Package: tcpreplay
Version: 2.99+3.0.beta11-3
Severity: normal
Tags: patch
Hi,
as explained in #414613, I'm rewriting DLT_RAW pcap files into DLT_EN10MB
ones. The input files have IP packets longer than the default Ethernet
MTU (~1500 bytes). This is recognized by tcprewrite (with the patch
from #414613 to make the '--dlt' option work):
% tcpdump -n -r ~/ulogd.pcap
reading from file /home/niko/ulogd.pcap, link-type RAW (Raw IP)
22:09:27.498937 IP 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq
1, length 64
22:09:28.497930 IP 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq
2, length 64
22:09:29.496935 IP 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq
3, length 64
22:09:33.319169 IP 192.168.1.6 192.168.1.1: ICMP echo request, id 50242, seq
1, length 2008
22:09:34.320310 IP 192.168.1.6 192.168.1.1: ICMP echo request, id 50242, seq
2, length 2008
% tcprewrite --dlink=ff,ff,de,ad,be,ef,00,00,de,ad,be,ef,08,00 --dlt=1 -i
~/ulogd.pcap -o ~/ethernet.pcap
Packet length (2042) is greater then MTU (1514); skipping packet.
Packet length (2042) is greater then MTU (1514); skipping packet.
Surprisingly, the 'skipping packet' part isn't actually true: tcprewrite
is outputting the raw packet rather than skipping it.
% tcpdump -e -n -r ~/ethernet.pcap
22:09:27.498937 00:00:de:ad:be:ef ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800),
length 98: 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq 1,
length 64
22:09:28.497930 00:00:de:ad:be:ef ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800),
length 98: 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq 2,
length 64
22:09:29.496935 00:00:de:ad:be:ef ff:ff:de:ad:be:ef, ethertype IPv4 (0x0800),
length 98: 192.168.1.6 192.168.1.1: ICMP echo request, id 49474, seq 3,
length 64
22:09:33.319169 00:00:40:01:bf:9d 45:00:07:ec:30:1c, ethertype Unknown
(0xc0a8), length 2028:
0x: 0106 c0a8 0101 0800 00cc c442 0001 7db3 ...B..}.
[etc.]
Looking at the code, there's no check for tcpedit_packet() returning zero.
The attached patch works for me, and makes tcprewrite really skip the
packets that are too big.
Please consider including the patch.
Cheers,
--
Niko Tyni [EMAIL PROTECTED]
--- tcpreplay-2.99+3.0.beta11/src/tcprewrite.c
+++ tcpreplay-2.99+3.0.beta11/src/tcprewrite.c
@@ -200,6 +200,7 @@
struct pcap_pkthdr *pkthdr = NULL; /* packet header */
const u_char *pktdata = NULL; /* packet from libpcap */
COUNTER packetnum = 0;
+int ret;
/* MAIN LOOP
* Keep sending while we have packets or until
@@ -228,8 +229,10 @@
if (cache_result == CACHE_NOSEND)
goto WRITE_PACKET; /* still need to write it so cache stays in sync */
-if (tcpedit_packet(tcpedit, pkthdr, (u_char**)pktdata, cache_result) == -1) {
+if ((ret = tcpedit_packet(tcpedit, pkthdr, (u_char**)pktdata, cache_result)) == -1) {
return -1;
+} else if (ret == 0) {
+continue;
}