/* * $Id: libnet_checksum.c,v 1.14 2004/11/09 07:05:07 mike Exp $ * * libnet * libnet_checksum.c - checksum routines * * Copyright (c) 1998 - 2004 Mike D. Schiffman * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #if (HAVE_CONFIG_H) #include "../include/config.h" #endif #if (!(_WIN32) || (__CYGWIN__)) #include "../include/libnet.h" #else #include "../include/win32/libnet.h" #endif /* FIXME - unit test these - 0 is debian's version, else is -RC1's */ /* Note about aliasing warning: * * http://mail.opensolaris.org/pipermail/tools-gcc/2005-August/000047.html * * See RFC 1071, and: * * http://mathforum.org/library/drmath/view/54379.html */ #undef DEBIAN /* Note: len is in bytes, not 16-bit words! */ int libnet_in_cksum(uint16_t *addr, int len) { int sum; #ifdef DEBIAN uint16_t last_byte; sum = 0; last_byte = 0; #else union { uint16_t s; uint8_t b[2]; }pad; sum = 0; #endif while (len > 1) { sum += *addr++; len -= 2; } #ifdef DEBIAN if (len == 1) { *(uint8_t *)&last_byte = *(uint8_t *)addr; sum += last_byte; #else if (len == 1) { pad.b[0] = *(uint8_t *)addr; pad.b[1] = 0; sum += pad.s; #endif } return (sum); } int libnet_toggle_checksum(libnet_t *l, libnet_ptag_t ptag, int mode) { libnet_pblock_t *p; p = libnet_pblock_find(l, ptag); if (p == NULL) { /* err msg set in libnet_pblock_find() */ return (-1); } if (mode == LIBNET_ON) { if ((p->flags) & LIBNET_PBLOCK_DO_CHECKSUM) { return (1); } else { (p->flags) |= LIBNET_PBLOCK_DO_CHECKSUM; return (1); } } else { if ((p->flags) & LIBNET_PBLOCK_DO_CHECKSUM) { (p->flags) &= ~LIBNET_PBLOCK_DO_CHECKSUM; return (1); } else { return (1); } } } static int check_ip_payload_size(libnet_t*l, const uint8_t *iphdr, int ip_hl, int h_len, const uint8_t * end, const char* func) { if((iphdr+ip_hl+h_len) > end) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): ip payload not inside packet (pktsz %d, iphsz %d, payloadsz %d)\n", func, (int)(end - iphdr), ip_hl, h_len); return -1; } return 0; } /* * For backwards binary compatibility. The calculations done here can easily * result in buffer overreads and overwrites. You have been warned. And no, it * is not possible to fix, the API contains no information on the buffer's * boundary. libnet itself calls the safe function, libnet_inet_checksum(). So * should you. */ int libnet_do_checksum(libnet_t *l, uint8_t *iphdr, int protocol, int h_len) { uint16_t ip_len = 0; struct libnet_ipv4_hdr* ip4 = (struct libnet_ipv4_hdr *)iphdr; struct libnet_ipv6_hdr* ip6 = (struct libnet_ipv6_hdr *)iphdr; if(ip4->ip_v == 6) { ip_len = ntohs(ip6->ip_len); } else { ip_len = ntohs(ip4->ip_len); } return libnet_inet_checksum(l, iphdr, protocol, h_len, iphdr, iphdr + ip_len ); } #define CHECK_IP_PAYLOAD_SIZE() do { \ int e=check_ip_payload_size(l,iphdr,ip_hl, h_len, end, __func__);\ if(e) return e;\ } while(0) /* * We are checksumming pblock "q" * * iphdr is the pointer to it's encapsulating IP header * protocol describes the type of "q", expressed as an IPPROTO_ value * h_len is the h_len from "q" */ int libnet_inet_checksum(libnet_t *l, uint8_t *iphdr, int protocol, int h_len, const uint8_t *beg, const uint8_t * end) { /* will need to update this for ipv6 at some point */ struct libnet_ipv4_hdr *iph_p = (struct libnet_ipv4_hdr *)iphdr; struct libnet_ipv6_hdr *ip6h_p = NULL; /* default to not using IPv6 */ int ip_hl = 0; int sum = 0; /* Check for memory under/over reads/writes. */ if(iphdr < beg || (iphdr+sizeof(*iph_p)) > end) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): ipv4 hdr not inside packet (where %d, size %d)\n", __func__, (int)(iphdr-beg), (int)(end-beg)); return -1; } /* * Figure out which IP version we're dealing with. We'll assume v4 * and overlay a header structure to yank out the version. */ if (iph_p->ip_v == 6) { ip6h_p = (struct libnet_ipv6_hdr *)iph_p; iph_p = NULL; ip_hl = 40; if((uint8_t*)(ip6h_p+1) > end) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): ipv6 hdr not inside packet\n", __func__); return -1; } } else { ip_hl = iph_p->ip_hl << 2; } if((iphdr+ip_hl) > end) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): ip hdr len not inside packet\n", __func__); return -1; } /* * Dug Song came up with this very cool checksuming implementation * eliminating the need for explicit psuedoheader use. Check it out. */ switch (protocol) { case IPPROTO_TCP: { struct libnet_tcp_hdr *tcph_p = (struct libnet_tcp_hdr *)(iphdr + ip_hl); h_len = end - (uint8_t*) tcph_p; /* ignore h_len, sum the packet we've coalesced */ CHECK_IP_PAYLOAD_SIZE(); #if (STUPID_SOLARIS_CHECKSUM_BUG) tcph_p->th_sum = tcph_p->th_off << 2; return (1); #endif /* STUPID_SOLARIS_CHECKSUM_BUG */ #if (HAVE_HPUX11) if (l->injection_type != LIBNET_LINK) { /* * Similiar to the Solaris Checksum bug - but need to add * the size of the TCP payload (only for raw sockets). */ tcph_p->th_sum = (tcph_p->th_off << 2) + (h_len - (tcph_p->th_off << 2)); return (1); } #endif /* TCP checksum is over the IP pseudo header: * ip src * ip dst * tcp protocol (IPPROTO_TCP) * tcp length, including the header * + the TCP header (with checksum set to zero) and data */ tcph_p->th_sum = 0; if (ip6h_p) { sum = libnet_in_cksum((uint16_t *)&ip6h_p->ip_src, 32); } else { /* 8 = src and dst */ sum = libnet_in_cksum((uint16_t *)&iph_p->ip_src, 8); } sum += ntohs(IPPROTO_TCP + h_len); sum += libnet_in_cksum((uint16_t *)tcph_p, h_len); tcph_p->th_sum = LIBNET_CKSUM_CARRY(sum); #if 0 printf("tcp sum calculated: %#x/%d h_len %d\n", ntohs(tcph_p->th_sum), ntohs(tcph_p->th_sum), h_len ); #endif break; } case IPPROTO_UDP: { struct libnet_udp_hdr *udph_p = (struct libnet_udp_hdr *)(iphdr + ip_hl); h_len = end - (uint8_t*) udph_p; /* ignore h_len, sum the packet we've coalesced */ CHECK_IP_PAYLOAD_SIZE(); udph_p->uh_sum = 0; if (ip6h_p) { sum = libnet_in_cksum((uint16_t *)&ip6h_p->ip_src, 32); } else { sum = libnet_in_cksum((uint16_t *)&iph_p->ip_src, 8); } sum += ntohs(IPPROTO_UDP + h_len); sum += libnet_in_cksum((uint16_t *)udph_p, h_len); udph_p->uh_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_ICMP: { struct libnet_icmpv4_hdr *icmph_p = (struct libnet_icmpv4_hdr *)(iphdr + ip_hl); h_len = end - (uint8_t*) icmph_p; /* ignore h_len, sum the packet we've coalesced */ CHECK_IP_PAYLOAD_SIZE(); icmph_p->icmp_sum = 0; /* Hm, is this valid? Is the checksum algorithm for ICMPv6 encapsulated in IPv4 * actually defined? */ if (ip6h_p) { sum = libnet_in_cksum((uint16_t *)&ip6h_p->ip_src, 32); sum += ntohs(IPPROTO_ICMP6 + h_len); } sum += libnet_in_cksum((uint16_t *)icmph_p, h_len); icmph_p->icmp_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_ICMPV6: { struct libnet_icmpv6_hdr *icmph_p = (struct libnet_icmpv6_hdr *)(iphdr + ip_hl); h_len = end - (uint8_t*) icmph_p; /* ignore h_len, sum the packet we've coalesced */ CHECK_IP_PAYLOAD_SIZE(); icmph_p->icmp_sum = 0; if (ip6h_p) { sum = libnet_in_cksum((uint16_t *)&ip6h_p->ip_src, 32); sum += ntohs(IPPROTO_ICMP6 + h_len); } sum += libnet_in_cksum((uint16_t *)icmph_p, h_len); icmph_p->icmp_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_IGMP: { struct libnet_igmp_hdr *igmph_p = (struct libnet_igmp_hdr *)(iphdr + ip_hl); h_len = end - (uint8_t*) igmph_p; /* ignore h_len, sum the packet we've coalesced */ CHECK_IP_PAYLOAD_SIZE(); igmph_p->igmp_sum = 0; sum = libnet_in_cksum((uint16_t *)igmph_p, h_len); igmph_p->igmp_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_GRE: { /* checksum is always at the same place in GRE header * in the multiple RFC version of the protocol ... ouf !!! */ struct libnet_gre_hdr *greh_p = (struct libnet_gre_hdr *)(iphdr + ip_hl); uint16_t fv = ntohs(greh_p->flags_ver); CHECK_IP_PAYLOAD_SIZE(); if (!(fv & (GRE_CSUM|GRE_ROUTING | GRE_VERSION_0)) || !(fv & (GRE_CSUM|GRE_VERSION_1))) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): can't compute GRE checksum (wrong flags_ver bits: 0x%x )\n", __func__, fv); return (-1); } sum = libnet_in_cksum((uint16_t *)greh_p, h_len); greh_p->gre_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_OSPF: { struct libnet_ospf_hdr *oh_p = (struct libnet_ospf_hdr *)(iphdr + ip_hl); CHECK_IP_PAYLOAD_SIZE(); oh_p->ospf_sum = 0; sum += libnet_in_cksum((uint16_t *)oh_p, h_len); oh_p->ospf_sum = LIBNET_CKSUM_CARRY(sum); break; } case IPPROTO_OSPF_LSA: { struct libnet_ospf_hdr *oh_p = (struct libnet_ospf_hdr *)(iphdr + ip_hl); struct libnet_lsa_hdr *lsa_p = (struct libnet_lsa_hdr *)(iphdr + ip_hl + oh_p->ospf_len); /* FIXME need additional length check, to account for ospf_len */ lsa_p->lsa_sum = 0; sum += libnet_in_cksum((uint16_t *)lsa_p, h_len); lsa_p->lsa_sum = LIBNET_CKSUM_CARRY(sum); break; #if 0 /* * Reworked fletcher checksum taken from RFC 1008. */ int c0, c1; struct libnet_lsa_hdr *lsa_p = (struct libnet_lsa_hdr *)buf; uint8_t *p, *p1, *p2, *p3; c0 = 0; c1 = 0; lsa_p->lsa_cksum = 0; p = buf; p1 = buf; p3 = buf + len; /* beginning and end of buf */ while (p1 < p3) { p2 = p1 + LIBNET_MODX; if (p2 > p3) { p2 = p3; } for (p = p1; p < p2; p++) { c0 += (*p); c1 += c0; } c0 %= 255; c1 %= 255; /* modular 255 */ p1 = p2; } #if AWR_PLEASE_REWORK_THIS lsa_p->lsa_cksum[0] = (((len - 17) * c0 - c1) % 255); if (lsa_p->lsa_cksum[0] <= 0) { lsa_p->lsa_cksum[0] += 255; } lsa_p->lsa_cksum[1] = (510 - c0 - lsa_p->lsa_cksum[0]); if (lsa_p->lsa_cksum[1] > 255) { lsa_p->lsa_cksum[1] -= 255; } #endif break; #endif } case IPPROTO_IP: { if(!iph_p) { /* IPv6 doesn't have a checksum */ } else { iph_p->ip_sum = 0; sum = libnet_in_cksum((uint16_t *)iph_p, ip_hl); iph_p->ip_sum = LIBNET_CKSUM_CARRY(sum); } break; } case IPPROTO_VRRP: { struct libnet_vrrp_hdr *vrrph_p = (struct libnet_vrrp_hdr *)(iphdr + ip_hl); CHECK_IP_PAYLOAD_SIZE(); vrrph_p->vrrp_sum = 0; sum = libnet_in_cksum((uint16_t *)vrrph_p, h_len); vrrph_p->vrrp_sum = LIBNET_CKSUM_CARRY(sum); break; } case LIBNET_PROTO_CDP: { /* XXX - Broken: how can we easily get the entire packet size? */ /* FIXME you can't, checksumming non-IP protocols was not supported by libnet */ struct libnet_cdp_hdr *cdph_p = (struct libnet_cdp_hdr *)iphdr; if((iphdr+h_len) > end) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): cdp payload not inside packet\n", __func__); return -1; } cdph_p->cdp_sum = 0; sum = libnet_in_cksum((uint16_t *)cdph_p, h_len); cdph_p->cdp_sum = LIBNET_CKSUM_CARRY(sum); break; } case LIBNET_PROTO_ISL: { #if 0 struct libnet_isl_hdr *islh_p = (struct libnet_isl_hdr *)buf; #endif /* * Need to compute 4 byte CRC for the ethernet frame and for * the ISL frame itself. Use the libnet_crc function. */ } default: { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): unsupported protocol %d\n", __func__, protocol); return (-1); } } return (1); } uint16_t libnet_ip_check(uint16_t *addr, int len) { int sum; sum = libnet_in_cksum(addr, len); return (LIBNET_CKSUM_CARRY(sum)); } /* EOF */