diff --git a/src/packet/packet.cpp b/src/packet/packet.cpp index 67f6b5c..029258a 100644 --- a/src/packet/packet.cpp +++ b/src/packet/packet.cpp @@ -16,28 +16,28 @@ #define likely(expr) __builtin_expect((expr), 1) #define unlikely(expr) __builtin_expect((expr), 0) -#define PACKET_LOG_DATA_INSUFFICIENCY(type) \ - { \ - PACKET_LOG_WARN("layer: %s, data insufficiency", \ - layer_type_to_str((type))); \ +#define PACKET_LOG_DATA_INSUFFICIENCY(pkt, layer) \ + { \ + PACKET_LOG_WARN("pkt: %p, layer: %s, data insufficiency", \ + (pkt), layer_type_to_str(layer)); \ } -#define PACKET_LOG_UNSUPPORT_PROTO(tag, next_proto) \ - { \ - PACKET_LOG_WARN("%s: unsupport next proto %d", \ - (tag), (next_proto)); \ +#define PACKET_LOG_UNSUPPORT_PROTO(pkt, layer, next_proto) \ + { \ + PACKET_LOG_WARN("pkt: %p, layer: %s, unsupport next proto %d", \ + (pkt), layer_type_to_str(layer), (next_proto)); \ } -#define PACKET_LOG_UNSUPPORT_ETHPROTO(tag, next_proto) \ - { \ - PACKET_LOG_WARN("%s: unsupport next eth proto %d: %s", \ - (tag), (next_proto), eth_proto_to_str(next_proto)); \ - } - -#define PACKET_LOG_UNSUPPORT_IPPROTO(tag, next_proto) \ +#define PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto) \ { \ - PACKET_LOG_WARN("%s: unsupport next ip proto %d: %s", \ - (tag), (next_proto), ip_proto_to_str(next_proto)); \ + PACKET_LOG_WARN("pkt: %p, layer: l3, unsupport next eth proto %s", \ + (pkt), eth_proto_to_str(next_proto)); \ + } + +#define PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto) \ + { \ + PACKET_LOG_WARN("pkt: %p, layer: l4, unsupport next ip proto %s", \ + (pkt), ip_proto_to_str(next_proto)); \ } /****************************************************************************** @@ -462,7 +462,7 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len) } } - if (version == 1) + else if (version == 1) { hdr_offset = 8; if (flags & GRE_SEQUENCE) @@ -474,6 +474,10 @@ static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len) hdr_offset += 4; } } + else + { + return 0; + } if (hdr_offset > len) { @@ -524,7 +528,7 @@ static inline uint16_t get_l2tpv2_hdr_len(const char *data, uint16_t len) if (CONTROL_BIT(control)) { - if (LENGTH_BIT(control) != 1 || SEQUENCE_BIT(control) != 1 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0) + if (LENGTH_BIT(control) == 0 || SEQUENCE_BIT(control) == 0 || OFFSET_BIT(control) != 0 || PRIORITY_BIT(control) != 0) { return 0; } @@ -580,7 +584,7 @@ static inline const char *parse_ether(struct packet *pkt, const char *data, uint { if (unlikely(len < sizeof(struct ethhdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ETHER); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ETHER); return data; } @@ -608,7 +612,7 @@ static inline const char *parse_pweth(struct packet *pkt, const char *data, uint */ if (unlikely(len < 4)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PWETH); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PWETH); return data; } @@ -677,7 +681,7 @@ static inline const char *parse_ppp(struct packet *pkt, const char *data, uint16 */ if (unlikely(len < 4)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPP); return data; } @@ -718,7 +722,7 @@ success: case PPP_IPV6: return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len); default: - PACKET_LOG_UNSUPPORT_PROTO("ppp", next_proto); + PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_PPP, next_proto); return layer->pld_ptr; } } @@ -730,7 +734,7 @@ static inline const char *parse_l2tpv2(struct packet *pkt, const char *data, uin uint16_t hdr_len = get_l2tpv2_hdr_len(data, len); if (unlikely(hdr_len == 0 || hdr_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_L2TP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_L2TP); return data; } @@ -774,7 +778,7 @@ static inline const char *parse_vlan(struct packet *pkt, const char *data, uint1 if (unlikely(len < sizeof(struct vlan_hdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VLAN); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VLAN); return data; } @@ -793,7 +797,7 @@ static inline const char *parse_pppoe_ses(struct packet *pkt, const char *data, { if (unlikely(len < 6)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPPOE); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_PPPOE); return data; } @@ -811,7 +815,7 @@ static inline const char *parse_mpls(struct packet *pkt, const char *data, uint1 { if (unlikely(len < 4)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_MPLS); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_MPLS); return data; } @@ -860,7 +864,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1 { if (unlikely(len < sizeof(struct ip))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4); return data; } @@ -873,14 +877,19 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1 uint16_t hdr_len = ipv4_hdr_get_hdr_len(hdr); if (unlikely(hdr_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4); return data; } uint16_t total_len = ipv4_hdr_get_total_len(hdr); if (unlikely(total_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV4); + return data; + } + if (unlikely(total_len < hdr_len)) + { + PACKET_LOG_ERROR("packet %p ip total_len %d < hdr_len %d", pkt, total_len, hdr_len); return data; } uint16_t trim_len = len - total_len; @@ -891,7 +900,7 @@ static inline const char *parse_ipv4(struct packet *pkt, const char *data, uint1 { PACKET_LOG_WARN("packet %p ip layer %p is fragmented", pkt, layer); pkt->frag_layer = layer; - // try continue parse + return layer->pld_ptr; } uint8_t next_proto = ipv4_hdr_get_proto(hdr); @@ -921,7 +930,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1 if (unlikely(len < sizeof(struct ip6_hdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6); return data; } @@ -934,7 +943,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1 uint16_t pld_len = ipv6_hdr_get_payload_len(hdr); if (unlikely(pld_len + sizeof(struct ip6_hdr) > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6); return data; } uint8_t next_proto = ipv6_hdr_get_next_header(hdr); @@ -945,14 +954,14 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1 { if (unlikely(pld_len < 2)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6); return data; } struct ip6_ext *ext = (struct ip6_ext *)next_hdr_ptr; uint16_t skip_len = ext->ip6e_len * 8 + 8; if (unlikely(skip_len > pld_len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_IPV6); return data; } hdr_len += skip_len; @@ -967,7 +976,7 @@ static inline const char *parse_ipv6(struct packet *pkt, const char *data, uint1 { PACKET_LOG_WARN("packet %p ipv6 layer %p is fragmented", pkt, layer); pkt->frag_layer = layer; - // try continue parse + return layer->pld_ptr; } return parse_l4(pkt, next_proto, layer->pld_ptr, layer->pld_len); @@ -983,7 +992,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16 uint16_t hdr_len = get_gre_hdr_len(data, len); if (unlikely(hdr_len == 0 || hdr_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GRE); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GRE); return data; } @@ -1004,7 +1013,7 @@ static inline const char *parse_gre(struct packet *pkt, const char *data, uint16 case GRE_PRO_PPP: return parse_ppp(pkt, layer->pld_ptr, layer->pld_len); default: - PACKET_LOG_UNSUPPORT_PROTO("gre", next_proto); + PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GRE, next_proto); return layer->pld_ptr; } } @@ -1013,7 +1022,7 @@ static inline const char *parse_udp(struct packet *pkt, const char *data, uint16 { if (unlikely(len < sizeof(struct udphdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_UDP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_UDP); return data; } @@ -1064,7 +1073,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16 { if (unlikely(len < sizeof(struct tcphdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP); return data; } @@ -1076,7 +1085,7 @@ static inline const char *parse_tcp(struct packet *pkt, const char *data, uint16 uint16_t hdr_len = tcp_hdr_get_hdr_len((const struct tcphdr *)data); if (unlikely(hdr_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_TCP); return data; } SET_LAYER(pkt, layer, LAYER_TYPE_TCP, hdr_len, data, len, 0); @@ -1088,7 +1097,7 @@ static inline const char *parse_icmp(struct packet *pkt, const char *data, uint1 { if (unlikely(len < sizeof(struct icmphdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP); return data; } @@ -1106,7 +1115,7 @@ static inline const char *parse_icmp6(struct packet *pkt, const char *data, uint { if (unlikely(len < sizeof(struct icmp6_hdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ICMP6); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_ICMP6); return data; } @@ -1132,7 +1141,7 @@ static inline const char *parse_vxlan(struct packet *pkt, const char *data, uint if (unlikely(len < sizeof(struct vxlan_hdr))) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VXLAN); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_VXLAN); return data; } @@ -1151,7 +1160,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui uint16_t hdr_len = get_gtp_hdr_len(data, len); if (unlikely(hdr_len == 0 || hdr_len > len)) { - PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GTPV1_U); + PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_TYPE_GTPV1_U); return data; } @@ -1170,7 +1179,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui case 6: return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len); default: - PACKET_LOG_UNSUPPORT_PROTO("gtp", next_proto); + PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_TYPE_GTPV1_U, next_proto); return layer->pld_ptr; } } @@ -1191,7 +1200,7 @@ static inline const char *parse_l3(struct packet *pkt, uint16_t next_proto, cons case ETH_P_MPLS_UC: return parse_mpls(pkt, data, len); default: - PACKET_LOG_UNSUPPORT_ETHPROTO("l3", next_proto); + PACKET_LOG_UNSUPPORT_ETHPROTO(pkt, next_proto); return data; } } @@ -1218,7 +1227,7 @@ static inline const char *parse_l4(struct packet *pkt, uint8_t next_proto, const // L2TP return parse_l2tpv3_over_ip(pkt, data, len); default: - PACKET_LOG_UNSUPPORT_IPPROTO("l4", next_proto); + PACKET_LOG_UNSUPPORT_IPPROTO(pkt, next_proto); return data; } } diff --git a/test/packet_parser/cmp_layers.sh b/test/packet_parser/cmp_layers.sh index d8af28c..7d690f7 100644 --- a/test/packet_parser/cmp_layers.sh +++ b/test/packet_parser/cmp_layers.sh @@ -18,26 +18,38 @@ function preprocess_tshark_ouput() { output_file=$2 cp ${input_file} ${output_file} kv_array=( - ":data" "" + ":tcp:pptp" ":tcp" + ":tcp-text-lines" ":tcp" + ":icmp:ip:udp" ":icmp" + ":icmpv6:ipv6:udp" ":icmpv6" + ":ieee8021ad" ":vlan" + ":x509sat" "" + ":x509ce" "" + ":pkix1implicit" "" + ":pkix1explicit" "" + ":data-text-lines" "" + ":http-text-lines" "" + ":websocket" "" + ":ssl" "" + ":ftp-data" "" + ":x11" "" ":ntp" "" ":rip" "" ":isakmp" "" ":esp" "" ":udpencap" "" + ":sip:sdp" "" ":sip" "" ":sdp" "" ":rtcp" "" ":rtp" "" ":ssh" "" ":dns" "" - ":ssl" "" ":gquic" "" - ":http-text-lines" "" - ":http" "" + ":http:data-text-lines" "" + ":http:data" "" ":msmms" "" ":bfd" "" - ":ftp-data-text-lines" "" - ":ftp" "" ":ssdp" "" ":mdns" "" ":radius" "" @@ -48,21 +60,23 @@ function preprocess_tshark_ouput() { ":oicq" "" ":json" "" ":media" "" - ":x11" "" ":telnet" "" - ":nbss:smb" "" + ":nbdgm:smb:browser" "" + ":smb2" "" + ":nbss" "" ":memcache" "" ":rtspi" "" ":rdt" "" ":rtsp" "" ":nbns" "" - ":nbdgm:smb:browser" "" ":lcp" "" ":chap" "" ":ipcp" "" ":comp_data" "" ":ccp" "" ":snmp" "" + ":socks:http:data" "" + ":socks:http" "" ":socks" "" ":bgp" "" ":eigrp" "" @@ -72,27 +86,40 @@ function preprocess_tshark_ouput() { ":vssmonitoring" "" ":mndp" "" ":websocket-text-lines" "" - ":websocket" "" ":image-jfif" "" ":png" "" - ":pkix1implicit" "" - ":x509sat" "" - ":x509ce" "" - ":pkix1explicit" "" ":llmnr" "" ":pkcs-1" "" + ":bitcoin:bitcoin" "" ":bitcoin" "" ":image-gif" "" ":dhcpv6" "" - ":tcp:pptp" ":tcp" - ":ieee8021ad" ":vlan" - ":tcp-text-lines" ":tcp" + ":arp" "" + ":ccsrl" "" + ":h245" "" + ":srp" "" + ":amr" "" + ":mp4v-es" "" + ":ajp13" "" + ":ocsp" "" + ":irc" "" + ":http" "" + ":ftp" "" + ":data" "" + ":sctp:m3ua" "" + ":sctp" "" + ":teredo:ipv6:udp" "" + ":teredo:ipv6:tcp" "" + ":teredo:ipv6:icmpv6" "" + ":teredo:ipv6:gre:ip:udp" "" + ":igmp" "" + ":icmp:ip:tcp" ":icmp" + ":pwethheuristic:pwethnocw" "" ) for ((i = 0; i < ${#kv_array[@]}; i += 2)); do key=${kv_array[i]} val=${kv_array[i + 1]} - sed "s/$key/$val/g" ${output_file} >${output_file}.tmp - mv ${output_file}.tmp ${output_file} + sed -i "s/$key/$val/g" ${output_file} done } @@ -107,8 +134,7 @@ function preprocess_parser_ouput() { for ((i = 0; i < ${#kv_array[@]}; i += 2)); do key=${kv_array[i]} val=${kv_array[i + 1]} - sed "s/$key/$val/g" ${output_file} >${output_file}.tmp - mv ${output_file}.tmp ${output_file} + sed -i "s/$key/$val/g" ${output_file} done } @@ -149,7 +175,10 @@ for pcap in "${pcap_files[@]}"; do fi done -printf "\033[32m\nTotal: ${total_count}, Passed: ${pass_count}, Failed: ${err_count}\033[0m\n" +printf "\033[33m Total : ${total_count} \033[0m\n" +printf "\033[32m Passed : ${pass_count} \033[0m\n" +printf "\033[31m Failed : ${err_count} \033[0m\n" + if [ "$err_count" -ne 0 ]; then - printf "\033[31mFailed pcap files are saved in ${err_pcap_dir}\033[0m\n" + printf "\n\033[31m failed pcap: ${err_pcap_dir} \033[0m\n" fi diff --git a/test/packet_parser/packet_parser.cpp b/test/packet_parser/packet_parser.cpp index ecf2004..ae6b68c 100644 --- a/test/packet_parser/packet_parser.cpp +++ b/test/packet_parser/packet_parser.cpp @@ -19,7 +19,7 @@ static int ipv6_proto_to_str(const struct packet_layer *ipv6_layer, char *buff, switch (next_hdr) { case IPPROTO_HOPOPTS: - used += snprintf(buff + used, size - used, ":ipv6.hopopt"); + used += snprintf(buff + used, size - used, ":ipv6.hopopts"); break; case IPPROTO_ROUTING: used += snprintf(buff + used, size - used, ":ipv6.routing"); @@ -53,7 +53,7 @@ static int packet_proto_to_str(const struct packet *pkt, char *buff, int size) used += snprintf(buff + used, size - used, "eth:ethertype"); break; case LAYER_TYPE_PWETH: - used += snprintf(buff + used, size - used, "pweth:ethertype"); + used += snprintf(buff + used, size - used, "pwethheuristic:pwethcw"); break; case LAYER_TYPE_PPP: used += snprintf(buff + used, size - used, "ppp");