appneta/tcpreplay

[Bug] tcprewrite fails to change addresses for ipv6 fragment packets

ChuckCottrill opened this issue · 2 comments

Describe the bug

TCP rewrite fails to parse input pcap file, exits with a TCPEDIT_SOFT_ERROR due to detection of TCPR_IPV6_NH_FRAGMENT in src/common/get.c.

Expected behavior:
TCP rewrite should change source and destination addresses (and all other packet header revisions),
even when the TCPR_IPV6_NH_FRAGMENT proto is set.

To Reproduce
Steps to reproduce the behavior:

  1. Run tcprewrite and observe the output, as follows
tcprewrite -vv -i afail1.pcap -o afail1out.pcap -c cc/afail1.cache -e [2600:bead::1]:[2600:cafe::1] ;
reading from file -, link-type EN10MB (Ethernet), snapshot length 65535
19:11:17.1592871077 IP6 4950:3aa3:964b:a356:60a3:7dea:a836:3200 > 4efa:695:ee19:12d9:4906:6f8b:8bbb:6bd6: frag (0|36) 63927 > 53: 0 [0q] (28)
  1. run tcpdump to show output unchanged:
tcpdump -r afail1-out.pcap -A -XX -s 0 -c 2
reading from file afail1-out.pcap, link-type EN10MB (Ethernet), snapshot length 65535
19:11:17.562141 IP6 4950:3aa3:964b:a356:60a3:7dea:a836:3200 > 4efa:695:ee19:12d9:4906:6f8b:8bbb:6bd6: frag (0|36) 63927 > domain: 0 [0q] (28)
	0x0000:  3480 0d44 4f81 f4a7 39e3 70d4 86dd 6000  4..DO...9.p...`.
	0x0010:  0000 002c 2c37 4950 3aa3 964b a356 60a3  ...,,7IP:..K.V`.
	0x0020:  7dea a836 3200 4efa 0695 ee19 12d9 4906  }..62.N.......I.
	0x0030:  6f8b 8bbb 6bd6 1100 0000 ea26 fa23 f9b7  o...k......&.#..
	0x0040:  0035 0024 f2d8 0000 0000 0000 0000 0000  .5.$............
	0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
	0x0060:  0000                                     ..

Expected behavior

  1. tcprewrite should not fail, and should rewrite the address:
tcprewrite -vv -i afail1.pcap -o afail1-out.pcap -c afail1.cache -e [2600:bead::1]:[2600:cafe::1] ;
reading from file -, link-type EN10MB (Ethernet), snapshot length 65535
19:11:17.1592871077 IP6 2600:bead::1 > 2600:cafe::1: frag (0|36) 63927 > 53: 0 [0q] (28)

Since packet does have data and packet headers are parse-able, tcprewrite should (a) overwrite IPs.

  1. run tcpdump to show output unchanged:
tcpdump -r afail1-out.pcap -A -XX -s 0 -c 2
reading from file cc/afail1-4.4.0.pcap, link-type EN10MB (Ethernet), snapshot length 65535
19:11:17.562141 IP6 2600:bead::1 > 2600:cafe::1: frag (0|36) 63927 > domain: 0 [0q] (28)
	0x0000:  3333 0000 0001 3333 0000 0001 86dd 6000  33....33......`.
	0x0010:  0000 002c 2c37 2600 bead 0000 0000 0000  ...,,7&.........
	0x0020:  0000 0000 0001 2600 cafe 0000 0000 0000  ......&.........
	0x0030:  0000 0000 0001 1100 0000 ea26 fa23 f9b7  ...........&.#..
	0x0040:  0035 0024 f2d8 0000 0000 0000 0000 0000  .5.$............
	0x0050:  0000 0000 0000 0000 0000 0000 0000 0000  ................
	0x0060:  0000                                     ..

Screenshots
If applicable, add screenshots to help explain your problem.

System (please complete the following information):

  • OS: Linux
  • OS: Ubuntu
  • Tcpreplay Version:
    tcprewrite version: 4.4.0 (build git:v4.4.0)
    Copyright 2013-2022 by Fred Klassen - AppNeta
    Copyright 2000-2012 by Aaron Turner
    The entire Tcpreplay Suite is licensed under the GPLv3
    Cache file supported: 04
    Not compiled with libdnet.
    Compiled against libpcap: 1.10.1
    64 bit packet counters: enabled
    Verbose printing via tcpdump: enabled
    Fragroute engine: disabled

Additional context
IPv6 fragments contain valid data and should be handled.
This problem was introduced with version 4.3.0 with issue#488
see also issue#611, which fixed the failing case, but did not fix handling IPV6 fragment handling.
The error message was "Packet length 98 is to short to contain an IPv6 header for DLT 0x0001".
But fragment packets contain valid data.

Additional context
Failed pcap attached.
afail1.pcap.gz

Failed pcap attached.
afail1.pcap.gz

This issue was fixed by PR #832