Fix GTP_U_Header binds

[gpotter2]

This PR:

• fixes Wireshark does not recognize GTP-U header , in scenario where Inner IPs are IPV6 Address Family. #2008

[codecov]

Codecov Report

Merging #2010 into master will decrease coverage by 1.9%.
The diff coverage is 95.23%.

@@            Coverage Diff             @@
##           master    #2010      +/-   ##
==========================================
- Coverage   85.97%   84.06%   -1.91%     
==========================================
  Files         189      188       -1     
  Lines       43071    42864     -207     
==========================================
- Hits        37029    36033     -996     
- Misses       6042     6831     +789

Impacted Files	Coverage Δ
scapy/contrib/gtp.py	89% <95.23%> (+0.18%)	⬆️
scapy/contrib/cansocket_python_can.py	37.7% <0%> (-54.1%)	⬇️
scapy/arch/bpf/core.py	28% <0%> (-54%)	⬇️
scapy/contrib/cansocket_native.py	29.57% <0%> (-50.71%)	⬇️
scapy/arch/common.py	54.34% <0%> (-36.96%)	⬇️
scapy/arch/linux.py	52.14% <0%> (-22.42%)	⬇️
scapy/layers/dhcp6.py	63.38% <0%> (-21.76%)	⬇️
scapy/supersocket.py	53.87% <0%> (-18.22%)	⬇️
scapy/contrib/isotp.py	72.85% <0%> (-15.47%)	⬇️
scapy/arch/pcapdnet.py	45.14% <0%> (-11.9%)	⬇️
... and 26 more

[asingh1984]

On "gtpbind" branch I do get errors on using scapy commands but tried same on "Master" with no errors. Please check the detailed info as below.
I'm not familiar with tools/developer environment , please bear with me if I do miss any info.

thanks !!

1. Tried on "gtpbind Branch" :

a) git clone https://github.com/gpotter2/scapy.git
b)I had to add following code , end of "gtp.py" file , to make it run. Not sure if its the correct way to do it,

Running gtp.py will not result in any action ( no scapy terminal)

sudo python gtp.py
sudo python gtp.py

I had to add following code , end of "gtp.py" file , to make it run

if name == "main":
from scapy.all import *
interact(mydict=globals(), mybanner="GTPv1 add-on")

c) scapy command results in error error !!
sudo python gtp.py

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IP(src="1.1.1.1", dst="2.2.2.2")/UDP(sport=1111,dport=2222),inter=0.01,count=10)

Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/dist-packages/scapy/base_classes.py", line 258, in call
i.init(*args, **kargs)
File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 158, in init
for fname, _ in fields:
ValueError: too many values to unpack

2. Tried on "Master Branch" :
   a) git clone https://github.com/secdev/scapy.git
   b) I'm able to execute scapy command with no error !!

sudo python gtp.py

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IP(src="1.1.1.1", dst="2.2.2.2")/UDP(sport=1111,dport=2222),inter=0.01,count=10)

.
Sent 1 packets.

[gpotter2]

TEID is teid on master. You're probably using an old version if it's working.
The error you're seeing is unrelated and fixed on another PR (#1983)

[asingh1984]

More Info In Details,

1. Just curious to know are the following two gtp.py files for different purpose ? It seems "secdev" one is latest/updated ?

a) https://github.com/cisco-system-traffic-generator/trex-core/blob/master/scripts/external_libs/scapy-2.3.1/python3/scapy/contrib/gtp.py

b) https://github.com/secdev/scapy/blob/master/scapy/contrib/gtp.py

2. git clone https://github.com/secdev/scapy.git

a) Running "sudo python gtp.py" does not result in anything , is this correct way ?

asingh@Linux-Client:$ git clone https://github.com/secdev/scapy.git
Cloning into 'scapy'...
Checking connectivity... done.
asingh@Linux-Client:/scapy/scapy/contrib$ sudo python gtp.py
asingh@Linux-Client:/scapy/scapy/contrib$
asingh@Linux-Client:/scapy/scapy/contrib$
asingh@Linux-Client:~/scapy/scapy/contrib$ sudo python gtp.py

b) had to add following code to make it run, not sure of its correct way

if name == "main":
from scapy.all import *
interact(mydict=globals(), mybanner="GTPv1 add-on")

asingh@Linux-Client:/master/scapy/scapy/contrib$
asingh@Linux-Client:/master/scapy/scapy/contrib$ sudo python gtp.py
[sudo] password for asingh:
WARNING: IPython not available. Using standard Python shell instead.
AutoCompletion, History are disabled.

                 aSPY//YASa
         apyyyyCY//////////YCa       |
        sY//////YSpcs  scpCY//Pp     | Welcome to Scapy

ayp ayyyyyyySCP//Pp syY//C | Version 2.4.3rc1.dev128
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | Craft me if you can.
scccccp///pSP///p p//Y | -- IPv6 layer
sY/////////y caa S//P |
cayCyayP//Ya pY/Ya
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs

c) Error on running scapy commands,

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IP(src="1.1.1.1", dst="2.2.2.2")/UDP(sport=1111,dport=2222),inter=0.01,count=10)

Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/dist-packages/scapy/base_classes.py", line 258, in call
i.init(*args, **kargs)
File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 158, in init
for fname, _ in fields:
ValueError: too many values to unpack

3. git clone https://github.com/gtpbind//scapy.git

a) Running "sudo python gtp.py" does not result in anything , is this correct way ?

asingh@Linux-Client:$ git clone https://github.com/gtpbind//scapy.git
Cloning into 'scapy'...
Checking connectivity... done.
asingh@Linux-Client:/scapy/scapy/contrib$ sudo python gtp.py

asingh@Linux-Client:~/scapy/scapy/contrib$ sudo python gtp.py

b) had to add following code to make it run, not sure of its correct way

if name == "main":
from scapy.all import *
interact(mydict=globals(), mybanner="GTPv1 add-on")

asingh@Linux-Client:~/gtpbind/scapy/scapy/contrib$ sudo python gtp.py
[sudo] password for asingh:
WARNING: IPython not available. Using standard Python shell instead.
AutoCompletion, History are disabled.

                 aSPY//YASa
         apyyyyCY//////////YCa       |
        sY//////YSpcs  scpCY//Pp     | Welcome to Scapy

ayp ayyyyyyySCP//Pp syY//C | Version 2.4.3rc1.dev128
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | Craft packets like I craft my beer.
scccccp///pSP///p p//Y | -- Jean De Clerck
sY/////////y caa S//P |
cayCyayP//Ya pY/Ya
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs

GTPv1 add-on

c) Error on running scapy commands,

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IP(src="1.1.1.1", dst="2.2.2.2")/UDP(sport=1111,dport=2222),inter=0.01,count=10)

Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/dist-packages/scapy/base_classes.py", line 258, in call
i.init(*args, **kargs)
File "/usr/local/lib/python2.7/dist-packages/scapy/packet.py", line 158, in init
for fname, _ in fields:
ValueError: too many values to unpack

4)git clone https://github.com/cisco-system-traffic-generator/trex-core.git

a)Running "sudo python gtp.py" results in scapy session

asingh@Linux-Client:~/trex-core/trex-core/scripts/external_libs/scapy-2.3.1/python3/scapy/contrib$ sudo python gtp.py
[sudo] password for asingh:

WARNING: IPython not available. Using standard Python shell instead.
AutoCompletion, History are disabled.

                 aSPY//YASa
         apyyyyCY//////////YCa       |
        sY//////YSpcs  scpCY//Pp     | Welcome to Scapy

ayp ayyyyyyySCP//Pp syY//C | Version 2.4.3rc1.dev128
AYAsAYYYYYYYY///Ps cY//S |
pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy
SPPPP///a pP///AC//Y |
A//A cyP////C | Have fun!
p///Ac sC///a |
P////YCpc A//A | Craft packets before they craft
scccccp///pSP///p p//Y | you.
sY/////////y caa S//P | -- Socrate
cayCyayP//Ya pY/Ya |
sY/PsY////YCc aC//Yp
sc sccaCY//PCypaapyCP//YSs
spCPY//////YPSps
ccaacs

GTPv1 add-on

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IP(src="1.1.1.1", dst="2.2.2.2")/UDP(sport=1111,dport=2222),inter=0.01,count=10)

..........
Sent 10 packets.

[gpotter2]

I had no idea of the existence of https://github.com/cisco-system-traffic-generator/trex-core/, but it looks like they copied the source of Scapy 2.3.1 (which is super outdated).

Again, you need to rename TEID to teid

[asingh1984]

Great ! thanks for that info.....after changing "TEID" to "teid" my scapy commands are working fine , but I still see the same error of inner packets are not recognize as GTPU-U packets ( wireshark still shows data.... ) .I'm using https://github.com/gpotter2/scapy/blob/gtpbind/scapy/contrib/gtp.py.Any suggestions ? Command:

Outer IPv4 and Inner IPv6 --> Wireshark does not !!! recognize it as GTP packets. (Wireshark just treats it as data.. )

send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(teid=9999)/IPv6(src="2002::101:101:101:1", dst="2002::102:102:102:1")/UDP(sport=1111,dport=2222),inter=0.01,count=100)

[asingh1984]

Also ,

1. I had to add following code , end of "gtp.py" file , to make it run for scapy commands

if name == "main":
from scapy.all import *
interact(mydict=globals(), mybanner="GTPv1 add-on")

2. Run the gtp file

sudo python gtp.py

Is this correct way ? or am i missing something ?

[asingh1984]

Hi Gabriel, any luck with this bug? thanks !

[gpotter2]

It works fine for me

>>> tdecode(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(teid=9999)/IPv6(src="2002::101:101:101:1", dst="2002::102:102:102:1")/UDP(sport=1111,dport=2222))
Frame 1: 84 bytes on wire (672 bits), 84 bytes captured (672 bits)
    Encapsulation type: Raw IPv4 (129)
    Arrival Time: May  3, 2019 20:07:37.194523000 CEST
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1556906857.194523000 seconds
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 84 bytes (672 bits)
    Capture Length: 84 bytes (672 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: ip:udp:gtp:ipv6:udp]
Internet Protocol Version 4, Src: 100.100.100.1, Dst: 100.100.100.81
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 84
    Identification: 0x0001 (1)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0xe97d [validation disabled]
    [Header checksum status: Unverified]
    Source: 100.100.100.1
    Destination: 100.100.100.81
User Datagram Protocol, Src Port: 2152, Dst Port: 2152
    Source Port: 2152
    Destination Port: 2152
    Length: 64
    Checksum: 0x9415 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
GPRS Tunneling Protocol
    Flags: 0x30
        001. .... = Version: GTP release 99 version (1)
        ...1 .... = Protocol type: GTP (1)
        .... 0... = Reserved: 0
        .... .0.. = Is Next Extension Header present?: No
        .... ..0. = Is Sequence Number present?: No
        .... ...0 = Is N-PDU number present?: No
    Message Type: T-PDU (0xff)
    Length: 48
    TEID: 0x0000270f (9999)
    T-PDU Data: 600000000008114020020000000000000101010101010001...
Internet Protocol Version 6, Src: 2002::101:101:101:1, Dst: 2002::102:102:102:1
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
        .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
        .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
    Payload Length: 8
    Next Header: UDP (17)
    Hop Limit: 64
    Source: 2002::101:101:101:1
    Destination: 2002::102:102:102:1
    [Source 6to4 Gateway IPv4: 0.0.0.0]
    [Source 6to4 SLA ID: 0]
    [Destination 6to4 Gateway IPv4: 0.0.0.0]
    [Destination 6to4 SLA ID: 0]
User Datagram Protocol, Src Port: 1111, Dst Port: 2222
    Source Port: 1111
    Destination Port: 2222
    Length: 8
    Checksum: 0xacca [unverified]
    [Checksum Status: Unverified]
    [Stream index: 1]

[asingh1984]

thanks for sharing that info , let me give a try again !

Also , just to make sure

I had to add following code , end of "gtp.py" file , to make it run for scapy commands
if name == "main":
from scapy.all import *
interact(mydict=globals(), mybanner="GTPv1 add-on")

Run the gtp file
sudo python gtp.py

Is this correct way ? or am i missing something ?

If you could please share the steps , that would be really helpful to verify this bug. thanks !

[gpotter2]

You're making gtp.py a standalone module.

You can do that.

It's equivalent to starting Scapy and load_contrib("gtp")

[asingh1984]

Thanks.
Sorry I am not much familiar with these environment ,

I'm starting fresh on new ubuntu setup ,

What are the steps I need to perform to run scapy command , after cloning following link,

1. git clone https://github.com/gpotter2/scapy.git ?

thanks !

[gpotter2]

https://scapy.readthedocs.io/en/latest/installation.html#current-development-version

[asingh1984]

Question:

1. Looks like scapy has no idea about "GTP_U_Header" , do i need to run/install "gtp.py" ? missing any steps described below ?

STEPS:

Step1: git clone https://github.com/gpotter2/scapy.git
Step2: cd scapy
Step3: sudo python setup.py install
Step4: sudo scapy

Run Command:
send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(TEID=9999)/IPv6(src="2002::101:101:101:1", dst="2002::102:102:102:1")/UDP(sport=1111,dport=2222),inter=0.01,count=100)

Traceback (most recent call last):
File "", line 1, in
NameError: name 'GTP_U_Header' is not defined

[gpotter2]

You forgot load_contrib("gtp")

[asingh1984]

Hi Gabriel.

thank you ! so much , for helping on this bug , really appreciate your efforts.

I'm able to see GTP-U Inner IPv6 scenarios..in wireshark.

Here are the steps ,

Step1: git clone https://github.com/secdev/scapy.git
Step2: cd scapy
Step3: sudo python setup.py install
Step4: sudo scapy
Step5: load_contrib("gtp")

Run Command:
send(IP(src="100.100.100.1", dst="100.100.100.81")/UDP(sport=2152,dport=2152)/GTP_U_Header(teid=9999)/IPv6(src="2002::101:101:101:1", dst="2002::102:102:102:1")/UDP(sport=1111,dport=2222),inter=0.01,count=100)