Opened 10 years ago

Last modified 10 years ago

#427 assigned enhancement

[PATCH] Rewrite client-ips only

Reported by: r-tcpreplay@… Owned by: Aaron Turner
Priority: medium Milestone: 4.0.0
Component: tcprewrite Version: 3.4.3
Keywords: rewrite client-ip only Cc:
Operating System: Linux Add to FAQ?: no
Hardware: All
Output of tcpreplay -V: tcpreplay version: 3.4.3 (build 2375) Copyright 2001-2009 by Aaron Turner <aturner at synfin dot net> Cache file supported: 04 Not compiled with libdnet. Compiled against libpcap: 0.9.4 64 bit packet counters: enabled Verbose printing via tcpdump: enabled Packet editing: enabled Fragroute engine: disabled Injection method: PF_PACKET send()

Description

I did apply the following change in order to be able to rewrite only the clien-ips. The benefit or this is that I can record a single session of a user accessing the website, and duplicate that session to simulate a multitude of end-users, each from different client-ips (so different tcp-sessions). I don't know how I can make this a configurable option to the end-user, sorry.

--- tcpreplay-3.4.3/src/tcpedit/edit_packet.c   2009-06-25 20:45:51.000000000 +0200
+++ rbrtcpreplay-3.4.2/src/tcpedit/edit_packet.c        2010-03-30 16:35:48.000000000 +0200
@@ -165,7 +165,7 @@
  */
 int
 randomize_ipv4(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr,
-        u_char *pktdata, ipv4_hdr_t *ip_hdr)
+        u_char *pktdata, ipv4_hdr_t *ip_hdr, tcpr_dir_t direction)
 {
 #ifdef DEBUG
     char srcip[16], dstip[16];
@@ -178,35 +178,52 @@
 #ifdef DEBUG
     strlcpy(srcip, get_addr2name4(ip_hdr->ip_src.s_addr, RESOLVE), 16);
     strlcpy(dstip, get_addr2name4(ip_hdr->ip_dst.s_addr, RESOLVE), 16);
-#endif

     /* randomize IP addresses based on the value of random */
     dbgx(1, "Old Src IP: %s\tOld Dst IP: %s", srcip, dstip);
+#endif

     /* don't rewrite broadcast addresses */
-    if ((tcpedit->skip_broadcast && is_unicast_ipv4(tcpedit, (u_int32_t)ip_hdr->ip_dst.s_addr))
-        || !tcpedit->skip_broadcast) {
-        ip_hdr->ip_dst.s_addr = randomize_ipv4_addr(tcpedit, ip_hdr->ip_dst.s_addr);
+    if (direction == TCPR_DIR_C2S ) {
+        if ((tcpedit->skip_broadcast && is_unicast_ipv4(tcpedit, (u_int32_t)ip_hdr->ip_dst.s_addr))
+               || !tcpedit->skip_broadcast) {
+               ip_hdr->ip_dst.s_addr = randomize_ipv4_addr(tcpedit, ip_hdr->ip_dst.s_addr);
+           }
     }
+
+#ifdef DEBUG
+    strlcpy(srcip, get_addr2name4(ip_hdr->ip_src.s_addr, RESOLVE), 16);
+    strlcpy(dstip, get_addr2name4(ip_hdr->ip_dst.s_addr, RESOLVE), 16);
+
+    if (direction == TCPR_DIR_C2S) {
+       dbgx(1, "Client IP: %s\tServer IP: %s", srcip, dstip);
+       printf("Client IP: %s\tServer IP: %s\n", srcip, dstip);
+    } else {
+        dbgx(1, "Server IP: %s\tClient IP: %s", srcip, dstip);
+       printf( "Server IP: %s\tClient IP: %s\n", srcip, dstip);
+    }
+#endif

-    if ((tcpedit->skip_broadcast && is_unicast_ipv4(tcpedit, (u_int32_t)ip_hdr->ip_src.s_addr))
-        || !tcpedit->skip_broadcast) {
-        ip_hdr->ip_src.s_addr = randomize_ipv4_addr(tcpedit, ip_hdr->ip_src.s_addr);
+    if (direction == TCPR_DIR_S2C ) {
+           if ((tcpedit->skip_broadcast && is_unicast_ipv4(tcpedit, (u_int32_t)ip_hdr->ip_src.s_addr))
+               || !tcpedit->skip_broadcast) {
+               ip_hdr->ip_src.s_addr = randomize_ipv4_addr(tcpedit, ip_hdr->ip_src.s_addr);
+           }
     }

 #ifdef DEBUG
     strlcpy(srcip, get_addr2name4(ip_hdr->ip_src.s_addr, RESOLVE), 16);
     strlcpy(dstip, get_addr2name4(ip_hdr->ip_dst.s_addr, RESOLVE), 16);
-#endif

     dbgx(1, "New Src IP: %s\tNew Dst IP: %s\n", srcip, dstip);
+#endif

     return(1);
 }

 int
 randomize_ipv6(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr,
-        u_char *pktdata, ipv6_hdr_t *ip6_hdr)
+        u_char *pktdata, ipv6_hdr_t *ip6_hdr,tcpr_dir_t direction)
 {
 #ifdef DEBUG
     char srcip[INET6_ADDRSTRLEN], dstip[INET6_ADDRSTRLEN];
@@ -225,12 +242,13 @@
     dbgx(1, "Old Src IP: %s\tOld Dst IP: %s", srcip, dstip);

     /* don't rewrite broadcast addresses */
-    if ((tcpedit->skip_broadcast && !is_multicast_ipv6(tcpedit, &ip6_hdr->ip_dst))
+    /* only client ips should be randomized */
+    if ((tcpedit->skip_broadcast && !is_multicast_ipv6(tcpedit, &ip6_hdr->ip_dst) && (!tcpedit->rewrite_ip || direction == TCPR_DIR_S2C))
         || !tcpedit->skip_broadcast) {
         randomize_ipv6_addr(tcpedit, &ip6_hdr->ip_dst);
     }

-    if ((tcpedit->skip_broadcast && !is_multicast_ipv6(tcpedit, &ip6_hdr->ip_src))
+    if ((tcpedit->skip_broadcast && !is_multicast_ipv6(tcpedit, &ip6_hdr->ip_src) && (!tcpedit->rewrite_ip || direction == TCPR_DIR_C2S))
         || !tcpedit->skip_broadcast) {
         randomize_ipv6_addr(tcpedit, &ip6_hdr->ip_src);
     }
diff -ur --exclude='*[^ch]' --exclude='*stub*' tcpreplay-3.4.3/src/tcpedit/edit_packet.h rbrtcpreplay-3.4.2/src/tcpedit/edit_packet.h
--- tcpreplay-3.4.3/src/tcpedit/edit_packet.h   2009-06-25 20:45:51.000000000 +0200
+++ rbrtcpreplay-3.4.2/src/tcpedit/edit_packet.h        2009-09-16 11:54:44.000000000 +0200
@@ -40,10 +40,10 @@
         u_char *pktdata, ipv4_hdr_t *ip_hdr, ipv6_hdr_t *ip6_hdr);

 int randomize_ipv4(tcpedit_t *tcpedit, struct pcap_pkthdr *pktdhr,
-        u_char *pktdata, ipv4_hdr_t *ip_hdr);
+        u_char *pktdata, ipv4_hdr_t *ip_hdr, tcpr_dir_t direction);

 int randomize_ipv6(tcpedit_t *tcpedit, struct pcap_pkthdr *pktdhr,
-        u_char *pktdata, ipv6_hdr_t *ip_hdr);
+        u_char *pktdata, ipv6_hdr_t *ip_hdr, tcpr_dir_t direction);

 int randomize_iparp(tcpedit_t *tcpedit, struct pcap_pkthdr *pkthdr,
         u_char *pktdata, int datalink);
diff -ur --exclude='*[^ch]' --exclude='*stub*' tcpreplay-3.4.3/src/tcpedit/tcpedit.c rbrtcpreplay-3.4.2/src/tcpedit/tcpedit.c
--- tcpreplay-3.4.3/src/tcpedit/tcpedit.c       2009-06-25 20:45:51.000000000 +0200
+++ rbrtcpreplay-3.4.2/src/tcpedit/tcpedit.c    2009-09-17 09:06:01.000000000 +0200
@@ -89,6 +89,7 @@
     dbgx(3, "packet " COUNTER_SPEC " caplen %d",
             tcpedit->runtime.packetnum, (*pkthdr)->caplen);

+    dbgx(2, "Direction %d", direction);
     /*
      * remove the Ethernet FCS (checksum)?
      * note that this feature requires the end user to be smart and
@@ -242,13 +243,13 @@
         /* IPv4 Packets */
         if (ip_hdr != NULL) {
             if ((retval = randomize_ipv4(tcpedit, *pkthdr, packet,
-                    ip_hdr)) < 0)
+                    ip_hdr, direction)) < 0)
                 return TCPEDIT_ERROR;
             needtorecalc += retval;

         } else if (ip6_hdr != NULL) {
             if ((retval = randomize_ipv6(tcpedit, *pkthdr, packet,
-                    ip6_hdr)) < 0)
+                    ip6_hdr, direction)) < 0)
                 return TCPEDIT_ERROR;
             needtorecalc += retval;


Change History (3)

comment:1 Changed 10 years ago by Aaron Turner

I'm going to have to think about this one a little more. I see the usefulness of the idea, just not sure about the implementation.

comment:2 Changed 10 years ago by Aaron Turner

Milestone: Future Release3.4.5
Status: newassigned

comment:3 Changed 10 years ago by Aaron Turner

Milestone: 3.4.54.0.0

Looked at this more and I believe this can be done today using the existing command line options; but it's not obvious. Either this needs to be better documented and/or the cli options need to be reworked to make it more obvious.

Note: See TracTickets for help on using tickets.