/* Rewrite the TCP sequence number echoed by the ICMP packet. * The Linux TCP layer ignores ICMP messages with bogus sequence numbers. */ static int map_inbound_icmp_tcp_packet( struct socket *socket, struct packet *live_packet, char **error) { u32 *seq = packet_echoed_tcp_seq(live_packet); bool is_syn = false; u32 seq_offset = local_seq_script_to_live_offset(socket, is_syn); *seq = htonl(ntohl(*seq) + seq_offset); return STATUS_OK; }
struct packet *new_icmp_packet(int address_family, enum direction_t direction, const char *type_string, const char *code_string, int protocol, u32 tcp_start_sequence, u32 payload_bytes, s64 mtu, char **error) { s32 type = -1; /* bad type; means "unknown so far" */ s32 code = -1; /* bad code; means "unknown so far" */ struct packet *packet = NULL; /* the newly-allocated result packet */ /* Calculate lengths in bytes of all sections of the packet. * For now we only support the most common ICMP message * format, which includes at the end the original outgoing IP * header and the first 8 bytes after that (which will * typically have the port info needed to demux the message). */ const int ip_fixed_bytes = ip_header_len(address_family); const int ip_option_bytes = 0; const int ip_header_bytes = ip_fixed_bytes + ip_option_bytes; const int echoed_bytes = ip_fixed_bytes + ICMP_ECHO_BYTES; const int icmp_bytes = icmp_header_len(address_family) + echoed_bytes; const int ip_bytes = ip_header_bytes + icmp_bytes; /* Sanity-check all the various lengths */ if (ip_option_bytes & 0x3) { asprintf(error, "IP options are not padded correctly " "to ensure IP header is a multiple of 4 bytes: " "%d excess bytes", ip_option_bytes & 0x3); goto error_out; } assert((ip_header_bytes & 0x3) == 0); /* Parse the ICMP type and code */ if (parse_icmp_type_and_code(address_family, type_string, code_string, &type, &code, error)) goto error_out; assert(is_valid_u8(type)); assert(is_valid_u8(code)); /* Allocate and zero out a packet object of the desired size */ packet = packet_new(ip_bytes); memset(packet->buffer, 0, ip_bytes); packet->ip_bytes = ip_bytes; packet->direction = direction; packet->flags = 0; packet->ecn = 0; /* Set IP header fields */ const enum ip_ecn_t ecn = ECN_NONE; set_packet_ip_header(packet, address_family, ip_bytes, direction, ecn, icmp_protocol(address_family)); /* Find the start of the ICMP header and then populate common fields. */ void *icmp_header = packet_start(packet) + ip_header_bytes; if (set_packet_icmp_header(packet, icmp_header, address_family, type, code, mtu, error)) goto error_out; /* All ICMP message types currently supported by this tool * include a copy of the outbound IP header and the first few * bytes inside. To ensure that the inbound ICMP message gets * demuxed to the correct socket in the kernel, here we * construct enough of a basic IP header and during test * execution we fill in the port numbers and (if specified) * TCP sequence number in the TCP header. */ u8 *echoed_ip = packet_echoed_ip_header(packet); const int echoed_ip_bytes = (ip_fixed_bytes + layer4_header_len(protocol) + payload_bytes); set_ip_header(echoed_ip, address_family, echoed_ip_bytes, reverse_direction(direction), ecn, protocol); if (protocol == IPPROTO_TCP) { u32 *seq = packet_echoed_tcp_seq(packet); *seq = htonl(tcp_start_sequence); } return packet; error_out: if (packet != NULL) packet_free(packet); return NULL; }