search

seladb / PcapPlusPlus

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.
https://pcapplusplus.github.io/
The Unlicense
2.64k stars 640 forks source link

Can it be achieved through lipcap or winpcap interface to read from pcap file and send it after rewrite it? #604

Closed angelyouyou closed 3 years ago

angelyouyou commented 3 years ago

Now there is a scenario: I hope that after reading the ip message from the pcap file, modify the destination IP and source IP address of the read message and send it out through the specified interface (the destination MAC hopes to further learn through the ARP or ND protocol and Replace), of course, hope that the IP, UDP or TCP checksum can be automatically modified accordingly.
Can it be achieved through lipcap or winpcap interface? If there is a similar example, this may be a more typical application. like tcprewrite.(https://github.com/appneta/tcpreplay) thanks a lot.

seladb commented 3 years ago

Theoretically it's possible, yes. But in order for that to work you need to pay attention to many details of the link layer and TCP/IP layers. For example: if you send TCP packets, the server might decide to close a connection unexpectedly or re-transmit some of the packets. If you simply read packets from a pcap file you might get out of sync. This is just one example, there could be many more, including how packets are being routed, how the server "behaves" and so on. So the short answer is that theoretically it's possible but handling all of the different edge cases might be challenging. I hope this answers your question.

seladb commented 3 years ago

I'll close this issue now. Please reopen it if needed.

angelyouyou commented 3 years ago

@seladb Thank you very much for your reply. This idea comes from the fact that we often want to replay or modify some messages in the network to support testing in business scenarios. If you want to implement these functions, which mainly include replaying and modifying (such as IP header or TCP header) messages, what APIs are currently available to help achieve this function? For example, help recalculate UDP, TCP, IP, ICMP checksums, and resend them. May involve PF_RING, LIBCAP, DPDK, SOCKET and so on.

seladb commented 3 years ago

@angelyouyou I'd suggest you take a look at the API of the relevant layers: IPv4: https://pcapplusplus.github.io/api-docs/classpcpp_1_1_i_pv4_layer.html IPv6: https://pcapplusplus.github.io/api-docs/classpcpp_1_1_i_pv6_layer.html TCP: https://pcapplusplus.github.io/api-docs/classpcpp_1_1_tcp_layer.html UDP: https://pcapplusplus.github.io/api-docs/classpcpp_1_1_udp_layer.html These APIs include checksum calculation for the relevant layers. Please let me know if you have any more questions.