/src/FreeRDP/winpr/libwinpr/utils/wlog/PacketMessage.c

Source (jump to first uncovered line)
/**
 * WinPR: Windows Portable Runtime
 * WinPR Logger
 *
 * Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 * Copyright 2015 Thincast Technologies GmbH
 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <winpr/config.h>

#include "wlog.h"

#include "PacketMessage.h"

#include <winpr/wtypes.h>
#include <winpr/crt.h>
#include <winpr/file.h>
#include <winpr/stream.h>
#include <winpr/sysinfo.h>

#include "../../log.h"
#define TAG WINPR_TAG("utils.wlog")

static BOOL Pcap_Read_Header(wPcap* pcap, wPcapHeader* header)
{
  if (pcap && pcap->fp && fread((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
    return TRUE;
  return FALSE;
}

/* currently unused code */
#if 0
static BOOL Pcap_Read_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
{
  if (pcap && pcap->fp && (fread((void*) record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1))
    return TRUE;
  return FALSE;
}

static BOOL Pcap_Read_Record(wPcap* pcap, wPcapRecord* record)
{
  if (pcap && pcap->fp)
  {
    if (!Pcap_Read_RecordHeader(pcap, &record->header))
      return FALSE;
    record->length = record->header.incl_len;
    record->data = malloc(record->length);
    if (!record->data)
      return FALSE;
    if (fread(record->data, record->length, 1, pcap->fp) != 1)
    {
      free(record->data);
      record->length = 0;
      record->data = NULL;
      return FALSE;
    }
  }
  return TRUE;
}

static BOOL Pcap_Add_Record(wPcap* pcap, void* data, UINT32 length)
{
  wPcapRecord* record = NULL;

  if (!pcap->tail)
  {
    pcap->tail = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
    if (!pcap->tail)
      return FALSE;
    pcap->head = pcap->tail;
    pcap->record = pcap->head;
    record = pcap->tail;
  }
  else
  {
    record = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
    if (!record)
      return FALSE;
    pcap->tail->next = record;
    pcap->tail = record;
  }

  if (!pcap->record)
    pcap->record = record;

  record->data = data;
  record->length = length;
  record->header.incl_len = length;
  record->header.orig_len = length;

  UINT64 ns = winpr_GetUnixTimeNS();
  record->header.ts_sec = WINPR_TIME_NS_TO_S(ns);
  record->header.ts_usec = WINPR_TIME_NS_REM_US(ns);
  return TRUE;
}

static BOOL Pcap_HasNext_Record(wPcap* pcap)
{
  if (pcap->file_size - (_ftelli64(pcap->fp)) <= 16)
    return FALSE;

  return TRUE;
}

static BOOL Pcap_GetNext_RecordHeader(wPcap* pcap, wPcapRecord* record)
{
  if (!Pcap_HasNext_Record(pcap) || !Pcap_Read_RecordHeader(pcap, &record->header))
    return FALSE;

  record->length = record->header.incl_len;
  return TRUE;
}

static BOOL Pcap_GetNext_RecordContent(wPcap* pcap, wPcapRecord* record)
{
  if (pcap && pcap->fp && fread(record->data, record->length, 1, pcap->fp) == 1)
    return TRUE;

  return FALSE;
}

static BOOL Pcap_GetNext_Record(wPcap* pcap, wPcapRecord* record)
{
  if (!Pcap_HasNext_Record(pcap))
    return FALSE;

  return Pcap_Read_Record(pcap, record);
}
#endif

static BOOL Pcap_Write_Header(wPcap* pcap, wPcapHeader* header)
{
  if (pcap && pcap->fp && fwrite((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
    return TRUE;
  return FALSE;
}

static BOOL Pcap_Write_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
{
  if (pcap && pcap->fp && fwrite((void*)record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1)
    return TRUE;
  return FALSE;
}

static BOOL Pcap_Write_RecordContent(wPcap* pcap, wPcapRecord* record)
{
  if (pcap && pcap->fp && fwrite(record->data, record->length, 1, pcap->fp) == 1)
    return TRUE;
  return FALSE;
}

static BOOL Pcap_Write_Record(wPcap* pcap, wPcapRecord* record)
{
  return Pcap_Write_RecordHeader(pcap, &record->header) && Pcap_Write_RecordContent(pcap, record);
}

wPcap* Pcap_Open(char* name, BOOL write)
{
  wPcap* pcap = NULL;
  FILE* pcap_fp = winpr_fopen(name, write ? "w+b" : "rb");

  if (!pcap_fp)
  {
    WLog_ERR(TAG, "opening pcap file");
    return NULL;
  }

  pcap = (wPcap*)calloc(1, sizeof(wPcap));

  if (!pcap)
    goto out_fail;

  pcap->name = name;
  pcap->write = write;
  pcap->record_count = 0;
  pcap->fp = pcap_fp;

  if (write)
  {
    pcap->header.magic_number = PCAP_MAGIC_NUMBER;
    pcap->header.version_major = 2;
    pcap->header.version_minor = 4;
    pcap->header.thiszone = 0;
    pcap->header.sigfigs = 0;
    pcap->header.snaplen = 0xFFFFFFFF;
    pcap->header.network = 1; /* ethernet */
    if (!Pcap_Write_Header(pcap, &pcap->header))
      goto out_fail;
  }
  else
  {
    if (_fseeki64(pcap->fp, 0, SEEK_END) < 0)
      goto out_fail;
    pcap->file_size = (SSIZE_T)_ftelli64(pcap->fp);
    if (pcap->file_size < 0)
      goto out_fail;
    if (_fseeki64(pcap->fp, 0, SEEK_SET) < 0)
      goto out_fail;
    if (!Pcap_Read_Header(pcap, &pcap->header))
      goto out_fail;
  }

  return pcap;

out_fail:
  if (pcap_fp)
    fclose(pcap_fp);
  free(pcap);
  return NULL;
}

void Pcap_Flush(wPcap* pcap)
{
  if (!pcap || !pcap->fp)
    return;

  while (pcap->record)
  {
    if (!Pcap_Write_Record(pcap, pcap->record))
      return;
    pcap->record = pcap->record->next;
  }

  fflush(pcap->fp);
  return;
}

void Pcap_Close(wPcap* pcap)
{
  if (!pcap || !pcap->fp)
    return;

  Pcap_Flush(pcap);
  fclose(pcap->fp);
  free(pcap);
}

static BOOL WLog_PacketMessage_Write_EthernetHeader(wPcap* pcap, wEthernetHeader* ethernet)
{
  wStream* s = NULL;
  wStream sbuffer = { 0 };
  BYTE buffer[14] = { 0 };
  BOOL ret = TRUE;

  if (!pcap || !pcap->fp || !ethernet)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write(s, ethernet->Destination, 6);
  Stream_Write(s, ethernet->Source, 6);
  Stream_Write_UINT16_BE(s, ethernet->Type);
  if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
    ret = FALSE;

  return ret;
}

static UINT16 IPv4Checksum(BYTE* ipv4, int length)
{
  UINT16 tmp16 = 0;
  long checksum = 0;

  while (length > 1)
  {
    tmp16 = *((UINT16*)ipv4);
    checksum += tmp16;
    length -= 2;
    ipv4 += 2;
  }

  if (length > 0)
    checksum += *ipv4;

  while (checksum >> 16)
    checksum = (checksum & 0xFFFF) + (checksum >> 16);

  return (UINT16)(~checksum);
}

static BOOL WLog_PacketMessage_Write_IPv4Header(wPcap* pcap, wIPv4Header* ipv4)
{
  wStream* s = NULL;
  wStream sbuffer = { 0 };
  BYTE buffer[20] = { 0 };
  int ret = TRUE;

  if (!pcap || !pcap->fp || !ipv4)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write_UINT8(s, (ipv4->Version << 4) | ipv4->InternetHeaderLength);
  Stream_Write_UINT8(s, ipv4->TypeOfService);
  Stream_Write_UINT16_BE(s, ipv4->TotalLength);
  Stream_Write_UINT16_BE(s, ipv4->Identification);
  Stream_Write_UINT16_BE(s, (ipv4->InternetProtocolFlags << 13) | ipv4->FragmentOffset);
  Stream_Write_UINT8(s, ipv4->TimeToLive);
  Stream_Write_UINT8(s, ipv4->Protocol);
  Stream_Write_UINT16(s, ipv4->HeaderChecksum);
  Stream_Write_UINT32_BE(s, ipv4->SourceAddress);
  Stream_Write_UINT32_BE(s, ipv4->DestinationAddress);
  ipv4->HeaderChecksum = IPv4Checksum((BYTE*)buffer, 20);
  Stream_Rewind(s, 10);
  Stream_Write_UINT16(s, ipv4->HeaderChecksum);

  if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
    ret = FALSE;

  return ret;
}

static BOOL WLog_PacketMessage_Write_TcpHeader(wPcap* pcap, wTcpHeader* tcp)
{
  wStream* s = NULL;
  wStream sbuffer = { 0 };
  BYTE buffer[20] = { 0 };
  BOOL ret = TRUE;

  if (!pcap || !pcap->fp || !tcp)
    return FALSE;

  s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
  if (!s)
    return FALSE;
  Stream_Write_UINT16_BE(s, tcp->SourcePort);
  Stream_Write_UINT16_BE(s, tcp->DestinationPort);
  Stream_Write_UINT32_BE(s, tcp->SequenceNumber);
  Stream_Write_UINT32_BE(s, tcp->AcknowledgementNumber);
  Stream_Write_UINT8(s, (tcp->Offset << 4) | tcp->Reserved);
  Stream_Write_UINT8(s, tcp->TcpFlags);
  Stream_Write_UINT16_BE(s, tcp->Window);
  Stream_Write_UINT16_BE(s, tcp->Checksum);
  Stream_Write_UINT16_BE(s, tcp->UrgentPointer);

  if (pcap->fp)
  {
    if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
      ret = FALSE;
  }

  return ret;
}

static UINT32 g_InboundSequenceNumber = 0;
static UINT32 g_OutboundSequenceNumber = 0;

BOOL WLog_PacketMessage_Write(wPcap* pcap, void* data, size_t length, DWORD flags)
{
  wTcpHeader tcp;
  wIPv4Header ipv4;
  wPcapRecord record;
  wEthernetHeader ethernet;
  ethernet.Type = 0x0800;

  if (!pcap || !pcap->fp)
    return FALSE;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    /* 00:15:5D:01:64:04 */
    ethernet.Source[0] = 0x00;
    ethernet.Source[1] = 0x15;
    ethernet.Source[2] = 0x5D;
    ethernet.Source[3] = 0x01;
    ethernet.Source[4] = 0x64;
    ethernet.Source[5] = 0x04;
    /* 00:15:5D:01:64:01 */
    ethernet.Destination[0] = 0x00;
    ethernet.Destination[1] = 0x15;
    ethernet.Destination[2] = 0x5D;
    ethernet.Destination[3] = 0x01;
    ethernet.Destination[4] = 0x64;
    ethernet.Destination[5] = 0x01;
  }
  else
  {
    /* 00:15:5D:01:64:01 */
    ethernet.Source[0] = 0x00;
    ethernet.Source[1] = 0x15;
    ethernet.Source[2] = 0x5D;
    ethernet.Source[3] = 0x01;
    ethernet.Source[4] = 0x64;
    ethernet.Source[5] = 0x01;
    /* 00:15:5D:01:64:04 */
    ethernet.Destination[0] = 0x00;
    ethernet.Destination[1] = 0x15;
    ethernet.Destination[2] = 0x5D;
    ethernet.Destination[3] = 0x01;
    ethernet.Destination[4] = 0x64;
    ethernet.Destination[5] = 0x04;
  }

  ipv4.Version = 4;
  ipv4.InternetHeaderLength = 5;
  ipv4.TypeOfService = 0;
  ipv4.TotalLength = (UINT16)(length + 20 + 20);
  ipv4.Identification = 0;
  ipv4.InternetProtocolFlags = 0x02;
  ipv4.FragmentOffset = 0;
  ipv4.TimeToLive = 128;
  ipv4.Protocol = 6; /* TCP */
  ipv4.HeaderChecksum = 0;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    ipv4.SourceAddress = 0xC0A80196;      /* 192.168.1.150 */
    ipv4.DestinationAddress = 0x4A7D64C8; /* 74.125.100.200 */
  }
  else
  {
    ipv4.SourceAddress = 0x4A7D64C8;      /* 74.125.100.200 */
    ipv4.DestinationAddress = 0xC0A80196; /* 192.168.1.150 */
  }

  tcp.SourcePort = 3389;
  tcp.DestinationPort = 3389;

  if (flags & WLOG_PACKET_OUTBOUND)
  {
    tcp.SequenceNumber = g_OutboundSequenceNumber;
    tcp.AcknowledgementNumber = g_InboundSequenceNumber;
    g_OutboundSequenceNumber += length;
  }
  else
  {
    tcp.SequenceNumber = g_InboundSequenceNumber;
    tcp.AcknowledgementNumber = g_OutboundSequenceNumber;
    g_InboundSequenceNumber += length;
  }

  tcp.Offset = 5;
  tcp.Reserved = 0;
  tcp.TcpFlags = 0x0018;
  tcp.Window = 0x7FFF;
  tcp.Checksum = 0;
  tcp.UrgentPointer = 0;
  record.data = data;
  record.length = length;
  const size_t offset = 14 + 20 + 20;
  WINPR_ASSERT(record.length <= UINT32_MAX - offset);
  record.header.incl_len = (UINT32)record.length + offset;
  record.header.orig_len = (UINT32)record.length + offset;
  record.next = NULL;

  UINT64 ns = winpr_GetUnixTimeNS();
  record.header.ts_sec = WINPR_TIME_NS_TO_S(ns);
  record.header.ts_usec = WINPR_TIME_NS_REM_US(ns);

  if (!Pcap_Write_RecordHeader(pcap, &record.header) ||
      !WLog_PacketMessage_Write_EthernetHeader(pcap, &ethernet) ||
      !WLog_PacketMessage_Write_IPv4Header(pcap, &ipv4) ||
      !WLog_PacketMessage_Write_TcpHeader(pcap, &tcp) || !Pcap_Write_RecordContent(pcap, &record))
    return FALSE;
  fflush(pcap->fp);
  return TRUE;
}

Coverage Report

Created: 2024-05-20 06:11

Line	Count	Source (jump to first uncovered line)
1		/**
2		* WinPR: Windows Portable Runtime
3		* WinPR Logger
4		*
5		* Copyright 2013 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6		* Copyright 2015 Thincast Technologies GmbH
7		* Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8		*
9		* Licensed under the Apache License, Version 2.0 (the "License");
10		* you may not use this file except in compliance with the License.
11		* You may obtain a copy of the License at
12		*
13		* http://www.apache.org/licenses/LICENSE-2.0
14		*
15		* Unless required by applicable law or agreed to in writing, software
16		* distributed under the License is distributed on an "AS IS" BASIS,
17		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18		* See the License for the specific language governing permissions and
19		* limitations under the License.
20		*/
21
22		#include <winpr/config.h>
23
24		#include "wlog.h"
25
26		#include "PacketMessage.h"
27
28		#include <winpr/wtypes.h>
29		#include <winpr/crt.h>
30		#include <winpr/file.h>
31		#include <winpr/stream.h>
32		#include <winpr/sysinfo.h>
33
34		#include "../../log.h"
35		#define TAG WINPR_TAG("utils.wlog")
36
37		static BOOL Pcap_Read_Header(wPcap* pcap, wPcapHeader* header)
38	0	{
39	0	if (pcap && pcap->fp && fread((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
40	0	return TRUE;
41	0	return FALSE;
42	0	}
43
44		/* currently unused code */
45		#if 0
46		static BOOL Pcap_Read_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
47		{
48		if (pcap && pcap->fp && (fread((void*) record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1))
49		return TRUE;
50		return FALSE;
51		}
52
53		static BOOL Pcap_Read_Record(wPcap* pcap, wPcapRecord* record)
54		{
55		if (pcap && pcap->fp)
56		{
57		if (!Pcap_Read_RecordHeader(pcap, &record->header))
58		return FALSE;
59		record->length = record->header.incl_len;
60		record->data = malloc(record->length);
61		if (!record->data)
62		return FALSE;
63		if (fread(record->data, record->length, 1, pcap->fp) != 1)
64		{
65		free(record->data);
66		record->length = 0;
67		record->data = NULL;
68		return FALSE;
69		}
70		}
71		return TRUE;
72		}
73
74		static BOOL Pcap_Add_Record(wPcap* pcap, void* data, UINT32 length)
75		{
76		wPcapRecord* record = NULL;
77
78		if (!pcap->tail)
79		{
80		pcap->tail = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
81		if (!pcap->tail)
82		return FALSE;
83		pcap->head = pcap->tail;
84		pcap->record = pcap->head;
85		record = pcap->tail;
86		}
87		else
88		{
89		record = (wPcapRecord*) calloc(1, sizeof(wPcapRecord));
90		if (!record)
91		return FALSE;
92		pcap->tail->next = record;
93		pcap->tail = record;
94		}
95
96		if (!pcap->record)
97		pcap->record = record;
98
99		record->data = data;
100		record->length = length;
101		record->header.incl_len = length;
102		record->header.orig_len = length;
103
104		UINT64 ns = winpr_GetUnixTimeNS();
105		record->header.ts_sec = WINPR_TIME_NS_TO_S(ns);
106		record->header.ts_usec = WINPR_TIME_NS_REM_US(ns);
107		return TRUE;
108		}
109
110		static BOOL Pcap_HasNext_Record(wPcap* pcap)
111		{
112		if (pcap->file_size - (_ftelli64(pcap->fp)) <= 16)
113		return FALSE;
114
115		return TRUE;
116		}
117
118		static BOOL Pcap_GetNext_RecordHeader(wPcap* pcap, wPcapRecord* record)
119		{
120		if (!Pcap_HasNext_Record(pcap) \|\| !Pcap_Read_RecordHeader(pcap, &record->header))
121		return FALSE;
122
123		record->length = record->header.incl_len;
124		return TRUE;
125		}
126
127		static BOOL Pcap_GetNext_RecordContent(wPcap* pcap, wPcapRecord* record)
128		{
129		if (pcap && pcap->fp && fread(record->data, record->length, 1, pcap->fp) == 1)
130		return TRUE;
131
132		return FALSE;
133		}
134
135		static BOOL Pcap_GetNext_Record(wPcap* pcap, wPcapRecord* record)
136		{
137		if (!Pcap_HasNext_Record(pcap))
138		return FALSE;
139
140		return Pcap_Read_Record(pcap, record);
141		}
142		#endif
143
144		static BOOL Pcap_Write_Header(wPcap* pcap, wPcapHeader* header)
145	0	{
146	0	if (pcap && pcap->fp && fwrite((void*)header, sizeof(wPcapHeader), 1, pcap->fp) == 1)
147	0	return TRUE;
148	0	return FALSE;
149	0	}
150
151		static BOOL Pcap_Write_RecordHeader(wPcap* pcap, wPcapRecordHeader* record)
152	0	{
153	0	if (pcap && pcap->fp && fwrite((void*)record, sizeof(wPcapRecordHeader), 1, pcap->fp) == 1)
154	0	return TRUE;
155	0	return FALSE;
156	0	}
157
158		static BOOL Pcap_Write_RecordContent(wPcap* pcap, wPcapRecord* record)
159	0	{
160	0	if (pcap && pcap->fp && fwrite(record->data, record->length, 1, pcap->fp) == 1)
161	0	return TRUE;
162	0	return FALSE;
163	0	}
164
165		static BOOL Pcap_Write_Record(wPcap* pcap, wPcapRecord* record)
166	0	{
167	0	return Pcap_Write_RecordHeader(pcap, &record->header) && Pcap_Write_RecordContent(pcap, record);
168	0	}
169
170		wPcap* Pcap_Open(char* name, BOOL write)
171	0	{
172	0	wPcap* pcap = NULL;
173	0	FILE* pcap_fp = winpr_fopen(name, write ? "w+b" : "rb");
174
175	0	if (!pcap_fp)
176	0	{
177	0	WLog_ERR(TAG, "opening pcap file");
178	0	return NULL;
179	0	}
180
181	0	pcap = (wPcap*)calloc(1, sizeof(wPcap));
182
183	0	if (!pcap)
184	0	goto out_fail;
185
186	0	pcap->name = name;
187	0	pcap->write = write;
188	0	pcap->record_count = 0;
189	0	pcap->fp = pcap_fp;
190
191	0	if (write)
192	0	{
193	0	pcap->header.magic_number = PCAP_MAGIC_NUMBER;
194	0	pcap->header.version_major = 2;
195	0	pcap->header.version_minor = 4;
196	0	pcap->header.thiszone = 0;
197	0	pcap->header.sigfigs = 0;
198	0	pcap->header.snaplen = 0xFFFFFFFF;
199	0	pcap->header.network = 1; /* ethernet */
200	0	if (!Pcap_Write_Header(pcap, &pcap->header))
201	0	goto out_fail;
202	0	}
203	0	else
204	0	{
205	0	if (_fseeki64(pcap->fp, 0, SEEK_END) < 0)
206	0	goto out_fail;
207	0	pcap->file_size = (SSIZE_T)_ftelli64(pcap->fp);
208	0	if (pcap->file_size < 0)
209	0	goto out_fail;
210	0	if (_fseeki64(pcap->fp, 0, SEEK_SET) < 0)
211	0	goto out_fail;
212	0	if (!Pcap_Read_Header(pcap, &pcap->header))
213	0	goto out_fail;
214	0	}
215
216	0	return pcap;
217
218	0	out_fail:
219	0	if (pcap_fp)
220	0	fclose(pcap_fp);
221	0	free(pcap);
222	0	return NULL;
223	0	}
224
225		void Pcap_Flush(wPcap* pcap)
226	0	{
227	0	if (!pcap \|\| !pcap->fp)
228	0	return;
229
230	0	while (pcap->record)
231	0	{
232	0	if (!Pcap_Write_Record(pcap, pcap->record))
233	0	return;
234	0	pcap->record = pcap->record->next;
235	0	}
236
237	0	fflush(pcap->fp);
238	0	return;
239	0	}
240
241		void Pcap_Close(wPcap* pcap)
242	0	{
243	0	if (!pcap \|\| !pcap->fp)
244	0	return;
245
246	0	Pcap_Flush(pcap);
247	0	fclose(pcap->fp);
248	0	free(pcap);
249	0	}
250
251		static BOOL WLog_PacketMessage_Write_EthernetHeader(wPcap* pcap, wEthernetHeader* ethernet)
252	0	{
253	0	wStream* s = NULL;
254	0	wStream sbuffer = { 0 };
255	0	BYTE buffer[14] = { 0 };
256	0	BOOL ret = TRUE;
257
258	0	if (!pcap \|\| !pcap->fp \|\| !ethernet)
259	0	return FALSE;
260
261	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
262	0	if (!s)
263	0	return FALSE;
264	0	Stream_Write(s, ethernet->Destination, 6);
265	0	Stream_Write(s, ethernet->Source, 6);
266	0	Stream_Write_UINT16_BE(s, ethernet->Type);
267	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
268	0	ret = FALSE;
269
270	0	return ret;
271	0	}
272
273		static UINT16 IPv4Checksum(BYTE* ipv4, int length)
274	0	{
275	0	UINT16 tmp16 = 0;
276	0	long checksum = 0;
277
278	0	while (length > 1)
279	0	{
280	0	tmp16 = ((UINT16)ipv4);
281	0	checksum += tmp16;
282	0	length -= 2;
283	0	ipv4 += 2;
284	0	}
285
286	0	if (length > 0)
287	0	checksum += *ipv4;
288
289	0	while (checksum >> 16)
290	0	checksum = (checksum & 0xFFFF) + (checksum >> 16);
291
292	0	return (UINT16)(~checksum);
293	0	}
294
295		static BOOL WLog_PacketMessage_Write_IPv4Header(wPcap* pcap, wIPv4Header* ipv4)
296	0	{
297	0	wStream* s = NULL;
298	0	wStream sbuffer = { 0 };
299	0	BYTE buffer[20] = { 0 };
300	0	int ret = TRUE;
301
302	0	if (!pcap \|\| !pcap->fp \|\| !ipv4)
303	0	return FALSE;
304
305	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
306	0	if (!s)
307	0	return FALSE;
308	0	Stream_Write_UINT8(s, (ipv4->Version << 4) \| ipv4->InternetHeaderLength);
309	0	Stream_Write_UINT8(s, ipv4->TypeOfService);
310	0	Stream_Write_UINT16_BE(s, ipv4->TotalLength);
311	0	Stream_Write_UINT16_BE(s, ipv4->Identification);
312	0	Stream_Write_UINT16_BE(s, (ipv4->InternetProtocolFlags << 13) \| ipv4->FragmentOffset);
313	0	Stream_Write_UINT8(s, ipv4->TimeToLive);
314	0	Stream_Write_UINT8(s, ipv4->Protocol);
315	0	Stream_Write_UINT16(s, ipv4->HeaderChecksum);
316	0	Stream_Write_UINT32_BE(s, ipv4->SourceAddress);
317	0	Stream_Write_UINT32_BE(s, ipv4->DestinationAddress);
318	0	ipv4->HeaderChecksum = IPv4Checksum((BYTE*)buffer, 20);
319	0	Stream_Rewind(s, 10);
320	0	Stream_Write_UINT16(s, ipv4->HeaderChecksum);
321
322	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
323	0	ret = FALSE;
324
325	0	return ret;
326	0	}
327
328		static BOOL WLog_PacketMessage_Write_TcpHeader(wPcap* pcap, wTcpHeader* tcp)
329	0	{
330	0	wStream* s = NULL;
331	0	wStream sbuffer = { 0 };
332	0	BYTE buffer[20] = { 0 };
333	0	BOOL ret = TRUE;
334
335	0	if (!pcap \|\| !pcap->fp \|\| !tcp)
336	0	return FALSE;
337
338	0	s = Stream_StaticInit(&sbuffer, buffer, sizeof(buffer));
339	0	if (!s)
340	0	return FALSE;
341	0	Stream_Write_UINT16_BE(s, tcp->SourcePort);
342	0	Stream_Write_UINT16_BE(s, tcp->DestinationPort);
343	0	Stream_Write_UINT32_BE(s, tcp->SequenceNumber);
344	0	Stream_Write_UINT32_BE(s, tcp->AcknowledgementNumber);
345	0	Stream_Write_UINT8(s, (tcp->Offset << 4) \| tcp->Reserved);
346	0	Stream_Write_UINT8(s, tcp->TcpFlags);
347	0	Stream_Write_UINT16_BE(s, tcp->Window);
348	0	Stream_Write_UINT16_BE(s, tcp->Checksum);
349	0	Stream_Write_UINT16_BE(s, tcp->UrgentPointer);
350
351	0	if (pcap->fp)
352	0	{
353	0	if (fwrite(buffer, sizeof(buffer), 1, pcap->fp) != 1)
354	0	ret = FALSE;
355	0	}
356
357	0	return ret;
358	0	}
359
360		static UINT32 g_InboundSequenceNumber = 0;
361		static UINT32 g_OutboundSequenceNumber = 0;
362
363		BOOL WLog_PacketMessage_Write(wPcap* pcap, void* data, size_t length, DWORD flags)
364	0	{
365	0	wTcpHeader tcp;
366	0	wIPv4Header ipv4;
367	0	wPcapRecord record;
368	0	wEthernetHeader ethernet;
369	0	ethernet.Type = 0x0800;
370
371	0	if (!pcap \|\| !pcap->fp)
372	0	return FALSE;
373
374	0	if (flags & WLOG_PACKET_OUTBOUND)
375	0	{
376		/* 00:15:5D:01:64:04 */
377	0	ethernet.Source[0] = 0x00;
378	0	ethernet.Source[1] = 0x15;
379	0	ethernet.Source[2] = 0x5D;
380	0	ethernet.Source[3] = 0x01;
381	0	ethernet.Source[4] = 0x64;
382	0	ethernet.Source[5] = 0x04;
383		/* 00:15:5D:01:64:01 */
384	0	ethernet.Destination[0] = 0x00;
385	0	ethernet.Destination[1] = 0x15;
386	0	ethernet.Destination[2] = 0x5D;
387	0	ethernet.Destination[3] = 0x01;
388	0	ethernet.Destination[4] = 0x64;
389	0	ethernet.Destination[5] = 0x01;
390	0	}
391	0	else
392	0	{
393		/* 00:15:5D:01:64:01 */
394	0	ethernet.Source[0] = 0x00;
395	0	ethernet.Source[1] = 0x15;
396	0	ethernet.Source[2] = 0x5D;
397	0	ethernet.Source[3] = 0x01;
398	0	ethernet.Source[4] = 0x64;
399	0	ethernet.Source[5] = 0x01;
400		/* 00:15:5D:01:64:04 */
401	0	ethernet.Destination[0] = 0x00;
402	0	ethernet.Destination[1] = 0x15;
403	0	ethernet.Destination[2] = 0x5D;
404	0	ethernet.Destination[3] = 0x01;
405	0	ethernet.Destination[4] = 0x64;
406	0	ethernet.Destination[5] = 0x04;
407	0	}
408
409	0	ipv4.Version = 4;
410	0	ipv4.InternetHeaderLength = 5;
411	0	ipv4.TypeOfService = 0;
412	0	ipv4.TotalLength = (UINT16)(length + 20 + 20);
413	0	ipv4.Identification = 0;
414	0	ipv4.InternetProtocolFlags = 0x02;
415	0	ipv4.FragmentOffset = 0;
416	0	ipv4.TimeToLive = 128;
417	0	ipv4.Protocol = 6; /* TCP */
418	0	ipv4.HeaderChecksum = 0;
419
420	0	if (flags & WLOG_PACKET_OUTBOUND)
421	0	{
422	0	ipv4.SourceAddress = 0xC0A80196; /* 192.168.1.150 */
423	0	ipv4.DestinationAddress = 0x4A7D64C8; /* 74.125.100.200 */
424	0	}
425	0	else
426	0	{
427	0	ipv4.SourceAddress = 0x4A7D64C8; /* 74.125.100.200 */
428	0	ipv4.DestinationAddress = 0xC0A80196; /* 192.168.1.150 */
429	0	}
430
431	0	tcp.SourcePort = 3389;
432	0	tcp.DestinationPort = 3389;
433
434	0	if (flags & WLOG_PACKET_OUTBOUND)
435	0	{
436	0	tcp.SequenceNumber = g_OutboundSequenceNumber;
437	0	tcp.AcknowledgementNumber = g_InboundSequenceNumber;
438	0	g_OutboundSequenceNumber += length;
439	0	}
440	0	else
441	0	{
442	0	tcp.SequenceNumber = g_InboundSequenceNumber;
443	0	tcp.AcknowledgementNumber = g_OutboundSequenceNumber;
444	0	g_InboundSequenceNumber += length;
445	0	}
446
447	0	tcp.Offset = 5;
448	0	tcp.Reserved = 0;
449	0	tcp.TcpFlags = 0x0018;
450	0	tcp.Window = 0x7FFF;
451	0	tcp.Checksum = 0;
452	0	tcp.UrgentPointer = 0;
453	0	record.data = data;
454	0	record.length = length;
455	0	const size_t offset = 14 + 20 + 20;
456	0	WINPR_ASSERT(record.length <= UINT32_MAX - offset);
457	0	record.header.incl_len = (UINT32)record.length + offset;
458	0	record.header.orig_len = (UINT32)record.length + offset;
459	0	record.next = NULL;
460
461	0	UINT64 ns = winpr_GetUnixTimeNS();
462	0	record.header.ts_sec = WINPR_TIME_NS_TO_S(ns);
463	0	record.header.ts_usec = WINPR_TIME_NS_REM_US(ns);
464
465	0	if (!Pcap_Write_RecordHeader(pcap, &record.header) \|\|
466	0	!WLog_PacketMessage_Write_EthernetHeader(pcap, &ethernet) \|\|
467	0	!WLog_PacketMessage_Write_IPv4Header(pcap, &ipv4) \|\|
468	0	!WLog_PacketMessage_Write_TcpHeader(pcap, &tcp) \|\| !Pcap_Write_RecordContent(pcap, &record))
469	0	return FALSE;
470	0	fflush(pcap->fp);
471	0	return TRUE;
472	0	}