[Click] AnonymizeIPAddr and ethernet headers

John Bicket jbicket at gmail.com
Wed Oct 26 19:08:31 EDT 2005 

If you grep for set_ether_header, you'll see that very few elements use it.
It may be a bug,
in which case a lot of elements need to be changed.

Most elements do something like this:

click_ether *eh = (click_ether *) q->data();

which just assumes that the ethernet header is the first thing at the
beginning of
the packet.

jbicket


On 10/26/05, Brian Gallaway <gallaway at cs.usask.ca> wrote:
>
> I am using the ipsumdump program derived from Click to do anonymization
> and sanitization of VOIP traces. In the end, I will need to capture
> traffic from the live network, and write the results to a tcpdump file.
> The hard parts regarding decoding the VOIP packets and dropping RTP
> voice data have already been completed.
>
> I also decided to tackle anonymizing ethernet MAC addresses. I added
> the following code to AnonymizeIPAddr::simple_action() :
>
> // bdg730 - anonymize ethernet by simply writing the ipaddress
> // in place of the MAC address
> //FIXME: memset and memcpy segfault on live captures
> click_ether *eth = q->ether_header();
> memcpy(eth->ether_dhost,&dst,4);
> memcpy(eth->ether_shost,&src,4);
> memset(&(eth->ether_dhost[4]),0,2);
> memset(&(eth->ether_shost[4]),0,2);
>
> However, as you can tell from the comments, this code only worked
> when I had ipsumdump read an existing tcpdump capture. Running this
> live on the network causes a segfault.
>
> The reason for the segfault is that the Packet object 'q' has a null
> ethernet header. When capturing from a tcpdump file, this header is
> present and can be modified. The modifications will be reflected in
> the tcpdump file that is written by ipsumdump. But when capturing from
> the live network, the header is not available to AnonymizeIPAddr. Yet
> the ethernet header will end up being written to the final dump file.
>
> I am just wondering what the reasons are for the differences in behavior
> here, and if there is somewhere else in the pipeline that I could
> safely get at and modify the ethernet header before it is output to
> disk.
>
> Thanks,
> Brian.
>
> --
> Brian Gallaway
> Programmer/Analyst
> Department of Computer Science
> University of Saskatchewan
> phone: 306 966-2662
> email: gallaway at cs.usask.ca
>
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>

More information about the click mailing list