Closed btriller closed 1 year ago
@btriller
Thanks for adding the support for LINUX_SLL2 but I have compiled your branch and I don't have success to replay my dump or the one provided on https://github.com/appneta/tcpreplay/issues/727#issuecomment-1204481109
I'm not familiar to tcpreplay compilation, do I need to do more than ./configure
and make
to enable plugin LINUX_SLL2?
$ git status
On branch add-linuxsll2-plugin
Your branch is up to date with 'origin/add-linuxsll2-plugin'.
nothing to commit, working tree clean
$ sudo ./src/tcpreplay -i ens18 /tmp/test.pcapng
Fatal Error: Unable to process unsupported DLT type: Linux cooked v2 (0x114)
$ sudo ./src/tcpreplay -i ens18 /tmp/linux-cooked2-example.pcap
Fatal Error: Unable to process unsupported DLT type: Linux cooked v2 (0x114)
TODO ... need to update help/man pages. I can probably do it when merging.
Appears this is working. Nevermind.
tcprewrite(1) User Commands tcprewrite(1)
NAME
tcprewrite - Rewrite the packets in a pcap file.
SYNOPSIS
tcprewrite [-flags] [-flag [value]] [--option-name[[=| ]value]]
All arguments must be options.
DESCRIPTION
Tcprewrite is a tool to rewrite packets stored in pcap(3) file format, such as created by tools such as tcpdump(1) and wireshark(1). Once a pcap file has had it's
packets rewritten, they can be replayed back out on the network using tcpreplay(1).
tcprewrite currently supports reading the following DLT types:
DLT_C_HDLC aka Cisco HDLC
DLT_EN10MB aka Ethernet
DLT_LINUX_SLL aka Linux Cooked Socket
DLT_RAW aka RAW IP
DLT_NULL aka BSD Loopback
DLT_LOOP aka OpenBSD Loopback
DLT_IEEE802_11 aka 802.11a/b/g
DLT_IEEE802_11_RADIO aka 802.11a/b/g with Radiotap headers
DLT_JUNIPER_ETHER aka Juniper Encapsulated Ethernet
DLT_PPP_SERIAL aka PPP over Serial
Please see the --dlt option for supported DLT types for writing.
The packet editing features of tcprewrite which distinguish between "client" and "server" traffic requires a tcpprep(1) cache file.
For more details, please see the Tcpreplay Manual at: http://tcpreplay.appneta.com
I may need to undo the force push. History gets messed up if you cherry-pick or force push. Only merge and rebase are safe.
I pulled this PR down to test it since I had a Linux cooked capture v2 which I needed to convert to Ethernet via tcprewrite (and my usual install was failing with the error obvserved in #727)
No DLT plugin available for source DLT: 0x114
However with this PR Build compiled, the usual Linux Cooked Capture (v1) to Ethernet conversion command produced a strange output file:
tcprewrite --dlt=enet --enet-dmac=52:54:00:11:11:11 --enet-smac=52:54:00:22:22:22 -i input.pcap -o output.pcap
I can mitigate this nicely if I force to user DLT, force to ethernet DTL and then supply the raw hex I want (source mac, dest mac, 0800 in hex with commas).
tcprewrite --dlt=user --user-dlt=1 --user-dlink=52,54,00,11,11,11,52,54,00,22,22,22,08,00 -i input.pcap -o output.pcap
I can't share the file but from what I can gleam by comparing the two different output files:
--dlt=enet
command appended the enet-dmac
and enet-smac
but then did not insert 0800
as one would expect.sll.src.eth
) of 6 bytes and the Unused value (sll.unused
) which is 2 bytes.0800
at the end of the packet!I am not sure if this problem is this PR specifically but since the base tcprewrite can't read SLLv2 I figured I would report it under this PR. (I can split this into another issue if needed.)
Since I can't share my files I tried to run this same test on the example file provided in the feature request it also fails.
I have debugs enabled for the build (and I am not sure why it is trying to re-calculate the TCP header I don't have -C
in the command... but I have to assume this re-calculation fails because the output format is being messed up like I saw in my UDP capture.
$ tcprewrite -d 5 --dlt=enet --enet-dmac=52:54:00:11:11:11 --enet-smac=52:54:00:22:22:22 -i ../linux-cooked2-example.pcap -o ../linux-cooked2-example-tcprewrite-bad.pcap
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 2216 bytes in tcpedit.c:tcpedit_init() line 365
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_plugins.c:tcpedit_dlt_init() line 120
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 108
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 4 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 112
DEBUG1 in tcpedit.c:tcpedit_init() line 385: Input file (1) datalink type is LINUX_SLL2
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_en10mb/en10mb.c:dlt_en10mb_init() line 113
DEBUG1 in tcprewrite.c:main() line 104: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 110: DLT of dlt_pcap is EN10MB
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 256
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 261
DEBUG2 in tcprewrite.c:rewrite_packets() line 269: packet 1 caplen 182
DEBUG3 in tcpedit.c:tcpedit_packet() line 70: packet 1 caplen 182
DEBUG2 in tcpedit.c:tcpedit_packet() line 100: Layer 3 protocol type is: 0x0800
DEBUG2 in tcpedit.c:tcpedit_packet() line 120: dst_dlt = 0001 src_dlt = 0114 proto = 0800 l2len = 14
DEBUG3 in tcpedit.c:tcpedit_packet() line 148: Packet has an IPv4 header: 0x0x7f188a31501e...
DEBUG3 in tcpedit.c:tcpedit_packet() line 329: doing IPv4 checksum: needtorecalc=1
Fatal Error in tcprewrite.c:main() line 138:
Error rewriting packets: From edit_packet.c:fix_ipv4_checksums() line 70:
Invalid packet: Expected IPv4 packet: got 9: pkt=1
DEBUG1 in tcpedit.c:tcpedit_close() line 548: tcpedit processed 0 bytes in 0 packets.
If you run the alt command I supplied it comes out nicely
$ tcprewrite -d 5 --dlt=user --user-dlt=1 --user-dlink=52,54,00,11,11,11,52,54,00,22,22,22,08,00 -i ../linux-cooked2-example.pcap -o ../linux-cooked2-example-tcprewrite-good.pcap
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 2216 bytes in tcpedit.c:tcpedit_init() line 365
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 112 bytes in plugins/dlt_plugins.c:tcpedit_dlt_init() line 120
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 144 bytes in plugins/dlt_utils.c:tcpedit_dlt_newplugin() line 105
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 108
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 4 bytes in plugins/dlt_linuxsll2/linuxsll2.c:dlt_linuxsll2_init() line 112
DEBUG1 in tcpedit.c:tcpedit_init() line 385: Input file (1) datalink type is LINUX_SLL2
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 520 bytes in plugins/dlt_user/user.c:dlt_user_init() line 117
DEBUG1 in utils.c:read_hexstring() line 366: Read 14 bytes of hex data
DEBUG1 in tcprewrite.c:main() line 104: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 110: DLT of dlt_pcap is EN10MB
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 256
DEBUG5 in utils.c:our_safe_malloc() line 51: Malloc'd 262166 bytes in tcprewrite.c:rewrite_packets() line 261
DEBUG2 in tcprewrite.c:rewrite_packets() line 269: packet 1 caplen 182
DEBUG3 in tcpedit.c:tcpedit_packet() line 70: packet 1 caplen 182
DEBUG2 in tcpedit.c:tcpedit_packet() line 100: Layer 3 protocol type is: 0x0800
DEBUG2 in tcpedit.c:tcpedit_packet() line 120: dst_dlt = 0093 src_dlt = 0114 proto = 0800 l2len = 14
DEBUG3 in tcpedit.c:tcpedit_packet() line 148: Packet has an IPv4 header: 0x0x7f1166c6b01e...
DEBUG3 in tcpedit.c:tcpedit_packet() line 329: doing IPv4 checksum: needtorecalc=1
DEBUG1 in utils.c:our_safe_pcap_next() line 154: No data found in packet
$ tcprewrite --version
tcprewrite version: 4.4.4 (build git:v4.4.4-2-gad31b98a) (debug)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.10.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
$ hostnamectl
[..snip..]
Operating System: Ubuntu 22.04.2 LTS
Kernel: Linux 5.15.0-76-generic
[..snip..]
Is this PR still valid ? This could be a very great PLUS for this application :)
I think there are still some things missing. IIRC I only implemented the tcpreplay part.
I think there are still some things missing. IIRC I only implemented the tcpreplay part.
Thanks @btriller .
This means that the main issue for tcprewrite
is not fixed yet, as I saw the same error mentioned by @kyzer-davis for SLL2
Fatal Error: Error initializing tcpedit: From plugins/dlt_plugins.c:tcpedit_dlt_init() line 148:
No DLT plugin available for source DLT: 0x114
I'll pull this into a working branch to preserve history, and see if I can fix this.
fixes #727