Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] tcprewrite provides incorrect checksum for certain ipv4 packets #848

Open
ChuckCottrill opened this issue Feb 29, 2024 · 0 comments
Open

[Bug] tcprewrite provides incorrect checksum for certain ipv4 packets #848

ChuckCottrill opened this issue Feb 29, 2024 · 0 comments

Comments

@ChuckCottrill
Copy link

The tcprewrite program changes packet length to an undesirable (incorrect) value.

Describe the bug
TCP rewrite appears to change packet length incorrectly, due to incorrect handling of minimum length packets;
this could cause incorrect checksum (which could be interpreted as a spoofing attempt and discard packet).

Expected behavior:
TCP rewrite should correctly change packet length (more to follow).

To Reproduce

Steps to reproduce the behavior:

  1. uncompress packet captures:
mkdir -p pcaps
unzip tcprewrite-pcaps.zip
cp tcprewrite-pcaps/pcap-original-packet-3.pcap pcaps/.
  1. Run tcprewrite version 4.4.0 and observe the output, as follows
# version 4.4.0
VERSION="4.4.0"
# prepare
tcpreplay-4.4.0/src/tcpprep \
    --cidr=0.0.0.0/0 \
    --pcap=pcaps/pcap-original-packet-3.pcap \
    --cachefile=pcaps/pcap.cache
# use tcprewrite to rewrite packet addresses
tcpreplay-4.4.0/src/tcprewrite \
    --cachefile=pcaps/pcap.cache \
    --infile=pcaps/pcap-original-packet-3.pcap \
    --outfile=pcaps/cap-4.4.0-packet-out.pcap \
    --endpoints=10.200.1.1:10.200.1.2
  1. Run tcprewrite version 4.4.1 and observe the output, as follows
# version 4.4.1
# prepare
tcpreplay-4.4.1/src/tcpprep \
    --cidr=0.0.0.0/0 \
    --pcap=pcaps/pcap-original-packet-3.pcap \
    --cachefile=pcaps/pcap.cache
# use tcprewrite to rewrite packet addresses
tcpreplay-4.4.1/src/tcprewrite \
    --cachefile=pcaps/pcap.cache \
    --infile=pcaps/pcap-original-packet-3.pcap \
    --outfile=pcaps/cap-4.4.1-packet-out.pcap \
    --endpoints=10.200.1.1:10.200.1.2
  1. compare files, should be identical
bdiff pcaps/cap-4.4.0-packet-out.pcap pcaps/cap-4.4.1-packet-out.pcap

Packet Captures

Packet Captures to Reproduce:

  • pcap-original-packet-3.pcap
  • pcap-4.4.0-packet-3.pcap
  • pcap-4.4.1-packet-3.pcap

Examine packets

Use Wireshark to examine and compare both packets.

  • Note that the ver 4.4.1 reports incorrect checksum.
  • Note also that packet length was changed, which is different behavior from desired.
  • Perhaps a flag to specify whether length change is needed or desired?

Screenshots
N/A - use Wireshark to view packets

System (please complete the following information):

  • OS: Linux
  • OS version
    • Linux hostname 5.15.0-71-generic #78-Ubuntu SMP datetime x86_64 x86_64 x86_64 GNU/Linux
  • Tcpreplay Version [4.4.1] versus [4.4.0]

Additional context
The changed length results in an erroneous checksum which results in dropped packet(s).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ChuckCottrill