packet parser support L2TPv2

2024-05-24 16:14:20 +08:00
parent 570c93e616
commit 6c1f9d390c
5 changed files with 468 additions and 45 deletions
--- a/src/packet/test/gtest_packet.cpp
+++ b/src/packet/test/gtest_packet.cpp
@@ -4,7 +4,6 @@
 #include "packet_priv.h"

 /******************************************************************************
- * Pcap file: 1-ETH_VLAN_VLAN_IP4_IP4_UDP.pcap
 * [Protocols in frame: eth:ethertype:vlan:ethertype:vlan:ethertype:ip:ip:udp:data]
 ******************************************************************************
 *
@@ -221,7 +220,6 @@ TEST(PACKET, ETH_VLAN_VLAN_IP4_IP4_UDP)
 #endif

 /******************************************************************************
- * Pcap file: 2-ETH_IP6_IP4_TCP_SSH.pcap
 * [Protocols in frame: eth:ethertype:ipv6:ip:tcp:ssh]
 ******************************************************************************
 *
@@ -447,7 +445,6 @@ TEST(PACKET, ETH_IP6_IP4_TCP_SSH)
 #endif

 /******************************************************************************
- * Pcap file: 3-ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS.pcap
 * [Protocols in frame: eth:ethertype:vlan:ethertype:ipv6:ip:gre:ppp:ip:udp:dns]
 ******************************************************************************
 *
@@ -730,7 +727,6 @@ TEST(PACKET, ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS)
 #endif

 /******************************************************************************
- * Pcap file: 4-ETH_IP4_IP6_TCP.pcap
 * [Protocols in frame: eth:ethertype:ip:ipv6:tcp]
 ******************************************************************************
 *
@@ -929,7 +925,6 @@ TEST(PACKET, ETH_IP4_IP6_TCP)
 #endif

 /******************************************************************************
- * Pcap file: 5-ETH_IP6_IP6_UDP.pcap
 * [Protocols in frame: eth:ethertype:ipv6:ipv6:udp:data]
 ******************************************************************************
 *
@@ -1108,7 +1103,6 @@ TEST(PACKET, ETH_IP6_IP6_UDP)
 #endif

 /******************************************************************************
- * Pcap file: 6-ETH_MPLS_IP4_TCP.pcap
 * [Protocols in frame: eth:ethertype:mpls:ip:tcp]
 ******************************************************************************
 *
@@ -1306,7 +1300,6 @@ TEST(PACKET, ETH_MPLS_IP4_TCP)
 #endif

 /******************************************************************************
- * Pcap file: 7-ETH_MPLS_MPLS_IP4_TCP.pcap
 * [Protocols in frame: eth:ethertype:mpls:ip:tcp]
 ******************************************************************************
 *
@@ -1517,7 +1510,6 @@ TEST(PACKET, ETH_MPLS_MPLS_IP4_TCP)
 #endif

 /******************************************************************************
- * Pcap file: 8-ETH_VLAN_PPPOE_IP4_TCP.pcap
 * [Protocols in frame: eth:ethertype:vlan:ethertype:pppoes:ppp:ip:tcp]
 ******************************************************************************
 *
@@ -1739,7 +1731,6 @@ TEST(PACKET, ETH_VLAN_PPPOE_IP4_TCP)
 #endif

 /******************************************************************************
- * Pcap file: 9-ETH_IP6_UDP_GTP_IP6_TCP_TLS.pcap
 * [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ipv6:tcp:ja3:tls]
 ******************************************************************************
 *
@@ -2019,7 +2010,6 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP6_TCP_TLS)
 #endif

 /******************************************************************************
- * Pcap file: 10-ETH_IP6_UDP_GTP_IP4_TCP_TLS.pcap
 * [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ip:tcp:ja3:tls]
 ******************************************************************************
 *
@@ -2312,7 +2302,6 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP4_TCP_TLS)
 #endif

 /******************************************************************************
- * Pcap file: 11-ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS.pcap
 * [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:udp:dns]
 ******************************************************************************
 *
@@ -2544,7 +2533,6 @@ TEST(PACKET, ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS)
 #endif

 /******************************************************************************
- * Pcap file: 12-ETH_MPLS_MPLS_PWETHCW_ETH_ARP.pcap
 * [Protocols in frame: eth:ethertype:mpls:pwethheuristic:pwethcw:eth:ethertype:arp]
 ******************************************************************************
 *
@@ -2954,6 +2942,223 @@ TEST(PACKET, ETH_IP6_ICMP6)
 }
 #endif

+/******************************************************************************
+ * [Protocols in frame: eth:ethertype:ip:udp:l2tp:ppp:ip:udp:nbns]
+ ******************************************************************************
+ *
+ * Frame 1: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits)
+ * Ethernet II, Src: LCFCElectron_43:38:37 (28:d2:44:43:38:37), Dst: c0:00:14:8c:00:00 (c0:00:14:8c:00:00)
+ *     Destination: c0:00:14:8c:00:00 (c0:00:14:8c:00:00)
+ *     Source: LCFCElectron_43:38:37 (28:d2:44:43:38:37)
+ *     Type: IPv4 (0x0800)
+ * Internet Protocol Version 4, Src: 172.16.0.100, Dst: 172.16.0.254
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 136
+ *     Identification: 0x06ca (1738)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 128
+ *     Protocol: UDP (17)
+ *     Header Checksum: 0xda18 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0xda18]
+ *     Source Address: 172.16.0.100
+ *     Destination Address: 172.16.0.254
+ * User Datagram Protocol, Src Port: 1701, Dst Port: 1701
+ *     Source Port: 1701
+ *     Destination Port: 1701
+ *     Length: 116
+ *     Checksum: 0x962f [correct]
+ *         [Calculated Checksum: 0x962f]
+ *     [Checksum Status: Good]
+ *     [Stream index: 0]
+ *     [Timestamps]
+ *         [Time since first frame: 0.000000000 seconds]
+ *         [Time since previous frame: 0.000000000 seconds]
+ *     UDP payload (108 bytes)
+ * Layer 2 Tunneling Protocol
+ *     Flags: 0x4002, Type: Data Message, Length Bit
+ *         0... .... .... .... = Type: Data Message (0)
+ *         .1.. .... .... .... = Length Bit: Length field is present
+ *         .... 0... .... .... = Sequence Bit: Ns and Nr fields are not present
+ *         .... ..0. .... .... = Offset bit: Offset size field is not present
+ *         .... ...0 .... .... = Priority: No priority
+ *         .... .... .... 0010 = Version: 2
+ *     Length: 108
+ *     Tunnel ID: 28998
+ *     Session ID: 2
+ * Point-to-Point Protocol
+ *     Address: 0xff
+ *     Control: 0x03
+ *     Protocol: Internet Protocol version 4 (0x0021)
+ * Internet Protocol Version 4, Src: 172.16.2.100, Dst: 255.255.255.255
+ *     0100 .... = Version: 4
+ *     .... 0101 = Header Length: 20 bytes (5)
+ *     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
+ *         0000 00.. = Differentiated Services Codepoint: Default (0)
+ *         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
+ *     Total Length: 96
+ *     Identification: 0x0004 (4)
+ *     000. .... = Flags: 0x0
+ *         0... .... = Reserved bit: Not set
+ *         .0.. .... = Don't fragment: Not set
+ *         ..0. .... = More fragments: Not set
+ *     ...0 0000 0000 0000 = Fragment Offset: 0
+ *     Time to Live: 128
+ *     Protocol: UDP (17)
+ *     Header Checksum: 0x8c15 [correct]
+ *     [Header checksum status: Good]
+ *     [Calculated Checksum: 0x8c15]
+ *     Source Address: 172.16.2.100
+ *     Destination Address: 255.255.255.255
+ * User Datagram Protocol, Src Port: 137, Dst Port: 137
+ *     Source Port: 137
+ *     Destination Port: 137
+ *     Length: 76
+ *     Checksum: 0xba80 [correct]
+ *         [Calculated Checksum: 0xba80]
+ *     [Checksum Status: Good]
+ *     [Stream index: 1]
+ *     [Timestamps]
+ *         [Time since first frame: 0.000000000 seconds]
+ *         [Time since previous frame: 0.000000000 seconds]
+ *     UDP payload (68 bytes)
+ * NetBIOS Name Service
+ */
+
+unsigned char data15[] = {
+	0xc0, 0x00, 0x14, 0x8c, 0x00, 0x00, 0x28, 0xd2, 0x44, 0x43, 0x38, 0x37, 0x08, 0x00, 0x45, 0x00, 0x00, 0x88, 0x06, 0xca, 0x00, 0x00, 0x80, 0x11, 0xda, 0x18,
+	0xac, 0x10, 0x00, 0x64, 0xac, 0x10, 0x00, 0xfe, 0x06, 0xa5, 0x06, 0xa5, 0x00, 0x74, 0x96, 0x2f, 0x40, 0x02, 0x00, 0x6c, 0x71, 0x46, 0x00, 0x02, 0xff, 0x03,
+	0x00, 0x21, 0x45, 0x00, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00, 0x80, 0x11, 0x8c, 0x15, 0xac, 0x10, 0x02, 0x64, 0xff, 0xff, 0xff, 0xff, 0x00, 0x89, 0x00, 0x89,
+	0x00, 0x4c, 0xba, 0x80, 0xc6, 0x46, 0x29, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x20, 0x45, 0x4a, 0x45, 0x4a, 0x45, 0x46, 0x43, 0x4e, 0x46,
+	0x44, 0x45, 0x4e, 0x43, 0x4e, 0x46, 0x45, 0x45, 0x49, 0x45, 0x4a, 0x45, 0x4f, 0x45, 0x4c, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x41, 0x41, 0x00, 0x00, 0x20,
+	0x00, 0x01, 0xc0, 0x0c, 0x00, 0x20, 0x00, 0x01, 0x00, 0x04, 0x93, 0xe0, 0x00, 0x06, 0x00, 0x00, 0xac, 0x10, 0x02, 0x64};
+
+#if 1
+TEST(PACKET, ETH_IP4_UDP_L2TPV2_PPP_IP4_UDP)
+{
+	char buffer[256];
+	struct packet handler;
+
+	const char *payload = packet_parse(&handler, (const char *)data15, sizeof(data15));
+	EXPECT_TRUE(payload != nullptr);
+	EXPECT_TRUE((char *)payload - (char *)&data15 == 14 + 20 + 8 + 8 + 4 + 20 + 8);
+	packet_print(&handler);
+
+	/******************************************************
+	 * packet_get_outermost/innermost_layer
+	 ******************************************************/
+
+	// LAYER_TYPE_ETHER
+	const struct packet_layer *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER);
+
+	EXPECT_TRUE(outer_eth_record != nullptr);
+	EXPECT_TRUE(outer_eth_record->hdr_offset == 0);
+	EXPECT_TRUE(outer_eth_record->hdr_len == 14);
+	EXPECT_TRUE(outer_eth_record->pld_len == 136);
+
+	// LAYER_TYPE_L2
+	const struct packet_layer *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2);
+
+	EXPECT_TRUE(outer_l2_record != nullptr);
+	EXPECT_TRUE(outer_l2_record == outer_eth_record);
+
+	// LAYER_TYPE_IPV4
+	const struct packet_layer *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4);
+
+	EXPECT_TRUE(outer_ipv4_record != nullptr);
+	EXPECT_TRUE(outer_ipv4_record->hdr_offset == 14);
+	EXPECT_TRUE(outer_ipv4_record->hdr_len == 20);
+	EXPECT_TRUE(outer_ipv4_record->pld_len == 116);
+
+	// LAYER_TYPE_L3
+	const struct packet_layer *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3);
+
+	EXPECT_TRUE(outer_l3_record != nullptr);
+	EXPECT_TRUE(outer_l3_record == outer_ipv4_record);
+
+	// LAYER_TYPE_UDP
+	const struct packet_layer *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP);
+
+	EXPECT_TRUE(outer_udp_record != nullptr);
+	EXPECT_TRUE(outer_udp_record->hdr_offset == 34);
+	EXPECT_TRUE(outer_udp_record->hdr_len == 8);
+	EXPECT_TRUE(outer_udp_record->pld_len == 108);
+
+	// LAYER_TYPE_L4
+	const struct packet_layer *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4);
+
+	EXPECT_TRUE(outer_l4_record != nullptr);
+	EXPECT_TRUE(outer_l4_record == outer_udp_record);
+
+	// LAYER_TYPE_L2TP
+	const struct packet_layer *outer_l2tpv2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2TP);
+
+	EXPECT_TRUE(outer_l2tpv2_record != nullptr);
+	EXPECT_TRUE(outer_l2tpv2_record->hdr_offset == 42);
+	EXPECT_TRUE(outer_l2tpv2_record->hdr_len == 8);
+	EXPECT_TRUE(outer_l2tpv2_record->pld_len == 100);
+
+	// LAYER_TYPE_PPP
+	const struct packet_layer *outer_ppp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_PPP);
+
+	EXPECT_TRUE(outer_ppp_record != nullptr);
+	EXPECT_TRUE(outer_ppp_record->hdr_offset == 50);
+	EXPECT_TRUE(outer_ppp_record->hdr_len == 4);
+	EXPECT_TRUE(outer_ppp_record->pld_len == 96);
+
+	// LAYER_TYPE_IPV4
+	const struct packet_layer *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4);
+
+	EXPECT_TRUE(inner_ipv4_record != nullptr);
+	EXPECT_TRUE(inner_ipv4_record->hdr_offset == 54);
+	EXPECT_TRUE(inner_ipv4_record->hdr_len == 20);
+	EXPECT_TRUE(inner_ipv4_record->pld_len == 76);
+
+	// LAYER_TYPE_L3
+	const struct packet_layer *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3);
+
+	EXPECT_TRUE(inner_l3_record != nullptr);
+	EXPECT_TRUE(inner_l3_record == inner_ipv4_record);
+
+	// LAYER_TYPE_UDP
+	const struct packet_layer *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP);
+
+	EXPECT_TRUE(inner_udp_record != nullptr);
+	EXPECT_TRUE(inner_udp_record->hdr_offset == 74);
+	EXPECT_TRUE(inner_udp_record->hdr_len == 8);
+	EXPECT_TRUE(inner_udp_record->pld_len == 68);
+
+	// LAYER_TYPE_L4
+	const struct packet_layer *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4);
+
+	EXPECT_TRUE(inner_l4_record != nullptr);
+	EXPECT_TRUE(inner_l4_record == inner_udp_record);
+
+	/******************************************************
+	 * packet_get_outermost/innermost_tuple4
+	 ******************************************************/
+
+	struct tuple4 outer_tuple4;
+	struct tuple4 inner_tuple4;
+	EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0);
+	EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0);
+	memset(buffer, 0, sizeof(buffer));
+	tuple4_to_str(&outer_tuple4, buffer, sizeof(buffer));
+	EXPECT_STREQ(buffer, "172.16.0.100:1701-172.16.0.254:1701");
+	memset(buffer, 0, sizeof(buffer));
+	tuple4_to_str(&inner_tuple4, buffer, sizeof(buffer));
+	EXPECT_STREQ(buffer, "172.16.2.100:137-255.255.255.255:137");
+}
+#endif
+
 #if 1
 TEST(PACKET, HASH_VALUE)
 {