/src/FreeRDP/winpr/libwinpr/utils/wlog/PacketMessage.c

Source
/**
 * WinPR: Windows Portable Runtime
 * WinPR Logger
 *
 * Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 * Copyright 2015 Thincast Technologies GmbH
 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <winpr/config.h>

#include "wlog.h"

#include "PacketMessage.h"

#include <winpr/wtypes.h>
#include <winpr/crt.h>
#include <winpr/file.h>
#include <winpr/stream.h>
#include <winpr/sysinfo.h>

#include "../../log.h"
#define TAG WINPR_TAG("utils.wlog")

static BOOL Pcap_Read_Header(wPcap* pcap, wPcapHeader* header)
{
  return (pcap && pcap->fp && fread((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1);
}

static BOOL Pcap_Write_Header(wPcap* pcap, wPcapHeader* header)
{
  return (pcap && pcap->fp && fwrite((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1);
}

static BOOL Pcap_Write_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
{
  return (pcap && pcap->fp && fwrite((void*)record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1);
}

static BOOL Pcap_Write_RecordContent(wPcap* pcap, wPcapRecord* record)
{
  return (pcap && pcap->fp && fwrite(record->data, record->length, 1, pcap->fp) == 1);
}

static BOOL Pcap_Write_Record(wPcap* pcap, wPcapRecord* record)
{
  return Pcap_Write_RecordHeader(pcap, &record->header) && Pcap_Write_RecordContent(pcap, record);
}

wPcap* Pcap_Open(char* name, BOOL write)
{
  wPcap* pcap = nullptr;
  FILE* pcap_fp = winpr_fopen(name, write ? "w+b" : "rb");

  if (!pcap_fp)
  {
    WLog_ERR(TAG, "opening pcap file");
    return nullptr;
  }

  pcap = (wPcap*)calloc(1, sizeof(wPcap));

  if (!pcap)
    goto out_fail;

  pcap->name = name;
  pcap->write = write;
  pcap->record_count = 0;
  pcap->fp = pcap_fp;

  if (write)
  {
    pcap->header.magic_number = PCAP_MAGIC_NUMBER;
    pcap->header.version_major = 2;
    pcap->header.version_minor = 4;
    pcap->header.thiszone = 0;
    pcap->header.sigfigs = 0;
    pcap->header.snaplen = 0xFFFFFFFF;
    pcap->header.network = 1; /* ethernet */
    if (!Pcap_Write_Header(pcap, &pcap->header))
      goto out_fail;
  }
  else
  {
    if (_fseeki64(pcap->fp, 0, SEEK_END) < 0)
      goto out_fail;
    pcap->file_size = (SSIZE_T)_ftelli64(pcap->fp);
    if (pcap->file_size < 0)
      goto out_fail;
    if (_fseeki64(pcap->fp, 0, SEEK_SET) < 0)
      goto out_fail;
    if (!Pcap_Read_Header(pcap, &pcap->header))
      goto out_fail;
  }

  return pcap;

out_fail:
  if (pcap_fp)
    (void)fclose(pcap_fp);
  free(pcap);
  return nullptr;
}

void Pcap_Flush(wPcap* pcap)
{
  if (!pcap || !pcap->fp)
    return;

  while (pcap->record)
  {
    if (!Pcap_Write_Record(pcap, pcap->record))
      return;
    pcap->record = pcap->record->next;
  }

  (void)fflush(pcap->fp);
}

void Pcap_Close(wPcap* pcap)
{
  if (!pcap || !pcap->fp)
    return;

  Pcap_Flush(pcap);
  (void)fclose(pcap->fp);
  free(pcap);
}

static BOOL WLog_PacketMessage_Write_EthernetHeader(wPcap* pcap, wEthernetHeader* ethernet)
{
  wStream* s = nullptr;
  wStream sbuffer = WINPR_C_ARRAY_INIT;
  BYTE buffer[14] = WINPR_C_ARRAY_INIT;
  BOOL ret = TRUE;

  if (!pcap || !pcap->fp || !ethernet)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write(s, ethernet->Destination, 6);
  Stream_Write(s, ethernet->Source, 6);
  Stream_Write_UINT16_BE(s, ethernet->Type);
  if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
    ret = FALSE;

  return ret;
}

static UINT16 IPv4Checksum(const BYTE* ipv4, int length)
{
  long checksum = 0;

  while (length > 1)
  {
    const UINT16 tmp16 = *((const UINT16*)ipv4);
    checksum += tmp16;
    length -= 2;
    ipv4 += 2;
  }

  if (length > 0)
    checksum += *ipv4;

  while (checksum >> 16)
    checksum = (checksum & 0xFFFF) + (checksum >> 16);

  return (UINT16)(~checksum);
}

static BOOL WLog_PacketMessage_Write_IPv4Header(wPcap* pcap, wIPv4Header* ipv4)
{
  wStream* s = nullptr;
  wStream sbuffer = WINPR_C_ARRAY_INIT;
  BYTE buffer[20] = WINPR_C_ARRAY_INIT;
  int ret = TRUE;

  if (!pcap || !pcap->fp || !ipv4)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write_UINT8(s, (BYTE)((ipv4->Version << 4) | ipv4->InternetHeaderLength));
  Stream_Write_UINT8(s, ipv4->TypeOfService);
  Stream_Write_UINT16_BE(s, ipv4->TotalLength);
  Stream_Write_UINT16_BE(s, ipv4->Identification);
  Stream_Write_UINT16_BE(s, (UINT16)((ipv4->InternetProtocolFlags << 13) | ipv4->FragmentOffset));
  Stream_Write_UINT8(s, ipv4->TimeToLive);
  Stream_Write_UINT8(s, ipv4->Protocol);
  Stream_Write_UINT16(s, ipv4->HeaderChecksum);
  Stream_Write_UINT32_BE(s, ipv4->SourceAddress);
  Stream_Write_UINT32_BE(s, ipv4->DestinationAddress);
  ipv4->HeaderChecksum = IPv4Checksum((BYTE*)buffer, 20);
  Stream_Rewind(s, 10);
  Stream_Write_UINT16(s, ipv4->HeaderChecksum);

  if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
    ret = FALSE;

  return ret;
}

static BOOL WLog_PacketMessage_Write_TcpHeader(wPcap* pcap, wTcpHeader* tcp)
{
  wStream* s = nullptr;
  wStream sbuffer = WINPR_C_ARRAY_INIT;
  BYTE buffer[20] = WINPR_C_ARRAY_INIT;
  BOOL ret = TRUE;

  if (!pcap || !pcap->fp || !tcp)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write_UINT16_BE(s, tcp->SourcePort);
  Stream_Write_UINT16_BE(s, tcp->DestinationPort);
  Stream_Write_UINT32_BE(s, tcp->SequenceNumber);
  Stream_Write_UINT32_BE(s, tcp->AcknowledgementNumber);
  Stream_Write_UINT8(s, (UINT8)((tcp->Offset << 4) | (tcp->Reserved & 0xF)));
  Stream_Write_UINT8(s, tcp->TcpFlags);
  Stream_Write_UINT16_BE(s, tcp->Window);
  Stream_Write_UINT16_BE(s, tcp->Checksum);
  Stream_Write_UINT16_BE(s, tcp->UrgentPointer);

  if (pcap->fp)
  {
    if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
      ret = FALSE;
  }

  return ret;
}

static UINT32 g_InboundSequenceNumber = 0;
static UINT32 g_OutboundSequenceNumber = 0;

BOOL WLog_PacketMessage_Write(wPcap* pcap, void* data, size_t length, DWORD flags)
{
  wTcpHeader tcp;
  wIPv4Header ipv4;
  wPcapRecord record;
  wEthernetHeader ethernet;
  ethernet.Type = 0x0800;

  if (!pcap || !pcap->fp)
    return FALSE;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    /* 00:15:5D:01:64:04 */
    ethernet.Source[0] = 0x00;
    ethernet.Source[1] = 0x15;
    ethernet.Source[2] = 0x5D;
    ethernet.Source[3] = 0x01;
    ethernet.Source[4] = 0x64;
    ethernet.Source[5] = 0x04;
    /* 00:15:5D:01:64:01 */
    ethernet.Destination[0] = 0x00;
    ethernet.Destination[1] = 0x15;
    ethernet.Destination[2] = 0x5D;
    ethernet.Destination[3] = 0x01;
    ethernet.Destination[4] = 0x64;
    ethernet.Destination[5] = 0x01;
  }
  else
  {
    /* 00:15:5D:01:64:01 */
    ethernet.Source[0] = 0x00;
    ethernet.Source[1] = 0x15;
    ethernet.Source[2] = 0x5D;
    ethernet.Source[3] = 0x01;
    ethernet.Source[4] = 0x64;
    ethernet.Source[5] = 0x01;
    /* 00:15:5D:01:64:04 */
    ethernet.Destination[0] = 0x00;
    ethernet.Destination[1] = 0x15;
    ethernet.Destination[2] = 0x5D;
    ethernet.Destination[3] = 0x01;
    ethernet.Destination[4] = 0x64;
    ethernet.Destination[5] = 0x04;
  }

  ipv4.Version = 4;
  ipv4.InternetHeaderLength = 5;
  ipv4.TypeOfService = 0;
  ipv4.TotalLength = (UINT16)(length + 20 + 20);
  ipv4.Identification = 0;
  ipv4.InternetProtocolFlags = 0x02;
  ipv4.FragmentOffset = 0;
  ipv4.TimeToLive = 128;
  ipv4.Protocol = 6; /* TCP */
  ipv4.HeaderChecksum = 0;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    ipv4.SourceAddress = 0xC0A80196;      /* 192.168.1.150 */
    ipv4.DestinationAddress = 0x4A7D64C8; /* 74.125.100.200 */
  }
  else
  {
    ipv4.SourceAddress = 0x4A7D64C8;      /* 74.125.100.200 */
    ipv4.DestinationAddress = 0xC0A80196; /* 192.168.1.150 */
  }

  tcp.SourcePort = 3389;
  tcp.DestinationPort = 3389;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    tcp.SequenceNumber = g_OutboundSequenceNumber;
    tcp.AcknowledgementNumber = g_InboundSequenceNumber;
    WINPR_ASSERT(length + g_OutboundSequenceNumber <= UINT32_MAX);
    g_OutboundSequenceNumber += WINPR_ASSERTING_INT_CAST(uint32_t, length);
  }
  else
  {
    tcp.SequenceNumber = g_InboundSequenceNumber;
    tcp.AcknowledgementNumber = g_OutboundSequenceNumber;

    WINPR_ASSERT(length + g_InboundSequenceNumber <= UINT32_MAX);
    g_InboundSequenceNumber += WINPR_ASSERTING_INT_CAST(uint32_t, length);
  }

  tcp.Offset = 5;
  tcp.Reserved = 0;
  tcp.TcpFlags = 0x0018;
  tcp.Window = 0x7FFF;
  tcp.Checksum = 0;
  tcp.UrgentPointer = 0;
  record.data = data;
  record.length = length;
  const size_t offset = 14 + 20 + 20;
  WINPR_ASSERT(record.length <= UINT32_MAX - offset);
  const uint32_t rloff = WINPR_ASSERTING_INT_CAST(uint32_t, record.length + offset);
  record.header.incl_len = rloff;
  record.header.orig_len = rloff;
  record.next = nullptr;

  UINT64 ns = winpr_GetUnixTimeNS();
  record.header.ts_sec = (UINT32)WINPR_TIME_NS_TO_S(ns);
  record.header.ts_usec = WINPR_TIME_NS_REM_US(ns);

  if (!Pcap_Write_RecordHeader(pcap, &record.header) ||
      !WLog_PacketMessage_Write_EthernetHeader(pcap, &ethernet) ||
      !WLog_PacketMessage_Write_IPv4Header(pcap, &ipv4) ||
      !WLog_PacketMessage_Write_TcpHeader(pcap, &tcp) || !Pcap_Write_RecordContent(pcap, &record))
    return FALSE;
  (void)fflush(pcap->fp);
  return TRUE;
}

Coverage Report

Created: 2026-03-04 06:13

Line	Count	Source
1		/**
2		* WinPR: Windows Portable Runtime
3		* WinPR Logger
4		*
5		* Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6		* Copyright 2015 Thincast Technologies GmbH
7		* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8		*
9		* Licensed under the Apache License, Version 2.0 (the "License");
10		* you may not use this file except in compliance with the License.
11		* You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing, software
16		* distributed under the License is distributed on an "AS IS" BASIS,
17		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18		* See the License for the specific language governing permissions and
19		* limitations under the License.
20		*/
21
22		#include <winpr/config.h>
23
24		#include "wlog.h"
25
26		#include "PacketMessage.h"
27
28		#include <winpr/wtypes.h>
29		#include <winpr/crt.h>
30		#include <winpr/file.h>
31		#include <winpr/stream.h>
32		#include <winpr/sysinfo.h>
33
34		#include "../../log.h"
35		#define TAG WINPR_TAG("utils.wlog")
36
37		static BOOL Pcap_Read_Header(wPcap* pcap, wPcapHeader* header)
38	0	{
39	0	return (pcap && pcap->fp && fread((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1);
40	0	}
41
42		static BOOL Pcap_Write_Header(wPcap* pcap, wPcapHeader* header)
43	0	{
44	0	return (pcap && pcap->fp && fwrite((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1);
45	0	}
46
47		static BOOL Pcap_Write_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
48	0	{
49	0	return (pcap && pcap->fp && fwrite((void*)record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1);
50	0	}
51
52		static BOOL Pcap_Write_RecordContent(wPcap* pcap, wPcapRecord* record)
53	0	{
54	0	return (pcap && pcap->fp && fwrite(record->data, record->length, 1, pcap->fp) == 1);
55	0	}
56
57		static BOOL Pcap_Write_Record(wPcap* pcap, wPcapRecord* record)
58	0	{
59	0	return Pcap_Write_RecordHeader(pcap, &record->header) && Pcap_Write_RecordContent(pcap, record);
60	0	}
61
62		wPcap* Pcap_Open(char* name, BOOL write)
63	0	{
64	0	wPcap* pcap = nullptr;
65	0	FILE* pcap_fp = winpr_fopen(name, write ? "w+b" : "rb");
66
67	0	if (!pcap_fp)
68	0	{
69	0	WLog_ERR(TAG, "opening pcap file");
70	0	return nullptr;
71	0	}
72
73	0	pcap = (wPcap*)calloc(1, sizeof(wPcap));
74
75	0	if (!pcap)
76	0	goto out_fail;
77
78	0	pcap->name = name;
79	0	pcap->write = write;
80	0	pcap->record_count = 0;
81	0	pcap->fp = pcap_fp;
82
83	0	if (write)
84	0	{
85	0	pcap->header.magic_number = PCAP_MAGIC_NUMBER;
86	0	pcap->header.version_major = 2;
87	0	pcap->header.version_minor = 4;
88	0	pcap->header.thiszone = 0;
89	0	pcap->header.sigfigs = 0;
90	0	pcap->header.snaplen = 0xFFFFFFFF;
91	0	pcap->header.network = 1; /* ethernet */
92	0	if (!Pcap_Write_Header(pcap, &pcap->header))
93	0	goto out_fail;
94	0	}
95	0	else
96	0	{
97	0	if (_fseeki64(pcap->fp, 0, SEEK_END) < 0)
98	0	goto out_fail;
99	0	pcap->file_size = (SSIZE_T)_ftelli64(pcap->fp);
100	0	if (pcap->file_size < 0)
101	0	goto out_fail;
102	0	if (_fseeki64(pcap->fp, 0, SEEK_SET) < 0)
103	0	goto out_fail;
104	0	if (!Pcap_Read_Header(pcap, &pcap->header))
105	0	goto out_fail;
106	0	}
107
108	0	return pcap;
109
110	0	out_fail:
111	0	if (pcap_fp)
112	0	(void)fclose(pcap_fp);
113	0	free(pcap);
114	0	return nullptr;
115	0	}
116
117		void Pcap_Flush(wPcap* pcap)
118	0	{
119	0	if (!pcap \|\| !pcap->fp)
120	0	return;
121
122	0	while (pcap->record)
123	0	{
124	0	if (!Pcap_Write_Record(pcap, pcap->record))
125	0	return;
126	0	pcap->record = pcap->record->next;
127	0	}
128
129	0	(void)fflush(pcap->fp);
130	0	}
131
132		void Pcap_Close(wPcap* pcap)
133	0	{
134	0	if (!pcap \|\| !pcap->fp)
135	0	return;
136
137	0	Pcap_Flush(pcap);
138	0	(void)fclose(pcap->fp);
139	0	free(pcap);
140	0	}
141
142		static BOOL WLog_PacketMessage_Write_EthernetHeader(wPcap* pcap, wEthernetHeader* ethernet)
143	0	{
144	0	wStream* s = nullptr;
145	0	wStream sbuffer = WINPR_C_ARRAY_INIT;
146	0	BYTE buffer[14] = WINPR_C_ARRAY_INIT;
147	0	BOOL ret = TRUE;
148
149	0	if (!pcap \|\| !pcap->fp \|\| !ethernet)
150	0	return FALSE;
151
152	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
153	0	if (!s)
154	0	return FALSE;
155	0	Stream_Write(s, ethernet->Destination, 6);
156	0	Stream_Write(s, ethernet->Source, 6);
157	0	Stream_Write_UINT16_BE(s, ethernet->Type);
158	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
159	0	ret = FALSE;
160
161	0	return ret;
162	0	}
163
164		static UINT16 IPv4Checksum(const BYTE* ipv4, int length)
165	0	{
166	0	long checksum = 0;
167
168	0	while (length > 1)
169	0	{
170	0	const UINT16 tmp16 = ((const UINT16)ipv4);
171	0	checksum += tmp16;
172	0	length -= 2;
173	0	ipv4 += 2;
174	0	}
175
176	0	if (length > 0)
177	0	checksum += *ipv4;
178
179	0	while (checksum >> 16)
180	0	checksum = (checksum & 0xFFFF) + (checksum >> 16);
181
182	0	return (UINT16)(~checksum);
183	0	}
184
185		static BOOL WLog_PacketMessage_Write_IPv4Header(wPcap* pcap, wIPv4Header* ipv4)
186	0	{
187	0	wStream* s = nullptr;
188	0	wStream sbuffer = WINPR_C_ARRAY_INIT;
189	0	BYTE buffer[20] = WINPR_C_ARRAY_INIT;
190	0	int ret = TRUE;
191
192	0	if (!pcap \|\| !pcap->fp \|\| !ipv4)
193	0	return FALSE;
194
195	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
196	0	if (!s)
197	0	return FALSE;
198	0	Stream_Write_UINT8(s, (BYTE)((ipv4->Version << 4) \| ipv4->InternetHeaderLength));
199	0	Stream_Write_UINT8(s, ipv4->TypeOfService);
200	0	Stream_Write_UINT16_BE(s, ipv4->TotalLength);
201	0	Stream_Write_UINT16_BE(s, ipv4->Identification);
202	0	Stream_Write_UINT16_BE(s, (UINT16)((ipv4->InternetProtocolFlags << 13) \| ipv4->FragmentOffset));
203	0	Stream_Write_UINT8(s, ipv4->TimeToLive);
204	0	Stream_Write_UINT8(s, ipv4->Protocol);
205	0	Stream_Write_UINT16(s, ipv4->HeaderChecksum);
206	0	Stream_Write_UINT32_BE(s, ipv4->SourceAddress);
207	0	Stream_Write_UINT32_BE(s, ipv4->DestinationAddress);
208	0	ipv4->HeaderChecksum = IPv4Checksum((BYTE*)buffer, 20);
209	0	Stream_Rewind(s, 10);
210	0	Stream_Write_UINT16(s, ipv4->HeaderChecksum);
211
212	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
213	0	ret = FALSE;
214
215	0	return ret;
216	0	}
217
218		static BOOL WLog_PacketMessage_Write_TcpHeader(wPcap* pcap, wTcpHeader* tcp)
219	0	{
220	0	wStream* s = nullptr;
221	0	wStream sbuffer = WINPR_C_ARRAY_INIT;
222	0	BYTE buffer[20] = WINPR_C_ARRAY_INIT;
223	0	BOOL ret = TRUE;
224
225	0	if (!pcap \|\| !pcap->fp \|\| !tcp)
226	0	return FALSE;
227
228	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
229	0	if (!s)
230	0	return FALSE;
231	0	Stream_Write_UINT16_BE(s, tcp->SourcePort);
232	0	Stream_Write_UINT16_BE(s, tcp->DestinationPort);
233	0	Stream_Write_UINT32_BE(s, tcp->SequenceNumber);
234	0	Stream_Write_UINT32_BE(s, tcp->AcknowledgementNumber);
235	0	Stream_Write_UINT8(s, (UINT8)((tcp->Offset << 4) \| (tcp->Reserved & 0xF)));
236	0	Stream_Write_UINT8(s, tcp->TcpFlags);
237	0	Stream_Write_UINT16_BE(s, tcp->Window);
238	0	Stream_Write_UINT16_BE(s, tcp->Checksum);
239	0	Stream_Write_UINT16_BE(s, tcp->UrgentPointer);
240
241	0	if (pcap->fp)
242	0	{
243	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
244	0	ret = FALSE;
245	0	}
246
247	0	return ret;
248	0	}
249
250		static UINT32 g_InboundSequenceNumber = 0;
251		static UINT32 g_OutboundSequenceNumber = 0;
252
253		BOOL WLog_PacketMessage_Write(wPcap* pcap, void* data, size_t length, DWORD flags)
254	0	{
255	0	wTcpHeader tcp;
256	0	wIPv4Header ipv4;
257	0	wPcapRecord record;
258	0	wEthernetHeader ethernet;
259	0	ethernet.Type = 0x0800;
260
261	0	if (!pcap \|\| !pcap->fp)
262	0	return FALSE;
263
264	0	if (flags & WLOG_PACKET_OUTBOUND)
265	0	{
266		/* 00:15:5D:01:64:04 */
267	0	ethernet.Source[0] = 0x00;
268	0	ethernet.Source[1] = 0x15;
269	0	ethernet.Source[2] = 0x5D;
270	0	ethernet.Source[3] = 0x01;
271	0	ethernet.Source[4] = 0x64;
272	0	ethernet.Source[5] = 0x04;
273		/* 00:15:5D:01:64:01 */
274	0	ethernet.Destination[0] = 0x00;
275	0	ethernet.Destination[1] = 0x15;
276	0	ethernet.Destination[2] = 0x5D;
277	0	ethernet.Destination[3] = 0x01;
278	0	ethernet.Destination[4] = 0x64;
279	0	ethernet.Destination[5] = 0x01;
280	0	}
281	0	else
282	0	{
283		/* 00:15:5D:01:64:01 */
284	0	ethernet.Source[0] = 0x00;
285	0	ethernet.Source[1] = 0x15;
286	0	ethernet.Source[2] = 0x5D;
287	0	ethernet.Source[3] = 0x01;
288	0	ethernet.Source[4] = 0x64;
289	0	ethernet.Source[5] = 0x01;
290		/* 00:15:5D:01:64:04 */
291	0	ethernet.Destination[0] = 0x00;
292	0	ethernet.Destination[1] = 0x15;
293	0	ethernet.Destination[2] = 0x5D;
294	0	ethernet.Destination[3] = 0x01;
295	0	ethernet.Destination[4] = 0x64;
296	0	ethernet.Destination[5] = 0x04;
297	0	}
298
299	0	ipv4.Version = 4;
300	0	ipv4.InternetHeaderLength = 5;
301	0	ipv4.TypeOfService = 0;
302	0	ipv4.TotalLength = (UINT16)(length + 20 + 20);
303	0	ipv4.Identification = 0;
304	0	ipv4.InternetProtocolFlags = 0x02;
305	0	ipv4.FragmentOffset = 0;
306	0	ipv4.TimeToLive = 128;
307	0	ipv4.Protocol = 6; /* TCP */
308	0	ipv4.HeaderChecksum = 0;
309
310	0	if (flags & WLOG_PACKET_OUTBOUND)
311	0	{
312	0	ipv4.SourceAddress = 0xC0A80196; /* 192.168.1.150 */
313	0	ipv4.DestinationAddress = 0x4A7D64C8; /* 74.125.100.200 */
314	0	}
315	0	else
316	0	{
317	0	ipv4.SourceAddress = 0x4A7D64C8; /* 74.125.100.200 */
318	0	ipv4.DestinationAddress = 0xC0A80196; /* 192.168.1.150 */
319	0	}
320
321	0	tcp.SourcePort = 3389;
322	0	tcp.DestinationPort = 3389;
323
324	0	if (flags & WLOG_PACKET_OUTBOUND)
325	0	{
326	0	tcp.SequenceNumber = g_OutboundSequenceNumber;
327	0	tcp.AcknowledgementNumber = g_InboundSequenceNumber;
328	0	WINPR_ASSERT(length + g_OutboundSequenceNumber <= UINT32_MAX);
329	0	g_OutboundSequenceNumber += WINPR_ASSERTING_INT_CAST(uint32_t, length);
330	0	}
331	0	else
332	0	{
333	0	tcp.SequenceNumber = g_InboundSequenceNumber;
334	0	tcp.AcknowledgementNumber = g_OutboundSequenceNumber;
335
336	0	WINPR_ASSERT(length + g_InboundSequenceNumber <= UINT32_MAX);
337	0	g_InboundSequenceNumber += WINPR_ASSERTING_INT_CAST(uint32_t, length);
338	0	}
339
340	0	tcp.Offset = 5;
341	0	tcp.Reserved = 0;
342	0	tcp.TcpFlags = 0x0018;
343	0	tcp.Window = 0x7FFF;
344	0	tcp.Checksum = 0;
345	0	tcp.UrgentPointer = 0;
346	0	record.data = data;
347	0	record.length = length;
348	0	const size_t offset = 14 + 20 + 20;
349	0	WINPR_ASSERT(record.length <= UINT32_MAX - offset);
350	0	const uint32_t rloff = WINPR_ASSERTING_INT_CAST(uint32_t, record.length + offset);
351	0	record.header.incl_len = rloff;
352	0	record.header.orig_len = rloff;
353	0	record.next = nullptr;
354
355	0	UINT64 ns = winpr_GetUnixTimeNS();
356	0	record.header.ts_sec = (UINT32)WINPR_TIME_NS_TO_S(ns);
357	0	record.header.ts_usec = WINPR_TIME_NS_REM_US(ns);
358
359	0	if (!Pcap_Write_RecordHeader(pcap, &record.header) \|\|
360	0	!WLog_PacketMessage_Write_EthernetHeader(pcap, &ethernet) \|\|
361	0	!WLog_PacketMessage_Write_IPv4Header(pcap, &ipv4) \|\|
362	0	!WLog_PacketMessage_Write_TcpHeader(pcap, &tcp) \|\| !Pcap_Write_RecordContent(pcap, &record))
363	0	return FALSE;
364	0	(void)fflush(pcap->fp);
365	0	return TRUE;
366	0	}