gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add packet_build.cpp support imitate_tcp_packet() / imitate_udp_packet()

Browse Source
This commit is contained in:
luwenpeng
2024-04-24 11:40:00 +08:00
parent ffead24e45
commit d8963af5f8
16 changed files with 444 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/stellar/packet.h
View File

@@ -24,15 +24,12 @@ enum packet_direction packet_get_direction(const struct packet *pkt);
enum packet_action
{
PACKET_ACTION_FORWARD = 0, // must be zero
PACKET_ACTION_FORWARD = 0,
PACKET_ACTION_DROP = 1,
PACKET_ACTION_DEFER = 2, // TODO
};
void packet_set_action(struct packet *pkt, enum packet_action action);
enum packet_action packet_get_action(const struct packet *pkt);
uint64_t packet_get_session_id(const struct packet *pkt);
const char *packet_get_raw_data(const struct packet *pkt);
uint16_t packet_get_raw_len(const struct packet *pkt);

2
src/ip_reassembly/ip_reassembly.cpp
View File

@@ -718,7 +718,7 @@ static struct packet *ip_frag_reassemble(struct ip_reassembly *assy, struct ip_f
ipv4_hdr_set_mf_flag(ip4_hdr, false); // update more fragment flag
ipv4_hdr_set_frag_offset(ip4_hdr, 0); // update fragment offset
ip4_hdr->ip_sum = 0; // update checksum
ip4_hdr->ip_sum = checksum((char *)ip4_hdr, flow->hdr.l3_len);
ip4_hdr->ip_sum = checksum((const char *)ip4_hdr, flow->hdr.l3_len);
}
else
{

2
src/packet/CMakeLists.txt
View File

@@ -1,4 +1,4 @@
add_library(packet packet.cpp packet_utils.cpp packet_layer.cpp packet_tunnel.cpp)
add_library(packet packet.cpp packet_build.cpp packet_utils.cpp packet_layer.cpp packet_tunnel.cpp checksum.cpp)
target_include_directories(packet PUBLIC ${CMAKE_CURRENT_LIST_DIR})
target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/deps/uthash)
target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/include)

111
src/packet/checksum.cpp Normal file
View File

@@ -0,0 +1,111 @@
#include "checksum.h"
#include <arpa/inet.h>
uint16_t checksum(const char *data, uint16_t len)
{
uint32_t sum = 0;
const uint16_t *ip1 = (const uint16_t *)data;
while (len > 1)
{
sum += *ip1++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return (~sum);
}
uint16_t checksum_v4(const void *l4_hdr_ptr, uint16_t l4_total_len, uint8_t l4_proto, struct in_addr *src_addr, struct in_addr *dst_addr)
{
uint16_t *ip_src = (uint16_t *)src_addr;
uint16_t *ip_dst = (uint16_t *)dst_addr;
const uint16_t *buffer = (u_int16_t *)l4_hdr_ptr;
uint32_t sum = 0;
size_t len = l4_total_len;
while (len > 1)
{
sum += *buffer++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if (len & 1)
{
sum += *((uint8_t *)buffer);
}
sum += *(ip_src++);
sum += *ip_src;
sum += *(ip_dst++);
sum += *ip_dst;
sum += htons(l4_proto);
sum += htons(l4_total_len);
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return ((uint16_t)(~sum));
}
uint16_t checksum_v6(const void *l4_hdr_ptr, uint16_t l4_total_len, uint8_t l4_proto, struct in6_addr *src_addr, struct in6_addr *dst_addr)
{
uint16_t *ip_src = (uint16_t *)src_addr;
uint16_t *ip_dst = (uint16_t *)dst_addr;
const uint16_t *buffer = (u_int16_t *)l4_hdr_ptr;
uint32_t sum = 0;
size_t len = l4_total_len;
while (len > 1)
{
sum += *buffer++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if (len & 1)
{
sum += *((uint8_t *)buffer);
}
for (int i = 0; i < 8; i++)
{
sum += *ip_src;
ip_src++;
}
for (int i = 0; i < 8; i++)
{
sum += *ip_dst;
ip_dst++;
}
sum += htons(l4_proto);
sum += htons(l4_total_len);
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return ((uint16_t)(~sum));
}

28
src/packet/checksum.h
View File

@@ -7,31 +7,9 @@ extern "C"
#include <stdint.h>
// https://datatracker.ietf.org/doc/html/rfc1071
static inline uint16_t checksum(char *data, int len)
{
long sum = 0;
uint16_t *addr = (uint16_t *)data;
while (len > 1)
{
sum += *addr++;
len -= 2;
}
if (len > 0)
{
sum += *(unsigned char *)addr;
}
// Fold 32-bit sum to 16 bits
while (sum >> 16)
{
sum = (sum & 0xffff) + (sum >> 16);
}
return (uint16_t)(~sum);
}
uint16_t checksum(const char *data, uint16_t len);
uint16_t checksum_v4(const void *l4_hdr_ptr, uint16_t l4_total_len, uint8_t l4_proto, struct in_addr *src_addr, struct in_addr *dst_addr);
uint16_t checksum_v6(const void *l4_hdr_ptr, uint16_t l4_total_len, uint8_t l4_proto, struct in6_addr *src_addr, struct in6_addr *dst_addr);
#ifdef __cplusplus
}

2
src/packet/eth_utils.h
View File

@@ -270,7 +270,7 @@ static inline const char *eth_proto_to_str(uint16_t proto)
case ETH_P_IEEE802154:
return "ETH_P_IEEE802154";
case 0x880B:
return "PPP";
return "ETH_P_PPP";
default:
return "ETH_P_UNKNOWN";
}

13
src/packet/packet.cpp
View File

@@ -1487,10 +1487,7 @@ const struct raw_layer *packet_get_outermost_raw_layer(const struct packet *pkt,
return NULL;
}
// TODO
// direction 1: E2I
// direction 0: I2E
uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int direction)
uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, enum packet_direction direction)
{
uint64_t temp = 0;
uint64_t hash_value = 1;
@@ -1549,7 +1546,7 @@ uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int
switch (method)
{
case LDBC_METHOD_HASH_INT_IP:
if (direction)
if (direction == PACKET_DIRECTION_INCOMING)
{
// direction 1: E2I
HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value);
@@ -1561,7 +1558,7 @@ uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int
}
break;
case LDBC_METHOD_HASH_EXT_IP:
if (direction)
if (direction == PACKET_DIRECTION_INCOMING)
{
// direction 1: E2I
HASH_VALUE(outer_src_addr, outer_addr_len, hash_value);
@@ -1578,7 +1575,7 @@ uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int
hash_value = hash_value ^ temp;
break;
case LDBC_METHOD_HASH_INNERMOST_INT_IP:
if (direction)
if (direction == PACKET_DIRECTION_INCOMING)
{
// direction 1: E2I
HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value);
@@ -1590,7 +1587,7 @@ uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int
}
break;
case LDBC_METHOD_HASH_INNERMOST_EXT_IP:
if (direction)
if (direction == PACKET_DIRECTION_INCOMING)
{
// direction 1: E2I
HASH_VALUE(inner_src_addr, inner_addr_len, hash_value);

252
src/packet/packet_build.cpp Normal file
View File

@@ -0,0 +1,252 @@
#include <time.h>
#include "packet_build.h"
#include "checksum.h"
#include "tcp_utils.h"
#include "udp_utils.h"
#include "ipv4_utils.h"
#include "ipv6_utils.h"
#include "packet_priv.h"
#include "packet_utils.h"
#define PACKET_BUILD_LOG_DEBUG(format, ...) LOG_DEBUG("packet build", format, ##__VA_ARGS__)
#define PACKET_BUILD_LOG_ERROR(format, ...) LOG_ERROR("packet build", format, ##__VA_ARGS__)
struct packet_fingerprint
{
// TODO
uint16_t ip_id;
uint8_t ip_ttl;
uint16_t tcp_win;
};
static inline void calc_packet_fingerprint(struct packet_fingerprint *finger)
{
#define RANGE(rand, start, end) (start + rand % (end - start + 1)) // [start, end]
struct timespec time;
clock_gettime(CLOCK_MONOTONIC, &time);
uint64_t random = 0x013579ABCDEF ^ time.tv_nsec;
finger->ip_id = (uint16_t)(RANGE(random, 32767, 65535));
finger->ip_ttl = (uint8_t)(RANGE(random, 48, 120));
finger->tcp_win = (uint16_t)(RANGE(random, 1000, 1460));
}
static void update_tcp_hdr(struct tcphdr *tcphdr, uint32_t seq, uint32_t ack, uint16_t win, uint8_t flags)
{
tcp_hdr_set_seq(tcphdr, seq);
tcp_hdr_set_ack(tcphdr, ack);
tcp_hdr_set_hdr_len(tcphdr, sizeof(struct tcphdr));
tcp_hdr_set_flags(tcphdr, flags);
tcp_hdr_set_window(tcphdr, win);
tcp_hdr_set_urg_ptr(tcphdr, 0);
tcp_hdr_set_checksum(tcphdr, 0);
}
static void update_udp_hdr(struct udphdr *udphdr, int trim)
{
uint16_t total = udp_hdr_get_total_len(udphdr);
udp_hdr_set_total_len(udphdr, total - trim);
udp_hdr_set_checksum(udphdr, 0);
}
static void update_ip4_hdr(struct ip *iphdr, uint16_t ipid, uint8_t ttl, int trim)
{
int hdr_len = ipv4_hdr_get_hdr_len(iphdr);
uint16_t total = ipv4_hdr_get_total_len(iphdr);
ipv4_hdr_set_total_len(iphdr, total - trim);
ipv4_hdr_set_ipid(iphdr, ipid);
ipv4_hdr_set_ttl(iphdr, ttl);
iphdr->ip_sum = 0;
iphdr->ip_sum = checksum((const char *)iphdr, hdr_len);
}
static void update_ip6_hdr(struct ip6_hdr *ip6hdr, int trim)
{
uint16_t len = ipv6_hdr_get_payload_len(ip6hdr);
ipv6_hdr_set_payload_len(ip6hdr, len - trim);
}
struct packet *imitate_tcp_packet(const struct packet *origin_pkt, uint32_t tcp_seq, uint32_t tcp_ack, uint8_t tcp_flags, const char *tcp_payload, uint16_t tcp_payload_len)
{
// check arguments
if (origin_pkt == NULL || (tcp_payload == NULL && tcp_payload_len != 0) || (tcp_payload != NULL && tcp_payload_len == 0))
{
PACKET_BUILD_LOG_ERROR("imitate TCP packet failed, invalid arguments");
return NULL;
}
// check the innermost layer of the original packet
int layers = packet_get_layer_count(origin_pkt);
const struct raw_layer *tcp_layer = packet_get_raw_layer(origin_pkt, layers - 1);
if (tcp_layer == NULL || tcp_layer->proto != LAYER_PROTO_TCP)
{
PACKET_BUILD_LOG_ERROR("imitate TCP packet failed, the innermost layer of the original packet is not TCP");
return NULL;
}
// calculate the new packet length
int trim = tcp_layer->hdr_len + tcp_layer->pld_len - tcp_payload_len - sizeof(struct tcphdr);
uint16_t new_pkt_len = origin_pkt->data_len - origin_pkt->trim_len - trim;
struct packet *new_pkt = packet_new(new_pkt_len);
if (new_pkt == NULL)
{
PACKET_BUILD_LOG_ERROR("imitate TCP packet failed, no space to allocate new packet");
return NULL;
}
// copy the data to the new packet
char *new_pkt_data = (char *)packet_get_raw_data(new_pkt);
memcpy(new_pkt_data, packet_get_raw_data(origin_pkt), tcp_layer->hdr_offset + sizeof(struct tcphdr));
memcpy(new_pkt_data + tcp_layer->hdr_offset + sizeof(struct tcphdr), tcp_payload, tcp_payload_len);
// update the headers of the new packet
struct tcphdr *tcp_hdr = NULL;
struct udphdr *udp_hdr = NULL;
struct ip *ip4_hdr = NULL;
struct ip6_hdr *ip6_hdr = NULL;
struct raw_layer *curr_layer = NULL;
struct raw_layer *last_layer = NULL;
struct packet_fingerprint finger = {0};
calc_packet_fingerprint(&finger);
for (int i = layers - 1; i >= 0; i--)
{
curr_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i);
switch (curr_layer->proto)
{
case LAYER_PROTO_TCP:
tcp_hdr = (struct tcphdr *)(new_pkt_data + curr_layer->hdr_offset);
update_tcp_hdr(tcp_hdr, tcp_seq, tcp_ack, finger.tcp_win, tcp_flags);
break;
case LAYER_PROTO_UDP:
udp_hdr = (struct udphdr *)(new_pkt_data + curr_layer->hdr_offset);
update_udp_hdr(udp_hdr, trim);
break;
case LAYER_PROTO_IPV4:
ip4_hdr = (struct ip *)(new_pkt_data + curr_layer->hdr_offset);
last_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i + 1);
if (last_layer->proto == LAYER_PROTO_TCP)
{
tcp_hdr = (struct tcphdr *)(new_pkt_data + last_layer->hdr_offset);
tcp_hdr->th_sum = checksum_v4(tcp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_TCP, &ip4_hdr->ip_src, &ip4_hdr->ip_dst);
}
if (last_layer->proto == LAYER_PROTO_UDP)
{
udp_hdr = (struct udphdr *)(new_pkt_data + last_layer->hdr_offset);
udp_hdr->uh_sum = checksum_v4(udp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_UDP, &ip4_hdr->ip_src, &ip4_hdr->ip_dst);
}
update_ip4_hdr(ip4_hdr, finger.ip_id, finger.ip_ttl, trim);
break;
case LAYER_PROTO_IPV6:
ip6_hdr = (struct ip6_hdr *)(new_pkt_data + curr_layer->hdr_offset);
last_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i + 1);
if (last_layer->proto == LAYER_PROTO_TCP)
{
tcp_hdr = (struct tcphdr *)(new_pkt_data + last_layer->hdr_offset);
tcp_hdr->th_sum = checksum_v6(tcp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_TCP, &ip6_hdr->ip6_src, &ip6_hdr->ip6_dst);
}
if (last_layer->proto == LAYER_PROTO_UDP)
{
udp_hdr = (struct udphdr *)(new_pkt_data + last_layer->hdr_offset);
udp_hdr->uh_sum = checksum_v6(udp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_UDP, &ip6_hdr->ip6_src, &ip6_hdr->ip6_dst);
}
update_ip6_hdr(ip6_hdr, trim);
break;
case LAYER_PROTO_GRE:
// TODO
break;
default:
break;
}
}
packet_parse(new_pkt, new_pkt_data, new_pkt_len);
memcpy(&new_pkt->meta, &origin_pkt->meta, sizeof(struct metadata));
new_pkt->meta.origin_ctx = NULL;
return new_pkt;
}
struct packet *imitate_udp_packet(const struct packet *origin_pkt, const char *udp_payload, uint16_t udp_payload_len)
{
// check arguments
if (origin_pkt == NULL || (udp_payload == NULL && udp_payload_len != 0) || (udp_payload != NULL && udp_payload_len == 0))
{
PACKET_BUILD_LOG_ERROR("imitate UDP packet failed, invalid arguments");
return NULL;
}
// check the innermost layer of the original packet
int layers = packet_get_layer_count(origin_pkt);
const struct raw_layer *udp_layer = packet_get_raw_layer(origin_pkt, layers - 1);
if (udp_layer == NULL || udp_layer->proto != LAYER_PROTO_UDP)
{
PACKET_BUILD_LOG_ERROR("imitate UDP packet failed, the innermost layer of the original packet is not UDP");
return NULL;
}
// calculate the new packet length
int trim = udp_layer->hdr_len + udp_layer->pld_len - udp_payload_len - sizeof(struct udphdr);
uint16_t new_pkt_len = origin_pkt->data_len - origin_pkt->trim_len - trim;
struct packet *new_pkt = packet_new(new_pkt_len);
if (new_pkt == NULL)
{
PACKET_BUILD_LOG_ERROR("imitate UDP packet failed, no space to allocate new packet");
return NULL;
}
// copy the data to the new packet
char *new_pkt_data = (char *)packet_get_raw_data(new_pkt);
memcpy(new_pkt_data, packet_get_raw_data(origin_pkt), udp_layer->hdr_offset + sizeof(struct udphdr));
memcpy(new_pkt_data + udp_layer->hdr_offset + sizeof(struct udphdr), udp_payload, udp_payload_len);
// update the headers of the new packet
struct udphdr *udp_hdr = NULL;
struct ip *ip4_hdr = NULL;
struct ip6_hdr *ip6_hdr = NULL;
struct raw_layer *curr_layer = NULL;
struct raw_layer *last_layer = NULL;
struct packet_fingerprint finger = {0};
calc_packet_fingerprint(&finger);
for (int i = layers - 1; i >= 0; i--)
{
curr_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i);
switch (curr_layer->proto)
{
case LAYER_PROTO_UDP:
udp_hdr = (struct udphdr *)(new_pkt_data + curr_layer->hdr_offset);
update_udp_hdr(udp_hdr, trim);
break;
case LAYER_PROTO_IPV4:
ip4_hdr = (struct ip *)(new_pkt_data + curr_layer->hdr_offset);
last_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i + 1);
if (last_layer->proto == LAYER_PROTO_UDP)
{
udp_hdr = (struct udphdr *)(new_pkt_data + last_layer->hdr_offset);
udp_hdr->uh_sum = checksum_v4(udp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_UDP, &ip4_hdr->ip_src, &ip4_hdr->ip_dst);
}
update_ip4_hdr(ip4_hdr, finger.ip_id, finger.ip_ttl, trim);
break;
case LAYER_PROTO_IPV6:
ip6_hdr = (struct ip6_hdr *)(new_pkt_data + curr_layer->hdr_offset);
last_layer = (struct raw_layer *)packet_get_raw_layer(origin_pkt, i + 1);
if (last_layer->proto == LAYER_PROTO_UDP)
{
udp_hdr = (struct udphdr *)(new_pkt_data + last_layer->hdr_offset);
udp_hdr->uh_sum = checksum_v6(udp_hdr, new_pkt_len - last_layer->hdr_offset, IPPROTO_UDP, &ip6_hdr->ip6_src, &ip6_hdr->ip6_dst);
}
update_ip6_hdr(ip6_hdr, trim);
break;
case LAYER_PROTO_GRE:
// TODO
break;
default:
break;
}
}
packet_parse(new_pkt, new_pkt_data, new_pkt_len);
memcpy(&new_pkt->meta, &origin_pkt->meta, sizeof(struct metadata));
new_pkt->meta.origin_ctx = NULL;
return new_pkt;
}

15
src/packet/packet_build.h Normal file
View File

@@ -0,0 +1,15 @@
#pragma once
#ifdef __cplusplus
extern "C"
{
#endif
#include <stdint.h>
struct packet *imitate_tcp_packet(const struct packet *origin_pkt, uint32_t tcp_seq, uint32_t tcp_ack, uint8_t tcp_flags, const char *tcp_payload, uint16_t tcp_payload_len);
struct packet *imitate_udp_packet(const struct packet *origin_pkt, const char *udp_payload, uint16_t udp_payload_len);
#ifdef __cplusplus
}
#endif

6
src/packet/packet_priv.h
View File

@@ -95,9 +95,9 @@ const struct raw_layer *packet_get_raw_layer(const struct packet *pkt, int idx);
const struct raw_layer *packet_get_innermost_raw_layer(const struct packet *pkt, enum layer_proto type);
const struct raw_layer *packet_get_outermost_raw_layer(const struct packet *pkt, enum layer_proto type);
// direction 1: E2I
// direction 0: I2E
uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, int direction);
// direction: PACKET_DIRECTION_OUTGOING = 0 (Internal -> External)
// direction: PACKET_DIRECTION_INCOMING = 1 (External -> Internal)
uint64_t packet_get_hash(const struct packet *pkt, enum ldbc_method method, enum packet_direction direction);
#ifdef __cplusplus
}

8
src/packet/test/gtest_packet.cpp
View File

@@ -2851,11 +2851,11 @@ TEST(PACKET, HASH_VALUE)
// buffer: "2001:da8:200:900e:200:5efe:d24d:58a3 0 2600:140e:6::1702:1058 0"
// buffer: "210.77.88.163 0 59.66.4.50 0"
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, 0));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, 0));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, PACKET_DIRECTION_INCOMING) == packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, PACKET_DIRECTION_OUTGOING));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, PACKET_DIRECTION_INCOMING) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, PACKET_DIRECTION_OUTGOING));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 0));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_INT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_EXT_IP, 0));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, PACKET_DIRECTION_INCOMING) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, PACKET_DIRECTION_OUTGOING));
EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_INT_IP, PACKET_DIRECTION_INCOMING) == packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_EXT_IP, PACKET_DIRECTION_OUTGOING));
}
#endif

2
src/packet_io/dumpfile_io.cpp
View File

@@ -203,7 +203,7 @@ static void pcap_packet_handler(u_char *user, const struct pcap_pkthdr *h, const
struct packet pkt;
memset(&pkt, 0, sizeof(struct packet));
packet_parse(&pkt, pcap_pkt->data, pcap_pkt->len);
uint64_t hash = packet_get_hash(&pkt, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 0);
uint64_t hash = packet_get_hash(&pkt, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, PACKET_DIRECTION_OUTGOING);
// push packet to queue
struct lock_free_queue *queue = handle->queue[hash % handle->nr_threads];

408
src/stellar/inject.cpp
View File

@@ -1,12 +1,8 @@
#include <time.h>
#include <errno.h>
#include <assert.h>
#include "times.h"
#include "tcp_utils.h"
#include "udp_utils.h"
#include "ipv4_utils.h"
#include "ipv6_utils.h"
#include "packet_build.h"
#include "packet_io.h"
#include "packet_priv.h"
#include "session_priv.h"
@@ -15,156 +11,6 @@
#define INJECT_PACKET_LOG_ERROR(format, ...) LOG_ERROR("inject packet", format, ##__VA_ARGS__)
#define INJECT_PACKE_LOG_DEBUG(format, ...) LOG_DEBUG("inject packet", format, ##__VA_ARGS__)
struct tcp_fingerprint
{
uint16_t ipid;
uint8_t ttl;
uint16_t win;
};
static uint16_t checksum(const char *data, uint16_t len)
{
uint32_t sum = 0;
const uint16_t *ip1 = (const uint16_t *)data;
while (len > 1)
{
sum += *ip1++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return (~sum);
}
static uint16_t checksum_v4(const void *l4_hdr, uint16_t l4_total_len, uint8_t l4_proto, struct in_addr *src_addr, struct in_addr *dst_addr)
{
uint16_t *ip_src = (uint16_t *)src_addr;
uint16_t *ip_dst = (uint16_t *)dst_addr;
const uint16_t *buffer = (u_int16_t *)l4_hdr;
uint32_t sum = 0;
size_t len = l4_total_len;
while (len > 1)
{
sum += *buffer++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if (len & 1)
{
sum += *((uint8_t *)buffer);
}
sum += *(ip_src++);
sum += *ip_src;
sum += *(ip_dst++);
sum += *ip_dst;
sum += htons(l4_proto);
sum += htons(l4_total_len);
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return ((uint16_t)(~sum));
}
static uint16_t checksum_v6(const void *l4_hdr, uint16_t l4_total_len, uint8_t l4_proto, struct in6_addr *src_addr, struct in6_addr *dst_addr)
{
uint16_t *ip_src = (uint16_t *)src_addr;
uint16_t *ip_dst = (uint16_t *)dst_addr;
const uint16_t *buffer = (u_int16_t *)l4_hdr;
uint32_t sum = 0;
size_t len = l4_total_len;
while (len > 1)
{
sum += *buffer++;
if (sum & 0x80000000)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
len -= 2;
}
if (len & 1)
{
sum += *((uint8_t *)buffer);
}
for (int i = 0; i < 8; i++)
{
sum += *ip_src;
ip_src++;
}
for (int i = 0; i < 8; i++)
{
sum += *ip_dst;
ip_dst++;
}
sum += htons(l4_proto);
sum += htons(l4_total_len);
while (sum >> 16)
{
sum = (sum & 0xFFFF) + (sum >> 16);
}
return ((uint16_t)(~sum));
}
static void update_tcp_hdr(struct tcphdr *tcphdr, uint32_t seq, uint32_t ack, uint16_t win, uint8_t flags)
{
tcp_hdr_set_seq(tcphdr, seq);
tcp_hdr_set_ack(tcphdr, ack);
tcp_hdr_set_hdr_len(tcphdr, sizeof(struct tcphdr));
tcp_hdr_set_flags(tcphdr, flags);
tcp_hdr_set_window(tcphdr, win);
tcp_hdr_set_urg_ptr(tcphdr, 0);
tcp_hdr_set_checksum(tcphdr, 0);
}
static void update_udp_hdr(struct udphdr *udphdr, int trim)
{
uint16_t total = udp_hdr_get_total_len(udphdr);
udp_hdr_set_total_len(udphdr, total - trim);
udp_hdr_set_checksum(udphdr, 0);
}
static void update_ip4_hdr(struct ip *iphdr, uint16_t ipid, uint8_t ttl, int trim)
{
int hdr_len = ipv4_hdr_get_hdr_len(iphdr);
uint16_t total = ipv4_hdr_get_total_len(iphdr);
ipv4_hdr_set_total_len(iphdr, total - trim);
ipv4_hdr_set_ipid(iphdr, ipid);
ipv4_hdr_set_ttl(iphdr, ttl);
iphdr->ip_sum = 0;
iphdr->ip_sum = checksum((char *)iphdr, hdr_len);
}
static void update_ip6_hdr(struct ip6_hdr *ip6hdr, int trim)
{
uint16_t len = ipv6_hdr_get_payload_len(ip6hdr);
ipv6_hdr_set_payload_len(ip6hdr, len - trim);
}
static inline void calc_tcp_seq_ack(const struct session *sess, enum flow_direction inject_dir, uint32_t *seq, uint32_t *ack, uint8_t flags, uint16_t len)
{
/*
@@ -210,183 +56,30 @@ static inline void calc_tcp_seq_ack(const struct session *sess, enum flow_direct
}
}
static inline void calc_tcp_fingerprint(struct tcp_fingerprint *finger)
// return 1 if success
// return 0 if failed
int stellar_send_packet(struct stellar *st, struct packet *pkt)
{
#define RANGE(rand, start, end) (start + rand % (end - start + 1)) // [start, end]
uint64_t time_ms = stellar_get_monotonic_time_msec();
uint16_t thr_idx = stellar_get_current_thread_index();
struct packet_io *packet_io = stellar_get_packet_io(st);
struct session_manager *sess_mgr = stellar_get_session_manager(st);
session_manager_record_duplicated_packet(sess_mgr, pkt, time_ms);
struct timespec time;
clock_gettime(CLOCK_MONOTONIC, &time);
uint64_t random = 0x013579ABCDEF ^ time.tv_nsec;
finger->ipid = (uint16_t)(RANGE(random, 32767, 65535));
finger->ttl = (uint8_t)(RANGE(random, 48, 120));
finger->win = (uint16_t)(RANGE(random, 1000, 1460));
}
// return packet length
static int build_tcp_packet(const struct packet *first, uint16_t ip_id, uint8_t ip_ttl,
uint32_t tcp_seq, uint32_t tcp_ack, uint8_t tcp_flags, uint16_t tcp_win,
const char *tcp_pld, int pld_len, char *pkt_buff, int buff_size)
if (packet_get_origin_ctx(pkt))
{
int trim = 0;
struct tcphdr *tcphdr;
struct udphdr *udphdr;
struct ip *iphdr;
struct ip6_hdr *ip6hdr;
struct raw_layer *curr;
struct raw_layer *last;
int len = packet_get_raw_len(first);
int layers = packet_get_layer_count(first);
if ((tcp_pld == NULL && pld_len > 0) || (tcp_pld != NULL && pld_len <= 0))
{
return -EINVAL;
}
if (len > buff_size)
{
return -ENOMEM;
}
memcpy(pkt_buff, packet_get_raw_data(first), len);
for (int i = layers - 1; i >= 0; i--)
{
curr = (struct raw_layer *)packet_get_raw_layer(first, i);
switch (curr->proto)
{
case LAYER_PROTO_TCP:
trim = curr->hdr_len + curr->pld_len - sizeof(struct tcphdr) - pld_len;
if (len - trim > buff_size)
{
return -ENOMEM;
}
tcphdr = (struct tcphdr *)(pkt_buff + curr->hdr_offset);
update_tcp_hdr(tcphdr, tcp_seq, tcp_ack, tcp_win, tcp_flags);
if (pld_len)
{
memcpy(pkt_buff + curr->hdr_offset + sizeof(struct tcphdr), tcp_pld, pld_len);
}
break;
case LAYER_PROTO_UDP:
udphdr = (struct udphdr *)(pkt_buff + curr->hdr_offset);
update_udp_hdr(udphdr, trim);
break;
case LAYER_PROTO_IPV4:
iphdr = (struct ip *)(pkt_buff + curr->hdr_offset);
last = (struct raw_layer *)packet_get_raw_layer(first, i + 1);
if (last->proto == LAYER_PROTO_TCP)
{
tcphdr = (struct tcphdr *)(pkt_buff + last->hdr_offset);
tcphdr->th_sum = checksum_v4(tcphdr, len - trim - last->hdr_offset, IPPROTO_TCP, &iphdr->ip_src, &iphdr->ip_dst);
}
if (last->proto == LAYER_PROTO_UDP)
{
udphdr = (struct udphdr *)(pkt_buff + last->hdr_offset);
udphdr->uh_sum = checksum_v4(udphdr, len - trim - last->hdr_offset, IPPROTO_UDP, &iphdr->ip_src, &iphdr->ip_dst);
}
update_ip4_hdr(iphdr, ip_id, ip_ttl, trim);
break;
case LAYER_PROTO_IPV6:
ip6hdr = (struct ip6_hdr *)(pkt_buff + curr->hdr_offset);
last = (struct raw_layer *)packet_get_raw_layer(first, i + 1);
if (last->proto == LAYER_PROTO_TCP)
{
tcphdr = (struct tcphdr *)(pkt_buff + last->hdr_offset);
tcphdr->th_sum = checksum_v6(tcphdr, len - trim - last->hdr_offset, IPPROTO_TCP, &ip6hdr->ip6_src, &ip6hdr->ip6_dst);
}
if (last->proto == LAYER_PROTO_UDP)
{
udphdr = (struct udphdr *)(pkt_buff + last->hdr_offset);
udphdr->uh_sum = checksum_v6(udphdr, len - trim - last->hdr_offset, IPPROTO_UDP, &ip6hdr->ip6_src, &ip6hdr->ip6_dst);
}
update_ip6_hdr(ip6hdr, trim);
break;
case LAYER_PROTO_GRE:
return -EPROTONOSUPPORT;
// TODO
break;
default:
break;
assert(0);
packet_io_egress(packet_io, thr_idx, pkt, 1);
return 1;
}
else
{
return packet_io_inject(packet_io, thr_idx, pkt, 1);
}
}
return len - trim;
}
// return packet length
static int build_udp_packet(const struct packet *first, const char *udp_pld, int pld_len, char *pkt_buff, int buff_size)
{
int trim = 0;
struct udphdr *udphdr;
struct ip *iphdr;
struct ip6_hdr *ip6hdr;
struct raw_layer *curr;
struct raw_layer *last;
int len = packet_get_raw_len(first);
int layers = packet_get_layer_count(first);
if ((udp_pld == NULL && pld_len > 0) || (udp_pld != NULL && pld_len <= 0))
{
return -EINVAL;
}
if (len > buff_size)
{
return -ENOMEM;
}
memcpy(pkt_buff, packet_get_raw_data(first), len);
for (int i = layers - 1; i >= 0; i--)
{
curr = (struct raw_layer *)packet_get_raw_layer(first, i);
switch (curr->proto)
{
case LAYER_PROTO_UDP:
trim = curr->hdr_len + curr->pld_len - sizeof(struct udphdr) - pld_len;
if (len - trim > buff_size)
{
return -ENOMEM;
}
udphdr = (struct udphdr *)(pkt_buff + curr->hdr_offset);
update_udp_hdr(udphdr, trim);
if (pld_len)
{
memcpy(pkt_buff + curr->hdr_offset + sizeof(struct udphdr), udp_pld, pld_len);
}
break;
case LAYER_PROTO_IPV4:
iphdr = (struct ip *)(pkt_buff + curr->hdr_offset);
last = (struct raw_layer *)packet_get_raw_layer(first, i + 1);
if (last->proto == LAYER_PROTO_UDP)
{
udphdr = (struct udphdr *)(pkt_buff + last->hdr_offset);
udphdr->uh_sum = checksum_v4(udphdr, len - trim - last->hdr_offset, IPPROTO_UDP, &iphdr->ip_src, &iphdr->ip_dst);
}
update_ip4_hdr(iphdr, 0, 0, trim);
break;
case LAYER_PROTO_IPV6:
ip6hdr = (struct ip6_hdr *)(pkt_buff + curr->hdr_offset);
last = (struct raw_layer *)packet_get_raw_layer(first, i + 1);
if (last->proto == LAYER_PROTO_UDP)
{
udphdr = (struct udphdr *)(pkt_buff + last->hdr_offset);
udphdr->uh_sum = checksum_v6(udphdr, len - trim - last->hdr_offset, IPPROTO_UDP, &ip6hdr->ip6_src, &ip6hdr->ip6_dst);
}
update_ip6_hdr(ip6hdr, trim);
break;
case LAYER_PROTO_GRE:
return -EPROTONOSUPPORT;
// TODO
break;
default:
break;
}
}
return len - trim;
}
static int inject_tcp_packet(struct stellar *st, const struct session *sess, enum flow_direction inject_dir, uint8_t tcp_flags, const char *payload, uint16_t len)
static int inject_tcp_packet(struct stellar *st, const struct session *sess, enum flow_direction inject_dir, uint8_t tcp_flags, const char *tcp_payload, uint16_t tcp_payload_len)
{
#define TCP_FLAGS_LOG_FORMAT "URG:%d, ACK:%d, PSH:%d, RST:%d, SYN:%d, FIN:%d"
#define TCP_FLAGS_LOG_VALUE(flags) \
@@ -394,68 +87,55 @@ static int inject_tcp_packet(struct stellar *st, const struct session *sess, enu
(((flags) & TH_PUSH) ? 1 : 0), (((flags) & TH_RST) ? 1 : 0), \
(((flags) & TH_SYN) ? 1 : 0), (((flags) & TH_FIN) ? 1 : 0)
uint16_t thr_idx = stellar_get_current_thread_index();
uint64_t time_ms = stellar_get_monotonic_time_msec();
struct packet_io *packet_io = stellar_get_packet_io(st);
struct session_manager *sess_mgr = stellar_get_session_manager(st);
if (session_get_type(sess) != SESSION_TYPE_TCP)
{
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
INJECT_PACKET_LOG_ERROR("session %ld %s is not a TCP session, cannot inject TCP packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d)",
session_get_id(sess), session_get0_readable_addr(sess),
TCP_FLAGS_LOG_VALUE(tcp_flags), len);
TCP_FLAGS_LOG_VALUE(tcp_flags), tcp_payload_len);
return 0;
}
const struct packet *pkt = session_get_first_packet(sess, inject_dir);
if (pkt == NULL)
const struct packet *origin_pkt = session_get_first_packet(sess, inject_dir);
if (origin_pkt == NULL)
{
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
INJECT_PACKET_LOG_ERROR("session %ld %s has no %s first packet, cannot inject TCP packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d)",
session_get_id(sess), session_get0_readable_addr(sess),
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), len);
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), tcp_payload_len);
return 0;
}
struct tcp_fingerprint finger = {0};
uint32_t tcp_seq = 0;
uint32_t tcp_ack = 0;
char buff[4096] = {0};
calc_tcp_seq_ack(sess, inject_dir, &tcp_seq, &tcp_ack, tcp_flags, len);
calc_tcp_fingerprint(&finger);
calc_tcp_seq_ack(sess, inject_dir, &tcp_seq, &tcp_ack, tcp_flags, tcp_payload_len);
int pkt_len = build_tcp_packet(pkt, finger.ipid, finger.ttl, tcp_seq, tcp_ack, tcp_flags, finger.win, payload, len, buff, sizeof(buff));
if (pkt_len <= 0)
struct packet *new_pkt = imitate_tcp_packet(origin_pkt, tcp_seq, tcp_ack, tcp_flags, tcp_payload, tcp_payload_len);
if (new_pkt == NULL)
{
INJECT_PACKET_LOG_ERROR("session %ld %s build TCP %s packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d) failed, %s",
INJECT_PACKET_LOG_ERROR("session %ld %s build TCP %s packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d) failed",
session_get_id(sess), session_get0_readable_addr(sess),
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), len, strerror(len));
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), tcp_payload_len);
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
return 0;
}
struct packet inj_pkt;
memset(&inj_pkt, 0, sizeof(inj_pkt));
packet_parse(&inj_pkt, buff, pkt_len);
packet_set_session_id(&inj_pkt, session_get_id(sess));
packet_set_sids(&inj_pkt, session_get_sids(sess, inject_dir));
packet_set_route_ctx(&inj_pkt, session_get_route_ctx(sess, inject_dir));
session_manager_record_duplicated_packet(sess_mgr, &inj_pkt, time_ms);
if (packet_io_inject(packet_io, thr_idx, &inj_pkt, 1) == 1)
int pkt_len = packet_get_raw_len(new_pkt);
if (stellar_send_packet(st, new_pkt) == 1)
{
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_SUCCESS, 1);
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_BYTES_SUCCESS, pkt_len);
INJECT_PACKE_LOG_DEBUG("session %ld %s inject TCP %s packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d) success",
session_get_id(sess), session_get0_readable_addr(sess),
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), len);
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), tcp_payload_len);
return pkt_len;
}
else
{
INJECT_PACKET_LOG_ERROR("session %ld %s inject TCP %s packet (" TCP_FLAGS_LOG_FORMAT ", payload len:%d) failed, packet I/O nospace",
session_get_id(sess), session_get0_readable_addr(sess),
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), len);
flow_direction_to_str(inject_dir), TCP_FLAGS_LOG_VALUE(tcp_flags), tcp_payload_len);
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
return 0;
}
@@ -463,11 +143,6 @@ static int inject_tcp_packet(struct stellar *st, const struct session *sess, enu
static int inject_udp_packet(struct stellar *st, const struct session *sess, enum flow_direction inject_dir, const char *payload, uint16_t len)
{
uint16_t thr_idx = stellar_get_current_thread_index();
uint64_t time_ms = stellar_get_monotonic_time_msec();
struct packet_io *packet_io = stellar_get_packet_io(st);
struct session_manager *sess_mgr = stellar_get_session_manager(st);
if (session_get_type(sess) != SESSION_TYPE_UDP)
{
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
@@ -486,25 +161,18 @@ static int inject_udp_packet(struct stellar *st, const struct session *sess, enu
return 0;
}
char buff[4096] = {0};
int pkt_len = build_udp_packet(pkt, payload, len, buff, sizeof(buff));
if (pkt_len <= 0)
struct packet *new_pkt = imitate_udp_packet(pkt, payload, len);
if (new_pkt == 0)
{
INJECT_PACKET_LOG_ERROR("session %ld %s build UDP %s packet (payload len:%d) failed, %s",
INJECT_PACKET_LOG_ERROR("session %ld %s build UDP %s packet (payload len:%d) failed",
session_get_id(sess), session_get0_readable_addr(sess),
flow_direction_to_str(inject_dir), len, strerror(len));
flow_direction_to_str(inject_dir), len);
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_FAILED, 1);
return 0;
}
struct packet inj_pkt;
memset(&inj_pkt, 0, sizeof(inj_pkt));
packet_parse(&inj_pkt, buff, pkt_len);
packet_set_session_id(&inj_pkt, session_get_id(sess));
packet_set_sids(&inj_pkt, session_get_sids(sess, inject_dir));
packet_set_route_ctx(&inj_pkt, session_get_route_ctx(sess, inject_dir));
session_manager_record_duplicated_packet(sess_mgr, &inj_pkt, time_ms);
if (packet_io_inject(packet_io, thr_idx, &inj_pkt, 1) == 1)
int pkt_len = packet_get_raw_len(new_pkt);
if (stellar_send_packet(st, new_pkt) == 1)
{
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_PACKETS_SUCCESS, 1);
session_inc_stat((struct session *)sess, inject_dir, STAT_INJECTED_BYTES_SUCCESS, pkt_len);

23
src/stellar/stellar.cpp
View File

@@ -68,9 +68,6 @@ static void update_session_stat(struct session *sess, struct packet *pkt)
session_inc_stat(sess, dir, (is_ctrl ? STAT_CONTROL_PACKETS_TRANSMITTED : STAT_RAW_PACKETS_TRANSMITTED), 1);
session_inc_stat(sess, dir, (is_ctrl ? STAT_CONTROL_BYTES_TRANSMITTED : STAT_RAW_BYTES_TRANSMITTED), len);
break;
case PACKET_ACTION_DEFER:
// TODO
break;
default:
assert(0);
break;
@@ -226,9 +223,8 @@ static void *work_thread(void *arg)
packet_set_action(pkt, PACKET_ACTION_DROP);
}
update_session_stat(sess, pkt);
switch (packet_get_action(pkt))
if (packet_get_action(pkt) == PACKET_ACTION_DROP)
{
case PACKET_ACTION_DROP:
if (pkt == defraged_pkt)
{
packet_io_drop(packet_io, thr_idx, &packets[i], 1);
@@ -238,8 +234,9 @@ static void *work_thread(void *arg)
{
packet_io_drop(packet_io, thr_idx, pkt, 1);
}
break;
case PACKET_ACTION_FORWARD:
}
else // PACKET_ACTION_FORWARD
{
if (pkt == defraged_pkt)
{
packet_io_egress(packet_io, thr_idx, &packets[i], 1);
@@ -249,18 +246,6 @@ static void *work_thread(void *arg)
{
packet_io_egress(packet_io, thr_idx, pkt, 1);
}
case PACKET_ACTION_DEFER:
if (pkt == defraged_pkt)
{
// TODO
// defer current packe: &packets[i], free defraged_pkt, update meta
packet_free(defraged_pkt);
}
else
{
// do nothing
}
break;
}
}

1
src/stellar/stellar_priv.h
View File

@@ -14,6 +14,7 @@ extern "C"
struct packet_io *stellar_get_packet_io(const struct stellar *st);
struct session_manager *stellar_get_session_manager(const struct stellar *st);
struct plugin_manager_schema *stellar_get_plugin_manager(const struct stellar *st);
// TODO fix plugin manager, delete this function
void stellar_set_plugin_manger(struct stellar *st, struct plugin_manager_schema *plug_mgr);
#ifdef __cplusplus

1
src/stellar/version.map
View File

@@ -8,7 +8,6 @@ global:
packet_prepend_sids;
packet_get_direction;
packet_get_session_id;
packet_set_action;
packet_get_action;
packet_get_raw_data;