bridge.c 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include "common.h"
  22. #include <sys/time.h>
  23. #include <signal.h>
  24. #include <string.h>
  25. #include <netinet/in.h>
  26. #include <time.h>
  27. #include <errno.h>
  28. #include <stdlib.h>
  29. #include "tcpbridge.h"
  30. #include "bridge.h"
  31. #include "tcpedit/tcpedit.h"
  32. extern tcpbridge_opt_t options;
  33. extern tcpreplay_stats_t stats;
  34. #ifdef DEBUG
  35. extern int debug;
  36. #endif
  37. volatile bool didsig;
  38. static int live_callback(struct live_data_t *,
  39. struct pcap_pkthdr *, const u_char *);
  40. static void signal_catcher(int signo);
  41. /**
  42. * First, prep our RB Tree which tracks where each (source)
  43. * MAC really lives so we don't create really nasty network
  44. * storms.
  45. */
  46. static struct macsrc_t *new_node(void);
  47. RB_HEAD(macsrc_tree, macsrc_t) macsrc_root;
  48. static int
  49. rbmacsrc_comp(struct macsrc_t *a, struct macsrc_t *b)
  50. {
  51. return (memcmp(a->key, b->key, ETHER_ADDR_LEN));
  52. }
  53. RB_PROTOTYPE(macsrc_tree, macsrc_t, node, rbmacsrc_comp)
  54. RB_GENERATE(macsrc_tree, macsrc_t, node, rbmacsrc_comp)
  55. /**
  56. * redblack init
  57. */
  58. void
  59. rbinit(void)
  60. {
  61. RB_INIT(&macsrc_root);
  62. }
  63. /**
  64. * create a new node... Malloc's memory
  65. */
  66. struct macsrc_t *
  67. new_node(void)
  68. {
  69. struct macsrc_t *node;
  70. node = (struct macsrc_t *)safe_malloc(sizeof(struct macsrc_t));
  71. memset(node, '\0', sizeof(struct macsrc_t));
  72. return (node);
  73. }
  74. /**
  75. * main loop for bridging in only one direction
  76. * optimized to not use poll(), but rather libpcap's builtin pcap_loop()
  77. */
  78. static void
  79. do_bridge_unidirectional(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  80. {
  81. struct live_data_t livedata;
  82. int retcode;
  83. assert(options);
  84. assert(tcpedit);
  85. livedata.tcpedit = tcpedit;
  86. livedata.source = PCAP_INT1;
  87. livedata.pcap = options->pcap1;
  88. livedata.options = options;
  89. if ((retcode = pcap_loop(options->pcap1, options->limit_send,
  90. (pcap_handler)live_callback, (u_char *) &livedata)) < 0) {
  91. warnx("Error in pcap_loop(): %s", pcap_geterr(options->pcap1));
  92. }
  93. }
  94. /**
  95. * main loop for bridging in both directions. Since we dealing with two handles
  96. * we need to poll() on them which isn't the most efficient
  97. */
  98. static void
  99. do_bridge_bidirectional(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  100. {
  101. struct pollfd polls[2]; /* one for left & right pcap */
  102. int pollresult, pollcount, timeout;
  103. struct live_data_t livedata;
  104. assert(options);
  105. assert(tcpedit);
  106. livedata.tcpedit = tcpedit;
  107. livedata.options = options;
  108. /*
  109. * loop until ctrl-C or we've sent enough packets
  110. * note that if -L wasn't specified, limit_send is
  111. * set to 0 so this will loop infinately
  112. */
  113. while ((options->limit_send == 0) || (options->limit_send > stats.pkts_sent)) {
  114. if (didsig)
  115. break;
  116. dbgx(3, "limit_send: " COUNTER_SPEC " \t pkts_sent: " COUNTER_SPEC,
  117. options->limit_send, stats.pkts_sent);
  118. /* reset the result codes */
  119. polls[PCAP_INT1].revents = 0;
  120. polls[PCAP_INT1].events = POLLIN;
  121. polls[PCAP_INT1].fd = pcap_fileno(options->pcap1);
  122. polls[PCAP_INT2].revents = 0;
  123. polls[PCAP_INT2].events = POLLIN;
  124. polls[PCAP_INT2].fd = pcap_fileno(options->pcap2);
  125. timeout = options->poll_timeout;
  126. pollcount = 2;
  127. /* poll for a packet on the two interfaces */
  128. pollresult = poll(polls, pollcount, timeout);
  129. /* poll has returned, process the result */
  130. if (pollresult > 0) {
  131. dbgx(3, "pollresult: %d", pollresult);
  132. /* success, got one or more packets */
  133. if (polls[PCAP_INT1].revents > 0) {
  134. dbg(5, "Processing first interface");
  135. livedata.source = PCAP_INT1;
  136. livedata.pcap = options->pcap1;
  137. pcap_dispatch(options->pcap1, -1, (pcap_handler) live_callback,
  138. (u_char *) &livedata);
  139. }
  140. /* check the other interface?? */
  141. if (polls[PCAP_INT2].revents > 0) {
  142. dbg(5, "Processing second interface");
  143. livedata.source = PCAP_INT2;
  144. livedata.pcap = options->pcap2;
  145. pcap_dispatch(options->pcap2, -1, (pcap_handler) live_callback,
  146. (u_char *) &livedata);
  147. }
  148. }
  149. else if (pollresult == 0) {
  150. dbg(3, "poll timeout exceeded...");
  151. /* do something here? */
  152. }
  153. else {
  154. /* poll error, probably a Ctrl-C */
  155. warnx("poll() error: %s", strerror(errno));
  156. }
  157. /* go back to the top of the loop */
  158. }
  159. } /* do_bridge_bidirectional() */
  160. /**
  161. * Main entry point to bridging. Does some initial setup and then calls the
  162. * correct loop (unidirectional or bidirectional)
  163. */
  164. void
  165. do_bridge(tcpbridge_opt_t *options, tcpedit_t *tcpedit)
  166. {
  167. /* do we apply a bpf filter? */
  168. if (options->bpf.filter != NULL) {
  169. /* compile filter */
  170. dbgx(2, "Try to compile pcap bpf filter: %s", options->bpf.filter);
  171. if (pcap_compile(options->pcap1, &options->bpf.program, options->bpf.filter, options->bpf.optimize, 0) != 0) {
  172. errx(-1, "Error compiling BPF filter: %s", pcap_geterr(options->pcap1));
  173. }
  174. /* apply filter */
  175. pcap_setfilter(options->pcap1, &options->bpf.program);
  176. pcap_freecode(&options->bpf.program);
  177. /* same for other interface if applicable */
  178. if (options->unidir == 0) {
  179. /* compile filter */
  180. dbgx(2, "Try to compile pcap bpf filter: %s", options->bpf.filter);
  181. if (pcap_compile(options->pcap2, &options->bpf.program, options->bpf.filter, options->bpf.optimize, 0) != 0) {
  182. errx(-1, "Error compiling BPF filter: %s", pcap_geterr(options->pcap2));
  183. }
  184. /* apply filter */
  185. pcap_setfilter(options->pcap2, &options->bpf.program);
  186. pcap_freecode(&options->bpf.program);
  187. }
  188. }
  189. /* register signals */
  190. didsig = 0;
  191. (void)signal(SIGINT, signal_catcher);
  192. if (options->unidir == 1) {
  193. do_bridge_unidirectional(options, tcpedit);
  194. } else {
  195. do_bridge_bidirectional(options, tcpedit);
  196. }
  197. if (gettimeofday(&stats.end_time, NULL) < 0)
  198. errx(-1, "gettimeofday() failed: %s", strerror(errno));
  199. packet_stats(&stats);
  200. }
  201. /**
  202. * This is the callback we use with pcap_dispatch to process
  203. * each packet received by libpcap on the two interfaces.
  204. * Need to return > 0 to denote success
  205. */
  206. static int
  207. live_callback(struct live_data_t *livedata, struct pcap_pkthdr *pkthdr,
  208. const u_char * nextpkt)
  209. {
  210. ipv4_hdr_t *ip_hdr = NULL;
  211. ipv6_hdr_t *ip6_hdr = NULL;
  212. pcap_t *send = NULL;
  213. static u_char *pktdata = NULL; /* full packet buffer */
  214. int cache_mode, retcode;
  215. static unsigned long packetnum = 0;
  216. struct macsrc_t *node, finder; /* rb tree nodes */
  217. #ifdef DEBUG
  218. u_char dstmac[ETHER_ADDR_LEN];
  219. #endif
  220. u_int16_t l2proto;
  221. packetnum++;
  222. dbgx(2, "packet %lu caplen %d", packetnum, pkthdr->caplen);
  223. /* only malloc the first time */
  224. if (pktdata == NULL) {
  225. /* create packet buffers */
  226. pktdata = (u_char *)safe_malloc(MAXPACKET);
  227. } else {
  228. /* zero out the old packet info */
  229. memset(pktdata, '\0', MAXPACKET);
  230. }
  231. /* copy the packet to our buffer */
  232. memcpy(pktdata, nextpkt, pkthdr->caplen);
  233. #ifdef ENABLE_VERBOSE
  234. /* decode packet? */
  235. if (livedata->options->verbose)
  236. tcpdump_print(livedata->options->tcpdump, pkthdr, nextpkt);
  237. #endif
  238. /* lookup our source MAC in the tree */
  239. memcpy(&finder.key, &pktdata[ETHER_ADDR_LEN], ETHER_ADDR_LEN);
  240. #ifdef DEBUG
  241. memcpy(&dstmac, pktdata, ETHER_ADDR_LEN);
  242. dbgx(1, "SRC MAC: " MAC_FORMAT "\tDST MAC: " MAC_FORMAT,
  243. MAC_STR(finder.key), MAC_STR(dstmac));
  244. #endif
  245. /* first, is this a packet sent locally? If so, ignore it */
  246. if ((memcmp(livedata->options->intf1_mac, &finder.key, ETHER_ADDR_LEN)) == 0) {
  247. dbgx(1, "Packet matches the MAC of %s, skipping.", livedata->options->intf1);
  248. return (1);
  249. }
  250. else if ((memcmp(livedata->options->intf2_mac, &finder.key, ETHER_ADDR_LEN)) == 0) {
  251. dbgx(1, "Packet matches the MAC of %s, skipping.", livedata->options->intf2);
  252. return (1);
  253. }
  254. node = RB_FIND(macsrc_tree, &macsrc_root, &finder);
  255. /* if we can't find the node, build a new one */
  256. if (node == NULL) {
  257. dbg(1, "Unable to find MAC in the tree");
  258. node = new_node();
  259. node->source = livedata->source;
  260. memcpy(&node->key, &finder.key, ETHER_ADDR_LEN);
  261. RB_INSERT(macsrc_tree, &macsrc_root, node);
  262. }
  263. /* otherwise compare sources */
  264. else if (node->source != livedata->source) {
  265. dbg(1, "Found the dest MAC in the tree and it doesn't match this source NIC... skipping packet");
  266. /*
  267. * IMPORTANT!!!
  268. * Never send a packet out the same interface we sourced it on!
  269. */
  270. return (1);
  271. }
  272. /* what is our cache mode? */
  273. cache_mode = livedata->source == PCAP_INT1 ? TCPR_DIR_C2S : TCPR_DIR_S2C;
  274. l2proto = tcpedit_l3proto(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  275. dbgx(2, "Packet protocol: %04hx", l2proto);
  276. /* should we skip this packet based on CIDR match? */
  277. if (l2proto == ETHERTYPE_IP) {
  278. dbg(3, "Packet is IPv4");
  279. ip_hdr = (ipv4_hdr_t *)tcpedit_l3data(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  280. /* look for include or exclude CIDR match */
  281. if (livedata->options->xX.cidr != NULL) {
  282. if (!ip_hdr ||
  283. !process_xX_by_cidr_ipv4(livedata->options->xX.mode, livedata->options->xX.cidr, ip_hdr)) {
  284. dbg(2, "Skipping IPv4 packet due to CIDR match");
  285. return (1);
  286. }
  287. }
  288. }
  289. else if (l2proto == ETHERTYPE_IP6) {
  290. dbg(3, "Packet is IPv6");
  291. ip6_hdr = (ipv6_hdr_t *)tcpedit_l3data(livedata->tcpedit, BEFORE_PROCESS, pktdata, pkthdr->len);
  292. /* look for include or exclude CIDR match */
  293. if (livedata->options->xX.cidr != NULL) {
  294. if (!process_xX_by_cidr_ipv6(livedata->options->xX.mode, livedata->options->xX.cidr, ip6_hdr)) {
  295. dbg(2, "Skipping IPv6 packet due to CIDR match");
  296. return (1);
  297. }
  298. }
  299. }
  300. if ((retcode = tcpedit_packet(livedata->tcpedit, &pkthdr, &pktdata, cache_mode)) < 0) {
  301. if (retcode == TCPEDIT_SOFT_ERROR) {
  302. return 1;
  303. } else { /* TCPEDIT_ERROR */
  304. return -1;
  305. }
  306. }
  307. /*
  308. * send packets out the OTHER interface
  309. * and update the dst mac if necessary
  310. */
  311. switch(node->source) {
  312. case PCAP_INT1:
  313. dbgx(2, "Packet source was %s... sending out on %s", livedata->options->intf1,
  314. livedata->options->intf2);
  315. send = livedata->options->pcap2;
  316. break;
  317. case PCAP_INT2:
  318. dbgx(2, "Packet source was %s... sending out on %s", livedata->options->intf2,
  319. livedata->options->intf1);
  320. send = livedata->options->pcap1;
  321. break;
  322. default:
  323. errx(-1, "wtf? our node->source != PCAP_INT1 and != PCAP_INT2: %c",
  324. node->source);
  325. }
  326. /*
  327. * write packet out on the network
  328. */
  329. if (pcap_sendpacket(send, pktdata, pkthdr->caplen) < 0)
  330. errx(-1, "Unable to send packet out %s: %s",
  331. send == livedata->options->pcap1 ? livedata->options->intf1 : livedata->options->intf2, pcap_geterr(send));
  332. stats.bytes_sent += pkthdr->caplen;
  333. stats.pkts_sent++;
  334. dbgx(1, "Sent packet " COUNTER_SPEC, stats.pkts_sent);
  335. return (1);
  336. } /* live_callback() */
  337. static void
  338. signal_catcher(int signo)
  339. {
  340. /* stdio in signal handlers causes a race condition, instead set a flag */
  341. if (signo == SIGINT)
  342. didsig = true;
  343. }