedit->runtime.pkts_edited ++;
  269. return retval;
  270. }
  271. /**
  272. * initializes the tcpedit library. returns 0 on success, -1 on error.
  273. */
  274. int
  275. tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
  276. {
  277. tcpedit_t *tcpedit;
  278. *tcpedit_ex = safe_malloc(sizeof(tcpedit_t));
  279. tcpedit = *tcpedit_ex;
  280. if ((tcpedit->dlt_ctx = tcpedit_dlt_init(tcpedit, dlt)) == NULL)
  281. return TCPEDIT_ERROR;
  282. tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
  283. tcpedit->fuzz_factor = DEFAULT_FUZZ_FACTOR;
  284. /* disabled by default */
  285. tcpedit->tos = -1;
  286. tcpedit->tclass = -1;
  287. tcpedit->flowlabel = -1;
  288. tcpedit->editdir = TCPEDIT_EDIT_BOTH;
  289. memset(&(tcpedit->runtime), 0, sizeof(tcpedit_runtime_t));
  290. tcpedit->runtime.dlt1 = dlt;
  291. tcpedit->runtime.dlt2 = dlt;
  292. dbgx(1, "Input file (1) datalink type is %s",
  293. pcap_datalink_val_to_name(dlt));
  294. #ifdef FORCE_ALIGN
  295. tcpedit->runtime.l3buff = (u_char *)safe_malloc(MAXPACKET);
  296. #endif
  297. return TCPEDIT_OK;
  298. }
  299. /**
  300. * return the output DLT type
  301. */
  302. int
  303. tcpedit_get_output_dlt(tcpedit_t *tcpedit)
  304. {
  305. assert(tcpedit);
  306. return tcpedit_dlt_output_dlt(tcpedit->dlt_ctx);
  307. }
  308. /**
  309. * \brief tcpedit option validator. Call after tcpedit_init()
  310. *
  311. * Validates that given the current state of tcpedit that the given
  312. * pcap source and destination (based on DLT) can be properly rewritten
  313. * return 0 on sucess
  314. * return -1 on error
  315. * DO NOT USE!
  316. */
  317. int
  318. tcpedit_validate(tcpedit_t *tcpedit)
  319. {
  320. assert(tcpedit);
  321. tcpedit->validated = 1;
  322. /* we used to do a bunch of things here, but not anymore...
  323. * maybe I should find something to do or just get ride of it
  324. */
  325. return 0;
  326. }
  327. /**
  328. * return the error string when a tcpedit() function returns
  329. * TCPEDIT_ERROR
  330. */
  331. char *
  332. tcpedit_geterr(tcpedit_t *tcpedit)
  333. {
  334. assert(tcpedit);
  335. return tcpedit->runtime.errstr;
  336. }
  337. /**
  338. * \brief Internal function to set the tcpedit error string
  339. *
  340. * Used to set the error string when there is an error, result is retrieved
  341. * using tcpedit_geterr(). You shouldn't ever actually call this, but use
  342. * tcpedit_seterr() which is a macro wrapping this instead.
  343. */
  344. void
  345. __tcpedit_seterr(tcpedit_t *tcpedit, const char *func, const int line, const char *file, const char *fmt, ...)
  346. {
  347. va_list ap;
  348. char errormsg[TCPEDIT_ERRSTR_LEN];
  349. assert(tcpedit);
  350. va_start(ap, fmt);
  351. if (fmt != NULL) {
  352. (void)vsnprintf(errormsg,
  353. (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  354. }
  355. va_end(ap);
  356. snprintf(tcpedit->runtime.errstr, (TCPEDIT_ERRSTR_LEN -1), "From %s:%s() line %d:\n%s",
  357. file, func, line, errormsg);
  358. }
  359. /**
  360. * return the warning string when a tcpedit() function returns
  361. * TCPEDIT_WARN
  362. */
  363. char *
  364. tcpedit_getwarn(tcpedit_t *tcpedit)
  365. {
  366. assert(tcpedit);
  367. return tcpedit->runtime.warnstr;
  368. }
  369. /**
  370. * used to set the warning string when there is an warning
  371. */
  372. void
  373. tcpedit_setwarn(tcpedit_t *tcpedit, const char *fmt, ...)
  374. {
  375. va_list ap;
  376. assert(tcpedit);
  377. va_start(ap, fmt);
  378. if (fmt != NULL)
  379. (void)vsnprintf(tcpedit->runtime.warnstr, (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  380. va_end(ap);
  381. }
  382. /**
  383. * \brief Checks the given error code and does the right thing
  384. *
  385. * Generic function which checks the TCPEDIT_* error code
  386. * and always returns OK or ERROR. For warnings, prints the
  387. * warning message and returns OK. For any other value, fails with
  388. * an assert.
  389. *
  390. * prefix is a string prepended to the error/warning
  391. */
  392. int
  393. tcpedit_checkerror(tcpedit_t *tcpedit, const int rcode, const char *prefix) {
  394. assert(tcpedit);
  395. switch (rcode) {
  396. case TCPEDIT_OK:
  397. case TCPEDIT_ERROR:
  398. return rcode;
  399. break;
  400. case TCPEDIT_SOFT_ERROR:
  401. if (prefix != NULL) {
  402. fprintf(stderr, "Error %s: %s\n", prefix, tcpedit_geterr(tcpedit));
  403. } else {
  404. fprintf(stderr, "Error: %s\n", tcpedit_geterr(tcpedit));
  405. }
  406. break;
  407. case TCPEDIT_WARN:
  408. if (prefix != NULL) {
  409. fprintf(stderr, "Warning %s: %s\n", prefix, tcpedit_getwarn(tcpedit));
  410. } else {
  411. fprintf(stderr, "Warning: %s\n", tcpedit_getwarn(tcpedit));
  412. }
  413. return TCPEDIT_OK;
  414. break;
  415. default:
  416. assert(0 == 1); /* this should never happen! */
  417. break;
  418. }
  419. return TCPEDIT_ERROR;
  420. }
  421. /**
  422. * \brief Cleans up after ourselves. Return 0 on success.
  423. *
  424. * Clean up after ourselves, but does not actually free the ptr.
  425. */
  426. int
  427. tcpedit_close(tcpedit_t *tcpedit)
  428. {
  429. assert(tcpedit);
  430. dbgx(1, "tcpedit processed " COUNTER_SPEC " bytes in " COUNTER_SPEC
  431. " packets.", tcpedit->runtime.total_bytes,
  432. tcpedit->runtime.pkts_edited);
  433. /* free buffer if required */
  434. #ifdef FORCE_ALIGN
  435. safe_free(tcpedit->runtime.l3buff);
  436. #endif
  437. return 0;
  438. }
  439. /**
  440. * Return a ptr to the Layer 3 data. Returns TCPEDIT_ERROR on error
  441. */
  442. const u_char *
  443. tcpedit_l3data(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  444. {
  445. u_char *result = NULL;
  446. if (code == BEFORE_PROCESS) {
  447. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  448. } else {
  449. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  450. }
  451. return result;
  452. }
  453. /**
  454. * return the length of the layer 2 header. Returns TCPEDIT_ERROR on error
  455. */
  456. int
  457. tcpedit_l2len(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  458. {
  459. int result = 0;
  460. if (code == BEFORE_PROCESS) {
  461. result = tcpedit_dlt_l2len(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  462. } else {
  463. result = tcpedit_dlt_l2len(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  464. }
  465. return result;
  466. }
  467. /**
  468. * Returns the layer 3 type, often encoded as the layer2.proto field
  469. */
  470. int
  471. tcpedit_l3proto(tcpedit_t *tcpedit, tcpedit_coder code, const u_char *packet, const int pktlen)
  472. {
  473. int result = 0;
  474. if (code == BEFORE_PROCESS) {
  475. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  476. } else {
  477. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  478. }
  479. return ntohs(result);
  480. }
  481. /*
  482. u_char *
  483. tcpedit_srcmac(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  484. {
  485. }
  486. u_char *
  487. tcpedit_dstmac(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  488. {
  489. }
  490. int
  491. tcpedit_maclen(tcpedit_t *tcpedit, tcpedit_coder code)
  492. {
  493. }
  494. */