[Feature] recalculate IPv6 Fragment header checksum
Opened this issue · 3 comments
Overview
The tcpreplay program tcprewrite
does not support IPv6 FRAG(mented) header checksum recalculation. The protocol 0x2c
is not included in the switch statement, and thus a TCPEDIT_WARN
is generated and the header checksum is not recalculated.
The option --fixcsum
does not work against the original 11465.0-0.unknown_1.v6.pcap
pcap (and others) due to how the protocol value supplied to do_checksum()
is handled. The protocol is IPV6-FRAG(mented). There is a switch statement where the protocol value (== 0x2c)
is not one of the recognized values. The tcprewrite
code explicitly returns indication (TCPEDIT_WARN
) that certain packets (both TCP and HTTP) do not have their checksum recalculated.
Since the checksum needs to be correctly calculated, this incorrect checksum causes the pcap to fail testing.
Expected Behavior
An IPV6 FRAGmented packet should have correct checksum calculated when packet is rewritten.
Description of desired solution
Since tcpreplay does not support IPv6-FRAG(ment) header checksum recalculation. The protocol 0x2c
is not included in the switch statement, and thus a TCPEDIT_WARN
is generated and the header checksum is not recalculated.
What is desired is that the protocol 0x2c
be recognized and the correct header checksum be calculated and replaced, rather than the warning TCPEDIT_WARN
generated, and the generated pcap file not be corrupted with an invalid checksum.
Add the protocol 0x2c
to the constants src/tcpr.h
#ifndef IPPROTO_TCP_V6FRAG
#define IPPROTO_TCP_V6FRAG 0x2c
#endif
#ifndef IPPROTO_HTTP_V6FRAG
#define IPPROTO_HTTP_V6FRAG 0x2c
#endif
And the protocol added to the switch statement in src/tcpedit/checksum.c
case IPPROTO_TCP:
case IPPROTO_TCP_V6FRAG:
// case IPPROTO_HTTP_V6FRAG:
protoname = "IPPROTO_TCP";
if (len < (int)sizeof(tcp_hdr_t)) {
tcpedit_setwarn(tcpedit, "%s", "Unable to checksum TCP with insufficient L4 data");
return TCPEDIT_WARN;
}
tcp = (tcp_hdr_t *)(data + ip_hl);
#ifdef STUPID_SOLARIS_CHECKSUM_BUG
tcp->th_sum = tcp->th_off << 2;
return (TCPEDIT_OK);
#endif
tcp->th_sum = 0;
/* Note, we do both src & dst IP's at the same time, that's why the
* length is 2x a single IP
*/
if (ipv6 != NULL) {
sum = do_checksum_math((uint16_t *)&ipv6->ip_src, 32);
} else {
sum = do_checksum_math((uint16_t *)&ipv4->ip_src, 8);
}
sum += ntohs(IPPROTO_TCP + len);
sum += do_checksum_math((uint16_t *)tcp, len);
tcp->th_sum = CHECKSUM_CARRY(sum);
break;
see:
To Reproduce
Steps to reproduce the behavior:
- have pcap with
protocol == 0x2c
(IPV6 FRAG
(mented)) - run
tcpprep
on pcap - run
tcprewrite
on pcap (change src/dest ip address to precipitate checksum recalculation) - examine rewritten pcap in wireshark, observe that checksum is incorrect
Describe alternatives you've considered
The header checksum is not correctly rewritten by tcpreplay in this situation.
Either:
a) do nothing (unacceptable),
b) rewrite checksum using some external program,
c) recalculate header checksum for these packets (this solution)
d) ideas? suggestions? how else can we recalculate header checksums?
Additional context
The TCP case can be fixed with a patch to allow protocol value 0x2c
to be handled the same way as IPPROTO_TCP
, but this patch does not work for (HTTP protocol). Further investigation is needed.
Screenshots
If applicable, add screenshots to help explain your problem.
System (please complete the following information):
- OS: Ubuntu Linux
- OS version
- Tcpreplay Version [e.g. 4.4.4]
Additional context
Add any other context about the problem here.
layer-2 checksum is correct.
layer-4 (TCP) checksum is incorrect
IPv4 has checksum
https://en.wikipedia.org/wiki/Internet_checksum
IPv6 does not have checksum
https://networkengineering.stackexchange.com/questions/64803/why-does-the-ipv6-header-not-include-a-checksum
IPv4, IPv6 Headers
https://notes.shichao.io/tcpv1/ch5/
RFC-1701 checksum
https://www.packetmania.net/en/2021/12/26/IPv4-IPv6-checksum/
RFC-1141 incremental update checksum
https://datatracker.ietf.org/doc/html/rfc1141
TCP pseudo-header
http://www.tcpipguide.com/free/t_TCPChecksumCalculationandtheTCPPseudoHeader-2.htm
see issue: #897