Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: fix/recalculate header checksum for ipv6-frag(mentation) pac… #900

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feature: fix/recalculate header checksum for ipv6-frag(mentation) pac… #900

wants to merge 1 commit into from

Conversation

ChuckCottrill
Copy link
Contributor

Overview

The tcpreplay program tcprewrite does not support IPv6 FRAG(mented) header checksum recalculation. The protocol 0x2c is not included in the switch statement, and thus a TCPEDIT_WARN is generated and the header checksum is not recalculated.

The option --fixcsum does not work against the original redacted-v6.pcap pcap (and others) due to how the protocol value supplied to do_checksum() is handled. The protocol is IPV6-FRAG(mented). There is a switch statement where the protocol value (== 0x2c) is not one of the recognized values. The tcprewrite code explicitly returns indication (TCPEDIT_WARN) that certain packets (both TCP and HTTP) do not have their checksum recalculated.
Since the checksum needs to be correctly calculated, this incorrect checksum causes the pcap to fail testing.

Expected Behavior

An IPV6 FRAGmented packet should have correct checksum calculated when packet is rewritten.

Description of desired solution

Since tcpreplay does not support IPv6-FRAG(ment) header checksum recalculation. The protocol 0x2c is not included in the switch statement, and thus a TCPEDIT_WARN is generated and the header checksum is not recalculated.

What is desired is that the protocol 0x2c be recognized and the correct header checksum be calculated and replaced, rather than the warning TCPEDIT_WARN generated, and the generated pcap file not be corrupted with an invalid checksum.

Add the protocol 0x2c to the constants src/tcpr.h

#ifndef IPPROTO_TCP_V6FRAG
#define IPPROTO_TCP_V6FRAG 0x2c
#endif
#ifndef IPPROTO_HTTP_V6FRAG
#define IPPROTO_HTTP_V6FRAG 0x2c
#endif

And the protocol added to the switch statement in src/tcpedit/checksum.c

        case IPPROTO_TCP:
        case IPPROTO_TCP_V6FRAG:
        // case IPPROTO_HTTP_V6FRAG:
protoname = "IPPROTO_TCP";
            if (len < (int)sizeof(tcp_hdr_t)) {
                tcpedit_setwarn(tcpedit, "%s", "Unable to checksum TCP with insufficient L4 data");
                return TCPEDIT_WARN;
            }

            tcp = (tcp_hdr_t *)(data + ip_hl);
#ifdef STUPID_SOLARIS_CHECKSUM_BUG
            tcp->th_sum = tcp->th_off << 2;
            return (TCPEDIT_OK);
#endif
            tcp->th_sum = 0;

            /* Note, we do both src & dst IP's at the same time, that's why the
             * length is 2x a single IP
             */
            if (ipv6 != NULL) {
                sum = do_checksum_math((uint16_t *)&ipv6->ip_src, 32);
            } else {
                sum = do_checksum_math((uint16_t *)&ipv4->ip_src, 8);
            }
            sum += ntohs(IPPROTO_TCP + len);
            sum += do_checksum_math((uint16_t *)tcp, len);
            tcp->th_sum = CHECKSUM_CARRY(sum);
            break;

see:

To Reproduce
Steps to reproduce the behavior:

  1. have pcap with protocol == 0x2c (IPV6 FRAG(mented))
  2. run tcpprep on pcap
  3. run tcprewrite on pcap (change src/dest ip address to precipitate checksum recalculation)
  4. examine rewritten pcap in wireshark, observe that checksum is incorrect

Describe alternatives you've considered

The header checksum is not correctly rewritten by tcpreplay in this situation.
Either:

a) do nothing (unacceptable),
b) rewrite checksum using some external program,
c) recalculate header checksum for these packets (this solution)
d) ideas? suggestions? how else can we recalculate header checksums?

Additional context
The TCP case can be fixed with a patch to allow protocol value 0x2c to be handled the same way as IPPROTO_TCP, but this patch does not work for (HTTP protocol). Further investigation is needed.
Screenshots
If applicable, add screenshots to help explain your problem.

System (please complete the following information):

  • OS: Ubuntu Linux
  • OS version
  • Tcpreplay Version [e.g. 4.4.4]

Additional context
Add any other context about the problem here.

Standards checklist:

  • The PR title is descriptive.
  • The PR doesn't replicate another PR which is already open.
  • I have read the contribution guide and followed all the instructions.
  • The code follows the code style guide detailed in the wiki.
  • The code is mine or it's from somewhere with an MIT-compatible license.
  • The code is efficient, to the best of my ability, and does not waste computer resources.
  • The code is stable and I have tested it myself, to the best of my abilities.
  • If the code introduces new aliases, I provide a valid use case for all plugin users down below.

@ChuckCottrill
Copy link
Contributor Author

see issue: #897

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ChuckCottrill