bugfix: packet parser adds checks for packets with UDP port 2152 but not GTP-U

2024-08-14 17:24:26 +08:00
parent 5abf0d7942
commit 42f44b53b1
4 changed files with 304 additions and 22 deletions
--- a/src/packet/gtp1_utils.h
+++ b/src/packet/gtp1_utils.h
@@ -203,25 +203,22 @@ static inline uint16_t calc_gtp1_hdr_len(const char *data, uint16_t len)
        uint8_t next_ext_hdr = gtp_long->next_ext_hdr;
        uint16_t offset = sizeof(struct gtp1_hdr_long);

-        if (gtp1_hdr_get_flags(gtp) & GTP1_FLAG_EXT_HDR)
+        while (next_ext_hdr)
        {
-            while (next_ext_hdr)
+            if (offset + 1 > len)
            {
-                if (offset + 1 > len)
-                {
-                    return 0;
-                }
-                uint8_t ext_hdr_len = *((char *)data + offset) * 4 - 2;
-                if (offset + ext_hdr_len > len)
-                {
-                    return 0;
-                }
-                offset += ext_hdr_len + 1; // skip extension header
-                next_ext_hdr = *((char *)data + offset);
+                return 0;
            }
-            offset+=1; //next_ext_hdr==0 occupy 1 byte
+            uint16_t ext_hdr_len = *((char *)data + offset) * 4;
+            if (ext_hdr_len == 0 || offset + ext_hdr_len > len)
+            {
+                return 0;
+            }
+            offset += ext_hdr_len; // skip extension header
+            next_ext_hdr = *((char *)data + offset - 1);
        }
-        return offset; 
+
+        return offset;
    }
    else
    {
--- a/src/packet/packet_parse.cpp
+++ b/src/packet/packet_parse.cpp
@@ -831,12 +831,18 @@ static inline const char *parse_gtp_u(struct packet *pkt, const char *data, uint
        return data;
    }

+    uint8_t next_proto = (((const uint8_t *)(data + hdr_len))[0]) >> 4;
+    if (next_proto != 4 && next_proto != 6)
+    {
+        // next_proto is not IPv4 or IPv6, this is not a normal GTP-U packet, fallback to UDP
+        return data;
+    }
+
    struct raw_layer *layer = get_free_layer(pkt);
    if (unlikely(layer == NULL))
    {
        return data;
    }
-    uint8_t next_proto = (((const uint8_t *)(data + hdr_len))[0]) >> 4;
    SET_LAYER(pkt, layer, LAYER_PROTO_GTP_U, hdr_len, data, len, 0);

    switch (next_proto)
--- a/src/packet/test/gtest_gtp1_utils.cpp
+++ b/src/packet/test/gtest_gtp1_utils.cpp
@@ -186,15 +186,15 @@ TEST(GTP1_UTILS, C_SET)
 *     TEID: 0x001e849a (2000026)
 */

-unsigned char gtp1_u[] = {
+unsigned char gtp1_u1[] = {
    0x30, 0xff, 0x00, 0x28, 0x00, 0x1e, 0x84, 0x9a};

-TEST(GTP1_UTILS, U_GET)
+TEST(GTP1_UTILS, U1_GET)
 {
-    const struct gtp1_hdr *hdr = (struct gtp1_hdr *)gtp1_u;
+    const struct gtp1_hdr *hdr = (struct gtp1_hdr *)gtp1_u1;

    // GTP Fixed Header Length + GTPv1-U Optional Headers + GTPv1-U Extension Headers
-    EXPECT_TRUE(calc_gtp1_hdr_len((const char *)gtp1_u, sizeof(gtp1_u)) == 8);
+    EXPECT_TRUE(calc_gtp1_hdr_len((const char *)gtp1_u1, sizeof(gtp1_u1)) == 8);
    EXPECT_TRUE(gtp1_hdr_get_flags(hdr) == 0x30);
    EXPECT_TRUE(gtp1_hdr_get_version(hdr) == 1);
    EXPECT_TRUE(gtp1_hdr_get_proto(hdr) == 1);
@@ -214,7 +214,7 @@ TEST(GTP1_UTILS, U_GET)
    printf("%s\n", buff);
 }

-TEST(GTP1_UTILS, U_SET)
+TEST(GTP1_UTILS, U1_SET)
 {
    char buff[8] = {0};

@@ -233,7 +233,82 @@ TEST(GTP1_UTILS, U_SET)
    gtp1_hdr_set_npdu(hdr, 0);
    gtp1_hdr_set_next_ext_type(hdr, 0);

-    EXPECT_TRUE(memcmp(buff, gtp1_u, 8) == 0);
+    EXPECT_TRUE(memcmp(buff, gtp1_u1, 8) == 0);
+}
+
+/*
+ * User Datagram Protocol, Src Port: 2152, Dst Port: 2152
+ * GPRS Tunneling Protocol
+ *     Flags: 0x34
+ *         001. .... = Version: GTP release 99 version (1)
+ *         ...1 .... = Protocol type: GTP (1)
+ *         .... 0... = Reserved: 0
+ *         .... .1.. = Is Next Extension Header present?: Yes
+ *         .... ..0. = Is Sequence Number present?: No
+ *         .... ...0 = Is N-PDU number present?: No
+ *     Message Type: T-PDU (0xff)
+ *     Length: 445
+ *     TEID: 0x01447453 (21263443)
+ *     Next extension header type: PDU Session container (0x85)
+ *     Extension header (PDU Session container)
+ *         Extension Header Length: 1
+ *         PDU Session Container
+ *             0001 .... = PDU Type: UL PDU SESSION INFORMATION (1)
+ *             .... 0000 = Spare: 0x0
+ *             00.. .... = Spare: 0x0
+ *             ..00 0001 = QoS Flow Identifier (QFI): 1
+ *         Next extension header type: No more extension headers (0x00)
+ */
+
+unsigned char gtp1_u2[] = {
+    0x34, 0xff, 0x01, 0xbd, 0x01, 0x44, 0x74, 0x53, 0x00, 0x00, 0x00, 0x85, 0x01, 0x10, 0x01, 0x00};
+
+TEST(GTP1_UTILS, U2_GET)
+{
+    const struct gtp1_hdr *hdr = (struct gtp1_hdr *)gtp1_u2;
+
+    // GTP Fixed Header Length + GTPv1-U Optional Headers + GTPv1-U Extension Headers
+    EXPECT_TRUE(calc_gtp1_hdr_len((const char *)gtp1_u2, sizeof(gtp1_u2)) == 16);
+    EXPECT_TRUE(gtp1_hdr_get_flags(hdr) == 0x34);
+    EXPECT_TRUE(gtp1_hdr_get_version(hdr) == 1);
+    EXPECT_TRUE(gtp1_hdr_get_proto(hdr) == 1);
+    EXPECT_TRUE(gtp1_hdr_get_reserved(hdr) == 0);
+    EXPECT_TRUE(gtp1_hdr_get_ext_flag(hdr) == 1);
+    EXPECT_TRUE(gtp1_hdr_get_seq_flag(hdr) == 0);
+    EXPECT_TRUE(gtp1_hdr_get_npdu_flag(hdr) == 0);
+    EXPECT_TRUE(gtp1_hdr_get_msg_type(hdr) == 0xff);
+    EXPECT_TRUE(gtp1_hdr_get_msg_len(hdr) == 445);
+    EXPECT_TRUE(gtp1_hdr_get_teid(hdr) == 21263443);
+    EXPECT_TRUE(gtp1_hdr_get_seq(hdr) == 0);
+    EXPECT_TRUE(gtp1_hdr_get_npdu(hdr) == 0);
+    EXPECT_TRUE(gtp1_hdr_get_next_ext_type(hdr) == 0x85);
+
+    char buff[1024] = {0};
+    gtp1_hdr_to_str(hdr, buff, sizeof(buff));
+    printf("%s\n", buff);
+}
+
+TEST(GTP1_UTILS, U2_SET)
+{
+    char buff[16] = {0};
+
+    struct gtp1_hdr *hdr = (struct gtp1_hdr *)buff;
+    gtp1_hdr_set_flags(hdr, 0x34);
+    gtp1_hdr_set_version(hdr, 1);
+    gtp1_hdr_set_proto(hdr, 1);
+    gtp1_hdr_set_reserved(hdr, 0);
+    gtp1_hdr_set_ext_flag(hdr, 1);
+    gtp1_hdr_set_seq_flag(hdr, 0);
+    gtp1_hdr_set_npdu_flag(hdr, 0);
+    gtp1_hdr_set_msg_type(hdr, 0xff);
+    gtp1_hdr_set_msg_len(hdr, 445);
+    gtp1_hdr_set_teid(hdr, 21263443);
+    gtp1_hdr_set_seq(hdr, 0);
+    gtp1_hdr_set_npdu(hdr, 0);
+    gtp1_hdr_set_next_ext_type(hdr, 0x85);
+
+    // not compare the extension header
+    EXPECT_TRUE(memcmp(buff, gtp1_u2, 12) == 0);
 }

 int main(int argc, char **argv)
--- a/src/packet/test/gtest_packet_parse.cpp
+++ b/src/packet/test/gtest_packet_parse.cpp
@@ -2842,6 +2842,210 @@ TEST(PACKET_PARSE, ETH_IP4_TCP_PADDING)
 }
 #endif

+/******************************************************************************
+ * [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ip:udp:data]
+ ******************************************************************************
+ *
+ * Frame 1: 515 bytes on wire (4120 bits), 515 bytes captured (4120 bits)
+ * Ethernet II, Src: 00:00:00_00:03:1c (00:00:00:00:03:1c), Dst: HuaweiTechno_f4:fc:31 (3c:9d:56:f4:fc:31)
+ *     Destination: HuaweiTechno_f4:fc:31 (3c:9d:56:f4:fc:31)
+ *     Source: 00:00:00_00:03:1c (00:00:00:00:03:1c)
+ *     Type: IPv6 (0x86dd)
+ * Internet Protocol Version 6, Src: 2408:8161:e100:10:0:16:3:a, Dst: 2408:8141:e0f0:1f08::4
+ *     0110 .... = Version: 6
+ *     .... 1011 1000 .... .... .... .... .... = Traffic Class: 0xb8 (DSCP: EF PHB, ECN: Not-ECT)
+ *         .... 1011 10.. .... .... .... .... .... = Differentiated Services Codepoint: Expedited Forwarding (46)
+ *         .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     .... 0100 0111 0100 0101 0011 = Flow Label: 0x47453
+ *     Payload Length: 461
+ *     Next Header: UDP (17)
+ *     Hop Limit: 252
+ *     Source Address: 2408:8161:e100:10:0:16:3:a
+ *     Destination Address: 2408:8141:e0f0:1f08::4
+ * User Datagram Protocol, Src Port: 2152, Dst Port: 2152
+ *     Source Port: 2152
+ *     Destination Port: 2152
+ *     Length: 461
+ *     Checksum: 0x6312 [correct]
+ *         [Calculated Checksum: 0x6312]
+ *     [Checksum Status: Good]
+ *     [Stream index: 0]
+ *     [Timestamps]
+ *         [Time since first frame: 0.000000000 seconds]
+ *         [Time since previous frame: 0.000000000 seconds]
+ *     UDP payload (453 bytes)
+ * GPRS Tunneling Protocol
+ *     Flags: 0x34
+ *         001. .... = Version: GTP release 99 version (1)
+ *         ...1 .... = Protocol type: GTP (1)
+ *         .... 0... = Reserved: 0
+ *         .... .1.. = Is Next Extension Header present?: Yes
+ *         .... ..0. = Is Sequence Number present?: No
+ *         .... ...0 = Is N-PDU number present?: No
+ *     Message Type: T-PDU (0xff)
+ *     Length: 445
+ *     TEID: 0x01447453 (21263443)
+ *     Next extension header type: PDU Session container (0x85)
+ *     Extension header (PDU Session container)
+ *         Extension Header Length: 1
+ *         PDU Session Container
+ *             0001 .... = PDU Type: UL PDU SESSION INFORMATION (1)
+ *             .... 0000 = Spare: 0x0
+ *             00.. .... = Spare: 0x0
+ *             ..00 0001 = QoS Flow Identifier (QFI): 1
+ *         Next extension header type: No more extension headers (0x00)
+ * Internet Protocol Version 4, Src: 10.67.71.179, Dst: 120.225.133.208
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 437
+ *     Identification: 0x51bf (20927)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 64
+ *     Protocol: UDP (17)
+ *     Header Checksum: 0xd6d1 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0xd6d1]
+ *     Source Address: 10.67.71.179
+ *     Destination Address: 120.225.133.208
+ * User Datagram Protocol, Src Port: 11102, Dst Port: 2152
+ *     Source Port: 11102
+ *     Destination Port: 2152
+ *     Length: 417
+ *     Checksum: 0x3bc2 [correct]
+ *         [Calculated Checksum: 0x3bc2]
+ *     [Checksum Status: Good]
+ *     [Stream index: 1]
+ *     [Timestamps]
+ *         [Time since first frame: 0.000000000 seconds]
+ *         [Time since previous frame: 0.000000000 seconds]
+ *     UDP payload (409 bytes)
+ * Data (409 bytes)
+ *     Data [truncated]: 226f2fcaba48055d4b5500030000019183000104090002810901000000110102010014100000011a3e425e9ae48c6929daebcd0e3cbd830402320bebc2000402270000000d02022800050215000a001800051c3503021612e5050217000000006d9f8ccd020218010402140000088
+ *     [Length: 409]
+ */
+
+unsigned char data17[] = {
+	0x3c, 0x9d, 0x56, 0xf4, 0xfc, 0x31, 0x00, 0x00, 0x00, 0x00, 0x03, 0x1c, 0x86, 0xdd, 0x6b, 0x84, 0x74, 0x53, 0x01, 0xcd, 0x11, 0xfc, 0x24, 0x08, 0x81, 0x61,
+	0xe1, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x16, 0x00, 0x03, 0x00, 0x0a, 0x24, 0x08, 0x81, 0x41, 0xe0, 0xf0, 0x1f, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x04, 0x08, 0x68, 0x08, 0x68, 0x01, 0xcd, 0x63, 0x12, 0x34, 0xff, 0x01, 0xbd, 0x01, 0x44, 0x74, 0x53, 0x00, 0x00, 0x00, 0x85, 0x01, 0x10, 0x01, 0x00,
+	0x45, 0x00, 0x01, 0xb5, 0x51, 0xbf, 0x00, 0x00, 0x40, 0x11, 0xd6, 0xd1, 0x0a, 0x43, 0x47, 0xb3, 0x78, 0xe1, 0x85, 0xd0, 0x2b, 0x5e, 0x08, 0x68, 0x01, 0xa1,
+	0x3b, 0xc2, 0x22, 0x6f, 0x2f, 0xca, 0xba, 0x48, 0x05, 0x5d, 0x4b, 0x55, 0x00, 0x03, 0x00, 0x00, 0x01, 0x91, 0x83, 0x00, 0x01, 0x04, 0x09, 0x00, 0x02, 0x81,
+	0x09, 0x01, 0x00, 0x00, 0x00, 0x11, 0x01, 0x02, 0x01, 0x00, 0x14, 0x10, 0x00, 0x00, 0x01, 0x1a, 0x3e, 0x42, 0x5e, 0x9a, 0xe4, 0x8c, 0x69, 0x29, 0xda, 0xeb,
+	0xcd, 0x0e, 0x3c, 0xbd, 0x83, 0x04, 0x02, 0x32, 0x0b, 0xeb, 0xc2, 0x00, 0x04, 0x02, 0x27, 0x00, 0x00, 0x00, 0x0d, 0x02, 0x02, 0x28, 0x00, 0x05, 0x02, 0x15,
+	0x00, 0x0a, 0x00, 0x18, 0x00, 0x05, 0x1c, 0x35, 0x03, 0x02, 0x16, 0x12, 0xe5, 0x05, 0x02, 0x17, 0x00, 0x00, 0x00, 0x00, 0x6d, 0x9f, 0x8c, 0xcd, 0x02, 0x02,
+	0x18, 0x01, 0x04, 0x02, 0x14, 0x00, 0x00, 0x08, 0x80, 0x06, 0x02, 0x03, 0x00, 0x00, 0x00, 0x0c, 0x31, 0x30, 0x2e, 0x36, 0x37, 0x2e, 0x37, 0x31, 0x2e, 0x31,
+	0x37, 0x39, 0x03, 0x02, 0x05, 0xdc, 0x01, 0x06, 0x02, 0x06, 0x00, 0x00, 0x00, 0x0e, 0x31, 0x31, 0x32, 0x2e, 0x31, 0x31, 0x31, 0x2e, 0x35, 0x35, 0x2e, 0x32,
+	0x34, 0x33, 0x03, 0x02, 0x08, 0xdc, 0x01, 0x01, 0x02, 0x09, 0x00, 0x14, 0xf1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe3, 0x6b,
+	0x65, 0xf6, 0xf9, 0x33, 0xcc, 0xa9, 0x06, 0x02, 0x10, 0x00, 0x00, 0x00, 0x0d, 0x32, 0x31, 0x31, 0x2e, 0x39, 0x31, 0x2e, 0x31, 0x36, 0x36, 0x2e, 0x34, 0x34,
+	0x03, 0x02, 0x11, 0x4e, 0x21, 0x06, 0x02, 0x1b, 0x00, 0x00, 0x00, 0xb8, 0x32, 0x31, 0x37, 0x36, 0x7c, 0x31, 0x30, 0x2e, 0x36, 0x37, 0x2e, 0x37, 0x31, 0x2e,
+	0x31, 0x37, 0x39, 0x7c, 0x30, 0x7c, 0x35, 0x36, 0x33, 0x32, 0x31, 0x7c, 0x31, 0x31, 0x32, 0x2e, 0x31, 0x31, 0x31, 0x2e, 0x35, 0x35, 0x2e, 0x32, 0x34, 0x33,
+	0x7c, 0x30, 0x7c, 0x35, 0x36, 0x33, 0x32, 0x31, 0x7c, 0x32, 0x31, 0x31, 0x2e, 0x39, 0x31, 0x2e, 0x31, 0x36, 0x36, 0x2e, 0x34, 0x34, 0x7c, 0x32, 0x30, 0x30,
+	0x30, 0x31, 0x7c, 0x46, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30,
+	0x30, 0x45, 0x33, 0x36, 0x42, 0x36, 0x35, 0x46, 0x36, 0x46, 0x39, 0x33, 0x33, 0x43, 0x43, 0x41, 0x39, 0x7c, 0x32, 0x34, 0x30, 0x38, 0x3a, 0x38, 0x34, 0x34,
+	0x62, 0x3a, 0x31, 0x38, 0x33, 0x30, 0x3a, 0x36, 0x31, 0x63, 0x62, 0x3a, 0x65, 0x63, 0x34, 0x32, 0x3a, 0x37, 0x65, 0x35, 0x32, 0x3a, 0x65, 0x65, 0x37, 0x38,
+	0x3a, 0x65, 0x32, 0x61, 0x38, 0x7c, 0x30, 0x7c, 0x38, 0x38, 0x38, 0x39, 0x7c, 0x32, 0x34, 0x30, 0x38, 0x3a, 0x38, 0x37, 0x33, 0x64, 0x3a, 0x31, 0x30, 0x3a,
+	0x34, 0x3a, 0x38, 0x30, 0x30, 0x3a, 0x3a, 0x34, 0x7c, 0x32, 0x30, 0x30, 0x30, 0x31, 0x04, 0x09, 0x02, 0x00, 0x00, 0x01, 0xf8};
+
+#if 1
+TEST(PACKET_PARSE, ETH_IP6_UDP_GTP_IP4_UDP)
+{
+	char buffer[256];
+	struct packet handler;
+
+	memset(&handler, 0, sizeof(handler));
+	const char *payload = packet_parse(&handler, (const char *)data17, sizeof(data17));
+	EXPECT_TRUE(payload != nullptr);
+	EXPECT_TRUE((char *)payload - (char *)&data17 == 14 + 40 + 8 + 16 + 20 + 8);
+	packet_dump_stdio(&handler);
+
+	/******************************************************
+	 * packet_get_outermost/innermost_layer
+	 ******************************************************/
+
+	// LAYER_PROTO_ETHER
+	const struct raw_layer *outer_eth_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_ETHER);
+	const struct raw_layer *inner_eth_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_ETHER);
+
+	EXPECT_TRUE(outer_eth_record != nullptr);
+	EXPECT_TRUE(inner_eth_record != nullptr);
+	EXPECT_TRUE(outer_eth_record == inner_eth_record);
+	EXPECT_TRUE(outer_eth_record->hdr_offset == 0);
+	EXPECT_TRUE(outer_eth_record->hdr_len == 14);
+	EXPECT_TRUE(outer_eth_record->pld_len == 501);
+
+	// LAYER_PROTO_IPV6
+	const struct raw_layer *outer_ipv6_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_IPV6);
+	const struct raw_layer *inner_ipv6_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_IPV6);
+
+	EXPECT_TRUE(outer_ipv6_record != nullptr);
+	EXPECT_TRUE(inner_ipv6_record != nullptr);
+	EXPECT_TRUE(outer_ipv6_record == inner_ipv6_record);
+	EXPECT_TRUE(outer_ipv6_record->hdr_offset == 14);
+	EXPECT_TRUE(outer_ipv6_record->hdr_len == 40);
+	EXPECT_TRUE(outer_ipv6_record->pld_len == 461);
+
+	// LAYER_PROTO_UDP
+	const struct raw_layer *outer_udp_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_UDP);
+
+	EXPECT_TRUE(outer_udp_record != nullptr);
+	EXPECT_TRUE(outer_udp_record->hdr_offset == 54);
+	EXPECT_TRUE(outer_udp_record->hdr_len == 8);
+	EXPECT_TRUE(outer_udp_record->pld_len == 453);
+
+	// LAYER_PROTO_GTP_U
+	const struct raw_layer *outer_gtpu_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_GTP_U);
+	const struct raw_layer *inner_gtpu_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_GTP_U);
+
+	EXPECT_TRUE(outer_gtpu_record != nullptr);
+	EXPECT_TRUE(inner_gtpu_record != nullptr);
+	EXPECT_TRUE(outer_gtpu_record == inner_gtpu_record);
+	EXPECT_TRUE(outer_gtpu_record->hdr_offset == 62);
+	EXPECT_TRUE(outer_gtpu_record->hdr_len == 16);
+	EXPECT_TRUE(outer_gtpu_record->pld_len == 437);
+
+	// LAYER_PROTO_IPV4
+	const struct raw_layer *inner_ipv4_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_IPV4);
+	const struct raw_layer *outer_ipv4_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_IPV4);
+
+	EXPECT_TRUE(inner_ipv4_record != nullptr);
+	EXPECT_TRUE(outer_ipv4_record != nullptr);
+	EXPECT_TRUE(inner_ipv4_record == outer_ipv4_record);
+	EXPECT_TRUE(inner_ipv4_record->hdr_offset == 78);
+	EXPECT_TRUE(inner_ipv4_record->hdr_len == 20);
+	EXPECT_TRUE(inner_ipv4_record->pld_len == 417);
+
+	// LAYER_PROTO_UDP
+	const struct raw_layer *inner_udp_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_UDP);
+
+	EXPECT_TRUE(inner_udp_record != nullptr);
+	EXPECT_TRUE(inner_udp_record->hdr_offset == 98);
+	EXPECT_TRUE(inner_udp_record->hdr_len == 8);
+	EXPECT_TRUE(inner_udp_record->pld_len == 409);
+
+	/******************************************************
+	 * packet_get_outermost/innermost_tuple4
+	 ******************************************************/
+
+	struct tuple4 outer_tuple4;
+	struct tuple4 inner_tuple4;
+	EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0);
+	EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0);
+	memset(buffer, 0, sizeof(buffer));
+	tuple4_to_str(&outer_tuple4, buffer, sizeof(buffer));
+	EXPECT_STREQ(buffer, "2408:8161:e100:10:0:16:3:a:2152-2408:8141:e0f0:1f08::4:2152");
+	memset(buffer, 0, sizeof(buffer));
+	tuple4_to_str(&inner_tuple4, buffer, sizeof(buffer));
+	EXPECT_STREQ(buffer, "10.67.71.179:11102-120.225.133.208:2152");
+}
+#endif
+
 int main(int argc, char **argv)
 {
 	::testing::InitGoogleTest(&argc, argv);