tcpedit.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610
  1. /* $Id$ */
  2. /*
  3. * Copyright (c) 2001-2010 Aaron Turner <aturner at synfin dot net>
  4. * Copyright (c) 2013-2018 Fred Klassen <tcpreplay at appneta dot com> - AppNeta
  5. *
  6. * The Tcpreplay Suite of tools is free software: you can redistribute it
  7. * and/or modify it under the terms of the GNU General Public License as
  8. * published by the Free Software Foundation, either version 3 of the
  9. * License, or with the authors permission any later version.
  10. *
  11. * The Tcpreplay Suite is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU General Public License
  17. * along with the Tcpreplay Suite. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. #include "config.h"
  20. #include "defines.h"
  21. #include <ctype.h>
  22. #include <fcntl.h>
  23. #include <stdio.h>
  24. #include <stdlib.h>
  25. #include <string.h>
  26. #include <sys/types.h>
  27. #include <unistd.h>
  28. #include <stdarg.h>
  29. #include "tcpedit_stub.h"
  30. #include "portmap.h"
  31. #include "common.h"
  32. #include "incremental_checksum.h"
  33. #include "edit_packet.h"
  34. #include "parse_args.h"
  35. #include "fuzzing.h"
  36. #include "rewrite_sequence.h"
  37. #include "lib/sll.h"
  38. #include "dlt.h"
  39. extern tOptDesc *const tcpedit_tcpedit_optDesc_p;
  40. /**
  41. * \brief Checks to see if you should make an edit
  42. *
  43. * Given the packet direction, this lets you know if you should make an edit
  44. *
  45. * packet: C2S & editdir = client == 1
  46. * packet: C2S & editdir = server == 0
  47. * packet: S2C & editdir = client == 0
  48. * packet: S2C & editdir = server == 1
  49. * packet: S2C & editdir = both == 1
  50. * packet: C2S & editdir = both == 1
  51. */
  52. int
  53. tcpedit_checkdir(tcpedit_t *tcpedit, tcpr_dir_t direction)
  54. {
  55. /* Should we edit this packet? */
  56. if ((tcpedit->editdir == TCPEDIT_EDIT_BOTH) ||
  57. (tcpedit->editdir == TCPEDIT_EDIT_C2S && direction == TCPR_DIR_C2S) ||
  58. (tcpedit->editdir == TCPEDIT_EDIT_S2C && direction == TCPR_DIR_S2C)) {
  59. return 1;
  60. }
  61. return 0;
  62. }
  63. /**
  64. * \brief Edit the given packet
  65. *
  66. * Process a given packet and edit the pkthdr/pktdata structures
  67. * according to the rules in tcpedit
  68. * Returns: TCPEDIT_ERROR on error
  69. * TCPEDIT_SOFT_ERROR on remove packet
  70. * 0 on no change
  71. * 1 on change
  72. */
  73. int
  74. tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr,
  75. u_char **pktdata, tcpr_dir_t direction)
  76. {
  77. ipv4_hdr_t *ip_hdr = NULL;
  78. ipv6_hdr_t *ip6_hdr = NULL;
  79. arp_hdr_t *arp_hdr = NULL;
  80. int l2len, l2proto, retval = 0;
  81. int dst_dlt, src_dlt, pktlen, lendiff;
  82. int ipflags = 0, tclass = 0;
  83. int needtorecalc = 0; /* did the packet change? if so, checksum */
  84. u_char *packet;
  85. assert(tcpedit);
  86. assert(pkthdr);
  87. assert(*pkthdr);
  88. assert(pktdata);
  89. assert(*pktdata);
  90. assert(tcpedit->validated);
  91. packet = *pktdata;
  92. tcpedit->runtime.packetnum++;
  93. dbgx(3, "packet " COUNTER_SPEC " caplen %d",
  94. tcpedit->runtime.packetnum, (*pkthdr)->caplen);
  95. /*
  96. * remove the Ethernet FCS (checksum)?
  97. * note that this feature requires the end user to be smart and
  98. * only set this flag IFF the pcap has the FCS. If not, then they
  99. * just removed 2 bytes of ACTUAL PACKET DATA. Sucks to be them.
  100. */
  101. if (tcpedit->efcs > 0 &&(*pkthdr)->len > 4) {
  102. if ((*pkthdr)->caplen == (*pkthdr)->len) {
  103. (*pkthdr)->caplen -= 4;
  104. }
  105. (*pkthdr)->len -= 4;
  106. }
  107. src_dlt = tcpedit_dlt_src(tcpedit->dlt_ctx);
  108. /* not everything has a L3 header, so check for errors. returns proto in network byte order */
  109. if ((l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, src_dlt, packet, (*pkthdr)->caplen)) < 0) {
  110. dbg(2, "Packet has no L3+ header");
  111. } else {
  112. dbgx(2, "Layer 3 protocol type is: 0x%04x", ntohs(l2proto));
  113. }
  114. /* rewrite Layer 2 */
  115. if ((pktlen = tcpedit_dlt_process(tcpedit->dlt_ctx, pktdata, (*pkthdr)->caplen, direction)) == TCPEDIT_ERROR)
  116. errx(-1, "%s", tcpedit_geterr(tcpedit));
  117. /* unable to edit packet, most likely 802.11 management or data QoS frame */
  118. if (pktlen == TCPEDIT_SOFT_ERROR) {
  119. dbgx(3, "%s", tcpedit_geterr(tcpedit));
  120. return TCPEDIT_SOFT_ERROR;
  121. }
  122. /* update our packet lengths (real/captured) based on L2 length changes */
  123. lendiff = pktlen - (*pkthdr)->caplen;
  124. (*pkthdr)->caplen += lendiff;
  125. (*pkthdr)->len += lendiff;
  126. dst_dlt = tcpedit_dlt_dst(tcpedit->dlt_ctx);
  127. l2len = tcpedit_dlt_l2len(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  128. if (l2len == -1)
  129. return TCPEDIT_ERROR;
  130. dbgx(2, "dst_dlt = %04x\tsrc_dlt = %04x\tproto = %04x\tl2len = %d", dst_dlt, src_dlt, ntohs(l2proto), l2len);
  131. /* does packet have an IP header? if so set our pointer to it */
  132. if (l2proto == htons(ETHERTYPE_IP)) {
  133. u_char *p;
  134. if ((*pkthdr)->caplen < l2len + sizeof(*ip_hdr)) {
  135. tcpedit_seterr(tcpedit, "Packet length %d is to short to contain a layer IP header for DLT 0x%04x",
  136. pktlen, dst_dlt);
  137. return TCPEDIT_ERROR;
  138. }
  139. ip_hdr = (ipv4_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  140. if (ip_hdr == NULL)
  141. return TCPEDIT_ERROR;
  142. p = get_layer4_v4(ip_hdr, (*pkthdr)->caplen - l2len);
  143. if (!p) {
  144. tcpedit_seterr(tcpedit, "Packet length %d is to short to contain a layer %d byte IP header for DLT 0x%04x",
  145. pktlen, ip_hdr->ip_hl << 2, dst_dlt);
  146. return TCPEDIT_ERROR;
  147. }
  148. dbgx(3, "Packet has an IPv4 header: 0x%p...", ip_hdr);
  149. } else if (l2proto == htons(ETHERTYPE_IP6)) {
  150. u_char *p;
  151. if ((*pkthdr)->caplen < l2len + sizeof(*ip6_hdr)) {
  152. tcpedit_seterr(tcpedit, "Packet length %d is to short to contain a layer IPv6 header for DLT 0x%04x",
  153. pktlen, dst_dlt);
  154. return TCPEDIT_ERROR;
  155. }
  156. ip6_hdr = (ipv6_hdr_t *)tcpedit_dlt_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen);
  157. if (ip6_hdr == NULL)
  158. return TCPEDIT_ERROR;
  159. p = get_layer4_v6(ip6_hdr, (*pkthdr)->caplen - l2len);
  160. if (!p) {
  161. tcpedit_seterr(tcpedit, "Packet length %d is to short to contain an IPv6 header for DLT 0x%04x",
  162. pktlen, dst_dlt);
  163. return TCPEDIT_ERROR;
  164. }
  165. dbgx(3, "Packet has an IPv6 header: 0x%p...", ip6_hdr);
  166. } else {
  167. dbgx(3, "Packet isn't IPv4 or IPv6: 0x%04x", l2proto);
  168. /* non-IP packets have a NULL ip_hdr struct */
  169. ip_hdr = NULL;
  170. ip6_hdr = NULL;
  171. }
  172. /* The following edits only apply for IPv4 */
  173. if (ip_hdr != NULL) {
  174. /* set TOS ? */
  175. if (tcpedit->tos > -1) {
  176. volatile uint16_t oldval = *((uint16_t*)ip_hdr);
  177. volatile uint16_t newval;
  178. ip_hdr->ip_tos = tcpedit->tos;
  179. newval = *((uint16_t*)ip_hdr);
  180. csum_replace2(&ip_hdr->ip_sum, oldval, newval);
  181. }
  182. /* rewrite the TTL */
  183. rewrite_ipv4_ttl(tcpedit, ip_hdr);
  184. /* rewrite TCP/UDP ports */
  185. if (tcpedit->portmap != NULL) {
  186. if ((retval = rewrite_ipv4_ports(tcpedit, &ip_hdr,
  187. (*pkthdr)->caplen - l2len)) < 0)
  188. return TCPEDIT_ERROR;
  189. }
  190. if (tcpedit->tcp_sequence_enable)
  191. rewrite_ipv4_tcp_sequence(tcpedit, &ip_hdr,
  192. (*pkthdr)->caplen - l2len);
  193. }
  194. /* IPv6 edits */
  195. else if (ip6_hdr != NULL) {
  196. /* rewrite the hop limit */
  197. rewrite_ipv6_hlim(tcpedit, ip6_hdr);
  198. /* set traffic class? */
  199. if (tcpedit->tclass > -1) {
  200. /* calculate the bits */
  201. tclass = tcpedit->tclass << 20;
  202. /* convert our 4 bytes to an int */
  203. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  204. /* strip out the old tclass bits */
  205. ipflags = ntohl(ipflags) & 0xf00fffff;
  206. /* add the tclass bits back */
  207. ipflags += tclass;
  208. ipflags = htonl(ipflags);
  209. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  210. }
  211. /* set the flow label? */
  212. if (tcpedit->flowlabel > -1) {
  213. memcpy(&ipflags, &ip6_hdr->ip_flags, 4);
  214. ipflags = ntohl(ipflags) & 0xfff00000;
  215. ipflags += tcpedit->flowlabel;
  216. ipflags = htonl(ipflags);
  217. memcpy(&ip6_hdr->ip_flags, &ipflags, 4);
  218. }
  219. /* rewrite TCP/UDP ports */
  220. if (tcpedit->portmap != NULL) {
  221. if ((retval = rewrite_ipv6_ports(tcpedit, &ip6_hdr,
  222. (*pkthdr)->caplen - l2len)) < 0)
  223. return TCPEDIT_ERROR;
  224. }
  225. if (tcpedit->tcp_sequence_enable)
  226. rewrite_ipv6_tcp_sequence(tcpedit, &ip6_hdr, (*pkthdr)->caplen - l2len);
  227. }
  228. if (tcpedit->fuzz_seed != 0) {
  229. retval = fuzzing(tcpedit, *pkthdr, pktdata);
  230. if (retval < 0) {
  231. return TCPEDIT_ERROR;
  232. }
  233. needtorecalc += retval;
  234. }
  235. /* (Un)truncate or MTU truncate packet? */
  236. if (tcpedit->fixlen || tcpedit->mtu_truncate) {
  237. if ((retval = untrunc_packet(tcpedit, *pkthdr, pktdata, ip_hdr, ip6_hdr)) < 0)
  238. return TCPEDIT_ERROR;
  239. needtorecalc += retval;
  240. }
  241. /* rewrite IP addresses in IPv4/IPv6 or ARP */
  242. if (tcpedit->rewrite_ip) {
  243. /* IP packets */
  244. if (ip_hdr != NULL) {
  245. if ((retval = rewrite_ipv4l3(tcpedit, ip_hdr, direction,
  246. (*pkthdr)->caplen - l2len)) < 0)
  247. return TCPEDIT_ERROR;
  248. } else if (ip6_hdr != NULL) {
  249. if ((retval = rewrite_ipv6l3(tcpedit, ip6_hdr, direction,
  250. (*pkthdr)->caplen - l2len)) < 0)
  251. return TCPEDIT_ERROR;
  252. }
  253. /* ARP packets */
  254. else if (l2proto == htons(ETHERTYPE_ARP)) {
  255. arp_hdr = (arp_hdr_t *)&(packet[l2len]);
  256. /* unlike, rewrite_ipl3, we don't care if the packet changed
  257. * because we never need to recalc the checksums for an ARP
  258. * packet. So ignore the return value
  259. */
  260. if (rewrite_iparp(tcpedit, arp_hdr, direction) < 0)
  261. return TCPEDIT_ERROR;
  262. }
  263. }
  264. /* do we need to spoof the src/dst IP address in IPv4 or ARP? */
  265. if (tcpedit->seed) {
  266. /* IPv4 Packets */
  267. if (ip_hdr != NULL) {
  268. if ((retval = randomize_ipv4(tcpedit, *pkthdr, packet,
  269. ip_hdr, (*pkthdr)->caplen - l2len)) < 0)
  270. return TCPEDIT_ERROR;
  271. } else if (ip6_hdr != NULL) {
  272. if ((retval = randomize_ipv6(tcpedit, *pkthdr, packet,
  273. ip6_hdr, (*pkthdr)->caplen - l2len)) < 0)
  274. return TCPEDIT_ERROR;
  275. /* ARP packets */
  276. } else if (l2proto == htons(ETHERTYPE_ARP)) {
  277. if (direction == TCPR_DIR_C2S) {
  278. if (randomize_iparp(tcpedit, *pkthdr, packet,
  279. tcpedit->runtime.dlt1, (*pkthdr)->caplen - l2len) < 0)
  280. return TCPEDIT_ERROR;
  281. } else {
  282. if (randomize_iparp(tcpedit, *pkthdr, packet,
  283. tcpedit->runtime.dlt2, (*pkthdr)->caplen - l2len) < 0)
  284. return TCPEDIT_ERROR;
  285. }
  286. }
  287. }
  288. /*
  289. * fix IP packet lengths in case they are corrupted by TCP segmentation
  290. * offload
  291. */
  292. if (ip_hdr != NULL) {
  293. fix_ipv4_length(*pkthdr, ip_hdr);
  294. } else if (ip6_hdr != NULL) {
  295. fix_ipv6_length(*pkthdr, ip6_hdr);
  296. }
  297. /* do we need to fix checksums? -- must always do this last! */
  298. if ((tcpedit->fixcsum || needtorecalc)) {
  299. if (ip_hdr != NULL) {
  300. dbgx(3, "doing IPv4 checksum: needtorecalc=%d", needtorecalc);
  301. retval = fix_ipv4_checksums(tcpedit, *pkthdr, ip_hdr);
  302. } else if (ip6_hdr != NULL) {
  303. dbgx(3, "doing IPv6 checksum: needtorecalc=%d", needtorecalc);
  304. retval = fix_ipv6_checksums(tcpedit, *pkthdr, ip6_hdr);
  305. } else {
  306. dbgx(3, "checksum not performed: needtorecalc=%d", needtorecalc);
  307. retval = TCPEDIT_OK;
  308. }
  309. if (retval < 0) {
  310. return TCPEDIT_ERROR;
  311. } else if (retval == TCPEDIT_WARN) {
  312. dbgx(3, "%s", tcpedit_getwarn(tcpedit));
  313. }
  314. }
  315. tcpedit_dlt_merge_l3data(tcpedit->dlt_ctx, dst_dlt, packet, (*pkthdr)->caplen, (u_char *)ip_hdr);
  316. tcpedit->runtime.total_bytes += (*pkthdr)->caplen;
  317. tcpedit->runtime.pkts_edited ++;
  318. return retval;
  319. }
  320. /**
  321. * initializes the tcpedit library. returns 0 on success, -1 on error.
  322. */
  323. int
  324. tcpedit_init(tcpedit_t **tcpedit_ex, int dlt)
  325. {
  326. tcpedit_t *tcpedit;
  327. *tcpedit_ex = safe_malloc(sizeof(tcpedit_t));
  328. tcpedit = *tcpedit_ex;
  329. if ((tcpedit->dlt_ctx = tcpedit_dlt_init(tcpedit, dlt)) == NULL)
  330. return TCPEDIT_ERROR;
  331. tcpedit->mtu = DEFAULT_MTU; /* assume 802.3 Ethernet */
  332. tcpedit->fuzz_factor = DEFAULT_FUZZ_FACTOR;
  333. /* disabled by default */
  334. tcpedit->tos = -1;
  335. tcpedit->tclass = -1;
  336. tcpedit->flowlabel = -1;
  337. tcpedit->editdir = TCPEDIT_EDIT_BOTH;
  338. memset(&(tcpedit->runtime), 0, sizeof(tcpedit_runtime_t));
  339. tcpedit->runtime.dlt1 = dlt;
  340. tcpedit->runtime.dlt2 = dlt;
  341. dbgx(1, "Input file (1) datalink type is %s",
  342. pcap_datalink_val_to_name(dlt));
  343. #ifdef FORCE_ALIGN
  344. tcpedit->runtime.l3buff = (u_char *)safe_malloc(MAXPACKET);
  345. #endif
  346. return TCPEDIT_OK;
  347. }
  348. /**
  349. * return the output DLT type
  350. */
  351. int
  352. tcpedit_get_output_dlt(tcpedit_t *tcpedit)
  353. {
  354. assert(tcpedit);
  355. return tcpedit_dlt_output_dlt(tcpedit->dlt_ctx);
  356. }
  357. /**
  358. * \brief tcpedit option validator. Call after tcpedit_init()
  359. *
  360. * Validates that given the current state of tcpedit that the given
  361. * pcap source and destination (based on DLT) can be properly rewritten
  362. * return 0 on success
  363. * return -1 on error
  364. * DO NOT USE!
  365. */
  366. int
  367. tcpedit_validate(tcpedit_t *tcpedit)
  368. {
  369. assert(tcpedit);
  370. tcpedit->validated = 1;
  371. /* we used to do a bunch of things here, but not anymore...
  372. * maybe I should find something to do or just get ride of it
  373. */
  374. return 0;
  375. }
  376. /**
  377. * return the error string when a tcpedit() function returns
  378. * TCPEDIT_ERROR
  379. */
  380. char *
  381. tcpedit_geterr(tcpedit_t *tcpedit)
  382. {
  383. assert(tcpedit);
  384. return tcpedit->runtime.errstr;
  385. }
  386. /**
  387. * \brief Internal function to set the tcpedit error string
  388. *
  389. * Used to set the error string when there is an error, result is retrieved
  390. * using tcpedit_geterr(). You shouldn't ever actually call this, but use
  391. * tcpedit_seterr() which is a macro wrapping this instead.
  392. */
  393. void
  394. __tcpedit_seterr(tcpedit_t *tcpedit, const char *func, const int line, const char *file, const char *fmt, ...)
  395. {
  396. va_list ap;
  397. char errormsg[TCPEDIT_ERRSTR_LEN];
  398. assert(tcpedit);
  399. va_start(ap, fmt);
  400. if (fmt != NULL) {
  401. (void)vsnprintf(errormsg,
  402. (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  403. }
  404. va_end(ap);
  405. snprintf(tcpedit->runtime.errstr, (TCPEDIT_ERRSTR_LEN -1), "From %s:%s() line %d:\n%s",
  406. file, func, line, errormsg);
  407. }
  408. /**
  409. * return the warning string when a tcpedit() function returns
  410. * TCPEDIT_WARN
  411. */
  412. char *
  413. tcpedit_getwarn(tcpedit_t *tcpedit)
  414. {
  415. assert(tcpedit);
  416. return tcpedit->runtime.warnstr;
  417. }
  418. /**
  419. * used to set the warning string when there is an warning
  420. */
  421. void
  422. tcpedit_setwarn(tcpedit_t *tcpedit, const char *fmt, ...)
  423. {
  424. va_list ap;
  425. assert(tcpedit);
  426. va_start(ap, fmt);
  427. if (fmt != NULL)
  428. (void)vsnprintf(tcpedit->runtime.warnstr, (TCPEDIT_ERRSTR_LEN - 1), fmt, ap);
  429. va_end(ap);
  430. }
  431. /**
  432. * \brief Checks the given error code and does the right thing
  433. *
  434. * Generic function which checks the TCPEDIT_* error code
  435. * and always returns OK or ERROR. For warnings, prints the
  436. * warning message and returns OK. For any other value, fails with
  437. * an assert.
  438. *
  439. * prefix is a string prepended to the error/warning
  440. */
  441. int
  442. tcpedit_checkerror(tcpedit_t *tcpedit, const int rcode, const char *prefix) {
  443. assert(tcpedit);
  444. switch (rcode) {
  445. case TCPEDIT_OK:
  446. case TCPEDIT_ERROR:
  447. return rcode;
  448. break;
  449. case TCPEDIT_SOFT_ERROR:
  450. if (prefix != NULL) {
  451. fprintf(stderr, "Error %s: %s\n", prefix, tcpedit_geterr(tcpedit));
  452. } else {
  453. fprintf(stderr, "Error: %s\n", tcpedit_geterr(tcpedit));
  454. }
  455. break;
  456. case TCPEDIT_WARN:
  457. if (prefix != NULL) {
  458. fprintf(stderr, "Warning %s: %s\n", prefix, tcpedit_getwarn(tcpedit));
  459. } else {
  460. fprintf(stderr, "Warning: %s\n", tcpedit_getwarn(tcpedit));
  461. }
  462. return TCPEDIT_OK;
  463. break;
  464. default:
  465. assert(0 == 1); /* this should never happen! */
  466. break;
  467. }
  468. return TCPEDIT_ERROR;
  469. }
  470. /**
  471. * \brief Cleans up after ourselves. Return 0 on success.
  472. *
  473. * Clean up after ourselves, but does not actually free the ptr.
  474. */
  475. int
  476. tcpedit_close(tcpedit_t *tcpedit)
  477. {
  478. assert(tcpedit);
  479. dbgx(1, "tcpedit processed " COUNTER_SPEC " bytes in " COUNTER_SPEC
  480. " packets.", tcpedit->runtime.total_bytes,
  481. tcpedit->runtime.pkts_edited);
  482. /* free buffer if required */
  483. #ifdef FORCE_ALIGN
  484. safe_free(tcpedit->runtime.l3buff);
  485. #endif
  486. return 0;
  487. }
  488. /**
  489. * Return a ptr to the Layer 3 data. Returns TCPEDIT_ERROR on error
  490. */
  491. const u_char *
  492. tcpedit_l3data(tcpedit_t *tcpedit, tcpedit_coder code, u_char *packet, const int pktlen)
  493. {
  494. u_char *result = NULL;
  495. if (code == BEFORE_PROCESS) {
  496. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  497. } else {
  498. result = tcpedit_dlt_l3data(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  499. }
  500. return result;
  501. }
  502. /**
  503. * Returns the layer 3 type, often encoded as the layer2.proto field
  504. */
  505. int
  506. tcpedit_l3proto(tcpedit_t *tcpedit, tcpedit_coder code, const u_char *packet, const int pktlen)
  507. {
  508. int result = 0;
  509. if (code == BEFORE_PROCESS) {
  510. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->decoder->dlt, packet, pktlen);
  511. } else {
  512. result = tcpedit_dlt_proto(tcpedit->dlt_ctx, tcpedit->dlt_ctx->encoder->dlt, packet, pktlen);
  513. }
  514. return ntohs(result);
  515. }