diff --git a/src/ip_reassembly/test/gtest_ipv4_reassembly.cpp b/src/ip_reassembly/test/gtest_ipv4_reassembly.cpp index e0b4b61..34b78c7 100644 --- a/src/ip_reassembly/test/gtest_ipv4_reassembly.cpp +++ b/src/ip_reassembly/test/gtest_ipv4_reassembly.cpp @@ -237,7 +237,7 @@ TEST(IPV4_REASSEMBLE, PADDING_ORDER) 0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); @@ -330,7 +330,7 @@ TEST(IPV4_REASSEMBLE, PADDING_UNORDER) 0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); @@ -485,7 +485,7 @@ TEST(IPV4_REASSEMBLE, DUP_FIRST_FRAG) 0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); @@ -589,7 +589,7 @@ TEST(IPV4_REASSEMBLE, DUP_LAST_FRAG) 0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); diff --git a/src/ip_reassembly/test/gtest_ipv6_reassembly.cpp b/src/ip_reassembly/test/gtest_ipv6_reassembly.cpp index b5c895a..ed955f3 100644 --- a/src/ip_reassembly/test/gtest_ipv6_reassembly.cpp +++ b/src/ip_reassembly/test/gtest_ipv6_reassembly.cpp @@ -670,7 +670,7 @@ TEST(IPV6_REASSEMBLE, NORMAL) 0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); @@ -841,7 +841,7 @@ TEST(IPV6_REASSEMBLE, DUP_FIRST_FRAG) 0, 0, 0, 0, 1, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); @@ -961,7 +961,7 @@ TEST(IPV6_REASSEMBLE, DUP_LAST_FRAG) 0, 0, 0, 0, 0, 1); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag // check packet - // packet_print(new_pkt); + // packet_print_str(new_pkt); EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */); EXPECT_TRUE(new_pkt->data_len == sizeof(expect)); EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0); diff --git a/src/packet/packet.cpp b/src/packet/packet.cpp index 6b81c3e..514b420 100644 --- a/src/packet/packet.cpp +++ b/src/packet/packet.cpp @@ -437,14 +437,15 @@ static inline struct packet_layer *get_free_layer(struct packet *pkt) return &pkt->layers[pkt->layers_used]; } -#define SET_LAYER(_pkt, _layer, _type, _hdr_len, _data, _len) \ +#define SET_LAYER(_pkt, _layer, _type, _hdr_len, _data, _len, _trim) \ { \ (_layer)->type = (_type); \ - (_layer)->hdr_offset = (_pkt)->data_len - (_len); \ + (_layer)->hdr_offset = (_pkt)->data_len - (_pkt)->trim_len - (_len); \ (_layer)->hdr_ptr = (_data); \ (_layer)->hdr_len = (_hdr_len); \ (_layer)->pld_ptr = (_data) + (_hdr_len); \ - (_layer)->pld_len = (_len) - (_hdr_len); \ + (_layer)->pld_len = (_len) - (_hdr_len) - (_trim); \ + (_pkt)->trim_len += (_trim); \ (_pkt)->layers_used++; \ PACKET_LOG_DEBUG("layer[%d/%d]: %s, hdr_offset: %d, hdr_ptr: %p, hdr_len: %d, pld_ptr: %p, pld_len: %d", \ (_pkt)->layers_used - 1, (_pkt)->layers_size, layer_type_to_str((_type)), \ @@ -750,7 +751,7 @@ static inline const char *parse_ether(struct packet *pkt, const char *data, uint return data; } uint16_t next_proto = ntohs(((struct ethhdr *)data)->h_proto); - SET_LAYER(pkt, layer, LAYER_TYPE_ETHER, sizeof(struct ethhdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_ETHER, sizeof(struct ethhdr), data, len, 0); // TESTED return parse_l3(pkt, next_proto, layer->pld_ptr, layer->pld_len); @@ -770,7 +771,7 @@ static inline const char *parse_ppp(struct packet *pkt, const char *data, uint16 return data; } uint16_t next_proto = ntohs(*((uint16_t *)data + 1)); - SET_LAYER(pkt, layer, LAYER_TYPE_PPP, 4, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_PPP, 4, data, len, 0); switch (next_proto) { @@ -801,7 +802,7 @@ static inline const char *parse_l2tpv2(struct packet *pkt, const char *data, uin { return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_L2TP, hdr_len, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_L2TP, hdr_len, data, len, 0); uint16_t control = ntohs(*((uint16_t *)data)); if (CONTROL_BIT(control)) @@ -846,7 +847,7 @@ static inline const char *parse_vlan(struct packet *pkt, const char *data, uint1 return data; } uint16_t next_proto = ntohs(((struct vlan_hdr *)data)->protocol); - SET_LAYER(pkt, layer, LAYER_TYPE_VLAN, sizeof(struct vlan_hdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_VLAN, sizeof(struct vlan_hdr), data, len, 0); // TESTED return parse_l3(pkt, next_proto, layer->pld_ptr, layer->pld_len); @@ -869,7 +870,7 @@ static inline const char *parse_pppoe_ses(struct packet *pkt, const char *data, return data; } uint16_t next_proto = *((uint16_t *)data + 3); - SET_LAYER(pkt, layer, LAYER_TYPE_PPPOE, 8, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_PPPOE, 8, data, len, 0); switch (next_proto) { @@ -966,7 +967,7 @@ static inline const char *parse_mpls(struct packet *pkt, const char *data, uint1 PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_MPLS); return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_MPLS, hdr_len, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_MPLS, hdr_len, data, len, 0); switch (next_proto) { @@ -1001,14 +1002,21 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1 return data; } struct ip *hdr = (struct ip *)data; - uint8_t next_proto = ipv4_hdr_get_proto(hdr); uint16_t hdr_len = ipv4_hdr_get_hdr_len(hdr); if (unlikely(hdr_len > len)) { PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_IPV4, hdr_len, data, len); + + uint16_t total_len = ipv4_hdr_get_total_len(hdr); + if (unlikely(total_len > len)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); + return data; + } + uint16_t trim_len = len - total_len; + SET_LAYER(pkt, layer, LAYER_TYPE_IPV4, hdr_len, data, len, trim_len); // ip fragmented if (ipv4_hdr_get_mf_flag(hdr) || ipv4_hdr_get_frag_offset(hdr)) @@ -1019,6 +1027,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1 } // TESTED + uint8_t next_proto = ipv4_hdr_get_proto(hdr); return parse_l4(pkt, next_proto, layer->pld_ptr, layer->pld_len); } @@ -1035,8 +1044,15 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1 { return data; } + uint16_t pld_len = ipv6_hdr_get_payload_len((const struct ip6_hdr *)data); + if (unlikely(pld_len + sizeof(struct ip6_hdr) > len)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + return data; + } + uint16_t trim_len = len - pld_len - sizeof(struct ip6_hdr); uint8_t next_proto = ipv6_hdr_get_next_header((const struct ip6_hdr *)data); - SET_LAYER(pkt, layer, LAYER_TYPE_IPV6, sizeof(struct ip6_hdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_IPV6, sizeof(struct ip6_hdr), data, len, trim_len); // ipv6 fragment if (next_proto == IPPROTO_FRAGMENT) @@ -1072,7 +1088,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16 return data; } uint16_t next_proto = ntohs(*((uint16_t *)data + 1)); - SET_LAYER(pkt, layer, LAYER_TYPE_GRE, hdr_len, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_GRE, hdr_len, data, len, 0); switch (next_proto) { @@ -1103,7 +1119,7 @@ static inline const char *parse_udp(struct packet *pkt, const char *data, uint16 return data; } struct udphdr *hdr = (struct udphdr *)data; - SET_LAYER(pkt, layer, LAYER_TYPE_UDP, sizeof(struct udphdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_UDP, sizeof(struct udphdr), data, len, 0); if (udp_hdr_get_dst_port(hdr) == 4789) { @@ -1162,7 +1178,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16 PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP); return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_TCP, hdr_len, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_TCP, hdr_len, data, len, 0); return layer->pld_ptr; } @@ -1180,7 +1196,7 @@ static inline const char *parse_icmp(struct packet *pkt, const char *data, uint1 { return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_ICMP, sizeof(struct icmphdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_ICMP, sizeof(struct icmphdr), data, len, 0); return layer->pld_ptr; } @@ -1198,7 +1214,7 @@ static inline const char *parse_icmp6(struct packet *pkt, const char *data, uint { return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_ICMP6, sizeof(struct icmp6_hdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_ICMP6, sizeof(struct icmp6_hdr), data, len, 0); return layer->pld_ptr; } @@ -1224,7 +1240,7 @@ static inline const char *parse_vxlan(struct packet *pkt, const char *data, uint { return data; } - SET_LAYER(pkt, layer, LAYER_TYPE_VXLAN, sizeof(struct vxlan_hdr), data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_VXLAN, sizeof(struct vxlan_hdr), data, len, 0); // TESTED return parse_ether(pkt, layer->pld_ptr, layer->pld_len); @@ -1245,7 +1261,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui return data; } uint8_t next_proto = (((const uint8_t *)(data + hdr_len))[0]) >> 4; - SET_LAYER(pkt, layer, LAYER_TYPE_GTPV1_U, hdr_len, data, len); + SET_LAYER(pkt, layer, LAYER_TYPE_GTPV1_U, hdr_len, data, len, 0); switch (next_proto) { @@ -1334,12 +1350,13 @@ const char *packet_parse(struct packet *pkt, const char *data, uint16_t len) pkt->layers_size = PACKET_MAX_LAYERS; pkt->data_ptr = data; pkt->data_len = len; + pkt->trim_len = 0; // TESTED return parse_ether(pkt, data, len); } -void packet_print(const struct packet *pkt) +void packet_print_str(const struct packet *pkt) { if (pkt == NULL) { @@ -1363,6 +1380,38 @@ void packet_print(const struct packet *pkt) printf("\n"); } +void packet_print_table(const struct packet *pkt) +{ + if (pkt == NULL) + { + return; + } + + printf("packet: %p, data_ptr: %p, data_len: %u, trim_len: %u, layers_used: %u, layers_size: %u\n", + pkt, pkt->data_ptr, pkt->data_len, pkt->trim_len, + pkt->layers_used, pkt->layers_size); + printf("+------------+------------+------------+------------+------------+------------+------------+\n"); + printf("| %-10s | %-10s | %-10s | %-10s | %-10s | %-10s | %-10s |\n", + "index", "type", "hdr ptr", "hdr offset", "hdr len", "pld ptr", "pld len"); + printf("+------------+------------+------------+------------+------------+------------+------------+\n"); + + for (uint8_t i = 0; i < pkt->layers_used; i++) + { + const struct packet_layer *layer = &pkt->layers[i]; + printf("| %-10u | %-10s | %-10p | %-10u | %-10u | %-10p | %-10u |\n", + i, layer_type_to_str(layer->type), + layer->hdr_ptr, layer->hdr_offset, layer->hdr_len, + layer->pld_ptr, layer->pld_len); + printf("+------------+------------+------------+------------+------------+------------+------------+\n"); + } + printf("data: "); + for (uint16_t i = 0; i < pkt->data_len; i++) + { + printf("0x%02x, ", (uint8_t)pkt->data_ptr[i]); + } + printf("\n"); +} + // return 0 : found // return -1 : not found int packet_get_innermost_tuple2(const struct packet *pkt, struct tuple2 *tuple) diff --git a/src/packet/packet_priv.h b/src/packet/packet_priv.h index dfcce46..ec60196 100644 --- a/src/packet/packet_priv.h +++ b/src/packet/packet_priv.h @@ -45,6 +45,7 @@ struct packet const char *data_ptr; uint16_t data_len; + uint16_t trim_len; // trim eth padding void *origin_ctx; // mbuff or pcap pointer enum packet_action action; @@ -53,7 +54,8 @@ struct packet // return innermost payload const char *packet_parse(struct packet *pkt, const char *data, uint16_t len); -void packet_print(const struct packet *pkt); +void packet_print_str(const struct packet *pkt); +void packet_print_table(const struct packet *pkt); // direction 1: E2I // direction 0: I2E diff --git a/src/packet/test/gtest_packet.cpp b/src/packet/test/gtest_packet.cpp index f2a4f36..98f268a 100644 --- a/src/packet/test/gtest_packet.cpp +++ b/src/packet/test/gtest_packet.cpp @@ -82,7 +82,7 @@ TEST(PACKET, ETH_VLAN_VLAN_IP4_IP4_UDP) const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data1 == 70); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -321,7 +321,7 @@ TEST(PACKET, ETH_IP6_IP4_TCP_SSH) const char *payload = packet_parse(&handler, (const char *)data2, sizeof(data2)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data2 == 94); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -540,7 +540,7 @@ TEST(PACKET, ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS) const char *payload = packet_parse(&handler, (const char *)data3, sizeof(data3)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data3 == 126); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -797,7 +797,7 @@ TEST(PACKET, ETH_IP4_IP6_TCP) const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data4 == 106); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -981,7 +981,7 @@ TEST(PACKET, ETH_IP6_IP6_UDP) const char *payload = packet_parse(&handler, (const char *)data5, sizeof(data5)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data5 == 102); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -1166,7 +1166,7 @@ TEST(PACKET, ETH_MPLS_IP4_TCP) const char *payload = packet_parse(&handler, (const char *)data6, sizeof(data6)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data6 == 70); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -1368,7 +1368,7 @@ TEST(PACKET, ETH_MPLS_MPLS_IP4_TCP) const char *payload = packet_parse(&handler, (const char *)data7, sizeof(data7)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data7 == 66); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -1583,7 +1583,7 @@ TEST(PACKET, ETH_VLAN_PPPOE_IP4_TCP) const char *payload = packet_parse(&handler, (const char *)data8, sizeof(data8)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data8 == 78); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -1863,7 +1863,7 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP6_TCP_TLS) const char *payload = packet_parse(&handler, (const char *)data9, sizeof(data9)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data9 == 130); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -2149,7 +2149,7 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP4_TCP_TLS) const char *payload = packet_parse(&handler, (const char *)data10, sizeof(data10)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data10 == 122); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -2383,7 +2383,7 @@ TEST(PACKET, ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS) const char *payload = packet_parse(&handler, (const char *)data11, sizeof(data11)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data11 == 92); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -2575,7 +2575,7 @@ TEST(PACKET, ETH_MPLS_MPLS_PWETHCW_ETH_ARP) const char *payload = packet_parse(&handler, (const char *)data12, sizeof(data12)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data12 == 40); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -2727,7 +2727,7 @@ TEST(PACKET, ETH_IP4_ICMP) const char *payload = packet_parse(&handler, (const char *)data13, sizeof(data13)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data13 == 14 + 20 + 8); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -2859,7 +2859,7 @@ TEST(PACKET, ETH_IP6_ICMP6) const char *payload = packet_parse(&handler, (const char *)data14, sizeof(data14)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data14 == 14 + 40 + 8); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -3050,7 +3050,7 @@ TEST(PACKET, ETH_IP4_UDP_L2TPV2_PPP_IP4_UDP) const char *payload = packet_parse(&handler, (const char *)data15, sizeof(data15)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data15 == 14 + 20 + 8 + 8 + 4 + 20 + 8); - packet_print(&handler); + packet_print_str(&handler); /****************************************************** * packet_get_outermost/innermost_layer @@ -3159,6 +3159,174 @@ TEST(PACKET, ETH_IP4_UDP_L2TPV2_PPP_IP4_UDP) } #endif +/****************************************************************************** + * [Protocols in frame: eth:ethertype:ip:tcp] + ****************************************************************************** + * + * Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) + * Ethernet II, Src: 52:54:00:94:27:9b (52:54:00:94:27:9b), Dst: 52:54:00:19:8f:63 (52:54:00:19:8f:63) + * Destination: 52:54:00:19:8f:63 (52:54:00:19:8f:63) + * Source: 52:54:00:94:27:9b (52:54:00:94:27:9b) + * Type: IPv4 (0x0800) + * Padding: 000000000000 + * Internet Protocol Version 4, Src: 192.168.122.202, Dst: 192.168.122.100 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * 0000 00.. = Differentiated Services Codepoint: Default (0) + * .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) + * Total Length: 40 + * Identification: 0x0c5e (3166) + * 010. .... = Flags: 0x2, Don't fragment + * 0... .... = Reserved bit: Not set + * .1.. .... = Don't fragment: Set + * ..0. .... = More fragments: Not set + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0xb7f2 [correct] + * [Header checksum status: Good] + * [Calculated Checksum: 0xb7f2] + * Source Address: 192.168.122.202 + * Destination Address: 192.168.122.100 + * Transmission Control Protocol, Src Port: 1080, Dst Port: 62395, Seq: 1457975085, Ack: 1047768425, Len: 0 + * Source Port: 1080 + * Destination Port: 62395 + * [Stream index: 0] + * [Conversation completeness: Incomplete (4)] + * ..0. .... = RST: Absent + * ...0 .... = FIN: Absent + * .... 0... = Data: Absent + * .... .1.. = ACK: Present + * .... ..0. = SYN-ACK: Absent + * .... ...0 = SYN: Absent + * [Completeness Flags: ···A··] + * [TCP Segment Len: 0] + * Sequence Number: 1457975085 + * [Next Sequence Number: 1457975085] + * Acknowledgment Number: 1047768425 + * 0101 .... = Header Length: 20 bytes (5) + * Flags: 0x010 (ACK) + * 000. .... .... = Reserved: Not set + * ...0 .... .... = Accurate ECN: Not set + * .... 0... .... = Congestion Window Reduced: Not set + * .... .0.. .... = ECN-Echo: Not set + * .... ..0. .... = Urgent: Not set + * .... ...1 .... = Acknowledgment: Set + * .... .... 0... = Push: Not set + * .... .... .0.. = Reset: Not set + * .... .... ..0. = Syn: Not set + * .... .... ...0 = Fin: Not set + * [TCP Flags: ·······A····] + * Window: 457 + * [Calculated window size: 457] + * [Window size scaling factor: -1 (unknown)] + * Checksum: 0x0da7 [correct] + * [Calculated Checksum: 0x0da7] + * [Checksum Status: Good] + * Urgent Pointer: 0 + * [Timestamps] + * [Time since first frame in this TCP stream: 0.000000000 seconds] + * [Time since previous frame in this TCP stream: 0.000000000 seconds] + */ + +unsigned char data16[] = { + 0x52, 0x54, 0x00, 0x19, 0x8f, 0x63, 0x52, 0x54, 0x00, 0x94, 0x27, 0x9b, 0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x0c, 0x5e, 0x40, 0x00, 0x40, 0x06, 0xb7, 0xf2, + 0xc0, 0xa8, 0x7a, 0xca, 0xc0, 0xa8, 0x7a, 0x64, 0x04, 0x38, 0xf3, 0xbb, 0x56, 0xe6, 0xef, 0x2d, 0x3e, 0x73, 0xad, 0x69, 0x50, 0x10, 0x01, 0xc9, 0x0d, 0xa7, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + +#if 1 +TEST(PACKET, ETH_IP4_TCP_PADDING) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data16, sizeof(data16)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data16 == 14 + 20 + 20); + packet_print_str(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct packet_layer *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct packet_layer *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 46); + + // LAYER_TYPE_L2 + const struct packet_layer *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct packet_layer *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV4 + const struct packet_layer *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct packet_layer *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 20); + + // LAYER_TYPE_L3 + const struct packet_layer *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct packet_layer *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == inner_l3_record); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct packet_layer *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct packet_layer *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 34); + EXPECT_TRUE(outer_tcp_record->hdr_len == 20); + EXPECT_TRUE(outer_tcp_record->pld_len == 0); + + // LAYER_TYPE_L4 + const struct packet_layer *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct packet_layer *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_to_str(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "192.168.122.202:1080-192.168.122.100:62395"); + memset(buffer, 0, sizeof(buffer)); + tuple4_to_str(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "192.168.122.202:1080-192.168.122.100:62395"); +} +#endif + #if 1 TEST(PACKET, HASH_VALUE) { @@ -3167,7 +3335,7 @@ TEST(PACKET, HASH_VALUE) const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4)); EXPECT_TRUE(payload != nullptr); EXPECT_TRUE((char *)payload - (char *)&data4 == 106); - packet_print(&handler); + packet_print_str(&handler); // buffer: "2001:da8:200:900e:200:5efe:d24d:58a3 0 2600:140e:6::1702:1058 0" // buffer: "210.77.88.163 0 59.66.4.50 0" diff --git a/test/packet_parser.cpp b/test/packet_parser.cpp index f1e55c6..95248cd 100644 --- a/test/packet_parser.cpp +++ b/test/packet_parser.cpp @@ -6,7 +6,7 @@ static void packet_handler(u_char *user, const struct pcap_pkthdr *h, const u_ch { struct packet pkt; packet_parse(&pkt, (const char *)bytes, h->caplen); - packet_print(&pkt); + packet_print_table(&pkt); } static void usage(char *cmd)