Add support for LINUX_SLL2

[btriller]

fixes #727

[cypx]

@btriller Thanks for adding the support for LINUX_SLL2 but I have compiled your branch and I don't have success to replay my dump or the one provided on https://github.com/appneta/tcpreplay/issues/727#issuecomment-1204481109 I'm not familiar to tcpreplay compilation, do I need to do more than ./configure and make to enable plugin LINUX_SLL2?

$ git status
On branch add-linuxsll2-plugin
Your branch is up to date with 'origin/add-linuxsll2-plugin'.

nothing to commit, working tree clean
$ sudo ./src/tcpreplay -i ens18 /tmp/test.pcapng

Fatal Error: Unable to process unsupported DLT type: Linux cooked v2 (0x114)
$ sudo ./src/tcpreplay -i ens18 /tmp/linux-cooked2-example.pcap

Fatal Error: Unable to process unsupported DLT type: Linux cooked v2 (0x114)

[fklassen]

TODO ... need to update help/man pages. I can probably do it when merging.

Appears this is working. Nevermind.

tcprewrite(1)                                                                    User Commands                                                                   tcprewrite(1)

NAME
       tcprewrite - Rewrite the packets in a pcap file.

SYNOPSIS
       tcprewrite [-flags] [-flag [value]] [--option-name[[=| ]value]]

       All arguments must be options.

DESCRIPTION
       Tcprewrite is a tool to rewrite packets stored in pcap(3) file format, such as created by tools such as tcpdump(1) and wireshark(1).  Once a pcap file has had it's
       packets rewritten, they can be replayed back out on the network using tcpreplay(1).

       tcprewrite currently supports reading the following DLT types:

       DLT_C_HDLC aka Cisco HDLC

       DLT_EN10MB aka Ethernet

       DLT_LINUX_SLL aka Linux Cooked Socket

       DLT_RAW aka RAW IP

       DLT_NULL aka BSD Loopback

       DLT_LOOP aka OpenBSD Loopback

       DLT_IEEE802_11 aka 802.11a/b/g

       DLT_IEEE802_11_RADIO aka 802.11a/b/g with Radiotap headers

       DLT_JUNIPER_ETHER aka Juniper Encapsulated Ethernet

       DLT_PPP_SERIAL aka PPP over Serial

       Please see the --dlt option for supported DLT types for writing.

       The packet editing features of tcprewrite which distinguish between "client" and "server" traffic requires a tcpprep(1) cache file.

       For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.com

[fklassen]

I may need to undo the force push. History gets messed up if you cherry-pick or force push. Only merge and rebase are safe.

[kyzer-davis]

I pulled this PR down to test it since I had a Linux cooked capture v2 which I needed to convert to Ethernet via tcprewrite (and my usual install was failing with the error obvserved in #727) No DLT plugin available for source DLT: 0x114

However with this PR Build compiled, the usual Linux Cooked Capture (v1) to Ethernet conversion command produced a strange output file: tcprewrite --dlt=enet --enet-dmac=52:54:00:11:11:11 --enet-smac=52:54:00:22:22:22 -i input.pcap -o output.pcap

I can mitigate this nicely if I force to user DLT, force to ethernet DTL and then supply the raw hex I want (source mac, dest mac, 0800 in hex with commas). tcprewrite --dlt=user --user-dlt=1 --user-dlink=52,54,00,11,11,11,52,54,00,22,22,22,08,00 -i input.pcap -o output.pcap

---

I can't share the file but from what I can gleam by comparing the two different output files:

• The bad --dlt=enet command appended the enet-dmac and enet-smac but then did not insert 0800 as one would expect.
• Instead the next 8 bytes were the Linux Cooked Capture v2 source mac (sll.src.eth) of 6 bytes and the Unused value (sll.unused) which is 2 bytes.
• From there it is the expected IPv4 header data, UDP data, application data and then the missing 0800 at the end of the packet!

I am not sure if this problem is this PR specifically but since the base tcprewrite can't read SLLv2 I figured I would report it under this PR. (I can split this into another issue if needed.)

---

Since I can't share my files I tried to run this same test on the example file provided in the feature request it also fails. I have debugs enabled for the build (and I am not sure why it is trying to re-calculate the TCP header I don't have -C in the command... but I have to assume this re-calculation fails because the output format is being messed up like I saw in my UDP capture.

$ tcprewrite -d 5 --dlt=enet --enet-dmac=52:54:00:11:11:11 --enet-smac=52:54:00:22:22:22 -i ../linux-cooked2-example.pcap -o ../linux-cooked2-example-tcprewrite-bad.pcap
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 2216 bytes in tcpedit.c:tcpedit_init() line 365
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_plugins.c:tcpedit_dlt_init() line 120
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 108
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 4 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 112
DEBUG1 in tcpedit.c:tcpedit_init() line 385: Input file (1) datalink type is LINUX_SLL2
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_en10mb/en10mb.c:dlt_en10mb_init() line 113
DEBUG1 in tcprewrite.c:main() line 104: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 110: DLT of dlt_pcap is EN10MB
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 256
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 261
DEBUG2 in tcprewrite.c:rewrite_packets() line 269: packet 1 caplen 182
DEBUG3 in tcpedit.c:tcpedit_packet() line 70: packet 1 caplen 182
DEBUG2 in tcpedit.c:tcpedit_packet() line 100: Layer 3 protocol type is: 0x0800
DEBUG2 in tcpedit.c:tcpedit_packet() line 120: dst_dlt = 0001   src_dlt = 0114  proto = 0800    l2len = 14
DEBUG3 in tcpedit.c:tcpedit_packet() line 148: Packet has an IPv4 header: 0x0x7f188a31501e...
DEBUG3 in tcpedit.c:tcpedit_packet() line 329: doing IPv4 checksum: needtorecalc=1

Fatal Error in tcprewrite.c:main() line 138:
 Error rewriting packets: From edit_packet.c:fix_ipv4_checksums() line 70:
Invalid packet: Expected IPv4 packet: got 9: pkt=1
DEBUG1 in tcpedit.c:tcpedit_close() line 548: tcpedit processed 0 bytes in 0 packets.

If you run the alt command I supplied it comes out nicely

$ tcprewrite -d 5 --dlt=user --user-dlt=1 --user-dlink=52,54,00,11,11,11,52,54,00,22,22,22,08,00 -i ../linux-cooked2-example.pcap -o ../linux-cooked2-example-tcprewrite-good.pcap
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 2216 bytes in tcpedit.c:tcpedit_init() line 365
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_plugins.c:tcpedit_dlt_init() line 120
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 108
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 4 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 112
DEBUG1 in tcpedit.c:tcpedit_init() line 385: Input file (1) datalink type is LINUX_SLL2
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 520 bytes in plugins/dlt_user/user.c:dlt_user_init() line 117
DEBUG1 in utils.c:read_hexstring() line 366: Read 14 bytes of hex data
DEBUG1 in tcprewrite.c:main() line 104: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 110: DLT of dlt_pcap is EN10MB
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 256
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 261
DEBUG2 in tcprewrite.c:rewrite_packets() line 269: packet 1 caplen 182
DEBUG3 in tcpedit.c:tcpedit_packet() line 70: packet 1 caplen 182
DEBUG2 in tcpedit.c:tcpedit_packet() line 100: Layer 3 protocol type is: 0x0800
DEBUG2 in tcpedit.c:tcpedit_packet() line 120: dst_dlt = 0093   src_dlt = 0114  proto = 0800    l2len = 14
DEBUG3 in tcpedit.c:tcpedit_packet() line 148: Packet has an IPv4 header: 0x0x7f1166c6b01e...
DEBUG3 in tcpedit.c:tcpedit_packet() line 329: doing IPv4 checksum: needtorecalc=1
DEBUG1 in utils.c:our_safe_pcap_next() line 154: No data found in packet

Build and Platform Info

$ tcprewrite --version
tcprewrite version: 4.4.4 (build git:v4.4.4-2-gad31b98a) (debug)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.10.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled

$ hostnamectl
[..snip..]
Operating System: Ubuntu 22.04.2 LTS
          Kernel: Linux 5.15.0-76-generic
[..snip..]

[kYroL01]

Is this PR still valid ? This could be a very great PLUS for this application :)

[btriller]

I think there are still some things missing. IIRC I only implemented the tcpreplay part.

[kYroL01]

I think there are still some things missing. IIRC I only implemented the tcpreplay part.

Thanks @btriller . This means that the main issue for tcprewrite is not fixed yet, as I saw the same error mentioned by @kyzer-davis for SLL2

Fatal Error: Error initializing tcpedit: From plugins/dlt_plugins.c:tcpedit_dlt_init() line 148:
No DLT plugin available for source DLT: 0x114

[fklassen]

I'll pull this into a working branch to preserve history, and see if I can fix this.