gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add test case for tunnel

Browse Source
This commit is contained in:
luwenpeng
2024-06-19 14:43:32 +08:00
parent 327d6e7b14
commit c3fd452793
17 changed files with 933 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
include/stellar/layer.h
View File

@@ -47,14 +47,13 @@ enum layer_proto
// L4 -- tunnel
LAYER_PROTO_VXLAN = 61,
LAYER_PROTO_GTPV1_U = 62,
LAYER_PROTO_GTP = 62,
};
struct layer
{
enum layer_proto proto;
uint16_t payload_len;
uint16_t header_len;
uint16_t hdr_len;
union
{
struct ethhdr *eth;
@@ -65,26 +64,25 @@ struct layer
struct icmphdr *icmp4;
struct icmp6_hdr *icmp6;
struct mpls_label *mpls;
const char *raw;
} header;
const char *payload;
char *raw;
} hdr;
};
int packet_get_layer_count(const struct packet *pkt);
// return 0: success 
// return -1: failed
int packet_get_layer(const struct packet *pkt, int idx, struct layer *out);
int packet_get_layer_by_idx(const struct packet *pkt, int idx, struct layer *out);
#define PACKET_FOREACH_LAYER_INORDER(pkt, layer) \
for (int i = 0; i < packet_get_layer_count(pkt) && packet_get_layer(pkt, i, &layer) == 0; i++)
for (int i = 0; i < packet_get_layer_count(pkt) && packet_get_layer_by_idx(pkt, i, &layer) == 0; i++)
#define PACKET_FOREACH_LAYER_REVERSE(pkt, layer) \
for (int i = packet_get_layer_count(pkt) - 1; i >= 0 && packet_get_layer(pkt, i, &layer) == 0; i--)
for (int i = packet_get_layer_count(pkt) - 1; i >= 0 && packet_get_layer_by_idx(pkt, i, &layer) == 0; i--)
#define PACKET_GETALL_LAYERS(pkt, layers) \
{ \
int num = MIN(packet_get_layer_count(pkt), (sizeof(layers) / sizeof(layers[0]))); \
for (int i = 0; i < num && packet_get_layer(pkt, i, &layers[i]) == 0; i++) \
for (int i = 0; i < num && packet_get_layer_by_idx(pkt, i, &layers[i]) == 0; i++) \
/* void */; \
return num; \
}

40
include/stellar/tunnel.h
View File

@@ -6,30 +6,26 @@ extern "C"
{
#endif
#include <stdint.h>
#include "layer.h"
enum tunnel_type
{
// none tunnel
TUNNEL_NONE = 0, // contain layers: IPv4 + TCP
// contain layers: IPv4 + UDP
// contain layers: IPv4
// contain layers: IPv6 + TCP
// contain layers: IPv6 + UDP
// contain layers: IPv6
TUNNEL_IPV4 = 1, // contain layers: IPv4, (next inner layer must be IPv4 / IPv6)
TUNNEL_IPV6 = 2, // contain layers: IPv6, (next inner layer must be IPv4 / IPv6)
// GRE tunnel
TUNNEL_GRE, // contain layers: IPv4 + GRE
// contain layers: IPv6 + GRE
TUNNEL_GRE = 3, // contain layers: IPv4 + GRE
// contain layers: IPv6 + GRE
// GTP tunnel
TUNNEL_GTP, // contain layers: IPv4 + UDP + GTP
// contain layers: IPv6 + UDP + GTP
TUNNEL_GTP = 4, // contain layers: IPv4 + UDP + GTP
// contain layers: IPv6 + UDP + GTP
// IP tunnel
TUNNEL_IPV4, // contain layers: IPv4, (next inner layer must be IPv4 / IPv6)
TUNNEL_IPV6, // contain layers: IPv6, (next inner layer must be IPv4 / IPv6)
TUNNEL_VXLAN = 5, // contain layers: IPv4 + UDP + VXLAN
// contain layers: IPv6 + UDP + VXLAN
TUNNEL_L2TP = 6, // contain layers: IPv4 + UDP + L2TP
// contain layers: IPv6 + UDP + L2TP
TUNNEL_TEREDO = 7, // contain layers: IPv4 + UDP, (next inner layer must be IPv6)
};
#define MAX_LAYERS_PER_TUNNEL 3
@@ -37,25 +33,25 @@ struct tunnel
{
enum tunnel_type type;
int used;
int layer_count;
struct layer layers[MAX_LAYERS_PER_TUNNEL];
};
int packet_get_tunnel_count(const struct packet *pkt);
// return 0: success 
// return -1: failed
int packet_get_tunnel(const struct packet *pkt, int idx, struct tunnel *out);
int packet_get_tunnel_by_idx(const struct packet *pkt, int idx, struct tunnel *out);
#define PACKET_FOREACH_TUNNEL_INORDER(pkt, tunnel) \
for (int i = 0; i < packet_get_tunnel_count(pkt) && packet_get_tunnel(pkt, i, &tunnel) == 0; i++)
for (int i = 0; i < packet_get_tunnel_count(pkt) && packet_get_tunnel_by_idx(pkt, i, &tunnel) == 0; i++)
#define PACKET_FOREACH_TUNNEL_REVERSE(pkt, tunnel) \
for (int i = packet_get_tunnel_count(pkt) - 1; i >= 0 && packet_get_tunnel(pkt, i, &tunnel) == 0; i--)
for (int i = packet_get_tunnel_count(pkt) - 1; i >= 0 && packet_get_tunnel_by_idx(pkt, i, &tunnel) == 0; i--)
#define PACKET_GETALL_TUNNELS(pkt, tunnels) \
{ \
int num = MIN(packet_get_tunnel_count(pkt), (sizeof(tunnels) / sizeof(tunnels[0]))); \
for (int i = 0; i < num && packet_get_tunnel(pkt, i, &tunnels[i]) == 0; i++) \
for (int i = 0; i < num && packet_get_tunnel_by_idx(pkt, i, &tunnels[i]) == 0; i++) \
/* void */; \
return num; \
}

8
src/ip_reassembly/test/gtest_ipv4_reassembly.cpp
View File

@@ -239,7 +239,7 @@ TEST(IPV4_REASSEMBLE, PADDING_ORDER)
0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);
@@ -334,7 +334,7 @@ TEST(IPV4_REASSEMBLE, PADDING_UNORDER)
0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);
@@ -494,7 +494,7 @@ TEST(IPV4_REASSEMBLE, DUP_FIRST_FRAG)
0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);
@@ -601,7 +601,7 @@ TEST(IPV4_REASSEMBLE, DUP_LAST_FRAG)
0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 20 /* IPv4 */ + 20 /* TCP */ + 28 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);

6
src/ip_reassembly/test/gtest_ipv6_reassembly.cpp
View File

@@ -674,7 +674,7 @@ TEST(IPV6_REASSEMBLE, NORMAL)
0, 0, 0, 0, 0, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);
@@ -852,7 +852,7 @@ TEST(IPV6_REASSEMBLE, DUP_FIRST_FRAG)
0, 0, 0, 0, 1, 0); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);
@@ -977,7 +977,7 @@ TEST(IPV6_REASSEMBLE, DUP_LAST_FRAG)
0, 0, 0, 0, 0, 1); // ip6: nospace, overlap, many frag, invalid length, dup first frag, dup last frag
// check packet
// packet_print_str(new_pkt);
// packet_print(new_pkt);
EXPECT_TRUE(new_pkt->data_len == 14 /* ETH */ + 40 /* IPv6 */ + 8 /* UDP */ + 5379 /* DATA */);
EXPECT_TRUE(new_pkt->data_len == sizeof(expect));
EXPECT_TRUE(memcmp(new_pkt->data_ptr, expect, new_pkt->data_len) == 0);

14
src/packet/packet.cpp
View File

@@ -149,8 +149,8 @@ static inline const char *layer_proto_to_str(enum layer_proto proto)
return "ICMP6";
case LAYER_PROTO_VXLAN:
return "VXLAN";
case LAYER_PROTO_GTPV1_U:
return "GTPV1";
case LAYER_PROTO_GTP:
return "GTP";
default:
return "UNKNOWN";
}
@@ -1041,7 +1041,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
uint16_t hdr_len = get_gtp_hdr_len(data, len);
if (unlikely(hdr_len == 0 || hdr_len > len))
{
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_PROTO_GTPV1_U);
PACKET_LOG_DATA_INSUFFICIENCY(pkt, LAYER_PROTO_GTP);
return data;
}
@@ -1051,7 +1051,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
return data;
}
uint8_t next_proto = (((const uint8_t *)(data + hdr_len))[0]) >> 4;
SET_LAYER(pkt, layer, LAYER_PROTO_GTPV1_U, hdr_len, data, len, 0);
SET_LAYER(pkt, layer, LAYER_PROTO_GTP, hdr_len, data, len, 0);
switch (next_proto)
{
@@ -1060,7 +1060,7 @@ static inline const char *parse_gtpv1_u(struct packet *pkt, const char *data, ui
case 6:
return parse_ipv6(pkt, layer->pld_ptr, layer->pld_len);
default:
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_PROTO_GTPV1_U, next_proto);
PACKET_LOG_UNSUPPORT_PROTO(pkt, LAYER_PROTO_GTP, next_proto);
return layer->pld_ptr;
}
}
@@ -1134,7 +1134,7 @@ const char *packet_parse(struct packet *pkt, const char *data, uint16_t len)
return parse_ether(pkt, data, len);
}
void packet_print_str(const struct packet *pkt)
void packet_print(const struct packet *pkt)
{
if (pkt == NULL)
{
@@ -1197,7 +1197,7 @@ void packet_print_str(const struct packet *pkt)
case LAYER_PROTO_VXLAN:
used = vxlan_hdr_to_str((const struct vxlan_hdr *)layer->hdr_ptr, buffer, sizeof(buffer));
break;
case LAYER_PROTO_GTPV1_U:
case LAYER_PROTO_GTP:
break;
default:
break;

2
src/packet/packet_layer.cpp
View File

@@ -1,7 +1,7 @@
#include "packet_priv.h"
#include "packet_utils.h"
int packet_get_layer(const struct packet *pkt, int idx, struct layer *out)
int packet_get_layer_by_idx(const struct packet *pkt, int idx, struct layer *out)
{
const struct raw_layer *raw = packet_get_raw_layer(pkt, idx);
if (raw == NULL)

2
src/packet/packet_priv.h
View File

@@ -74,7 +74,7 @@ struct packet
// return innermost payload
const char *packet_parse(struct packet *pkt, const char *data, uint16_t len);
void packet_print_str(const struct packet *pkt);
void packet_print(const struct packet *pkt);
// return 0: found
// return -1: not found

156
src/packet/packet_tunnel.cpp
View File

@@ -4,48 +4,116 @@
#include "packet_priv.h"
#include "packet_utils.h"
static void layers_to_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2, struct tunnel *out)
struct tunnel_detector
{
assert(curr);
enum tunnel_type type;
int contain_layers;
int (*identify_func)(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2);
};
// GRE tunnel
if (next1 && next1->proto == LAYER_PROTO_GRE)
static int is_ipv4_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && curr->proto == LAYER_PROTO_IPV4 &&
next1 && (next1->proto == LAYER_PROTO_IPV4 || next1->proto == LAYER_PROTO_IPV6))
{
out->type = TUNNEL_GRE;
out->used = 2;
layer_convert(curr, &out->layers[0]);
layer_convert(next1, &out->layers[1]);
return;
return 1;
}
// GTP tunnel
if (next1 && next1->proto == LAYER_PROTO_UDP && next2 && next2->proto == LAYER_PROTO_GTPV1_U)
return 0;
}
static int is_ipv6_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && curr->proto == LAYER_PROTO_IPV6 &&
next1 && (next1->proto == LAYER_PROTO_IPV4 || next1->proto == LAYER_PROTO_IPV6))
{
out->type = TUNNEL_GTP;
out->used = 3;
layer_convert(curr, &out->layers[0]);
layer_convert(next1, &out->layers[1]);
layer_convert(next2, &out->layers[2]);
return;
return 1;
}
// IP tunnel
if (next1 && (next1->proto == LAYER_PROTO_IPV4 || next1->proto == LAYER_PROTO_IPV6))
return 0;
}
static int is_gre_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6) &&
next1 && next1->proto == LAYER_PROTO_GRE)
{
out->type = curr->proto == LAYER_PROTO_IPV4 ? TUNNEL_IPV4 : TUNNEL_IPV6;
out->used = 1;
layer_convert(curr, &out->layers[0]);
return;
return 1;
}
// none tunnel
out->type = TUNNEL_NONE;
layer_convert(curr, &out->layers[out->used++]);
if (next1 && (next1->proto == LAYER_PROTO_TCP || next1->proto == LAYER_PROTO_UDP))
return 0;
}
static int is_gtp_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6) &&
next1 && next1->proto == LAYER_PROTO_UDP &&
next2 && next2->proto == LAYER_PROTO_GTP)
{
layer_convert(next1, &out->layers[out->used++]);
return 1;
}
return;
return 0;
}
static int is_vxlan_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6) &&
next1 && next1->proto == LAYER_PROTO_UDP &&
next2 && next2->proto == LAYER_PROTO_VXLAN)
{
return 1;
}
return 0;
}
static int is_l2tp_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6) &&
next1 && next1->proto == LAYER_PROTO_UDP &&
next2 && next2->proto == LAYER_PROTO_L2TP)
{
return 1;
}
return 0;
}
static int is_teredo_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
if (curr && curr->proto == LAYER_PROTO_IPV4 &&
next1 && next1->proto == LAYER_PROTO_UDP &&
next2 && next2->proto == LAYER_PROTO_IPV6)
{
return 1;
}
return 0;
}
static struct tunnel_detector detectors[] = {
{TUNNEL_IPV4, 1, is_ipv4_tunnel},
{TUNNEL_IPV6, 1, is_ipv6_tunnel},
{TUNNEL_GRE, 2, is_gre_tunnel},
{TUNNEL_GTP, 3, is_gtp_tunnel},
{TUNNEL_VXLAN, 3, is_vxlan_tunnel},
{TUNNEL_L2TP, 3, is_l2tp_tunnel},
{TUNNEL_TEREDO, 2, is_teredo_tunnel},
};
// return index of detectors
static int detect_tunnel(const struct raw_layer *curr, const struct raw_layer *next1, const struct raw_layer *next2)
{
for (int i = 0; i < (int)(sizeof(detectors) / sizeof(detectors[0])); i++)
{
if (detectors[i].identify_func(curr, next1, next2))
{
return i;
}
}
return -1;
}
int packet_get_tunnel_count(const struct packet *pkt)
@@ -53,11 +121,15 @@ int packet_get_tunnel_count(const struct packet *pkt)
int count = 0;
int used = packet_get_layer_count(pkt);
const struct raw_layer *curr = NULL;
const struct raw_layer *next1 = NULL;
const struct raw_layer *next2 = NULL;
for (int i = 0; i < used; i++)
{
curr = packet_get_raw_layer(pkt, i);
if (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6)
next1 = packet_get_raw_layer(pkt, i + 1);
next2 = packet_get_raw_layer(pkt, i + 2);
if (detect_tunnel(curr, next1, next2) >= 0)
{
count++;
}
@@ -68,8 +140,9 @@ int packet_get_tunnel_count(const struct packet *pkt)
// return 0: success 
// return -1: failed
int packet_get_tunnel(const struct packet *pkt, int idx, struct tunnel *out)
int packet_get_tunnel_by_idx(const struct packet *pkt, int idx, struct tunnel *out)
{
int ret = -1;
int count = 0;
int used = packet_get_layer_count(pkt);
const struct raw_layer *curr = NULL;
@@ -82,16 +155,19 @@ int packet_get_tunnel(const struct packet *pkt, int idx, struct tunnel *out)
curr = packet_get_raw_layer(pkt, i);
next1 = packet_get_raw_layer(pkt, i + 1);
next2 = packet_get_raw_layer(pkt, i + 2);
if (curr->proto == LAYER_PROTO_IPV4 || curr->proto == LAYER_PROTO_IPV6)
ret = detect_tunnel(curr, next1, next2);
if (ret >= 0 && count++ == idx)
{
if (count == idx)
{
layers_to_tunnel(curr, next1, next2, out);
return 0;
}
count++;
struct tunnel_detector *hit = &detectors[ret];
out->type = hit->type;
out->layer_count = hit->contain_layers;
if (out->layer_count >= 1)
layer_convert(curr, &out->layers[0]);
if (out->layer_count >= 2)
layer_convert(next1, &out->layers[1]);
if (out->layer_count >= 3)
layer_convert(next2, &out->layers[2]);
return 0;
}
}

6
src/packet/packet_utils.cpp
View File

@@ -196,8 +196,6 @@ void layer_convert(const struct raw_layer *in, struct layer *out)
}
out->proto = in->proto;
out->header_len = in->hdr_len;
out->payload_len = in->pld_len;
out->header.raw = in->hdr_ptr;
out->payload = in->pld_ptr;
out->hdr_len = in->hdr_len;
out->hdr.raw = (char *)in->hdr_ptr;
}

4
src/packet/test/CMakeLists.txt
View File

@@ -1,6 +1,9 @@
add_executable(gtest_packet gtest_packet.cpp)
target_link_libraries(gtest_packet packet gtest)
add_executable(gtest_tunnel gtest_tunnel.cpp)
target_link_libraries(gtest_tunnel packet gtest)
add_executable(gtest_udp_utils gtest_udp_utils.cpp)
target_link_libraries(gtest_udp_utils packet gtest)
@@ -36,6 +39,7 @@ target_link_libraries(gtest_packet_frag packet gtest)
include(GoogleTest)
gtest_discover_tests(gtest_packet)
gtest_discover_tests(gtest_tunnel)
gtest_discover_tests(gtest_udp_utils)
gtest_discover_tests(gtest_tcp_utils)
gtest_discover_tests(gtest_ipv4_utils)

8
src/packet/test/gtest_gre_utils.cpp
View File

@@ -19,7 +19,7 @@
unsigned char ver0_data1[] = {
0x00, 0x00, 0x08, 0x00};
TEST(GRE_VER0_UTILS, NO_OPTION)
TEST(GREV0_UTILS, NO_OPTION)
{
const struct gre_hdr *hdr = (struct gre_hdr *)ver0_data1;
@@ -45,7 +45,7 @@ TEST(GRE_VER0_UTILS, NO_OPTION)
unsigned char ver0_data2[] = {0x20, 0x00, 0x08, 0x00, 0x00, 0x00, 0x03, 0x84};
TEST(GRE_VER0_UTILS, KEY_OPTION)
TEST(GREV0_UTILS, KEY_OPTION)
{
const struct gre_hdr *hdr = (struct gre_hdr *)ver0_data2;
@@ -89,7 +89,7 @@ unsigned char ver0_data3[] = {
0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x20,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
TEST(GRE_VER0_UTILS, CHECKSUM_ROUTING_OPTION)
TEST(GREV0_UTILS, CHECKSUM_ROUTING_OPTION)
{
const struct gre_hdr *hdr = (struct gre_hdr *)ver0_data3;
@@ -120,7 +120,7 @@ TEST(GRE_VER0_UTILS, CHECKSUM_ROUTING_OPTION)
unsigned char ver1_data1[] = {
0x30, 0x81, 0x88, 0x0b, 0x00, 0x67, 0x17, 0x80, 0x00, 0x06, 0x8f, 0xb1, 0x00, 0x08, 0x3a, 0x76};
TEST(GRE_VER1_UTILS, SEQ_ACK_OPTION)
TEST(GREV1_UTILS, SEQ_ACK_OPTION)
{
const struct gre_hdr *hdr = (struct gre_hdr *)ver1_data1;

12
src/packet/test/gtest_l2tp_utils.cpp
View File

@@ -91,7 +91,7 @@ unsigned char v2_over_udp_ctrl_msg[] = {
0x00, 0x08, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x80, 0x08, 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x80, 0x08, 0x00, 0x00, 0x00, 0x0a, 0x00,
0x08};
TEST(L2TP_V2_OVER_UDP_UTILS, CRTL_MSG)
TEST(L2TPV2_OVER_UDP_UTILS, CRTL_MSG)
{
const struct l2tp_hdr *hdr = (struct l2tp_hdr *)v2_over_udp_ctrl_msg;
@@ -117,7 +117,7 @@ TEST(L2TP_V2_OVER_UDP_UTILS, CRTL_MSG)
unsigned char v2_over_udp_data_msg[] = {
0x40, 0x02, 0x00, 0x4e, 0x71, 0x46, 0x00, 0x02};
TEST(L2TP_V2_OVER_UDP_UTILS, DATA_MSG)
TEST(L2TPV2_OVER_UDP_UTILS, DATA_MSG)
{
const struct l2tp_hdr *hdr = (struct l2tp_hdr *)v2_over_udp_data_msg;
@@ -132,7 +132,7 @@ TEST(L2TP_V2_OVER_UDP_UTILS, DATA_MSG)
unsigned char v3_over_udp_ctrl_msg[] = {};
TEST(L2TP_V3_OVER_UDP_UTILS, CRTL_MSG)
TEST(L2TPV3_OVER_UDP_UTILS, CRTL_MSG)
{
// TODO
}
@@ -153,7 +153,7 @@ TEST(L2TP_V3_OVER_UDP_UTILS, CRTL_MSG)
unsigned char v3_over_udp_data_msg[] = {
0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x0f, 0xa0, 0x00, 0x00, 0x00, 0x00};
TEST(L2TP_V3_OVER_UDP_UTILS, DATA_MSG)
TEST(L2TPV3_OVER_UDP_UTILS, DATA_MSG)
{
const struct l2tp_hdr *hdr = (struct l2tp_hdr *)v3_over_udp_data_msg;
@@ -168,7 +168,7 @@ TEST(L2TP_V3_OVER_UDP_UTILS, DATA_MSG)
unsigned char v3_over_ip_ctrl_msg[] = {};
TEST(L2TP_V3_OVER_IP_UTILS, CRTL_MSG)
TEST(L2TPV3_OVER_IP_UTILS, CRTL_MSG)
{
// TODO
}
@@ -183,7 +183,7 @@ TEST(L2TP_V3_OVER_IP_UTILS, CRTL_MSG)
unsigned char v3_over_ip_data_msg[] = {
0x00, 0x00, 0x96, 0x52, 0xca, 0x03, 0x10, 0x78};
TEST(L2TP_V3_OVER_IP_UTILS, DATA_MSG)
TEST(L2TPV3_OVER_IP_UTILS, DATA_MSG)
{
EXPECT_TRUE(ntohl(*((uint32_t *)v3_over_ip_data_msg)) != 0); // data message
EXPECT_TRUE(calc_ip_l2tpv3_hdr_len((const char *)v3_over_ip_data_msg, sizeof(v3_over_ip_data_msg)) == 8);

46
src/packet/test/gtest_packet.cpp
View File

@@ -83,7 +83,7 @@ TEST(PACKET, ETH_VLAN_VLAN_IP4_IP4_UDP)
const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data1 == 70);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -287,7 +287,7 @@ TEST(PACKET, ETH_IP6_IP4_TCP_SSH)
const char *payload = packet_parse(&handler, (const char *)data2, sizeof(data2));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data2 == 94);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -480,7 +480,7 @@ TEST(PACKET, ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS)
const char *payload = packet_parse(&handler, (const char *)data3, sizeof(data3));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data3 == 126);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -687,7 +687,7 @@ TEST(PACKET, ETH_IP4_IP6_TCP)
const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data4 == 106);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -842,7 +842,7 @@ TEST(PACKET, ETH_IP6_IP6_UDP)
const char *payload = packet_parse(&handler, (const char *)data5, sizeof(data5));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data5 == 102);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -998,7 +998,7 @@ TEST(PACKET, ETH_MPLS_IP4_TCP)
const char *payload = packet_parse(&handler, (const char *)data6, sizeof(data6));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data6 == 70);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -1165,7 +1165,7 @@ TEST(PACKET, ETH_MPLS_MPLS_IP4_TCP)
const char *payload = packet_parse(&handler, (const char *)data7, sizeof(data7));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data7 == 66);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -1342,7 +1342,7 @@ TEST(PACKET, ETH_VLAN_PPPOE_IP4_TCP)
const char *payload = packet_parse(&handler, (const char *)data8, sizeof(data8));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data8 == 78);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -1595,7 +1595,7 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP6_TCP_TLS)
const char *payload = packet_parse(&handler, (const char *)data9, sizeof(data9));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data9 == 130);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -1631,9 +1631,9 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP6_TCP_TLS)
EXPECT_TRUE(outer_udp_record->hdr_len == 8);
EXPECT_TRUE(outer_udp_record->pld_len == 1380);
// LAYER_PROTO_GTPV1_U
const struct raw_layer *outer_gtp_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_GTPV1_U);
const struct raw_layer *inner_gtp_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_GTPV1_U);
// LAYER_PROTO_GTP
const struct raw_layer *outer_gtp_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_GTP);
const struct raw_layer *inner_gtp_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_GTP);
EXPECT_TRUE(outer_gtp_record != nullptr);
EXPECT_TRUE(inner_gtp_record != nullptr);
@@ -1849,7 +1849,7 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP4_TCP_TLS)
const char *payload = packet_parse(&handler, (const char *)data10, sizeof(data10));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data10 == 122);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -1888,9 +1888,9 @@ TEST(PACKET, ETH_IP6_UDP_GTP_IP4_TCP_TLS)
EXPECT_TRUE(outer_udp_record->hdr_len == 8);
EXPECT_TRUE(outer_udp_record->pld_len == 1408);
// LAYER_PROTO_GTPV1_U
const struct raw_layer *outer_gtp_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_GTPV1_U);
const struct raw_layer *inner_gtp_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_GTPV1_U);
// LAYER_PROTO_GTP
const struct raw_layer *outer_gtp_record = packet_get_outermost_raw_layer(&handler, LAYER_PROTO_GTP);
const struct raw_layer *inner_gtp_record = packet_get_innermost_raw_layer(&handler, LAYER_PROTO_GTP);
EXPECT_TRUE(outer_gtp_record != nullptr);
EXPECT_TRUE(inner_gtp_record != nullptr);
@@ -2051,7 +2051,7 @@ TEST(PACKET, ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS)
const char *payload = packet_parse(&handler, (const char *)data11, sizeof(data11));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data11 == 92);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2208,7 +2208,7 @@ TEST(PACKET, ETH_MPLS_MPLS_PWETHCW_ETH_ARP)
const char *payload = packet_parse(&handler, (const char *)data12, sizeof(data12));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data12 == 40);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2345,7 +2345,7 @@ TEST(PACKET, ETH_IP4_ICMP)
const char *payload = packet_parse(&handler, (const char *)data13, sizeof(data13));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data13 == 14 + 20 + 8);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2451,7 +2451,7 @@ TEST(PACKET, ETH_IP6_ICMP6)
const char *payload = packet_parse(&handler, (const char *)data14, sizeof(data14));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data14 == 14 + 40 + 8);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2616,7 +2616,7 @@ TEST(PACKET, ETH_IP4_UDP_L2TPV2_PPP_IP4_UDP)
const char *payload = packet_parse(&handler, (const char *)data15, sizeof(data15));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data15 == 14 + 20 + 8 + 8 + 4 + 20 + 8);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2781,7 +2781,7 @@ TEST(PACKET, ETH_IP4_TCP_PADDING)
const char *payload = packet_parse(&handler, (const char *)data16, sizeof(data16));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data16 == 14 + 20 + 20);
packet_print_str(&handler);
packet_print(&handler);
/******************************************************
* packet_get_outermost/innermost_layer
@@ -2846,7 +2846,7 @@ TEST(PACKET, HASH_VALUE)
const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4));
EXPECT_TRUE(payload != nullptr);
EXPECT_TRUE((char *)payload - (char *)&data4 == 106);
packet_print_str(&handler);
packet_print(&handler);
// buffer: "2001:da8:200:900e:200:5efe:d24d:58a3 0 2600:140e:6::1702:1058 0"
// buffer: "210.77.88.163 0 59.66.4.50 0"

723
src/packet/test/gtest_tunnel.cpp Normal file
View File

@@ -0,0 +1,723 @@
#include <gtest/gtest.h>
#include "stellar/layer.h"
#include "stellar/tunnel.h"
#include "packet_priv.h"
#include "ipv4_utils.h"
#include "ipv6_utils.h"
#include "udp_utils.h"
#include "gre_utils.h"
#include "vxlan_utils.h"
/******************************************************************************
* [Protocols in frame: eth:ethertype:vlan:ethertype:vlan:ethertype:ip:ip:udp:data]
******************************************************************************
*
* Frame 1: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
* Ethernet II, Src: HuaweiTe_3b:b3:9a (a4:c6:4f:3b:b3:9a), Dst: 00:00:00_00:00:04 (00:00:00:00:00:04)
* Destination: 00:00:00_00:00:04 (00:00:00:00:00:04)
* Source: HuaweiTe_3b:b3:9a (a4:c6:4f:3b:b3:9a)
* Type: 802.1Q Virtual LAN (0x8100)
* 802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 1624
* 011. .... .... .... = Priority: Critical Applications (3)
* ...0 .... .... .... = DEI: Ineligible
* .... 0110 0101 1000 = ID: 1624
* Type: 802.1Q Virtual LAN (0x8100)
* 802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 505
* 011. .... .... .... = Priority: Critical Applications (3)
* ...0 .... .... .... = DEI: Ineligible
* .... 0001 1111 1001 = ID: 505
* Type: IPv4 (0x0800)
* Internet Protocol Version 4, Src: 69.67.35.146, Dst: 41.202.46.110
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0xb8 (DSCP: EF PHB, ECN: Not-ECT)
* Total Length: 148
* Identification: 0xe858 (59480)
* 000. .... = Flags: 0x0
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 255
* Protocol: IPIP (4)
* Header Checksum: 0x1148 [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 69.67.35.146
* Destination Address: 41.202.46.110
* Internet Protocol Version 4, Src: 10.10.100.25, Dst: 10.10.101.2
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0xb8 (DSCP: EF PHB, ECN: Not-ECT)
* Total Length: 128
* Identification: 0x0001 (1)
* 000. .... = Flags: 0x0
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 254
* Protocol: UDP (17)
* Header Checksum: 0xde84 [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 10.10.100.25
* Destination Address: 10.10.101.2
* User Datagram Protocol, Src Port: 62367, Dst Port: 17000
* Source Port: 62367
* Destination Port: 17000
* Length: 108
* Checksum: 0x4b9a [unverified]
* [Checksum Status: Unverified]
* [Stream index: 0]
* [Timestamps]
* [Time since first frame: 0.000000000 seconds]
* [Time since previous frame: 0.000000000 seconds]
* UDP payload (100 bytes)
* Data (100 bytes)
*/
unsigned char data1[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94,
0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11,
0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10,
0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd,
0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd};
/******************************************************************************
* [Protocols in frame: eth:ethertype:vlan:ethertype:ipv6:ip:gre:ppp:ip:udp:dns]
******************************************************************************
*
* Frame 1: 272 bytes on wire (2176 bits), 272 bytes captured (2176 bits)
* Ethernet II, Src: Cisco_e6:82:c4 (00:19:06:e6:82:c4), Dst: 10:01:00:00:61:3d (10:01:00:00:61:3d)
* Destination: 10:01:00:00:61:3d (10:01:00:00:61:3d)
* Source: Cisco_e6:82:c4 (00:19:06:e6:82:c4)
* Type: 802.1Q Virtual LAN (0x8100)
* 802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 100
* 000. .... .... .... = Priority: Best Effort (default) (0)
* ...0 .... .... .... = DEI: Ineligible
* .... 0000 0110 0100 = ID: 100
* Type: IPv6 (0x86dd)
* Internet Protocol Version 6, Src: 2607:fcd0:100:2300::b108:2a6b, Dst: 2402:f000:1:8e01::5555
* 0110 .... = Version: 6
* .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
* .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
* Payload Length: 214
* Next Header: IPIP (4)
* Hop Limit: 57
* Source Address: 2607:fcd0:100:2300::b108:2a6b
* Destination Address: 2402:f000:1:8e01::5555
* Internet Protocol Version 4, Src: 192.52.166.154, Dst: 16.0.0.200
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* Total Length: 214
* Identification: 0x842f (33839)
* 010. .... = Flags: 0x2, Don't fragment
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 64
* Protocol: Generic Routing Encapsulation (47)
* Header Checksum: 0x3e33 [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 192.52.166.154
* Destination Address: 16.0.0.200
* Generic Routing Encapsulation (PPP)
* Flags and Version: 0x3081
* Protocol Type: PPP (0x880b)
* Payload Length: 178
* Call ID: 17
* Sequence Number: 538640
* Acknowledgment Number: 429725
* Point-to-Point Protocol
* Address: 0xff
* Control: 0x03
* Protocol: Internet Protocol version 4 (0x0021)
* Internet Protocol Version 4, Src: 8.8.8.8, Dst: 172.16.44.3
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* Total Length: 174
* Identification: 0x2f9c (12188)
* 000. .... = Flags: 0x0
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 50
* Protocol: UDP (17)
* Header Checksum: 0x7080 [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 8.8.8.8
* Destination Address: 172.16.44.3
* User Datagram Protocol, Src Port: 53, Dst Port: 9879
* Source Port: 53
* Destination Port: 9879
* Length: 154
* Checksum: 0x45d9 [unverified]
* [Checksum Status: Unverified]
* [Stream index: 0]
* [Timestamps]
* UDP payload (146 bytes)
* Domain Name System (response)
*/
unsigned char data2[] = {
0x10, 0x01, 0x00, 0x00, 0x61, 0x3d, 0x00, 0x19, 0x06, 0xe6, 0x82, 0xc4, 0x81, 0x00, 0x00, 0x64, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x00, 0xd6, 0x04, 0x39,
0x26, 0x07, 0xfc, 0xd0, 0x01, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x08, 0x2a, 0x6b, 0x24, 0x02, 0xf0, 0x00, 0x00, 0x01, 0x8e, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x55, 0x55, 0x45, 0x00, 0x00, 0xd6, 0x84, 0x2f, 0x40, 0x00, 0x40, 0x2f, 0x3e, 0x33, 0xc0, 0x34, 0xa6, 0x9a, 0x10, 0x00, 0x00, 0xc8,
0x30, 0x81, 0x88, 0x0b, 0x00, 0xb2, 0x00, 0x11, 0x00, 0x08, 0x38, 0x10, 0x00, 0x06, 0x8e, 0x9d, 0xff, 0x03, 0x00, 0x21, 0x45, 0x00, 0x00, 0xae, 0x2f, 0x9c,
0x00, 0x00, 0x32, 0x11, 0x70, 0x80, 0x08, 0x08, 0x08, 0x08, 0xac, 0x10, 0x2c, 0x03, 0x00, 0x35, 0x26, 0x97, 0x00, 0x9a, 0x45, 0xd9, 0xb4, 0xe2, 0x81, 0x83,
0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x35, 0x78, 0x71, 0x74, 0x2d, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x2d, 0x6d, 0x6f, 0x64, 0x65, 0x32, 0x2d,
0x37, 0x38, 0x63, 0x30, 0x36, 0x64, 0x63, 0x37, 0x2d, 0x30, 0x34, 0x61, 0x37, 0x2d, 0x34, 0x38, 0x35, 0x33, 0x2d, 0x38, 0x34, 0x38, 0x33, 0x2d, 0x61, 0x35,
0x36, 0x32, 0x38, 0x39, 0x37, 0x36, 0x65, 0x32, 0x33, 0x33, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x02, 0xf0, 0x00, 0x40,
0x01, 0x61, 0x0c, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x03, 0x6e, 0x65, 0x74, 0x00, 0x05, 0x6e, 0x73, 0x74, 0x6c, 0x64,
0x0c, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2d, 0x67, 0x72, 0x73, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x78, 0x0d, 0x09, 0x09, 0x00, 0x00, 0x07, 0x08,
0x00, 0x00, 0x03, 0x84, 0x00, 0x09, 0x3a, 0x80, 0x00, 0x01, 0x51, 0x80};
/******************************************************************************
* [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ipv6:tcp:ja3:tls]
******************************************************************************
*
* Frame 1: 1442 bytes on wire (11536 bits), 1442 bytes captured (11536 bits)
* Ethernet II, Src: zte_0e:f5:40 (74:4a:a4:0e:f5:40), Dst: HuaweiTe_40:e9:c2 (ac:b3:b5:40:e9:c2)
* Destination: HuaweiTe_40:e9:c2 (ac:b3:b5:40:e9:c2)
* Source: zte_0e:f5:40 (74:4a:a4:0e:f5:40)
* Type: IPv6 (0x86dd)
* Internet Protocol Version 6, Src: 2409:8034:4040:5300::105, Dst: 2409:8034:4025::60:61
* 0110 .... = Version: 6
* .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
* .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
* Payload Length: 1388
* Next Header: UDP (17)
* Hop Limit: 127
* Source Address: 2409:8034:4040:5300::105
* Destination Address: 2409:8034:4025::60:61
* User Datagram Protocol, Src Port: 2152, Dst Port: 2152
* Source Port: 2152
* Destination Port: 2152
* Length: 1388
* Checksum: 0xeb00 [unverified]
* [Checksum Status: Unverified]
* [Stream index: 0]
* [Timestamps]
* UDP payload (1380 bytes)
* GPRS Tunneling Protocol
* Flags: 0x30
* Message Type: T-PDU (0xff)
* Length: 1372
* TEID: 0x024c3cbd (38550717)
* Internet Protocol Version 6, Src: 2409:8c34:4400:700:0:4:0:3, Dst: 2409:8934:5082:2100:ecad:e0e4:530a:c269
* 0110 .... = Version: 6
* .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
* .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
* Payload Length: 1332
* Next Header: TCP (6)
* Hop Limit: 56
* Source Address: 2409:8c34:4400:700:0:4:0:3
* Destination Address: 2409:8934:5082:2100:ecad:e0e4:530a:c269
* Transmission Control Protocol, Src Port: 443, Dst Port: 46582, Seq: 1, Ack: 1, Len: 1312
* Source Port: 443
* Destination Port: 46582
* [Stream index: 0]
* [Conversation completeness: Incomplete (8)]
* [TCP Segment Len: 1312]
* Sequence Number: 1 (relative sequence number)
* Sequence Number (raw): 2198097831
* [Next Sequence Number: 1313 (relative sequence number)]
* Acknowledgment Number: 1 (relative ack number)
* Acknowledgment number (raw): 2264498872
* 0101 .... = Header Length: 20 bytes (5)
* Flags: 0x010 (ACK)
* Window: 529
* [Calculated window size: 529]
* [Window size scaling factor: -1 (unknown)]
* Checksum: 0x2c4b [unverified]
* [Checksum Status: Unverified]
* Urgent Pointer: 0
* [Timestamps]
* [SEQ/ACK analysis]
* TCP payload (1312 bytes)
* Transport Layer Security
*/
unsigned char data3[] = {
0xac, 0xb3, 0xb5, 0x40, 0xe9, 0xc2, 0x74, 0x4a, 0xa4, 0x0e, 0xf5, 0x40, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x05, 0x6c, 0x11, 0x7f, 0x24, 0x09, 0x80, 0x34,
0x40, 0x40, 0x53, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x05, 0x24, 0x09, 0x80, 0x34, 0x40, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60,
0x00, 0x61, 0x08, 0x68, 0x08, 0x68, 0x05, 0x6c, 0xeb, 0x00, 0x30, 0xff, 0x05, 0x5c, 0x02, 0x4c, 0x3c, 0xbd, 0x60, 0x00, 0x00, 0x00, 0x05, 0x34, 0x06, 0x38,
0x24, 0x09, 0x8c, 0x34, 0x44, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x03, 0x24, 0x09, 0x89, 0x34, 0x50, 0x82, 0x21, 0x00, 0xec, 0xad,
0xe0, 0xe4, 0x53, 0x0a, 0xc2, 0x69, 0x01, 0xbb, 0xb5, 0xf6, 0x83, 0x04, 0x4f, 0xa7, 0x86, 0xf9, 0x82, 0xb8, 0x50, 0x10, 0x02, 0x11, 0x2c, 0x4b, 0x00, 0x00,
0x17, 0x03, 0x03, 0x3c, 0x8c, 0x87, 0xa0, 0x99, 0x23, 0x5b, 0x53, 0x4a, 0x12, 0x1b, 0xf8, 0xba, 0xe8, 0x83, 0xc2, 0x95, 0xda, 0xb8, 0xea, 0x5b, 0xdc, 0x84,
0x61, 0xa9, 0x86, 0x7e, 0x43, 0xc7, 0x31, 0x44, 0x6e, 0x11, 0xc1, 0x30, 0x21, 0x03, 0xb4, 0x21, 0x4a, 0xee, 0xc9, 0x2e, 0x14, 0xd2, 0x98, 0x63, 0x12, 0xfe,
0x79, 0x58, 0xb3, 0x18, 0xa6, 0x8d, 0x0c, 0x62, 0x67, 0x51, 0xef, 0x02, 0x5a, 0xa8, 0xb3, 0x82, 0x1f, 0xe4, 0x51, 0xba, 0xde, 0xee, 0x83, 0x9c, 0x4e, 0xac,
0x4d, 0xa2, 0xb7, 0x6a, 0x82, 0xe7, 0xbb, 0x00, 0xf7, 0x5a, 0xe7, 0x02, 0x71, 0x7e, 0x7d, 0x6f, 0xf2, 0xe5, 0x47, 0xd0, 0xba, 0x3c, 0x51, 0x09, 0x95, 0xcd,
0xf6, 0xc9, 0x8b, 0x6f, 0xb0, 0x39, 0x11, 0x0d, 0xe9, 0x0d, 0x4d, 0x29, 0xd4, 0xcb, 0x87, 0xba, 0x11, 0xfa, 0x0d, 0x0b, 0x82, 0x95, 0xa5, 0x84, 0x94, 0x48,
0xa2, 0xee, 0xa4, 0xb7, 0xb6, 0x76, 0x13, 0x4d, 0x18, 0x42, 0x91, 0x77, 0xad, 0x82, 0x38, 0xee, 0x34, 0x1c, 0xb7, 0xf6, 0x39, 0xdc, 0xa4, 0x23, 0xa1, 0x7c,
0xa5, 0x0b, 0x7e, 0x4c, 0x8b, 0x81, 0x31, 0x48, 0xea, 0xf4, 0x18, 0x37, 0x09, 0x0a, 0x53, 0x13, 0x05, 0x90, 0x26, 0x10, 0x69, 0xb2, 0xa3, 0x36, 0xbc, 0xa5,
0x83, 0xd8, 0x16, 0x77, 0x98, 0xc8, 0x21, 0x38, 0xd9, 0x88, 0x0c, 0xa7, 0x16, 0x97, 0x4e, 0x20, 0x6d, 0x68, 0xda, 0x1b, 0x3b, 0x4a, 0x62, 0xe0, 0x36, 0x0d,
0xbf, 0x30, 0x71, 0xb1, 0xe9, 0xbe, 0x47, 0x77, 0x99, 0xb9, 0xe6, 0x26, 0xab, 0x81, 0x2e, 0x46, 0xf1, 0x1b, 0x1e, 0xfb, 0xd7, 0x81, 0x60, 0x21, 0x4a, 0x71,
0x85, 0xf7, 0x9c, 0x9c, 0xd4, 0x1c, 0x52, 0xc4, 0x3d, 0x8d, 0x72, 0xf6, 0x7c, 0xd3, 0x58, 0x79, 0x0d, 0x78, 0xd7, 0x7c, 0x29, 0x2b, 0xc3, 0x96, 0x1d, 0xc7,
0x96, 0x50, 0x42, 0xd7, 0xda, 0xeb, 0x29, 0x8e, 0x2a, 0x72, 0x23, 0x57, 0x0f, 0x6f, 0x37, 0x35, 0xb2, 0x42, 0x76, 0x78, 0xbf, 0xbf, 0x8c, 0x3f, 0x31, 0xa2,
0x51, 0xec, 0x9e, 0x0d, 0xfd, 0xf2, 0xaf, 0x71, 0xa0, 0x4f, 0xa9, 0xf6, 0x19, 0xcf, 0x3e, 0x4b, 0xc8, 0xaa, 0x38, 0x06, 0xa1, 0x15, 0xde, 0xde, 0xef, 0x9b,
0x25, 0xa3, 0xcc, 0x47, 0xca, 0x29, 0x30, 0x65, 0x5f, 0xc1, 0x8b, 0x12, 0x63, 0x79, 0xcd, 0x57, 0x4d, 0x99, 0xc0, 0xcd, 0xbe, 0x62, 0xcb, 0xc3, 0xf2, 0x6b,
0x0b, 0x40, 0xc5, 0xee, 0x79, 0x0a, 0xa4, 0x75, 0x56, 0xe7, 0xe7, 0xf2, 0xfd, 0xe0, 0x72, 0x78, 0x04, 0xa2, 0x50, 0x31, 0x09, 0x8b, 0x57, 0xc3, 0x85, 0x4e,
0xc4, 0xae, 0xde, 0x8a, 0xfa, 0xf6, 0x31, 0x06, 0xd2, 0x07, 0x25, 0x40, 0xce, 0x0d, 0xfd, 0x26, 0x98, 0x41, 0xa3, 0xa9, 0xa2, 0x8d, 0x8b, 0x7f, 0x6d, 0x63,
0x87, 0x7e, 0x75, 0x2f, 0x78, 0xc9, 0xd5, 0x04, 0xb2, 0x4f, 0xc9, 0x94, 0xa7, 0x7f, 0xbc, 0x75, 0x7b, 0xb6, 0xfb, 0x2c, 0x46, 0xf6, 0xde, 0x36, 0x31, 0x2a,
0x32, 0x1d, 0x7f, 0x30, 0x9e, 0x4a, 0x84, 0x69, 0x66, 0xac, 0xef, 0xbe, 0xb3, 0x83, 0x8c, 0xb8, 0x30, 0xd2, 0x3f, 0xcf, 0xb5, 0xbb, 0x65, 0xaa, 0xe7, 0x6b,
0x74, 0x48, 0x2c, 0xb2, 0x72, 0x2b, 0x78, 0xaf, 0xd0, 0x71, 0x04, 0xa9, 0xb4, 0x65, 0xd9, 0xfc, 0x74, 0x23, 0xff, 0x89, 0xc1, 0x16, 0x23, 0xac, 0x59, 0x16,
0x89, 0x41, 0xc3, 0xdb, 0xdb, 0x5b, 0x9a, 0x3d, 0x08, 0xc4, 0x12, 0x28, 0xf8, 0x10, 0xa5, 0xad, 0xc6, 0x81, 0xc0, 0x61, 0x48, 0xba, 0x9d, 0xef, 0xc7, 0xf8,
0xad, 0x9a, 0xbd, 0x87, 0xfa, 0x7f, 0xa2, 0x4e, 0x4d, 0xe0, 0x19, 0xd5, 0x47, 0xc7, 0xd0, 0xfb, 0x00, 0x7b, 0xbf, 0x17, 0x80, 0xfe, 0xf5, 0x27, 0xec, 0x94,
0x44, 0x3d, 0x4a, 0x34, 0x49, 0x60, 0xb4, 0x8d, 0x71, 0x6d, 0x9c, 0xf4, 0x4c, 0x33, 0xa9, 0x49, 0x58, 0x58, 0x6f, 0xe1, 0xd1, 0x7d, 0x36, 0x51, 0xf4, 0xd8,
0x0d, 0x0b, 0xfc, 0xeb, 0xae, 0x58, 0x06, 0x08, 0xbf, 0x67, 0x07, 0x28, 0x7e, 0x68, 0x65, 0x79, 0x86, 0xfb, 0x43, 0x0f, 0x0a, 0xef, 0xd0, 0x97, 0x33, 0x10,
0x7a, 0x20, 0xe8, 0x22, 0xe5, 0xdc, 0x0c, 0xa2, 0xa5, 0x50, 0x1b, 0x08, 0x15, 0xc2, 0xec, 0xd2, 0x06, 0x25, 0xd0, 0x3b, 0xfd, 0xe3, 0xa2, 0x6f, 0x41, 0x15,
0x6d, 0x9f, 0x5f, 0xc4, 0x07, 0x5c, 0x99, 0x63, 0xd9, 0xd7, 0xdc, 0x90, 0xc9, 0x8f, 0x3a, 0x4b, 0x6a, 0x84, 0xe8, 0x3c, 0xc7, 0x71, 0x50, 0x71, 0x86, 0x71,
0x7d, 0x54, 0x84, 0x7b, 0xb7, 0xca, 0xd5, 0x42, 0xaf, 0x88, 0xa5, 0xae, 0xa4, 0x9c, 0xfd, 0x71, 0x71, 0x0f, 0x67, 0xaa, 0x1b, 0x61, 0xd7, 0xf4, 0x50, 0x21,
0x9d, 0x80, 0x6e, 0x54, 0xcd, 0xb6, 0xb9, 0x02, 0x3e, 0x59, 0x50, 0xff, 0xf2, 0xda, 0x21, 0x5c, 0x50, 0x6d, 0x64, 0x8c, 0x33, 0x75, 0x2a, 0xa4, 0x56, 0xb3,
0xa8, 0xdb, 0xba, 0xbe, 0x52, 0xd4, 0xe5, 0x29, 0x68, 0xe2, 0x6b, 0x94, 0x6b, 0xb3, 0x90, 0x63, 0x91, 0x1a, 0x95, 0xb5, 0xd7, 0x10, 0x1b, 0xd9, 0x93, 0x4f,
0x33, 0xb6, 0x6a, 0x4e, 0xcd, 0x40, 0x9d, 0x47, 0x76, 0x3e, 0x4b, 0xc7, 0x2f, 0x16, 0x96, 0x64, 0x9d, 0x4e, 0x8c, 0xfb, 0x0f, 0xd2, 0xec, 0x6c, 0xba, 0xf2,
0x9c, 0xca, 0xd2, 0x3e, 0x64, 0x37, 0x32, 0x20, 0xd7, 0x4c, 0xb0, 0xe7, 0xd3, 0x75, 0x51, 0x3a, 0x94, 0xc1, 0xdf, 0x1c, 0xb3, 0x10, 0xd5, 0x1e, 0xcf, 0x7c,
0xb7, 0xab, 0x4a, 0x93, 0xf0, 0x78, 0x58, 0x28, 0x63, 0x10, 0xee, 0xb0, 0xd6, 0x14, 0x81, 0x47, 0xeb, 0x2e, 0xc8, 0x6e, 0x33, 0x7e, 0xf3, 0x2d, 0xc8, 0xdb,
0x29, 0x0c, 0x80, 0xe4, 0x2f, 0x10, 0x07, 0x8e, 0x08, 0x86, 0x97, 0x1b, 0x39, 0x98, 0x39, 0x06, 0xb3, 0x85, 0x53, 0xb7, 0xbb, 0x65, 0x65, 0x85, 0x0e, 0x0a,
0x7d, 0x29, 0x3d, 0x3f, 0x52, 0xc2, 0x7b, 0x2b, 0x30, 0x94, 0x99, 0x6a, 0x4b, 0xad, 0xe9, 0xec, 0xcb, 0xcd, 0xae, 0x97, 0x45, 0x54, 0xd5, 0x00, 0x5e, 0xd8,
0xac, 0xeb, 0x99, 0xdc, 0x58, 0x0b, 0x01, 0xeb, 0x32, 0x22, 0xc4, 0xec, 0x4f, 0xd2, 0x15, 0x03, 0x30, 0x88, 0xc7, 0x28, 0xaf, 0x78, 0xf5, 0x38, 0x84, 0x3b,
0x3b, 0xe9, 0x29, 0x71, 0x50, 0xa3, 0x07, 0x49, 0x3b, 0xc6, 0x97, 0xc6, 0xf9, 0x53, 0x95, 0x51, 0x65, 0x7e, 0xd7, 0xd4, 0xe8, 0x76, 0x6a, 0x6d, 0x37, 0x6b,
0xa5, 0x59, 0xaa, 0x14, 0x18, 0x8c, 0x8d, 0x65, 0x78, 0x67, 0xfb, 0x60, 0x56, 0xab, 0x04, 0xa0, 0xc2, 0x93, 0x46, 0xf1, 0x2b, 0x0d, 0x3b, 0x38, 0x62, 0x62,
0x5e, 0xc8, 0x30, 0xf9, 0x45, 0x28, 0x6f, 0xa1, 0xb1, 0x88, 0xf1, 0x2b, 0x3b, 0xf8, 0xae, 0x91, 0x52, 0xc3, 0x72, 0x86, 0xe4, 0xec, 0xc3, 0x54, 0x86, 0xbf,
0x8f, 0x33, 0xb1, 0x0f, 0x42, 0xc5, 0x9c, 0xb8, 0xc2, 0x67, 0x8b, 0xac, 0x78, 0xd7, 0x63, 0xab, 0x05, 0xc6, 0x6c, 0x37, 0xa1, 0x28, 0xef, 0x95, 0xc9, 0xf5,
0x12, 0x38, 0x54, 0x34, 0x2e, 0x03, 0x6a, 0xaa, 0xa9, 0x97, 0x72, 0x22, 0x9f, 0x20, 0xec, 0x9e, 0x29, 0x09, 0xd8, 0x38, 0xd1, 0x86, 0x82, 0x99, 0xbd, 0x2a,
0x03, 0xe9, 0x3d, 0xbd, 0xea, 0xc5, 0x8b, 0xb0, 0x4c, 0x8b, 0x7e, 0x78, 0x08, 0xef, 0x39, 0xa8, 0xb4, 0x47, 0xce, 0x44, 0xc3, 0x3f, 0x52, 0xe4, 0xbd, 0x9e,
0xf6, 0xed, 0x6f, 0x6c, 0x05, 0x19, 0xa6, 0x0a, 0x1e, 0x48, 0xe3, 0x9b, 0x91, 0x61, 0xef, 0xf5, 0x91, 0x39, 0x70, 0x44, 0x1c, 0x08, 0x2e, 0x2c, 0x6c, 0x27,
0xb9, 0x0e, 0xcc, 0x74, 0x69, 0xa5, 0xf8, 0x19, 0xd6, 0xbf, 0x57, 0x6c, 0x9a, 0x91, 0x74, 0xfd, 0xc2, 0x31, 0x32, 0x12, 0x06, 0xa3, 0x69, 0x71, 0xda, 0x40,
0xa1, 0xf3, 0xb5, 0x9a, 0x43, 0xcc, 0xb4, 0x3c, 0x16, 0x40, 0x65, 0x2b, 0x02, 0xac, 0x5c, 0xae, 0xd6, 0x34, 0x34, 0xe3, 0x69, 0x76, 0x2c, 0xa8, 0xdd, 0x04,
0x92, 0xa6, 0x7a, 0xc0, 0x87, 0x70, 0x8b, 0x85, 0xba, 0x5d, 0xbb, 0x62, 0x70, 0xcc, 0x1f, 0x21, 0x2c, 0x7e, 0xc3, 0x77, 0xcf, 0x23, 0x22, 0xf4, 0x16, 0x8e,
0xf1, 0x3d, 0xdc, 0x33, 0x99, 0x5e, 0xaa, 0xa2, 0x50, 0x68, 0xde, 0x03, 0x44, 0xbb, 0xc7, 0x16, 0x2a, 0xf2, 0x08, 0xeb, 0x3d, 0x12, 0x6d, 0xcb, 0x2a, 0xaf,
0xb4, 0x79, 0xdb, 0x74, 0x5e, 0x54, 0x89, 0x73, 0x0c, 0x48, 0x9c, 0x03, 0x33, 0xd2, 0x92, 0x22, 0xdb, 0x3a, 0xa0, 0x8c, 0xe2, 0x30, 0x6f, 0x39, 0xe4, 0xa9,
0x24, 0x04, 0xbb, 0x85, 0x7d, 0x62, 0xc5, 0xa9, 0x98, 0x92, 0xef, 0xc6, 0xc8, 0xd1, 0x81, 0xad, 0x95, 0x40, 0x27, 0x09, 0xc7, 0x43, 0xcd, 0xb6, 0x94, 0xfc,
0x1c, 0x7d, 0x1c, 0xd3, 0x47, 0xfe, 0x62, 0x9c, 0xfa, 0xeb, 0xfc, 0x02, 0x2e, 0x48, 0x62, 0xcf, 0x63, 0xdb, 0x63, 0xd9, 0x21, 0x86, 0xe8, 0x96, 0x54, 0xeb,
0x6a, 0xa8, 0x78, 0x3c, 0x5b, 0xb6, 0xde, 0xa9, 0x04, 0x48, 0x63, 0xb2, 0x10, 0x02, 0x6a, 0x7f, 0x6d, 0xc8, 0x04, 0xdd, 0x99, 0x25, 0x08, 0xff, 0x80, 0x11,
0x53, 0xfb, 0x7a, 0x07, 0x39, 0xd9, 0x97, 0xca, 0xf0, 0xa7, 0x46, 0x9c, 0xc2, 0xae, 0x2e, 0x05, 0x62, 0xa0, 0xd5, 0x5d, 0x17, 0x0e, 0x5c, 0x7e, 0x9a, 0xb2,
0xb7, 0x9d, 0xd4, 0x4f, 0xe3, 0xac, 0x64, 0xdb, 0x6f, 0x1d, 0xdf, 0xd8, 0x41, 0xd7, 0xd9, 0x50, 0x55, 0x30, 0xeb, 0x4b, 0x19, 0xce, 0x78, 0x1f, 0xa8, 0x1e,
0x87, 0x9c, 0x8f, 0x93, 0x97, 0xd4, 0xa2, 0x28, 0x2c, 0x79, 0x22, 0xc8};
/******************************************************************************
* [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:udp:dns]
******************************************************************************
*
* Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
* Ethernet II, Src: zte_6c:fa:43 (00:1e:73:6c:fa:43), Dst: Shanghai_0d:0a (e4:95:6e:20:0d:0a)
* Destination: Shanghai_0d:0a (e4:95:6e:20:0d:0a)
* Source: zte_6c:fa:43 (00:1e:73:6c:fa:43)
* Type: IPv4 (0x0800)
* Internet Protocol Version 4, Src: 10.1.1.1, Dst: 192.168.1.10
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* Total Length: 110
* Identification: 0x0000 (0)
* 000. .... = Flags: 0x0
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 254
* Protocol: UDP (17)
* Header Checksum: 0xefca [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 10.1.1.1
* Destination Address: 192.168.1.10
* User Datagram Protocol, Src Port: 50709, Dst Port: 4789
* Source Port: 50709
* Destination Port: 4789
* Length: 90
* Checksum: 0x0000 [zero-value ignored]
* [Stream index: 0]
* [Timestamps]
* UDP payload (82 bytes)
* Virtual eXtensible Local Area Network
* Flags: 0x0800, VXLAN Network ID (VNI)
* Group Policy ID: 0
* VXLAN Network Identifier (VNI): 458755
* Reserved: 0
* Ethernet II, Src: WistronI_18:18:41 (3c:97:0e:18:18:41), Dst: DawningI_13:70:7a (e8:61:1f:13:70:7a)
* Destination: DawningI_13:70:7a (e8:61:1f:13:70:7a)
* Source: WistronI_18:18:41 (3c:97:0e:18:18:41)
* Type: IPv4 (0x0800)
* Internet Protocol Version 4, Src: 192.168.11.193, Dst: 114.114.114.114
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* Total Length: 60
* Identification: 0x0cb6 (3254)
* 000. .... = Flags: 0x0
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 64
* Protocol: UDP (17)
* Header Checksum: 0xbcad [validation disabled]
* [Header checksum status: Unverified]
* Source Address: 192.168.11.193
* Destination Address: 114.114.114.114
* User Datagram Protocol, Src Port: 65290, Dst Port: 53
* Source Port: 65290
* Destination Port: 53
* Length: 40
* Checksum: 0x39e4 [unverified]
* [Checksum Status: Unverified]
* [Stream index: 1]
* [Timestamps]
* UDP payload (32 bytes)
* Domain Name System (query)
*/
unsigned char data4[] = {
0xe4, 0x95, 0x6e, 0x20, 0x0d, 0x0a, 0x00, 0x1e, 0x73, 0x6c, 0xfa, 0x43, 0x08, 0x00, 0x45, 0x00, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0xfe, 0x11, 0xef, 0xca,
0x0a, 0x01, 0x01, 0x01, 0xc0, 0xa8, 0x01, 0x0a, 0xc6, 0x15, 0x12, 0xb5, 0x00, 0x5a, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x07, 0x00, 0x03, 0x00, 0xe8, 0x61,
0x1f, 0x13, 0x70, 0x7a, 0x3c, 0x97, 0x0e, 0x18, 0x18, 0x41, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3c, 0x0c, 0xb6, 0x00, 0x00, 0x40, 0x11, 0xbc, 0xad, 0xc0, 0xa8,
0x0b, 0xc1, 0x72, 0x72, 0x72, 0x72, 0xff, 0x0a, 0x00, 0x35, 0x00, 0x28, 0x39, 0xe4, 0x86, 0x84, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0x77, 0x77, 0x77, 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01};
/******************************************************************************
* [Protocols in frame: eth:ethertype:ip:udp:l2tp:ppp:ip:udp:nbns]
******************************************************************************
*
* Frame 1: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits)
* Ethernet II, Src: LCFCElectron_43:38:37 (28:d2:44:43:38:37), Dst: c0:00:14:8c:00:00 (c0:00:14:8c:00:00)
* Destination: c0:00:14:8c:00:00 (c0:00:14:8c:00:00)
* Source: LCFCElectron_43:38:37 (28:d2:44:43:38:37)
* Type: IPv4 (0x0800)
* Internet Protocol Version 4, Src: 172.16.0.100, Dst: 172.16.0.254
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* 0000 00.. = Differentiated Services Codepoint: Default (0)
* .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
* Total Length: 136
* Identification: 0x06ca (1738)
* 000. .... = Flags: 0x0
* 0... .... = Reserved bit: Not set
* .0.. .... = Don't fragment: Not set
* ..0. .... = More fragments: Not set
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 128
* Protocol: UDP (17)
* Header Checksum: 0xda18 [correct]
* [Header checksum status: Good]
* [Calculated Checksum: 0xda18]
* Source Address: 172.16.0.100
* Destination Address: 172.16.0.254
* User Datagram Protocol, Src Port: 1701, Dst Port: 1701
* Source Port: 1701
* Destination Port: 1701
* Length: 116
* Checksum: 0x962f [correct]
* [Calculated Checksum: 0x962f]
* [Checksum Status: Good]
* [Stream index: 0]
* [Timestamps]
* [Time since first frame: 0.000000000 seconds]
* [Time since previous frame: 0.000000000 seconds]
* UDP payload (108 bytes)
* Layer 2 Tunneling Protocol
* Flags: 0x4002, Type: Data Message, Length Bit
* 0... .... .... .... = Type: Data Message (0)
* .1.. .... .... .... = Length Bit: Length field is present
* .... 0... .... .... = Sequence Bit: Ns and Nr fields are not present
* .... ..0. .... .... = Offset bit: Offset size field is not present
* .... ...0 .... .... = Priority: No priority
* .... .... .... 0010 = Version: 2
* Length: 108
* Tunnel ID: 28998
* Session ID: 2
* Point-to-Point Protocol
* Address: 0xff
* Control: 0x03
* Protocol: Internet Protocol version 4 (0x0021)
* Internet Protocol Version 4, Src: 172.16.2.100, Dst: 255.255.255.255
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* 0000 00.. = Differentiated Services Codepoint: Default (0)
* .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
* Total Length: 96
* Identification: 0x0004 (4)
* 000. .... = Flags: 0x0
* 0... .... = Reserved bit: Not set
* .0.. .... = Don't fragment: Not set
* ..0. .... = More fragments: Not set
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 128
* Protocol: UDP (17)
* Header Checksum: 0x8c15 [correct]
* [Header checksum status: Good]
* [Calculated Checksum: 0x8c15]
* Source Address: 172.16.2.100
* Destination Address: 255.255.255.255
* User Datagram Protocol, Src Port: 137, Dst Port: 137
* Source Port: 137
* Destination Port: 137
* Length: 76
* Checksum: 0xba80 [correct]
* [Calculated Checksum: 0xba80]
* [Checksum Status: Good]
* [Stream index: 1]
* [Timestamps]
* [Time since first frame: 0.000000000 seconds]
* [Time since previous frame: 0.000000000 seconds]
* UDP payload (68 bytes)
* NetBIOS Name Service
*/
unsigned char data5[] = {
0xc0, 0x00, 0x14, 0x8c, 0x00, 0x00, 0x28, 0xd2, 0x44, 0x43, 0x38, 0x37, 0x08, 0x00, 0x45, 0x00, 0x00, 0x88, 0x06, 0xca, 0x00, 0x00, 0x80, 0x11, 0xda, 0x18,
0xac, 0x10, 0x00, 0x64, 0xac, 0x10, 0x00, 0xfe, 0x06, 0xa5, 0x06, 0xa5, 0x00, 0x74, 0x96, 0x2f, 0x40, 0x02, 0x00, 0x6c, 0x71, 0x46, 0x00, 0x02, 0xff, 0x03,
0x00, 0x21, 0x45, 0x00, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00, 0x80, 0x11, 0x8c, 0x15, 0xac, 0x10, 0x02, 0x64, 0xff, 0xff, 0xff, 0xff, 0x00, 0x89, 0x00, 0x89,
0x00, 0x4c, 0xba, 0x80, 0xc6, 0x46, 0x29, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x20, 0x45, 0x4a, 0x45, 0x4a, 0x45, 0x46, 0x43, 0x4e, 0x46,
0x44, 0x45, 0x4e, 0x43, 0x4e, 0x46, 0x45, 0x45, 0x49, 0x45, 0x4a, 0x45, 0x4f, 0x45, 0x4c, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x41, 0x41, 0x00, 0x00, 0x20,
0x00, 0x01, 0xc0, 0x0c, 0x00, 0x20, 0x00, 0x01, 0x00, 0x04, 0x93, 0xe0, 0x00, 0x06, 0x00, 0x00, 0xac, 0x10, 0x02, 0x64};
/******************************************************************************
* [Protocols in frame: eth:ethertype:ip:udp:teredo:ipv6:udp:data]
******************************************************************************
*
* Frame 1: 108 bytes on wire (864 bits), 108 bytes captured (864 bits)
* Ethernet II, Src: Dell_c4:5b:ea (bc:30:5b:c4:5b:ea), Dst: Dell_3e:34:9c (b8:ac:6f:3e:34:9c)
* Destination: Dell_3e:34:9c (b8:ac:6f:3e:34:9c)
* Source: Dell_c4:5b:ea (bc:30:5b:c4:5b:ea)
* Type: IPv4 (0x0800)
* Internet Protocol Version 4, Src: 193.0.0.3, Dst: 193.0.0.1
* 0100 .... = Version: 4
* .... 0101 = Header Length: 20 bytes (5)
* Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
* 0000 00.. = Differentiated Services Codepoint: Default (0)
* .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
* Total Length: 94
* Identification: 0x62a0 (25248)
* 000. .... = Flags: 0x0
* 0... .... = Reserved bit: Not set
* .0.. .... = Don't fragment: Not set
* ..0. .... = More fragments: Not set
* ...0 0000 0000 0000 = Fragment Offset: 0
* Time to Live: 64
* Protocol: UDP (17)
* Header Checksum: 0x95ea [correct]
* [Header checksum status: Good]
* [Calculated Checksum: 0x95ea]
* Source Address: 193.0.0.3
* Destination Address: 193.0.0.1
* User Datagram Protocol, Src Port: 45802, Dst Port: 3544
* Source Port: 45802
* Destination Port: 3544
* Length: 74
* Checksum: 0x4b23 [correct]
* [Calculated Checksum: 0x4b23]
* [Checksum Status: Good]
* [Stream index: 0]
* [Timestamps]
* [Time since first frame: 0.000000000 seconds]
* [Time since previous frame: 0.000000000 seconds]
* UDP payload (66 bytes)
* Teredo IPv6 over UDP tunneling
* Internet Protocol Version 6, Src: 2002:0:c100:1:24ba:4d15:3eff:fffc, Dst: 2001:db8:1::1
* 0110 .... = Version: 6
* .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
* .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
* .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
* .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000
* Payload Length: 26
* Next Header: UDP (17)
* Hop Limit: 128
* Source Address: 2002:0:c100:1:24ba:4d15:3eff:fffc
* Destination Address: 2001:db8:1::1
* [Source 6to4 Gateway IPv4: 0.0.193.0]
* [Source 6to4 SLA ID: 1]
* User Datagram Protocol, Src Port: 32768, Dst Port: 20480
* Source Port: 32768
* Destination Port: 20480
* Length: 26
* Checksum: 0xf017 [correct]
* [Calculated Checksum: 0xf017]
* [Checksum Status: Good]
* [Stream index: 1]
* [Timestamps]
* [Time since first frame: 0.000000000 seconds]
* [Time since previous frame: 0.000000000 seconds]
* UDP payload (18 bytes)
* Data (18 bytes)
* Data: 4fd54034712d3f014d3180b082c007d0e76c
* [Length: 18]
*/
unsigned char data6[] = {
0xb8, 0xac, 0x6f, 0x3e, 0x34, 0x9c, 0xbc, 0x30, 0x5b, 0xc4, 0x5b, 0xea, 0x08, 0x00, 0x45, 0x00, 0x00, 0x5e, 0x62, 0xa0, 0x00, 0x00, 0x40, 0x11, 0x95, 0xea,
0xc1, 0x00, 0x00, 0x03, 0xc1, 0x00, 0x00, 0x01, 0xb2, 0xea, 0x0d, 0xd8, 0x00, 0x4a, 0x4b, 0x23, 0x60, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x11, 0x80, 0x20, 0x02,
0x00, 0x00, 0xc1, 0x00, 0x00, 0x01, 0x24, 0xba, 0x4d, 0x15, 0x3e, 0xff, 0xff, 0xfc, 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x01, 0x80, 0x00, 0x50, 0x00, 0x00, 0x1a, 0xf0, 0x17, 0x4f, 0xd5, 0x40, 0x34, 0x71, 0x2d, 0x3f, 0x01, 0x4d, 0x31, 0x80, 0xb0, 0x82, 0xc0,
0x07, 0xd0, 0xe7, 0x6c};
TEST(TUNNEL, IPV4)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data1, sizeof(data1));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 1);
// IPv4 tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_IPV4);
EXPECT_TRUE(out.layer_count == 1);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV4);
EXPECT_TRUE(out.layers[0].hdr_len == 20);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == -1);
}
TEST(TUNNEL, IPV6)
{
// TEST ON GRE
}
TEST(TUNNEL, GRE)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data2, sizeof(data2));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 2);
// IPv6 tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_IPV6);
EXPECT_TRUE(out.layer_count == 1);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV6);
EXPECT_TRUE(out.layers[0].hdr_len == 40);
// GRE tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_GRE);
EXPECT_TRUE(out.layer_count == 2);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV4);
EXPECT_TRUE(out.layers[0].hdr_len == 20);
EXPECT_TRUE(out.layers[1].proto == LAYER_PROTO_GRE);
EXPECT_TRUE(out.layers[1].hdr_len == 16);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 2, &out) == -1);
}
TEST(TUNNEL, GTP)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data3, sizeof(data3));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 1);
// GTP tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_GTP);
EXPECT_TRUE(out.layer_count == 3);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV6);
EXPECT_TRUE(out.layers[0].hdr_len == 40);
EXPECT_TRUE(out.layers[1].proto == LAYER_PROTO_UDP);
EXPECT_TRUE(out.layers[1].hdr_len == 8);
EXPECT_TRUE(out.layers[2].proto == LAYER_PROTO_GTP);
EXPECT_TRUE(out.layers[2].hdr_len == 8);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == -1);
}
TEST(TUNNEL, VXLAN)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data4, sizeof(data4));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 1);
// VXLAN tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_VXLAN);
EXPECT_TRUE(out.layer_count == 3);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV4);
EXPECT_TRUE(out.layers[0].hdr_len == 20);
EXPECT_TRUE(out.layers[1].proto == LAYER_PROTO_UDP);
EXPECT_TRUE(out.layers[1].hdr_len == 8);
EXPECT_TRUE(out.layers[2].proto == LAYER_PROTO_VXLAN);
EXPECT_TRUE(out.layers[2].hdr_len == 8);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == -1);
}
TEST(TUNNEL, L2TP)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data5, sizeof(data5));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 1);
// L2TP tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_L2TP);
EXPECT_TRUE(out.layer_count == 3);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV4);
EXPECT_TRUE(out.layers[0].hdr_len == 20);
EXPECT_TRUE(out.layers[1].proto == LAYER_PROTO_UDP);
EXPECT_TRUE(out.layers[1].hdr_len == 8);
EXPECT_TRUE(out.layers[2].proto == LAYER_PROTO_L2TP);
EXPECT_TRUE(out.layers[2].hdr_len == 8);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == -1);
}
TEST(TUNNEL, TEREDO)
{
struct packet pkt;
struct tunnel out;
memset(&pkt, 0, sizeof(pkt));
packet_parse(&pkt, (const char *)data6, sizeof(data6));
packet_print(&pkt);
EXPECT_TRUE(packet_get_tunnel_count(&pkt) == 1);
// IPv4 tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 0, &out) == 0);
EXPECT_TRUE(out.type == TUNNEL_TEREDO);
EXPECT_TRUE(out.layer_count == 2);
EXPECT_TRUE(out.layers[0].proto == LAYER_PROTO_IPV4);
EXPECT_TRUE(out.layers[0].hdr_len == 20);
EXPECT_TRUE(out.layers[1].proto == LAYER_PROTO_UDP);
EXPECT_TRUE(out.layers[1].hdr_len == 8);
// No tunnel
EXPECT_TRUE(packet_get_tunnel_by_idx(&pkt, 1, &out) == -1);
}
int main(int argc, char **argv)
{
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

4
src/stellar/version.map
View File

@@ -1,10 +1,10 @@
LIBSTELLAR_DEVEL {
global:
packet_get_layer_count;
packet_get_layer;
packet_get_layer_by_idx;
packet_get_tunnel_count;
packet_get_tunnel;
packet_get_tunnel_by_idx;
packet_prepend_sids;
packet_get_direction;

16
test/packet_inject/packet_inject_plugin.cpp
View File

@@ -46,29 +46,29 @@ static void on_sess_msg(struct session *sess, int topic_id, const void *msg, voi
switch (layer.proto)
{
case LAYER_PROTO_IPV4:
if (memcmp(&layer.header.ip4->ip_src, &rule.addr4, sizeof(struct in_addr)) == 0 ||
memcmp(&layer.header.ip4->ip_dst, &rule.addr4, sizeof(struct in_addr)) == 0)
if (memcmp(&layer.hdr.ip4->ip_src, &rule.addr4, sizeof(struct in_addr)) == 0 ||
memcmp(&layer.hdr.ip4->ip_dst, &rule.addr4, sizeof(struct in_addr)) == 0)
{
is_ip_hit = 1;
}
break;
case LAYER_PROTO_IPV6:
if (memcmp(&layer.header.ip6->ip6_src, &rule.addr6, sizeof(struct in6_addr)) == 0 ||
memcmp(&layer.header.ip6->ip6_dst, &rule.addr6, sizeof(struct in6_addr)) == 0)
if (memcmp(&layer.hdr.ip6->ip6_src, &rule.addr6, sizeof(struct in6_addr)) == 0 ||
memcmp(&layer.hdr.ip6->ip6_dst, &rule.addr6, sizeof(struct in6_addr)) == 0)
{
is_ip_hit = 1;
}
break;
case LAYER_PROTO_TCP:
if (layer.header.tcp->th_sport == rule.port ||
layer.header.tcp->th_dport == rule.port)
if (layer.hdr.tcp->th_sport == rule.port ||
layer.hdr.tcp->th_dport == rule.port)
{
is_port_hit = 1;
}
break;
case LAYER_PROTO_UDP:
if (layer.header.udp->uh_sport == rule.port ||
layer.header.udp->uh_dport == rule.port)
if (layer.hdr.udp->uh_sport == rule.port ||
layer.hdr.udp->uh_dport == rule.port)
{
is_port_hit = 1;
}

4
test/packet_parser/packet_parser.cpp
View File

@@ -202,7 +202,7 @@ static void packet_to_tshark_format(const struct packet *pkt, uint64_t idx)
case LAYER_PROTO_VXLAN:
buffer_push(&buff_proto, "vxlan");
break;
case LAYER_PROTO_GTPV1_U:
case LAYER_PROTO_GTP:
buffer_push(&buff_proto, "gtp");
break;
default:
@@ -239,7 +239,7 @@ static void packet_handler(u_char *user, const struct pcap_pkthdr *h, const u_ch
if (opts->print_readable_format)
{
printf("\033[0;32m frame=%lu len=%u \033[0m", number, h->caplen);
packet_print_str(&pkt);
packet_print(&pkt);
}
if (opts->print_tshark_format)