[Bug] tcprewrite provides incorrect checksum for certain ipv4 packets

The tcprewrite program provides incorrect checksum and modifies packet length in an undesireable manner.

**Describe the bug**
TCP rewrite produces an incorrect IP and TCP checksum for certain pcap files.
TCP rewrite appears to change packet length incorrectly, and thus produces an invalid checksum;
certain downstream processing may treat said incorrect checksum as a spoofing attempt and discard packet.

**Expected behavior:**
TCP rewrite should only change packet length when that behavior is specifically desired (command line option?).
TCP rewrite should correctly calculate IP and TCP checksum (incorrect because length incorrect).

**To Reproduce**

Steps to reproduce the behavior:
1. uncompress packet captures:
```
mkdir -p pcaps
unzip tcprewrite-pcaps.zip
cp tcprewrite-pcaps/pcap-original-packet-3.pcap pcaps/.
```
2. Run tcprewrite version 4.4.0 and observe the output, as follows
```
# version 4.4.0
VERSION="4.4.0"
# prepare
tcpreplay-4.4.0/src/tcpprep \
    --cidr=0.0.0.0/0 \
    --pcap=pcaps/pcap-original-packet-3.pcap \
    --cachefile=pcaps/pcap.cache
# use tcprewrite to rewrite packet addresses
tcpreplay-4.4.0/src/tcprewrite \
    --cachefile=pcaps/pcap.cache \
    --infile=pcaps/pcap-original-packet-3.pcap \
    --outfile=pcaps/cap-4.4.0-packet-out.pcap \
    --endpoints=10.200.1.1:10.200.1.2
```
3. Run tcprewrite version 4.4.1 and observe the output, as follows
```
# version 4.4.1
VERSION="4.4.1"
# prepare
tcpreplay-4.4.1/src/tcpprep \
    --cidr=0.0.0.0/0 \
    --pcap=pcaps/pcap-original-packet-3.pcap \
    --cachefile=pcaps/pcap.cache
# use tcprewrite to rewrite packet addresses
tcpreplay-4.4.1/src/tcprewrite \
    --cachefile=pcaps/pcap.cache \
    --infile=pcaps/pcap-original-packet-3.pcap \
    --outfile=pcaps/cap-4.4.1-packet-out.pcap \
    --endpoints=10.200.1.1:10.200.1.2
```
4. compare files, should be identical
```
bdiff pcaps/cap-4.4.0-packet-out.pcap pcaps/cap-4.4.1-packet-out.pcap
```

### Packet Captures

Packet Captures to Reproduce:
- pcap-original-packet-3.pcap
- pcap-4.4.0-packet-3.pcap
- pcap-4.4.1-packet-3.pcap

[tcprewrite-pcaps.zip](https://github.com/appneta/tcpreplay/files/14030791/tcprewrite-pcaps.zip)

### Examine packets

Use Wireshark to examine and compare both packets.
- Note that the ver 4.4.1 reports incorrect checksum.
- Note also that packet length was changed, which is different behavior from desired.
- Perhaps a flag to specify whether length change is needed or desired?

**Screenshots**
N/A - use Wireshark to view packets

**System (please complete the following information):**
 - OS: Linux
 - OS version
   - `Linux hostname 5.15.0-71-generic #78-Ubuntu SMP datetime x86_64 x86_64 x86_64 GNU/Linux`
 - Tcpreplay Version [4.4.1] versus [4.4.0]

**Additional context**
The erroneous checksum is due to the changed length. The problem results in dropped packet.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] tcprewrite provides incorrect checksum for certain ipv4 packets #844

Packet Captures

Examine packets

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development