Add option to turn on/off fix packet header length

[ChuckCottrill]

Description: Change tcprewrite to add a option flag fixhdrlen to enable (default disable) modifying packet header length. Only modify packet header length when flag fixhdrlen is used.

Explanation: The tcprewrite program modifies packet length in an unexpected and (sometimes) undesireable manner.

Due to the change introduced in ver 4.4.1, packet header length is rewritten in certain cases, due to packet padding. This behavior is different from 4.4.0 and prior, and needs to be guarded by a flag.

The tcprewrite program modifies packet length in an undesireable manner. The result is an incorrect checksum, and packets may be discarded by some systems due to the incorrect checksum.

Solution is to add a flag, ``,

Solution is to add an option flag fixhdrlen, to enable change introduced in version 4.4.1

• resolves issue #844 by avoiding undesired packet header length modification
• resolves issue #703 by enabling modification to packet header length

Describe the bug TCP rewrite produces an incorrect IP and TCP checksum for certain pcap files. TCP rewrite appears to change packet length incorrectly, and thus produces an invalid checksum; certain downstream processing may treat said incorrect checksum as a spoofing attempt and discard packet.

Expected behavior: TCP rewrite should only change packet length when that behavior is specifically desired (command line option?). TCP rewrite should correctly calculate IP and TCP checksum (incorrect because length incorrect).

Reference:

• see: tcprewrite provides incorrect checksum for certain ipv4 packets
• see: tcpreplay-edit incorrectly rewrites layer 3 length field
• see: Heap-buffer-overflow in tcpreplay
• see: safeguard against corrupt packet lengths in checksum functions

To Reproduce

Steps to reproduce the behavior:

1. uncompress packet captures:

   mkdir -p pcaps
   unzip tcprewrite-pcaps.zip
   cp tcprewrite-pcaps/pcap-original-packet-3.pcap pcaps/.

2. Run tcprewrite version 4.4.0 and observe the output, as follows

   # version 4.4.0
   VERSION="4.4.0"
   # prepare
   tcpreplay-4.4.0/src/tcpprep \
   --cidr=0.0.0.0/0 \
   --pcap=pcaps/pcap-original-packet-3.pcap \
   --cachefile=pcaps/pcap.cache
   # use tcprewrite to rewrite packet addresses
   tcpreplay-4.4.0/src/tcprewrite \
   --cachefile=pcaps/pcap.cache \
   --infile=pcaps/pcap-original-packet-3.pcap \
   --outfile=pcaps/cap-4.4.0-packet-out.pcap \
   --endpoints=10.200.1.1:10.200.1.2

3. Run tcprewrite version 4.4.1 and observe the output, as follows

   # version 4.4.1
   # prepare
   tcpreplay-4.4.1/src/tcpprep \
   --cidr=0.0.0.0/0 \
   --pcap=pcaps/pcap-original-packet-3.pcap \
   --cachefile=pcaps/pcap.cache
   # use tcprewrite to rewrite packet addresses
   tcpreplay-4.4.1/src/tcprewrite \
   --cachefile=pcaps/pcap.cache \
   --infile=pcaps/pcap-original-packet-3.pcap \
   --outfile=pcaps/cap-4.4.1-packet-out.pcap \
   --endpoints=10.200.1.1:10.200.1.2

4. compare files, should be identical

   bdiff pcaps/cap-4.4.0-packet-out.pcap pcaps/cap-4.4.1-packet-out.pcap

Packet Captures

Packet Captures to Reproduce:

• pcap-original-packet-3.pcap
• pcap-4.4.0-packet-3.pcap
• pcap-4.4.1-packet-3.pcap

tcprewrite-pcaps.zip

Examine packets

Use Wireshark to examine and compare both packets.

• Note that the ver 4.4.1 reports incorrect checksum.
• Note also that packet length was changed, which is different behavior from desired.
• Perhaps a flag to specify whether length change is needed or desired?

Screenshots N/A - use Wireshark to view packets

System (please complete the following information):

• OS: Linux
• OS version
  • Linux hostname 5.15.0-71-generic #78-Ubuntu SMP datetime x86_64 x86_64 x86_64 GNU/Linux
• Tcpreplay Version [4.4.1] versus [4.4.0]

Additional context The erroneous checksum is due to the changed length. The problem results in dropped packet.