Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tcprewrite only checks packets against the first CIDR pair in the --srcipmap option #199

Closed
cdunklau opened this issue Aug 27, 2015 · 2 comments
Closed

tcprewrite only checks packets against the first CIDR pair in the --srcipmap option #199

cdunklau opened this issue Aug 27, 2015 · 2 comments
Assignees
@fklassen
Labels
4.1.1 bug
Milestone
4.1.1

Comments

@cdunklau
Copy link

I originally found this with tcprewrite version 3.4.4, and verified it still exists on 4.1.0beta2. It looks like tcprewrite only checks packets against the first CIDR pair in the --srcipmap option. It may only be when dealing with host IPs (/32), but I wasn't able to test with wider ranges.

I have a pcap with a two packets, each from a different source.

cdunklau@krusty:~$ /usr/sbin/tcpdump -nnvv -e -r multiple-sources-snipsnip.pcap 
reading from file multiple-sources-snipsnip.pcap, link-type EN10MB (Ethernet)
14:29:59.121536 5c:77:57:00:31:34 > 01:00:5e:30:29:c9, ethertype IPv4 (0x0800), length 1358: (tos 0x0, ttl 64, id 18138, offset 0, flags [DF], proto UDP (17), length 1344)
    10.129.176.41.36517 > 239.176.41.201.4900: [udp sum ok] UDP, length 1316
14:29:59.125991 5c:77:57:00:21:0a > 01:00:5e:30:2b:65, ethertype IPv4 (0x0800), length 606: (tos 0x0, ttl 64, id 31154, offset 0, flags [DF], proto UDP (17), length 592)
    10.129.176.43.47171 > 239.176.43.101.4900: [udp sum ok] UDP, length 564
cdunklau@krusty:~$

I try to rewrite both sources (.41 and .43) to my IP (.81) so I can stream it out without the switch complaining...

cdunklau@krusty:~$ /home/cdunklau/Development/tcpreplay-4.1.0beta2/src/tcprewrite -d 1 --fixcsum --srcipmap=10.129.176.41/32:10.129.176.81,10.129.176.43/32:10.129.176.81 --enet_smac=fc:4d:d4:d3:e6:60 -i multiple-sources-snipsnip.pcap -o multiple-sources-rewritten.pcap
DEBUG1 in tcpedit.c:tcpedit_init() line 339: Input file (1) datalink type is EN10MB

DEBUG1 in tcprewrite.c:main() line 102: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 107: DLT of dlt_pcap is EN10MB
DEBUG1 in cidr.c:ip_in_cidr() line 495: The ip 10.129.176.41 is inside of 41.176.129.10/32
DEBUG1 in cidr.c:ip_in_cidr() line 501: The ip 10.129.176.43 is not inside of 41.176.129.10/32
cdunklau@krusty:~$

But it only checks the first mapping, not the second, and doesn't rewrite the second source (.43). Here's proof:

cdunklau@krusty:~$ /usr/sbin/tcpdump -nnvv -e -r multiple-sources-rewritten.pcap 
reading from file multiple-sources-rewritten.pcap, link-type EN10MB (Ethernet)
14:29:59.121536 fc:4d:d4:d3:e6:60 > 01:00:5e:30:29:c9, ethertype IPv4 (0x0800), length 1358: (tos 0x0, ttl 64, id 18138, offset 0, flags [DF], proto UDP (17), length 1344)
    10.129.176.81.36517 > 239.176.41.201.4900: [udp sum ok] UDP, length 1316
14:29:59.125991 fc:4d:d4:d3:e6:60 > 01:00:5e:30:2b:65, ethertype IPv4 (0x0800), length 606: (tos 0x0, ttl 64, id 31154, offset 0, flags [DF], proto UDP (17), length 592)
    10.129.176.43.47171 > 239.176.43.101.4900: [udp sum ok] UDP, length 564
cdunklau@krusty:~$

I tried it also without specifying CIDR form, just giving the IPs directly, and the same issue occurs:

cdunklau@krusty:~$ /home/cdunklau/Development/tcpreplay-4.1.0beta2/src/tcprewrite -d 1 --fixcsum --srcipmap=10.129.176.41:10.129.176.81,10.129.176.43:10.129.176.81 --enet_smac=fc:4d:d4:d3:e6:60 -i multiple-sources-snipsnip.pcap -o multiple-sources-rewritten.pcap
DEBUG1 in tcpedit.c:tcpedit_init() line 339: Input file (1) datalink type is EN10MB

DEBUG1 in tcprewrite.c:main() line 102: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 107: DLT of dlt_pcap is EN10MB
DEBUG1 in cidr.c:ip_in_cidr() line 495: The ip 10.129.176.41 is inside of 41.176.129.10/32
DEBUG1 in cidr.c:ip_in_cidr() line 501: The ip 10.129.176.43 is not inside of 41.176.129.10/32
cdunklau@krusty:~$ 
cdunklau@krusty:~$ 
cdunklau@krusty:~$ 
cdunklau@krusty:~$ /usr/sbin/tcpdump -nnvv -e -r multiple-sources-rewritten.pcap
reading from file multiple-sources-rewritten.pcap, link-type EN10MB (Ethernet)
14:29:59.121536 fc:4d:d4:d3:e6:60 > 01:00:5e:30:29:c9, ethertype IPv4 (0x0800), length 1358: (tos 0x0, ttl 64, id 18138, offset 0, flags [DF], proto UDP (17), length 1344)
    10.129.176.81.36517 > 239.176.41.201.4900: [udp sum ok] UDP, length 1316
14:29:59.125991 fc:4d:d4:d3:e6:60 > 01:00:5e:30:2b:65, ethertype IPv4 (0x0800), length 606: (tos 0x0, ttl 64, id 31154, offset 0, flags [DF], proto UDP (17), length 592)
    10.129.176.43.47171 > 239.176.43.101.4900: [udp sum ok] UDP, length 564
cdunklau@krusty:~$

I try to switch the order of the mapping, and this confirms that tcprewrite only appears to look at the first mapping:

cdunklau@krusty:~$ /home/cdunklau/Development/tcpreplay-4.1.0beta2/src/tcprewrite -d 1 --fixcsum --srcipmap=10.129.176.43:10.129.176.81,10.129.176.41:10.129.176.81 --enet_smac=fc:4d:d4:d3:e6:60 -i multiple-sources-snipsnip.pcap -o multiple-sources-rewritten.pcap
DEBUG1 in tcpedit.c:tcpedit_init() line 339: Input file (1) datalink type is EN10MB

DEBUG1 in tcprewrite.c:main() line 102: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 107: DLT of dlt_pcap is EN10MB
DEBUG1 in cidr.c:ip_in_cidr() line 501: The ip 10.129.176.41 is not inside of 43.176.129.10/32
DEBUG1 in cidr.c:ip_in_cidr() line 495: The ip 10.129.176.43 is inside of 43.176.129.10/32
cdunklau@krusty:~$ 
cdunklau@krusty:~$ /usr/sbin/tcpdump -nnvv -e -r multiple-sources-rewritten.pcap
reading from file multiple-sources-rewritten.pcap, link-type EN10MB (Ethernet)
14:29:59.121536 fc:4d:d4:d3:e6:60 > 01:00:5e:30:29:c9, ethertype IPv4 (0x0800), length 1358: (tos 0x0, ttl 64, id 18138, offset 0, flags [DF], proto UDP (17), length 1344)
    10.129.176.41.36517 > 239.176.41.201.4900: [udp sum ok] UDP, length 1316
14:29:59.125991 fc:4d:d4:d3:e6:60 > 01:00:5e:30:2b:65, ethertype IPv4 (0x0800), length 606: (tos 0x0, ttl 64, id 31154, offset 0, flags [DF], proto UDP (17), length 592)
    10.129.176.81.47171 > 239.176.43.101.4900: [udp sum ok] UDP, length 564
@cdunklau
Copy link
Author

To assist reproduction, here is a base64 dump of the pcap file. The md5 checksum of the file is included:

cdunklau@krusty:~$ md5sum multiple-sources-snipsnip.pcap 
5390da70d444a87a400c6c8d586068be  multiple-sources-snipsnip.pcap
cdunklau@krusty:~$ base64 multiple-sources-snipsnip.pcap
1MOyoQIABAAAAAAAAAAAAP//AAABAAAAxwLfVcDaAQBOBQAATgUAAAEAXjApyVx3VwAxNAgARQAF
QEbaQABAERqvCoGwKe+wKcmOpRMkBSxJs0cAIRBXN0+GxHzZq/N9iK74rrvriib6bKrQS9FZfQjZ
7/Fm51VquTf3q/r4glns+71f163q9H9VxAnvfVb12u9171J5Fyq9eul37TEdounR/WfQjY06P9eu
0TYf5dFlk13p9ZPJez2ifTL12VPrstFpb1yBDvJ7apND6Lfff6E+9/2J731yLiZvbWq5S78/tegU
FTT5vTfMRRgFhrKVCFHDH+2A7eIas4dHiB+XGZz3ZhjkX41bK2tuKDt2RwAhEdfdbzeD/krvQ7QK
iTdS93l6pp+Y0GiBQo4onTY0/l3XUL2T/H/lrr5erIk6+YbT/CHXr1+Xrz5OEq+v4qj77rsZ2XjC
o/Zez39e106tdohL6bW9/r1Uqp10tJkv9V2LS/VVkfXqTW7aqv2al1yVxfm/MgJkrXS+Xk9dHeuR
I+bUvMJfrsRtXyCe/XxHvu65I6bP+CLfeI1Wvs298oSZ+6XqEt/f5RO38IafZTzh7mInraixEHis
/qJHACES6eq/SE7f2S5Ruzt7IL6rpk+BfRhtaeFDCDa6r4VRj9Nchme2+Q7L+5If2df4R8eOCd3T
/Epm4XxR0fp65uvxl/svevyfIZeppTM6PiSGOx0fEkIbvl1k7IY9/bFW/fq4hmv7Josn4pO7338J
Et79SeVhIa/39eiGpfVdq/0XvVr1WvJ8hN6ona7X2Sy3pCX9G7FupTEQ/5CW/yFrl5SNff3t/4rp
2fy9HrSpyie3onzD+65DU6fXT0cAIRNbVcvpp9VxforLWT1XBIftv5hZuWu3yoWfX3ykL142Yzf8
JH36UvJR9cnf5DX/KfJX0EglZ+i098y6YgiNOz7qkTftTRAhl/ZSe7pGjhJkGC8s5K9iCWI9EPZU
qem0QQIzQZ9nkRuy77Uq0pooTyzZf0CcRXGjRODdjuFRAkJt2+Tp+aaPzIUujt+NTbPqVfN7fmOW
tl83Zcq81RJPlr/J5TFcp9OqJXCXp711ivkvyIpftEGJPeyNRwAhFHtk6JE+Y99JPrjwhZUfZN++
ghRIvo+i8tEioly7LT5a4uy+y8hujrk2WWmURRfepa1/L1kVcoT3ri1tdO6RibPrVd/0ud86+LPm
d67NJZPJ5K7Oj75j7t52YJB6nCjX62iE2fOwmIr6D7fyBnf5j9PwR9+XFzduoK/31l19mMh/m9Cy
SDNT9UmR6HzSFY/kmo/5eWuiUidH8Jk79aTJNf5EUR2VlLXNEiUJF7L4j0XZXopOR5MmBR1HACEV
WDIWGBIgTS8D3d8DULENlCVh77XafGs/Z8SzGjPPnEiBp/PM84/hn8W+zf4JTYe+WYeswsxl4sEp
yKz/Tf8fL4jh4+F69h1LBNxg+GiNPvc/wdCxGnp/iySTfwPQkR7s/iRLu/xPiRGuv4no4js2dP40
Rt9fjRBoxjyvxr5P4kQd37+UT5yGj2PxYjs06f41nZmq/xpN/jRG/X416/GiKabdNz9/4sQZy+t/
d78SxF/nED3cf5fzp0cAIRZNnjjiKdnv5RIi/n7L4sRZp23f40hq/FurN+xZL/BaNECFRdF8ogl1
PPPMB117CI0RQM9F+r5mqIZ/BMLZQHvvTp5xIh1yVJv2IMyZAO9eB3r2DrrwO9e8QXTfJvtN8m+w
uJEOcz2vnOIiGgZfctt+ziE8e0DrtEEWr5rtLRGLEN3THz5j54p/DAtxYzpG/EixFnz6PdbDDwsQ
d39tfBwL5RJD18CCJEV7/ZxASHcN+ymiA7y8Drl7xwLfVSfsAQBeAgAAXgIAAAEAXjArZVx3VwAh
CggARQACUHmyQABAEekoCoGwK++wK2W4QxMkAjyMIkdAJBEAAAHAAYmBgAchP2Vwb/////lMgC//
/CELz6Du2+z6uAsLCT6yEXcAgAAAAABQQopTp7DvaR8eRoBs9ILB51YEsqZmUovG5KiRsHLbLXXa
KZy721mPFjO1PZQAcs7JWXfF4856d+2EOxwKJzt+urK/nXye9m74P2G9Uxql0paeWMKnxwc+68lq
chDkKrRm0kMLgL4QvmvPOuhd8Hwecq9N5cYHbdy+E9Q1a9e23Ki93O3KzOBhLBNHRwAkEj0V24u8
d/IXWuAiG+fdG7rpeS25tupyFK9PIZKBik9QfWlD1IVUfxkIAAAAAACQD32NohOWbrGXXvWPQnNo
8aW10zfQig02x9ivcnVkTwzn2hPbpTBmIQRmglKzoNYafBa7RzZ0dInCmnOcUKYdnV6LkZsuzKOt
ZoZazV0se+1Z21N5xsG1pa8q6Tg2L8a/Gk1+LjlsaaNMk552FwwvTtrp1x12KN90bW5cOr5fHqOU
rsbPZ/Cw/LdHACQzmAD/////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////OaH4jXZt
G2XLbptX395j6l+59TiVlStuxTHYcoYezg==

@fklassen fklassen added this to the 4.1.1 milestone Dec 15, 2015
@fklassen fklassen self-assigned this Dec 15, 2015
fklassen added a commit that referenced this issue Dec 15, 2015
@fklassen
#199 support for multiple IP CIDR
d8d253e
@fklassen fklassen mentioned this issue Dec 15, 2015
Merged
fklassen added a commit that referenced this issue Dec 15, 2015
@fklassen
#199 update CHANGELOG
8195e9f
fklassen added a commit that referenced this issue Dec 15, 2015
@fklassen
Merge pull request #222 from appneta/Bug_#199_multiple_ip_cidr_support
81fb6b3 
#199 support for multiple IP CIDR
@fklassen
Copy link
Member 

$ src/tcprewrite -d 1 --fixcsum --srcipmap=10.129.176.41/32:10.129.176.81,10.129.176.43/32:10.129.176.81 --enet_smac=fc:4d:d4:d3:e6:60 -i multiple-sources-snipsnip.pcap -o multiple-sources-rewritten.pcap
DEBUG1 in tcpedit.c:tcpedit_init() line 339: Input file (1) datalink type is EN10MB

DEBUG1 in tcprewrite.c:main() line 102: Rewriting DLT to EN10MB
DEBUG1 in tcprewrite.c:main() line 107: DLT of dlt_pcap is EN10MB
DEBUG1 in cidr.c:ip_in_cidr() line 495: The ip 10.129.176.41 is inside of 10.129.176.41/32
DEBUG1 in cidr.c:ip_in_cidr() line 501: The ip 10.129.176.43 is not inside of 10.129.176.41/32
DEBUG1 in cidr.c:ip_in_cidr() line 495: The ip 10.129.176.43 is inside of 10.129.176.43/32

$ tcpdump -nnvv -e -r multiple-sources-rewritten.pcap
reading from file multiple-sources-rewritten.pcap, link-type EN10MB (Ethernet)
04:29:59.121536 fc:4d:d4:d3:e6:60 > 01:00:5e:30:29:c9, ethertype IPv4 (0x0800), length 1358: (tos 0x0, ttl 64, id 18138, offset 0, flags [DF], proto UDP (17), length 1344)
    10.129.176.81.36517 > 239.176.41.201.4900: [udp sum ok] UDP, length 1316
04:29:59.125991 fc:4d:d4:d3:e6:60 > 01:00:5e:30:2b:65, ethertype IPv4 (0x0800), length 606: (tos 0x0, ttl 64, id 31154, offset 0, flags [DF], proto UDP (17), length 592)
    10.129.176.81.47171 > 239.176.43.101.4900: [udp sum ok] UDP, length 564

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fklassen fklassen

Labels
4.1.1 bug
Projects
None yet
Milestone
4.1.1
Development

No branches or pull requests
2 participants
@cdunklau @fklassen