Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

First hit packet never call callback (with steps to reproduce) #1402

Open
JunkieRaccon opened this issue Dec 10, 2024 · 2 comments
Open

First hit packet never call callback (with steps to reproduce) #1402

JunkieRaccon opened this issue Dec 10, 2024 · 2 comments
Labels
linux

Comments

@JunkieRaccon
Copy link

Reference #1254

env:
Majaro 6.6.63-1-MANJARO
Ubuntu 5.4.0-195-generic and 6.8.0-49-generic

Steps to reproduce the problem:

  1. Connect one network interface to another on one host. For example, I connected enp2s0 to enp3s0
  2. Use python scapy lib to generate packages.
from scapy.all import *
from scapy.all import md5
from scapy.layers.eap import EAP_MD5, EAPOL
EAP_RESPONSE = 2
EAP_TYPE_MD5 = 4

value = md5(pack('!B', 5) + 'password'.encode()).digest()

pkts = [
    Ether(src='02:00:00:00:00:01', dst='04:00:00:00:00:01') / IP(src='10.1.1.1') /UDP() / Raw('AAAA'),
    Ether(src='02:00:00:00:00:01', dst='ff:ff:ff:ff:ff:ff') / IP(src='10.1.1.1') /UDP() / Raw('AAAA'),
    Ether(src='02:00:00:00:00:01', dst='01:80:c2:00:00:03') / IP(src='10.1.1.1') /UDP() / Raw('AAAA'),
    Ether(src='02:00:00:00:00:01', dst='01:80:c2:00:00:03') /  EAPOL(type='EAP-Packet') / EAP_MD5(code=EAP_RESPONSE, id=5, type=EAP_TYPE_MD5, value='hdkfjghkfdjghk'),
    Ether(src='02:00:00:00:00:01', dst='04:00:00:00:00:44') /  EAPOL(type='EAP-Packet') / EAP_MD5(code=EAP_RESPONSE, id=5, type=EAP_TYPE_MD5, value='hdkfjghkfdjghkf'),
    Ether(src='02:00:00:00:00:01', dst='3c:7c:3f:c0:da:11') /  EAPOL(type='EAP-Packet') / EAP_MD5(code=EAP_RESPONSE, id=5, type=EAP_TYPE_MD5, value='hdkfjghkfdjghkff'),
    Ether(src='02:00:00:00:00:01', dst='00:00:23:00:03:01') /  EAPOL(type='EAP-Packet') / EAP_MD5(code=EAP_RESPONSE, id=5, type=EAP_TYPE_MD5, value='hdkfjghkfdjghkfjj'),
]
  1. Run tcpdump with the filter
tcpdump -i enp3s0 ether proto 0x888e and inbound
  1. Send packets twice using the command
sendp(pkts, iface='enp2s0')

Practical results:
I see that packets are received only on the second iteration. Sometimes only the first packet that did not callback.

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

15:08:26.849026 EAP packet (0) v1, len 20
15:08:26.849271 EAP packet (0) v1, len 21
15:08:26.849451 EAP packet (0) v1, len 22
15:08:26.849668 EAP packet (0) v1, len 23
^C
4 packets captured
8 packets received by filter
0 packets dropped by kernel

02:18:10.228578 EAP packet (0) v1, len 21                                                                                             
02:18:10.228770 EAP packet (0) v1, len 22                                                                                             
02:18:10.228999 EAP packet (0) v1, len 23                                                                                             
^C                                                                                                                                    
3 packets captured                                                                                                                    
4 packets received by filter                                                                                                          
0 packets dropped by kernel

The problem is reproduced only with the inbound filter
@infrastation
Copy link
Member

Please re-test using the -n flag to tcpdump and specify tcpdump and libpcap versions and other information as shown in the CONTRIBUTING.md file.

@JunkieRaccon
Copy link
Author

JunkieRaccon commented Dec 10, 2024
edited
Loading 

tcpdump --version

tcpdump version 4.99.5
libpcap version 1.10.5 (with TPACKET_V3)
OpenSSL 3.4.0 22 Oct 2024
64-bit build, 64-bit time_t

uname -a

Linux d 6.6.63-1-MANJARO #1 SMP PREEMPT_DYNAMIC Sat Nov 23 02:15:34 UTC 2024 x86_64 GNU/Linux

Flag -n not affect:

tcpdump -n -i enp3s0 ether proto 0x888e and inbound

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp3s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:38:21.349128 EAP packet (0) v1, len 20
18:38:21.349338 EAP packet (0) v1, len 21
18:38:21.349535 EAP packet (0) v1, len 22
18:38:21.349782 EAP packet (0) v1, len 23
^C
4 packets captured
8 packets received by filter
0 packets dropped by kernel

As a work around i changed pcap_setfilter_linux() in pcap-linux.c, apologize for the rude decision:

@@ -4684,6 +4684,7 @@ pcap_setfilter_linux(pcap_t *handle, struct bpf_program *filter)
                         * so userland filtering not needed.
                         */
                        handlep->filter_in_userland = 0;
+                       return 0;
                }
                else if (err == -1)     /* Non-fatal error */
                {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
linux
Milestone
No milestone
Development

No branches or pull requests
2 participants
@infrastation @JunkieRaccon