diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 78e1654..22ba14b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,4 +1,5 @@ add_subdirectory(timestamp) add_subdirectory(tuple) +add_subdirectory(packet) add_subdirectory(session) add_subdirectory(stellar) \ No newline at end of file diff --git a/src/packet/CMakeLists.txt b/src/packet/CMakeLists.txt new file mode 100644 index 0000000..fd771a3 --- /dev/null +++ b/src/packet/CMakeLists.txt @@ -0,0 +1,20 @@ +############################################################################### +# packet +############################################################################### + +add_library(packet packet.cpp) +target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/src/packet) +target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/src/tuple) +target_include_directories(packet PUBLIC ${CMAKE_SOURCE_DIR}/deps/uthash) +target_link_libraries(packet tuple) + +############################################################################### +# gtest +############################################################################### + +add_executable(gtest_packet gtest_packet.cpp) +target_include_directories(gtest_packet PUBLIC ${CMAKE_CURRENT_LIST_DIR}) +target_link_libraries(gtest_packet packet gtest) + +include(GoogleTest) +gtest_discover_tests(gtest_packet) \ No newline at end of file diff --git a/src/packet/gtest_packet.cpp b/src/packet/gtest_packet.cpp new file mode 100644 index 0000000..f0ed264 --- /dev/null +++ b/src/packet/gtest_packet.cpp @@ -0,0 +1,2706 @@ +#include +#include + +#include "packet.h" + +/****************************************************************************** + * Pcap file: 1-ETH_VLAN_VLAN_IP4_IP4_UDP.pcap + * [Protocols in frame: eth:ethertype:vlan:ethertype:vlan:ethertype:ip:ip:udp:data] + ****************************************************************************** + * + * Frame 1: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits) + * Ethernet II, Src: HuaweiTe_3b:b3:9a (a4:c6:4f:3b:b3:9a), Dst: 00:00:00_00:00:04 (00:00:00:00:00:04) + * Destination: 00:00:00_00:00:04 (00:00:00:00:00:04) + * Source: HuaweiTe_3b:b3:9a (a4:c6:4f:3b:b3:9a) + * Type: 802.1Q Virtual LAN (0x8100) + * 802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 1624 + * 011. .... .... .... = Priority: Critical Applications (3) + * ...0 .... .... .... = DEI: Ineligible + * .... 0110 0101 1000 = ID: 1624 + * Type: 802.1Q Virtual LAN (0x8100) + * 802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 505 + * 011. .... .... .... = Priority: Critical Applications (3) + * ...0 .... .... .... = DEI: Ineligible + * .... 0001 1111 1001 = ID: 505 + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 69.67.35.146, Dst: 41.202.46.110 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0xb8 (DSCP: EF PHB, ECN: Not-ECT) + * Total Length: 148 + * Identification: 0xe858 (59480) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 255 + * Protocol: IPIP (4) + * Header Checksum: 0x1148 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 69.67.35.146 + * Destination Address: 41.202.46.110 + * Internet Protocol Version 4, Src: 10.10.100.25, Dst: 10.10.101.2 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0xb8 (DSCP: EF PHB, ECN: Not-ECT) + * Total Length: 128 + * Identification: 0x0001 (1) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 254 + * Protocol: UDP (17) + * Header Checksum: 0xde84 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 10.10.100.25 + * Destination Address: 10.10.101.2 + * User Datagram Protocol, Src Port: 62367, Dst Port: 17000 + * Source Port: 62367 + * Destination Port: 17000 + * Length: 108 + * Checksum: 0x4b9a [unverified] + * [Checksum Status: Unverified] + * [Stream index: 0] + * [Timestamps] + * [Time since first frame: 0.000000000 seconds] + * [Time since previous frame: 0.000000000 seconds] + * UDP payload (100 bytes) + * Data (100 bytes) + */ + +unsigned char data1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0xa4, 0xc6, 0x4f, 0x3b, 0xb3, 0x9a, 0x81, 0x00, 0x66, 0x58, 0x81, 0x00, 0x61, 0xf9, 0x08, 0x00, 0x45, 0xb8, 0x00, 0x94, + 0xe8, 0x58, 0x00, 0x00, 0xff, 0x04, 0x11, 0x48, 0x45, 0x43, 0x23, 0x92, 0x29, 0xca, 0x2e, 0x6e, 0x45, 0xb8, 0x00, 0x80, 0x00, 0x01, 0x00, 0x00, 0xfe, 0x11, + 0xde, 0x84, 0x0a, 0x0a, 0x64, 0x19, 0x0a, 0x0a, 0x65, 0x02, 0xf3, 0x9f, 0x42, 0x68, 0x00, 0x6c, 0x4b, 0x9a, 0x00, 0x02, 0x00, 0x00, 0x04, 0x73, 0x6c, 0x10, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, + 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, + 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, + 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd, 0xab, 0xcd}; + +#if 1 +TEST(DATA_PACKET, ETH_VLAN_VLAN_IP4_IP4_UDP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data1, sizeof(data1)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data1 == 70); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 156); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_VLAN + const struct layer_record *outer_vlan_record = packet_get_outermost_layer(&handler, LAYER_TYPE_VLAN); + const struct layer_record *inner_vlan_record = packet_get_innermost_layer(&handler, LAYER_TYPE_VLAN); + + EXPECT_TRUE(outer_vlan_record != nullptr); + EXPECT_TRUE(inner_vlan_record != nullptr); + EXPECT_TRUE(outer_vlan_record->hdr_offset == 14); + EXPECT_TRUE(outer_vlan_record->hdr_len == 4); + EXPECT_TRUE(outer_vlan_record->pld_len == 152); + EXPECT_TRUE(inner_vlan_record->hdr_offset == 18); + EXPECT_TRUE(inner_vlan_record->hdr_len == 4); + EXPECT_TRUE(inner_vlan_record->pld_len == 148); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == outer_vlan_record); + EXPECT_TRUE(inner_l2_tun_record == inner_vlan_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 22); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 128); + EXPECT_TRUE(inner_ipv4_record->hdr_offset == 42); + EXPECT_TRUE(inner_ipv4_record->hdr_len == 20); + EXPECT_TRUE(inner_ipv4_record->pld_len == 108); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + EXPECT_TRUE(inner_l3_record == inner_ipv4_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record == inner_udp_record); + EXPECT_TRUE(outer_udp_record->hdr_offset == 62); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 100); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "69.67.35.146 -> 41.202.46.110"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.10.100.25 -> 10.10.101.2"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.10.100.25:62367 -> 10.10.101.2:17000"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.10.100.25:62367 -> 10.10.101.2:17000"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.10.100.25:62367 -> 10.10.101.2:17000, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.10.100.25:62367 -> 10.10.101.2:17000, proto: 17, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 2-ETH_IP6_IP4_TCP_SSH.pcap + * [Protocols in frame: eth:ethertype:ipv6:ip:tcp:ssh] + ****************************************************************************** + * + * Frame 1: 726 bytes on wire (5808 bits), 726 bytes captured (5808 bits) + * Ethernet II, Src: EvocInte_36:51:3c (00:22:46:36:51:3c), Dst: EvocInte_36:51:38 (00:22:46:36:51:38) + * Destination: EvocInte_36:51:38 (00:22:46:36:51:38) + * Source: EvocInte_36:51:3c (00:22:46:36:51:3c) + * Type: IPv6 (0x86dd) + * Internet Protocol Version 6, Src: 2001::192:168:40:134, Dst: 2001::192:168:40:133 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 672 + * Next Header: IPIP (4) + * Hop Limit: 64 + * Source Address: 2001::192:168:40:134 + * Destination Address: 2001::192:168:40:133 + * [Source Teredo Server IPv4: 0.0.0.0] + * [Source Teredo Port: 65175] + * [Source Teredo Client IPv4: 255.191.254.203] + * [Destination Teredo Server IPv4: 0.0.0.0] + * [Destination Teredo Port: 65175] + * [Destination Teredo Client IPv4: 255.191.254.204] + * Internet Protocol Version 4, Src: 1.1.1.1, Dst: 2.2.2.2 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 672 + * Identification: 0x0968 (2408) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 212 + * Protocol: TCP (6) + * Header Checksum: 0xd4ea [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 1.1.1.1 + * Destination Address: 2.2.2.2 + * Transmission Control Protocol, Src Port: 57639, Dst Port: 22, Seq: 1, Ack: 1, Len: 632 + * Source Port: 57639 + * Destination Port: 22 + * [Stream index: 0] + * [Conversation completeness: Incomplete (8)] + * [TCP Segment Len: 632] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 1508621024 + * [Next Sequence Number: 633 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 2828957019 + * 0101 .... = Header Length: 20 bytes (5) + * Flags: 0x018 (PSH, ACK) + * Window: 28584 + * [Calculated window size: 28584] + * [Window size scaling factor: -1 (unknown)] + * Checksum: 0xc51f [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * [Timestamps] + * [SEQ/ACK analysis] + * TCP payload (632 bytes) + * SSH Protocol + */ + +unsigned char data2[] = { + 0x00, 0x22, 0x46, 0x36, 0x51, 0x38, 0x00, 0x22, 0x46, 0x36, 0x51, 0x3c, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x02, 0xa0, 0x04, 0x40, 0x20, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x92, 0x01, 0x68, 0x00, 0x40, 0x01, 0x34, 0x20, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x92, 0x01, 0x68, 0x00, 0x40, + 0x01, 0x33, 0x45, 0x00, 0x02, 0xa0, 0x09, 0x68, 0x00, 0x00, 0xd4, 0x06, 0xd4, 0xea, 0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02, 0xe1, 0x27, 0x00, 0x16, + 0x59, 0xeb, 0xba, 0xe0, 0xa8, 0x9e, 0x75, 0x5b, 0x50, 0x18, 0x6f, 0xa8, 0xc5, 0x1f, 0x00, 0x00, 0x4f, 0xe3, 0xa9, 0x48, 0x9b, 0xbe, 0xa8, 0x07, 0x0e, 0xbb, + 0x5b, 0xf1, 0x15, 0x1d, 0xc9, 0xbe, 0xdf, 0x78, 0x89, 0xa2, 0x8f, 0x12, 0x5f, 0xad, 0x51, 0xd5, 0xfa, 0xa7, 0x0b, 0xf2, 0x34, 0x00, 0x5b, 0x77, 0xae, 0xab, + 0xe4, 0x49, 0xa7, 0xa5, 0xa7, 0x1f, 0xda, 0x90, 0xcc, 0xe1, 0x8e, 0x9f, 0xe9, 0xee, 0x53, 0x59, 0xa4, 0x17, 0xf8, 0x0d, 0x40, 0xe5, 0x75, 0x97, 0xf0, 0x29, + 0xfa, 0x7c, 0xb8, 0x12, 0x7e, 0x93, 0xbc, 0x7e, 0x0a, 0x69, 0x8f, 0x1d, 0x7b, 0x1a, 0x2e, 0xf6, 0xa6, 0x78, 0x67, 0x26, 0xfe, 0x8f, 0xcf, 0x5a, 0x02, 0x7d, + 0xbb, 0x1b, 0xdb, 0xc7, 0x71, 0xee, 0xe9, 0xd9, 0xc1, 0x48, 0xbf, 0xc7, 0xcc, 0x00, 0x82, 0x7f, 0x69, 0x52, 0xa7, 0xe1, 0x12, 0xec, 0xf1, 0x93, 0xa8, 0x55, + 0x5b, 0x33, 0xd3, 0x35, 0x11, 0x5d, 0xf8, 0x3d, 0x5b, 0x94, 0xc9, 0x67, 0xae, 0xba, 0xc0, 0x4a, 0x8b, 0x25, 0x8d, 0xbf, 0xd4, 0xcc, 0x24, 0xb7, 0x3d, 0x0f, + 0x1a, 0x57, 0x20, 0x5c, 0x64, 0x62, 0xf7, 0x3c, 0xff, 0xaf, 0x6b, 0xf2, 0xf3, 0xca, 0xd1, 0xcb, 0x7b, 0x9f, 0xc1, 0x31, 0x25, 0x01, 0xd1, 0x18, 0x78, 0x81, + 0xf8, 0xae, 0x61, 0x4b, 0x59, 0xa1, 0xbe, 0x4a, 0x94, 0x12, 0xa3, 0x05, 0x4a, 0x26, 0x85, 0xbd, 0x5e, 0x59, 0xb2, 0xc2, 0x24, 0xec, 0xd6, 0x94, 0x6e, 0xc5, + 0x7a, 0xdf, 0x21, 0x21, 0xe4, 0x06, 0x67, 0x89, 0xe0, 0x76, 0x85, 0xa9, 0x00, 0x43, 0xfe, 0x72, 0x8c, 0x10, 0xe4, 0x96, 0x63, 0x1a, 0xe8, 0x84, 0xe1, 0x86, + 0xa2, 0xa5, 0x67, 0x31, 0x67, 0x44, 0xca, 0xec, 0xe8, 0xa1, 0x3e, 0x5f, 0x4e, 0x71, 0x5d, 0xd4, 0x34, 0xa9, 0x3d, 0xfa, 0x6a, 0xdb, 0xfb, 0x28, 0x2b, 0x70, + 0xcc, 0xf1, 0x3c, 0x7c, 0xf5, 0x39, 0xb5, 0xd0, 0xa2, 0x56, 0x22, 0x96, 0x7e, 0xc5, 0x0e, 0x66, 0x2d, 0xcd, 0x5c, 0x33, 0x43, 0x1c, 0xca, 0x17, 0x77, 0x46, + 0xb2, 0x41, 0x06, 0x8a, 0x7c, 0x7c, 0x66, 0x06, 0x18, 0x33, 0x21, 0x16, 0x8f, 0x5a, 0xb7, 0xdd, 0x10, 0xa1, 0xab, 0xe9, 0x66, 0xf7, 0x90, 0x22, 0x2c, 0xbe, + 0xdd, 0xad, 0xe1, 0x40, 0xe9, 0x21, 0x53, 0x97, 0x07, 0x97, 0x6b, 0xd6, 0x91, 0x11, 0x44, 0x4e, 0x9d, 0x1f, 0x57, 0x07, 0xed, 0xa2, 0xac, 0x77, 0xc0, 0x84, + 0xb7, 0xc5, 0x2b, 0xaa, 0x17, 0xd2, 0xdb, 0x2a, 0x15, 0x47, 0x2b, 0x69, 0xf1, 0xb4, 0xb5, 0x8f, 0x98, 0xcf, 0x26, 0x03, 0xf0, 0x4b, 0x1a, 0xba, 0x94, 0xc4, + 0x12, 0xe3, 0xd1, 0x38, 0x0c, 0x2e, 0x87, 0x33, 0x0f, 0xe1, 0xa6, 0xba, 0x75, 0xd0, 0xa4, 0x94, 0x80, 0x49, 0x67, 0xa8, 0x90, 0x31, 0x19, 0xaa, 0xf9, 0x78, + 0x0d, 0xdd, 0x64, 0xe3, 0xc7, 0x0e, 0x81, 0xa7, 0x6b, 0x44, 0x0c, 0xb5, 0xa0, 0x25, 0x8a, 0xa2, 0xdc, 0x5e, 0xbc, 0xcd, 0xb4, 0x87, 0x1b, 0x6c, 0x08, 0x38, + 0x63, 0xa8, 0xc1, 0xde, 0xe2, 0xa1, 0xa4, 0x19, 0x1e, 0x3c, 0x67, 0x3b, 0xf7, 0x7f, 0x67, 0xfb, 0x50, 0x9a, 0x06, 0x5c, 0xdd, 0xf2, 0x26, 0x2c, 0xb9, 0xd2, + 0xbd, 0x80, 0xd5, 0xfc, 0xc5, 0x54, 0x6c, 0xc1, 0xea, 0x76, 0x3e, 0xd4, 0xbb, 0x57, 0x65, 0x6a, 0xf8, 0x8e, 0x3e, 0x93, 0xe5, 0x03, 0xfc, 0xce, 0xf1, 0x1c, + 0xf3, 0x10, 0xae, 0x87, 0x78, 0x46, 0x02, 0x63, 0xc5, 0xc0, 0x41, 0xbd, 0xae, 0x46, 0x68, 0x0c, 0x92, 0x22, 0xa4, 0xc0, 0xce, 0xf3, 0xc4, 0xf7, 0x83, 0xa9, + 0x22, 0x78, 0x74, 0x7f, 0x2e, 0xc1, 0xc6, 0x3b, 0x72, 0x26, 0x4b, 0x45, 0xbd, 0x1b, 0x9f, 0x66, 0x61, 0x46, 0xbb, 0x0f, 0xf3, 0xc5, 0x65, 0x95, 0xbc, 0xae, + 0x8f, 0x37, 0xfd, 0xa3, 0x20, 0xb6, 0xe4, 0xa8, 0xff, 0x45, 0xa1, 0x01, 0xa1, 0x76, 0xb3, 0xad, 0x16, 0x07, 0x39, 0x58, 0x3b, 0x34, 0xe9, 0xe6, 0xc0, 0xee, + 0x7f, 0x65, 0x6f, 0x68, 0xf4, 0x45, 0xa4, 0x85, 0xa7, 0x50, 0x63, 0xce, 0x0b, 0x0d, 0xbd, 0xd1, 0x20, 0xc8, 0x41, 0x37, 0x05, 0x1f, 0x81, 0xf3, 0x7c, 0xe7, + 0x67, 0x15, 0xce, 0xad, 0x76, 0x95, 0x1a, 0x93, 0x4a, 0xab, 0xc4, 0xea, 0x30, 0x44, 0x13, 0x47, 0xec, 0x79, 0xa2, 0x41, 0x0c, 0xdd, 0x42, 0xdf, 0xbf, 0x02, + 0xef, 0x9e, 0x67, 0x7e, 0x1e, 0xb0, 0x2a, 0x7f, 0x97, 0xf3, 0x5a, 0xbc, 0x21, 0x8d, 0xf9, 0xc3, 0x30, 0x45, 0xfe, 0x72, 0x74, 0x04, 0x53, 0x99, 0xe7, 0xd1, + 0x2b, 0xb6, 0x3a, 0x9c, 0x84, 0x0e, 0x15, 0x5e, 0x75, 0x3b, 0xc9, 0x0e, 0x94, 0xe6, 0x48, 0x0e, 0x37, 0x07, 0xf8, 0xd9, 0x59, 0x4b, 0x04, 0x50}; + +#if 1 +TEST(DATA_PACKET, ETH_IP6_IP4_TCP_SSH) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data2, sizeof(data2)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data2 == 94); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 712); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record == inner_ipv6_record); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 672); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 54); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 652); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv6_record); + EXPECT_TRUE(inner_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 74); + EXPECT_TRUE(outer_tcp_record->hdr_len == 20); + EXPECT_TRUE(outer_tcp_record->pld_len == 632); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001::192:168:40:134 -> 2001::192:168:40:133"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "1.1.1.1 -> 2.2.2.2"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "1.1.1.1:57639 -> 2.2.2.2:22"); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "1.1.1.1:57639 -> 2.2.2.2:22"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "1.1.1.1:57639 -> 2.2.2.2:22, proto: 6, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "1.1.1.1:57639 -> 2.2.2.2:22, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 3-ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS.pcap + * [Protocols in frame: eth:ethertype:vlan:ethertype:ipv6:ip:gre:ppp:ip:udp:dns] + ****************************************************************************** + * + * Frame 1: 272 bytes on wire (2176 bits), 272 bytes captured (2176 bits) + * Ethernet II, Src: Cisco_e6:82:c4 (00:19:06:e6:82:c4), Dst: 10:01:00:00:61:3d (10:01:00:00:61:3d) + * Destination: 10:01:00:00:61:3d (10:01:00:00:61:3d) + * Source: Cisco_e6:82:c4 (00:19:06:e6:82:c4) + * Type: 802.1Q Virtual LAN (0x8100) + * 802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 100 + * 000. .... .... .... = Priority: Best Effort (default) (0) + * ...0 .... .... .... = DEI: Ineligible + * .... 0000 0110 0100 = ID: 100 + * Type: IPv6 (0x86dd) + * Internet Protocol Version 6, Src: 2607:fcd0:100:2300::b108:2a6b, Dst: 2402:f000:1:8e01::5555 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 214 + * Next Header: IPIP (4) + * Hop Limit: 57 + * Source Address: 2607:fcd0:100:2300::b108:2a6b + * Destination Address: 2402:f000:1:8e01::5555 + * Internet Protocol Version 4, Src: 192.52.166.154, Dst: 16.0.0.200 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 214 + * Identification: 0x842f (33839) + * 010. .... = Flags: 0x2, Don't fragment + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: Generic Routing Encapsulation (47) + * Header Checksum: 0x3e33 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 192.52.166.154 + * Destination Address: 16.0.0.200 + * Generic Routing Encapsulation (PPP) + * Flags and Version: 0x3081 + * Protocol Type: PPP (0x880b) + * Payload Length: 178 + * Call ID: 17 + * Sequence Number: 538640 + * Acknowledgment Number: 429725 + * Point-to-Point Protocol + * Address: 0xff + * Control: 0x03 + * Protocol: Internet Protocol version 4 (0x0021) + * Internet Protocol Version 4, Src: 8.8.8.8, Dst: 172.16.44.3 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 174 + * Identification: 0x2f9c (12188) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 50 + * Protocol: UDP (17) + * Header Checksum: 0x7080 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 8.8.8.8 + * Destination Address: 172.16.44.3 + * User Datagram Protocol, Src Port: 53, Dst Port: 9879 + * Source Port: 53 + * Destination Port: 9879 + * Length: 154 + * Checksum: 0x45d9 [unverified] + * [Checksum Status: Unverified] + * [Stream index: 0] + * [Timestamps] + * UDP payload (146 bytes) + * Domain Name System (response) + */ + +unsigned char data3[] = { + 0x10, 0x01, 0x00, 0x00, 0x61, 0x3d, 0x00, 0x19, 0x06, 0xe6, 0x82, 0xc4, 0x81, 0x00, 0x00, 0x64, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x00, 0xd6, 0x04, 0x39, + 0x26, 0x07, 0xfc, 0xd0, 0x01, 0x00, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0xb1, 0x08, 0x2a, 0x6b, 0x24, 0x02, 0xf0, 0x00, 0x00, 0x01, 0x8e, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x55, 0x55, 0x45, 0x00, 0x00, 0xd6, 0x84, 0x2f, 0x40, 0x00, 0x40, 0x2f, 0x3e, 0x33, 0xc0, 0x34, 0xa6, 0x9a, 0x10, 0x00, 0x00, 0xc8, + 0x30, 0x81, 0x88, 0x0b, 0x00, 0xb2, 0x00, 0x11, 0x00, 0x08, 0x38, 0x10, 0x00, 0x06, 0x8e, 0x9d, 0xff, 0x03, 0x00, 0x21, 0x45, 0x00, 0x00, 0xae, 0x2f, 0x9c, + 0x00, 0x00, 0x32, 0x11, 0x70, 0x80, 0x08, 0x08, 0x08, 0x08, 0xac, 0x10, 0x2c, 0x03, 0x00, 0x35, 0x26, 0x97, 0x00, 0x9a, 0x45, 0xd9, 0xb4, 0xe2, 0x81, 0x83, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x35, 0x78, 0x71, 0x74, 0x2d, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x2d, 0x6d, 0x6f, 0x64, 0x65, 0x32, 0x2d, + 0x37, 0x38, 0x63, 0x30, 0x36, 0x64, 0x63, 0x37, 0x2d, 0x30, 0x34, 0x61, 0x37, 0x2d, 0x34, 0x38, 0x35, 0x33, 0x2d, 0x38, 0x34, 0x38, 0x33, 0x2d, 0x61, 0x35, + 0x36, 0x32, 0x38, 0x39, 0x37, 0x36, 0x65, 0x32, 0x33, 0x33, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x02, 0xf0, 0x00, 0x40, + 0x01, 0x61, 0x0c, 0x72, 0x6f, 0x6f, 0x74, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x03, 0x6e, 0x65, 0x74, 0x00, 0x05, 0x6e, 0x73, 0x74, 0x6c, 0x64, + 0x0c, 0x76, 0x65, 0x72, 0x69, 0x73, 0x69, 0x67, 0x6e, 0x2d, 0x67, 0x72, 0x73, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x78, 0x0d, 0x09, 0x09, 0x00, 0x00, 0x07, 0x08, + 0x00, 0x00, 0x03, 0x84, 0x00, 0x09, 0x3a, 0x80, 0x00, 0x01, 0x51, 0x80}; + +#if 1 +TEST(DATA_PACKET, ETH_VLAN_IP6_IP4_GRE_PPP_IP4_UDP_DNS) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data3, sizeof(data3)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data3 == 126); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 258); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_VLAN + const struct layer_record *outer_vlan_record = packet_get_outermost_layer(&handler, LAYER_TYPE_VLAN); + const struct layer_record *inner_vlan_record = packet_get_innermost_layer(&handler, LAYER_TYPE_VLAN); + + EXPECT_TRUE(outer_vlan_record != nullptr); + EXPECT_TRUE(inner_vlan_record != nullptr); + EXPECT_TRUE(outer_vlan_record == inner_vlan_record); + EXPECT_TRUE(outer_vlan_record->hdr_offset == 14); + EXPECT_TRUE(outer_vlan_record->hdr_len == 4); + EXPECT_TRUE(outer_vlan_record->pld_len == 254); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == inner_l2_tun_record); + EXPECT_TRUE(outer_l2_tun_record == outer_vlan_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record == inner_ipv6_record); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 18); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 214); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv6_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 58); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 194); + + // LAYER_TYPE_GRE + const struct layer_record *outer_gre_record = packet_get_outermost_layer(&handler, LAYER_TYPE_GRE); + const struct layer_record *inner_ger_record = packet_get_innermost_layer(&handler, LAYER_TYPE_GRE); + + EXPECT_TRUE(outer_gre_record != nullptr); + EXPECT_TRUE(inner_ger_record != nullptr); + EXPECT_TRUE(outer_gre_record == inner_ger_record); + EXPECT_TRUE(outer_gre_record->hdr_offset == 78); + EXPECT_TRUE(outer_gre_record->hdr_len == 16); + EXPECT_TRUE(outer_gre_record->pld_len == 178); + + // LAYER_TYPE_L3_TUN + const struct layer_record *outer_l3_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3_TUN); + const struct layer_record *inner_l3_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3_TUN); + + EXPECT_TRUE(outer_l3_tun_record != nullptr); + EXPECT_TRUE(inner_l3_tun_record != nullptr); + EXPECT_TRUE(outer_l3_tun_record == inner_l3_tun_record); + EXPECT_TRUE(outer_l3_tun_record == outer_gre_record); + + // LAYER_TYPE_PPP + const struct layer_record *outer_ppp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_PPP); + const struct layer_record *inner_ppp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_PPP); + + EXPECT_TRUE(outer_ppp_record != nullptr); + EXPECT_TRUE(inner_ppp_record != nullptr); + EXPECT_TRUE(outer_ppp_record == inner_ppp_record); + EXPECT_TRUE(outer_ppp_record->hdr_offset == 94); + EXPECT_TRUE(outer_ppp_record->hdr_len == 4); + EXPECT_TRUE(outer_ppp_record->pld_len == 174); + + // LAYER_TYPE_L2 + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record == outer_ppp_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record->hdr_offset == 98); + EXPECT_TRUE(inner_ipv4_record->hdr_len == 20); + EXPECT_TRUE(inner_ipv4_record->pld_len == 154); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == inner_ipv4_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record == inner_udp_record); + EXPECT_TRUE(outer_udp_record->hdr_offset == 118); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 146); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2607:fcd0:100:2300::b108:2a6b -> 2402:f000:1:8e01::5555"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "8.8.8.8 -> 172.16.44.3"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "8.8.8.8:53 -> 172.16.44.3:9879"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "8.8.8.8:53 -> 172.16.44.3:9879"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "8.8.8.8:53 -> 172.16.44.3:9879, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "8.8.8.8:53 -> 172.16.44.3:9879, proto: 17, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 4-ETH_IP4_IP6_TCP.pcap + * [Protocols in frame: eth:ethertype:ip:ipv6:tcp] + ****************************************************************************** + * + * Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) + * Ethernet II, Src: JuniperN_45:88:29 (2c:6b:f5:45:88:29), Dst: JuniperN_2a:a2:00 (5c:5e:ab:2a:a2:00) + * Destination: JuniperN_2a:a2:00 (5c:5e:ab:2a:a2:00) + * Source: JuniperN_45:88:29 (2c:6b:f5:45:88:29) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 210.77.88.163, Dst: 59.66.4.50 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 92 + * Identification: 0x0b4d (2893) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 59 + * Protocol: IPv6 (41) + * Header Checksum: 0x09c8 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 210.77.88.163 + * Destination Address: 59.66.4.50 + * Internet Protocol Version 6, Src: 2001:da8:200:900e:200:5efe:d24d:58a3, Dst: 2600:140e:6::1702:1058 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 32 + * Next Header: TCP (6) + * Hop Limit: 64 + * Source Address: 2001:da8:200:900e:200:5efe:d24d:58a3 + * Destination Address: 2600:140e:6::1702:1058 + * [Source ISATAP IPv4: 210.77.88.163] + * Transmission Control Protocol, Src Port: 52556, Dst Port: 80, Seq: 0, Len: 0 + * Source Port: 52556 + * Destination Port: 80 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 0 (relative sequence number) + * Sequence Number (raw): 2172673142 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 0 + * Acknowledgment number (raw): 0 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x002 (SYN) + * Window: 8192 + * [Calculated window size: 8192] + * Checksum: 0xf757 [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted + * [Timestamps] + */ + +unsigned char data4[] = { + 0x5c, 0x5e, 0xab, 0x2a, 0xa2, 0x00, 0x2c, 0x6b, 0xf5, 0x45, 0x88, 0x29, 0x08, 0x00, 0x45, 0x00, 0x00, 0x5c, 0x0b, 0x4d, 0x00, 0x00, 0x3b, 0x29, 0x09, 0xc8, + 0xd2, 0x4d, 0x58, 0xa3, 0x3b, 0x42, 0x04, 0x32, 0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x06, 0x40, 0x20, 0x01, 0x0d, 0xa8, 0x02, 0x00, 0x90, 0x0e, 0x02, 0x00, + 0x5e, 0xfe, 0xd2, 0x4d, 0x58, 0xa3, 0x26, 0x00, 0x14, 0x0e, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x17, 0x02, 0x10, 0x58, 0xcd, 0x4c, 0x00, 0x50, + 0x81, 0x80, 0x5c, 0x76, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x20, 0x00, 0xf7, 0x57, 0x00, 0x00, 0x02, 0x04, 0x04, 0xc4, 0x01, 0x03, 0x03, 0x08, 0x01, 0x01, + 0x04, 0x02}; + +#if 1 +TEST(DATA_PACKET, ETH_IP4_IP6_TCP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data4 == 106); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 92); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 72); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record == inner_ipv6_record); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 34); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 32); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == outer_ipv6_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 74); + EXPECT_TRUE(outer_tcp_record->hdr_len == 32); + EXPECT_TRUE(outer_tcp_record->pld_len == 0); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "210.77.88.163 -> 59.66.4.50"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:da8:200:900e:200:5efe:d24d:58a3 -> 2600:140e:6::1702:1058"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:da8:200:900e:200:5efe:d24d:58a3:52556 -> 2600:140e:6::1702:1058:80"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:da8:200:900e:200:5efe:d24d:58a3:52556 -> 2600:140e:6::1702:1058:80"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:da8:200:900e:200:5efe:d24d:58a3:52556 -> 2600:140e:6::1702:1058:80, proto: 6, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:da8:200:900e:200:5efe:d24d:58a3:52556 -> 2600:140e:6::1702:1058:80, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 5-ETH_IP6_IP6_UDP.pcap + * [Protocols in frame: eth:ethertype:ipv6:ipv6:udp:data] + ****************************************************************************** + * + * Frame 1: 106 bytes on wire (848 bits), 106 bytes captured (848 bits) + * Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff) + * Destination: Broadcast (ff:ff:ff:ff:ff:ff) + * Source: 00:00:00_00:00:00 (00:00:00:00:00:00) + * Type: IPv6 (0x86dd) + * Internet Protocol Version 6, Src: 2001:4f8:4:7:2e0:81ff:fe52:ffff, Dst: 2001:4f8:4:7:2e0:81ff:fe52:9a6b + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 52 + * Next Header: IPv6 (41) + * Hop Limit: 64 + * Source Address: 2001:4f8:4:7:2e0:81ff:fe52:ffff + * Destination Address: 2001:4f8:4:7:2e0:81ff:fe52:9a6b + * [Source SLAAC MAC: TyanComp_52:ff:ff (00:e0:81:52:ff:ff)] + * [Destination SLAAC MAC: TyanComp_52:9a:6b (00:e0:81:52:9a:6b)] + * Internet Protocol Version 6, Src: dead::beef, Dst: cafe::babe + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 12 + * Next Header: UDP (17) + * Hop Limit: 64 + * Source Address: dead::beef + * Destination Address: cafe::babe + * User Datagram Protocol, Src Port: 30000, Dst Port: 13000 + * Source Port: 30000 + * Destination Port: 13000 + * Length: 12 + * Checksum: 0x83d2 [unverified] + * [Checksum Status: Unverified] + * [Stream index: 0] + * [Timestamps] + * UDP payload (4 bytes) + * Data (4 bytes) + */ + +unsigned char data5[] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x00, 0x34, 0x29, 0x40, 0x20, 0x01, 0x04, 0xf8, + 0x00, 0x04, 0x00, 0x07, 0x02, 0xe0, 0x81, 0xff, 0xfe, 0x52, 0xff, 0xff, 0x20, 0x01, 0x04, 0xf8, 0x00, 0x04, 0x00, 0x07, 0x02, 0xe0, 0x81, 0xff, 0xfe, 0x52, + 0x9a, 0x6b, 0x60, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x11, 0x40, 0xde, 0xad, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xbe, 0xef, + 0xca, 0xfe, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xba, 0xbe, 0x75, 0x30, 0x32, 0xc8, 0x00, 0x0c, 0x83, 0xd2, 0x58, 0x58, + 0x58, 0x58}; + +#if 1 +TEST(DATA_PACKET, ETH_IP6_IP6_UDP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data5, sizeof(data5)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data5 == 102); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 92); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 52); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv6_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record->hdr_offset == 54); + EXPECT_TRUE(inner_ipv6_record->hdr_len == 40); + EXPECT_TRUE(inner_ipv6_record->pld_len == 12); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == inner_ipv6_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record == inner_udp_record); + EXPECT_TRUE(outer_udp_record->hdr_offset == 94); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 4); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2001:4f8:4:7:2e0:81ff:fe52:ffff -> 2001:4f8:4:7:2e0:81ff:fe52:9a6b"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "dead::beef -> cafe::babe"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "dead::beef:30000 -> cafe::babe:13000"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "dead::beef:30000 -> cafe::babe:13000"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "dead::beef:30000 -> cafe::babe:13000, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "dead::beef:30000 -> cafe::babe:13000, proto: 17, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 6-ETH_MPLS_IP4_TCP.pcap + * [Protocols in frame: eth:ethertype:mpls:ip:tcp] + ****************************************************************************** + * + * Frame 1: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) + * Ethernet II, Src: Hangzhou_d9:28:cc (00:23:89:d9:28:cc), Dst: HuaweiTe_7f:eb:f7 (d4:6a:a8:7f:eb:f7) + * Destination: HuaweiTe_7f:eb:f7 (d4:6a:a8:7f:eb:f7) + * Source: Hangzhou_d9:28:cc (00:23:89:d9:28:cc) + * Type: MPLS label switched packet (0x8847) + * MultiProtocol Label Switching Header, Label: 18, Exp: 6, S: 1, TTL: 254 + * 0000 0000 0000 0001 0010 .... .... .... = MPLS Label: 18 (0x00012) + * .... .... .... .... .... 110. .... .... = MPLS Experimental Bits: 6 + * .... .... .... .... .... ...1 .... .... = MPLS Bottom Of Label Stack: 1 + * .... .... .... .... .... .... 1111 1110 = MPLS TTL: 254 + * Internet Protocol Version 4, Src: 119.40.37.65, Dst: 123.125.29.250 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 52 + * Identification: 0x02a1 (673) + * 010. .... = Flags: 0x2, Don't fragment + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 126 + * Protocol: TCP (6) + * Header Checksum: 0xc442 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 119.40.37.65 + * Destination Address: 123.125.29.250 + * Transmission Control Protocol, Src Port: 61853, Dst Port: 80, Seq: 0, Len: 0 + * Source Port: 61853 + * Destination Port: 80 + * [Stream index: 0] + * [Conversation completeness: Complete, WITH_DATA (31)] + * [TCP Segment Len: 0] + * Sequence Number: 0 (relative sequence number) + * Sequence Number (raw): 1710561749 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 0 + * Acknowledgment number (raw): 0 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x002 (SYN) + * Window: 8192 + * [Calculated window size: 8192] + * Checksum: 0xa777 [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted + * [Timestamps] + */ + +unsigned char data6[] = { + 0xd4, 0x6a, 0xa8, 0x7f, 0xeb, 0xf7, 0x00, 0x23, 0x89, 0xd9, 0x28, 0xcc, 0x88, 0x47, 0x00, 0x01, 0x2d, 0xfe, 0x45, 0x00, 0x00, 0x34, 0x02, 0xa1, 0x40, 0x00, + 0x7e, 0x06, 0xc4, 0x42, 0x77, 0x28, 0x25, 0x41, 0x7b, 0x7d, 0x1d, 0xfa, 0xf1, 0x9d, 0x00, 0x50, 0x65, 0xf5, 0x19, 0xd5, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, + 0x20, 0x00, 0xa7, 0x77, 0x00, 0x00, 0x02, 0x04, 0x05, 0xb4, 0x01, 0x03, 0x03, 0x08, 0x01, 0x01, 0x04, 0x02}; + +#if 1 +TEST(DATA_PACKET, ETH_MPLS_IP4_TCP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data6, sizeof(data6)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data6 == 70); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 56); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_MPLS + const struct layer_record *outer_mpls_record = packet_get_outermost_layer(&handler, LAYER_TYPE_MPLS); + const struct layer_record *inner_mpls_record = packet_get_innermost_layer(&handler, LAYER_TYPE_MPLS); + + EXPECT_TRUE(outer_mpls_record != nullptr); + EXPECT_TRUE(inner_mpls_record != nullptr); + EXPECT_TRUE(outer_mpls_record == inner_mpls_record); + EXPECT_TRUE(outer_mpls_record->hdr_offset == 14); + EXPECT_TRUE(outer_mpls_record->hdr_len == 4); + EXPECT_TRUE(outer_mpls_record->pld_len == 52); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == inner_l2_tun_record); + EXPECT_TRUE(outer_l2_tun_record == outer_mpls_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 18); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 32); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == inner_l3_record); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 38); + EXPECT_TRUE(outer_tcp_record->hdr_len == 32); + EXPECT_TRUE(outer_tcp_record->pld_len == 0); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65 -> 123.125.29.250"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65 -> 123.125.29.250"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65:61853 -> 123.125.29.250:80"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65:61853 -> 123.125.29.250:80"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65:61853 -> 123.125.29.250:80, proto: 6, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "119.40.37.65:61853 -> 123.125.29.250:80, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 7-ETH_MPLS_MPLS_IP4_TCP.pcap + * [Protocols in frame: eth:ethertype:mpls:ip:tcp] + ****************************************************************************** + * + * Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) + * Ethernet II, Src: Cisco_05:28:38 (00:30:96:05:28:38), Dst: Cisco_e6:fc:39 (00:30:96:e6:fc:39) + * Destination: Cisco_e6:fc:39 (00:30:96:e6:fc:39) + * Source: Cisco_05:28:38 (00:30:96:05:28:38) + * Type: MPLS label switched packet (0x8847) + * MultiProtocol Label Switching Header, Label: 18, Exp: 5, S: 0, TTL: 255 + * 0000 0000 0000 0001 0010 .... .... .... = MPLS Label: 18 (0x00012) + * .... .... .... .... .... 101. .... .... = MPLS Experimental Bits: 5 + * .... .... .... .... .... ...0 .... .... = MPLS Bottom Of Label Stack: 0 + * .... .... .... .... .... .... 1111 1111 = MPLS TTL: 255 + * MultiProtocol Label Switching Header, Label: 16, Exp: 5, S: 1, TTL: 255 + * 0000 0000 0000 0001 0000 .... .... .... = MPLS Label: 16 (0x00010) + * .... .... .... .... .... 101. .... .... = MPLS Experimental Bits: 5 + * .... .... .... .... .... ...1 .... .... = MPLS Bottom Of Label Stack: 1 + * .... .... .... .... .... .... 1111 1111 = MPLS TTL: 255 + * Internet Protocol Version 4, Src: 10.31.0.1, Dst: 10.34.0.1 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0xb0 (DSCP: Unknown, ECN: Not-ECT) + * Total Length: 44 + * Identification: 0x0000 (0) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 255 + * Protocol: TCP (6) + * Header Checksum: 0xa6d9 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 10.31.0.1 + * Destination Address: 10.34.0.1 + * Transmission Control Protocol, Src Port: 11001, Dst Port: 23, Seq: 0, Len: 0 + * Source Port: 11001 + * Destination Port: 23 + * [Stream index: 0] + * [Conversation completeness: Incomplete (29)] + * [TCP Segment Len: 0] + * Sequence Number: 0 (relative sequence number) + * Sequence Number (raw): 3481568569 + * [Next Sequence Number: 1 (relative sequence number)] + * Acknowledgment Number: 0 + * Acknowledgment number (raw): 0 + * 0110 .... = Header Length: 24 bytes (6) + * Flags: 0x002 (SYN) + * Window: 4128 + * [Calculated window size: 4128] + * Checksum: 0xf791 [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * Options: (4 bytes), Maximum segment size + * [Timestamps] + */ + +unsigned char data7[] = { + 0x00, 0x30, 0x96, 0xe6, 0xfc, 0x39, 0x00, 0x30, 0x96, 0x05, 0x28, 0x38, 0x88, 0x47, 0x00, 0x01, 0x2a, 0xff, 0x00, 0x01, 0x0b, 0xff, 0x45, 0xb0, 0x00, 0x2c, + 0x00, 0x00, 0x00, 0x00, 0xff, 0x06, 0xa6, 0xd9, 0x0a, 0x1f, 0x00, 0x01, 0x0a, 0x22, 0x00, 0x01, 0x2a, 0xf9, 0x00, 0x17, 0xcf, 0x84, 0x85, 0x39, 0x00, 0x00, + 0x00, 0x00, 0x60, 0x02, 0x10, 0x20, 0xf7, 0x91, 0x00, 0x00, 0x02, 0x04, 0x02, 0x18}; + +#if 1 +TEST(DATA_PACKET, ETH_MPLS_MPLS_IP4_TCP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data7, sizeof(data7)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data7 == 66); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 52); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_MPLS + const struct layer_record *outer_mpls_record = packet_get_outermost_layer(&handler, LAYER_TYPE_MPLS); + + EXPECT_TRUE(outer_mpls_record != nullptr); + EXPECT_TRUE(outer_mpls_record->hdr_offset == 14); + EXPECT_TRUE(outer_mpls_record->hdr_len == 4); + EXPECT_TRUE(outer_mpls_record->pld_len == 48); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == outer_mpls_record); + + // LAYER_TYPE_MPLS + const struct layer_record *inner_mpls_record = packet_get_innermost_layer(&handler, LAYER_TYPE_MPLS); + + EXPECT_TRUE(inner_mpls_record != nullptr); + EXPECT_TRUE(inner_mpls_record->hdr_offset == 18); + EXPECT_TRUE(inner_mpls_record->hdr_len == 4); + EXPECT_TRUE(inner_mpls_record->pld_len == 44); + + // LAYER_TYPE_L2_TUN + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record == inner_mpls_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 22); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 24); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == inner_l3_record); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 42); + EXPECT_TRUE(outer_tcp_record->hdr_len == 24); + EXPECT_TRUE(outer_tcp_record->pld_len == 0); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1 -> 10.34.0.1"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1 -> 10.34.0.1"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1:11001 -> 10.34.0.1:23"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1:11001 -> 10.34.0.1:23"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1:11001 -> 10.34.0.1:23, proto: 6, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.31.0.1:11001 -> 10.34.0.1:23, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 8-ETH_VLAN_PPPOE_IP4_TCP.pcap + * [Protocols in frame: eth:ethertype:vlan:ethertype:pppoes:ppp:ip:tcp] + ****************************************************************************** + * + * Frame 55: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) + * Ethernet II, Src: 00:00:00_00:04:46 (00:00:00:00:04:46), Dst: 18:10:04:00:02:27 (18:10:04:00:02:27) + * Destination: 18:10:04:00:02:27 (18:10:04:00:02:27) + * Source: 00:00:00_00:04:46 (00:00:00:00:04:46) + * Type: 802.1Q Virtual LAN (0x8100) + * 802.1Q Virtual LAN, PRI: 3, DEI: 0, ID: 1476 + * 011. .... .... .... = Priority: Critical Applications (3) + * ...0 .... .... .... = DEI: Ineligible + * .... 0101 1100 0100 = ID: 1476 + * Type: PPPoE Session (0x8864) + * PPP-over-Ethernet Session + * 0001 .... = Version: 1 + * .... 0001 = Type: 1 + * Code: Session Data (0x00) + * Session ID: 0xb4bc + * Payload Length: 54 + * Point-to-Point Protocol + * Protocol: Internet Protocol version 4 (0x0021) + * Internet Protocol Version 4, Src: 100.65.55.0, Dst: 91.185.14.33 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 52 + * Identification: 0x4ba7 (19367) + * 010. .... = Flags: 0x2, Don't fragment + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 63 + * Protocol: TCP (6) + * Header Checksum: 0xeb01 [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 100.65.55.0 + * Destination Address: 91.185.14.33 + * Transmission Control Protocol, Src Port: 34532, Dst Port: 443, Seq: 491, Ack: 54523, Len: 0 + * Source Port: 34532 + * Destination Port: 443 + * [Stream index: 0] + * [Conversation completeness: Incomplete (12)] + * [TCP Segment Len: 0] + * Sequence Number: 491 (relative sequence number) + * Sequence Number (raw): 3064322674 + * [Next Sequence Number: 491 (relative sequence number)] + * Acknowledgment Number: 54523 (relative ack number) + * Acknowledgment number (raw): 2083649568 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x010 (ACK) + * Window: 4032 + * [Calculated window size: 4032] + * [Window size scaling factor: -1 (unknown)] + * Checksum: 0xc361 [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * [Timestamps] + * [SEQ/ACK analysis] + */ + +unsigned char data8[] = { + 0x18, 0x10, 0x04, 0x00, 0x02, 0x27, 0x00, 0x00, 0x00, 0x00, 0x04, 0x46, 0x81, 0x00, 0x65, 0xc4, 0x88, 0x64, 0x11, 0x00, 0xb4, 0xbc, 0x00, 0x36, 0x00, 0x21, + 0x45, 0x00, 0x00, 0x34, 0x4b, 0xa7, 0x40, 0x00, 0x3f, 0x06, 0xeb, 0x01, 0x64, 0x41, 0x37, 0x00, 0x5b, 0xb9, 0x0e, 0x21, 0x86, 0xe4, 0x01, 0xbb, 0xb6, 0xa5, + 0xda, 0x72, 0x7c, 0x31, 0xf8, 0x20, 0x80, 0x10, 0x0f, 0xc0, 0xc3, 0x61, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x00, 0x6f, 0xab, 0xdf, 0x9c, 0x61, 0xc7, 0xc5}; + +#if 1 +TEST(DATA_PACKET, ETH_VLAN_PPPOE_IP4_TCP) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data8, sizeof(data8)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data8 == 78); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 64); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_VLAN + const struct layer_record *outer_vlan_record = packet_get_outermost_layer(&handler, LAYER_TYPE_VLAN); + const struct layer_record *inner_vlan_record = packet_get_innermost_layer(&handler, LAYER_TYPE_VLAN); + + EXPECT_TRUE(outer_vlan_record != nullptr); + EXPECT_TRUE(inner_vlan_record != nullptr); + EXPECT_TRUE(outer_vlan_record == inner_vlan_record); + EXPECT_TRUE(outer_vlan_record->hdr_offset == 14); + EXPECT_TRUE(outer_vlan_record->hdr_len == 4); + EXPECT_TRUE(outer_vlan_record->pld_len == 60); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == outer_vlan_record); + + // LAYER_TYPE_PPPOE + const struct layer_record *outer_pppoe_record = packet_get_outermost_layer(&handler, LAYER_TYPE_PPPOE); + const struct layer_record *inner_pppoe_record = packet_get_innermost_layer(&handler, LAYER_TYPE_PPPOE); + + EXPECT_TRUE(outer_pppoe_record != nullptr); + EXPECT_TRUE(inner_pppoe_record != nullptr); + EXPECT_TRUE(outer_pppoe_record == inner_pppoe_record); + EXPECT_TRUE(outer_pppoe_record->hdr_offset == 18); + EXPECT_TRUE(outer_pppoe_record->hdr_len == 8); + EXPECT_TRUE(outer_pppoe_record->pld_len == 52); + + // LAYER_TYPE_L2_TUN + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record == outer_pppoe_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 26); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 32); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == inner_l3_record); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 46); + EXPECT_TRUE(outer_tcp_record->hdr_len == 32); + EXPECT_TRUE(outer_tcp_record->pld_len == 0); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == inner_l4_record); + EXPECT_TRUE(outer_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0 -> 91.185.14.33"); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0 -> 91.185.14.33"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0:34532 -> 91.185.14.33:443"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0:34532 -> 91.185.14.33:443"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0:34532 -> 91.185.14.33:443, proto: 6, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "100.65.55.0:34532 -> 91.185.14.33:443, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 9-ETH_IP6_UDP_GTP_IP6_TCP_TLS.pcap + * [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ipv6:tcp:ja3:tls] + ****************************************************************************** + * + * Frame 1: 1442 bytes on wire (11536 bits), 1442 bytes captured (11536 bits) + * Ethernet II, Src: zte_0e:f5:40 (74:4a:a4:0e:f5:40), Dst: HuaweiTe_40:e9:c2 (ac:b3:b5:40:e9:c2) + * Destination: HuaweiTe_40:e9:c2 (ac:b3:b5:40:e9:c2) + * Source: zte_0e:f5:40 (74:4a:a4:0e:f5:40) + * Type: IPv6 (0x86dd) + * Internet Protocol Version 6, Src: 2409:8034:4040:5300::105, Dst: 2409:8034:4025::60:61 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 1388 + * Next Header: UDP (17) + * Hop Limit: 127 + * Source Address: 2409:8034:4040:5300::105 + * Destination Address: 2409:8034:4025::60:61 + * User Datagram Protocol, Src Port: 2152, Dst Port: 2152 + * Source Port: 2152 + * Destination Port: 2152 + * Length: 1388 + * Checksum: 0xeb00 [unverified] + * [Checksum Status: Unverified] + * [Stream index: 0] + * [Timestamps] + * UDP payload (1380 bytes) + * GPRS Tunneling Protocol + * Flags: 0x30 + * Message Type: T-PDU (0xff) + * Length: 1372 + * TEID: 0x024c3cbd (38550717) + * Internet Protocol Version 6, Src: 2409:8c34:4400:700:0:4:0:3, Dst: 2409:8934:5082:2100:ecad:e0e4:530a:c269 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 1332 + * Next Header: TCP (6) + * Hop Limit: 56 + * Source Address: 2409:8c34:4400:700:0:4:0:3 + * Destination Address: 2409:8934:5082:2100:ecad:e0e4:530a:c269 + * Transmission Control Protocol, Src Port: 443, Dst Port: 46582, Seq: 1, Ack: 1, Len: 1312 + * Source Port: 443 + * Destination Port: 46582 + * [Stream index: 0] + * [Conversation completeness: Incomplete (8)] + * [TCP Segment Len: 1312] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 2198097831 + * [Next Sequence Number: 1313 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 2264498872 + * 0101 .... = Header Length: 20 bytes (5) + * Flags: 0x010 (ACK) + * Window: 529 + * [Calculated window size: 529] + * [Window size scaling factor: -1 (unknown)] + * Checksum: 0x2c4b [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * [Timestamps] + * [SEQ/ACK analysis] + * TCP payload (1312 bytes) + * Transport Layer Security + */ + +unsigned char data9[] = { + 0xac, 0xb3, 0xb5, 0x40, 0xe9, 0xc2, 0x74, 0x4a, 0xa4, 0x0e, 0xf5, 0x40, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x05, 0x6c, 0x11, 0x7f, 0x24, 0x09, 0x80, 0x34, + 0x40, 0x40, 0x53, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x05, 0x24, 0x09, 0x80, 0x34, 0x40, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, + 0x00, 0x61, 0x08, 0x68, 0x08, 0x68, 0x05, 0x6c, 0xeb, 0x00, 0x30, 0xff, 0x05, 0x5c, 0x02, 0x4c, 0x3c, 0xbd, 0x60, 0x00, 0x00, 0x00, 0x05, 0x34, 0x06, 0x38, + 0x24, 0x09, 0x8c, 0x34, 0x44, 0x00, 0x07, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x03, 0x24, 0x09, 0x89, 0x34, 0x50, 0x82, 0x21, 0x00, 0xec, 0xad, + 0xe0, 0xe4, 0x53, 0x0a, 0xc2, 0x69, 0x01, 0xbb, 0xb5, 0xf6, 0x83, 0x04, 0x4f, 0xa7, 0x86, 0xf9, 0x82, 0xb8, 0x50, 0x10, 0x02, 0x11, 0x2c, 0x4b, 0x00, 0x00, + 0x17, 0x03, 0x03, 0x3c, 0x8c, 0x87, 0xa0, 0x99, 0x23, 0x5b, 0x53, 0x4a, 0x12, 0x1b, 0xf8, 0xba, 0xe8, 0x83, 0xc2, 0x95, 0xda, 0xb8, 0xea, 0x5b, 0xdc, 0x84, + 0x61, 0xa9, 0x86, 0x7e, 0x43, 0xc7, 0x31, 0x44, 0x6e, 0x11, 0xc1, 0x30, 0x21, 0x03, 0xb4, 0x21, 0x4a, 0xee, 0xc9, 0x2e, 0x14, 0xd2, 0x98, 0x63, 0x12, 0xfe, + 0x79, 0x58, 0xb3, 0x18, 0xa6, 0x8d, 0x0c, 0x62, 0x67, 0x51, 0xef, 0x02, 0x5a, 0xa8, 0xb3, 0x82, 0x1f, 0xe4, 0x51, 0xba, 0xde, 0xee, 0x83, 0x9c, 0x4e, 0xac, + 0x4d, 0xa2, 0xb7, 0x6a, 0x82, 0xe7, 0xbb, 0x00, 0xf7, 0x5a, 0xe7, 0x02, 0x71, 0x7e, 0x7d, 0x6f, 0xf2, 0xe5, 0x47, 0xd0, 0xba, 0x3c, 0x51, 0x09, 0x95, 0xcd, + 0xf6, 0xc9, 0x8b, 0x6f, 0xb0, 0x39, 0x11, 0x0d, 0xe9, 0x0d, 0x4d, 0x29, 0xd4, 0xcb, 0x87, 0xba, 0x11, 0xfa, 0x0d, 0x0b, 0x82, 0x95, 0xa5, 0x84, 0x94, 0x48, + 0xa2, 0xee, 0xa4, 0xb7, 0xb6, 0x76, 0x13, 0x4d, 0x18, 0x42, 0x91, 0x77, 0xad, 0x82, 0x38, 0xee, 0x34, 0x1c, 0xb7, 0xf6, 0x39, 0xdc, 0xa4, 0x23, 0xa1, 0x7c, + 0xa5, 0x0b, 0x7e, 0x4c, 0x8b, 0x81, 0x31, 0x48, 0xea, 0xf4, 0x18, 0x37, 0x09, 0x0a, 0x53, 0x13, 0x05, 0x90, 0x26, 0x10, 0x69, 0xb2, 0xa3, 0x36, 0xbc, 0xa5, + 0x83, 0xd8, 0x16, 0x77, 0x98, 0xc8, 0x21, 0x38, 0xd9, 0x88, 0x0c, 0xa7, 0x16, 0x97, 0x4e, 0x20, 0x6d, 0x68, 0xda, 0x1b, 0x3b, 0x4a, 0x62, 0xe0, 0x36, 0x0d, + 0xbf, 0x30, 0x71, 0xb1, 0xe9, 0xbe, 0x47, 0x77, 0x99, 0xb9, 0xe6, 0x26, 0xab, 0x81, 0x2e, 0x46, 0xf1, 0x1b, 0x1e, 0xfb, 0xd7, 0x81, 0x60, 0x21, 0x4a, 0x71, + 0x85, 0xf7, 0x9c, 0x9c, 0xd4, 0x1c, 0x52, 0xc4, 0x3d, 0x8d, 0x72, 0xf6, 0x7c, 0xd3, 0x58, 0x79, 0x0d, 0x78, 0xd7, 0x7c, 0x29, 0x2b, 0xc3, 0x96, 0x1d, 0xc7, + 0x96, 0x50, 0x42, 0xd7, 0xda, 0xeb, 0x29, 0x8e, 0x2a, 0x72, 0x23, 0x57, 0x0f, 0x6f, 0x37, 0x35, 0xb2, 0x42, 0x76, 0x78, 0xbf, 0xbf, 0x8c, 0x3f, 0x31, 0xa2, + 0x51, 0xec, 0x9e, 0x0d, 0xfd, 0xf2, 0xaf, 0x71, 0xa0, 0x4f, 0xa9, 0xf6, 0x19, 0xcf, 0x3e, 0x4b, 0xc8, 0xaa, 0x38, 0x06, 0xa1, 0x15, 0xde, 0xde, 0xef, 0x9b, + 0x25, 0xa3, 0xcc, 0x47, 0xca, 0x29, 0x30, 0x65, 0x5f, 0xc1, 0x8b, 0x12, 0x63, 0x79, 0xcd, 0x57, 0x4d, 0x99, 0xc0, 0xcd, 0xbe, 0x62, 0xcb, 0xc3, 0xf2, 0x6b, + 0x0b, 0x40, 0xc5, 0xee, 0x79, 0x0a, 0xa4, 0x75, 0x56, 0xe7, 0xe7, 0xf2, 0xfd, 0xe0, 0x72, 0x78, 0x04, 0xa2, 0x50, 0x31, 0x09, 0x8b, 0x57, 0xc3, 0x85, 0x4e, + 0xc4, 0xae, 0xde, 0x8a, 0xfa, 0xf6, 0x31, 0x06, 0xd2, 0x07, 0x25, 0x40, 0xce, 0x0d, 0xfd, 0x26, 0x98, 0x41, 0xa3, 0xa9, 0xa2, 0x8d, 0x8b, 0x7f, 0x6d, 0x63, + 0x87, 0x7e, 0x75, 0x2f, 0x78, 0xc9, 0xd5, 0x04, 0xb2, 0x4f, 0xc9, 0x94, 0xa7, 0x7f, 0xbc, 0x75, 0x7b, 0xb6, 0xfb, 0x2c, 0x46, 0xf6, 0xde, 0x36, 0x31, 0x2a, + 0x32, 0x1d, 0x7f, 0x30, 0x9e, 0x4a, 0x84, 0x69, 0x66, 0xac, 0xef, 0xbe, 0xb3, 0x83, 0x8c, 0xb8, 0x30, 0xd2, 0x3f, 0xcf, 0xb5, 0xbb, 0x65, 0xaa, 0xe7, 0x6b, + 0x74, 0x48, 0x2c, 0xb2, 0x72, 0x2b, 0x78, 0xaf, 0xd0, 0x71, 0x04, 0xa9, 0xb4, 0x65, 0xd9, 0xfc, 0x74, 0x23, 0xff, 0x89, 0xc1, 0x16, 0x23, 0xac, 0x59, 0x16, + 0x89, 0x41, 0xc3, 0xdb, 0xdb, 0x5b, 0x9a, 0x3d, 0x08, 0xc4, 0x12, 0x28, 0xf8, 0x10, 0xa5, 0xad, 0xc6, 0x81, 0xc0, 0x61, 0x48, 0xba, 0x9d, 0xef, 0xc7, 0xf8, + 0xad, 0x9a, 0xbd, 0x87, 0xfa, 0x7f, 0xa2, 0x4e, 0x4d, 0xe0, 0x19, 0xd5, 0x47, 0xc7, 0xd0, 0xfb, 0x00, 0x7b, 0xbf, 0x17, 0x80, 0xfe, 0xf5, 0x27, 0xec, 0x94, + 0x44, 0x3d, 0x4a, 0x34, 0x49, 0x60, 0xb4, 0x8d, 0x71, 0x6d, 0x9c, 0xf4, 0x4c, 0x33, 0xa9, 0x49, 0x58, 0x58, 0x6f, 0xe1, 0xd1, 0x7d, 0x36, 0x51, 0xf4, 0xd8, + 0x0d, 0x0b, 0xfc, 0xeb, 0xae, 0x58, 0x06, 0x08, 0xbf, 0x67, 0x07, 0x28, 0x7e, 0x68, 0x65, 0x79, 0x86, 0xfb, 0x43, 0x0f, 0x0a, 0xef, 0xd0, 0x97, 0x33, 0x10, + 0x7a, 0x20, 0xe8, 0x22, 0xe5, 0xdc, 0x0c, 0xa2, 0xa5, 0x50, 0x1b, 0x08, 0x15, 0xc2, 0xec, 0xd2, 0x06, 0x25, 0xd0, 0x3b, 0xfd, 0xe3, 0xa2, 0x6f, 0x41, 0x15, + 0x6d, 0x9f, 0x5f, 0xc4, 0x07, 0x5c, 0x99, 0x63, 0xd9, 0xd7, 0xdc, 0x90, 0xc9, 0x8f, 0x3a, 0x4b, 0x6a, 0x84, 0xe8, 0x3c, 0xc7, 0x71, 0x50, 0x71, 0x86, 0x71, + 0x7d, 0x54, 0x84, 0x7b, 0xb7, 0xca, 0xd5, 0x42, 0xaf, 0x88, 0xa5, 0xae, 0xa4, 0x9c, 0xfd, 0x71, 0x71, 0x0f, 0x67, 0xaa, 0x1b, 0x61, 0xd7, 0xf4, 0x50, 0x21, + 0x9d, 0x80, 0x6e, 0x54, 0xcd, 0xb6, 0xb9, 0x02, 0x3e, 0x59, 0x50, 0xff, 0xf2, 0xda, 0x21, 0x5c, 0x50, 0x6d, 0x64, 0x8c, 0x33, 0x75, 0x2a, 0xa4, 0x56, 0xb3, + 0xa8, 0xdb, 0xba, 0xbe, 0x52, 0xd4, 0xe5, 0x29, 0x68, 0xe2, 0x6b, 0x94, 0x6b, 0xb3, 0x90, 0x63, 0x91, 0x1a, 0x95, 0xb5, 0xd7, 0x10, 0x1b, 0xd9, 0x93, 0x4f, + 0x33, 0xb6, 0x6a, 0x4e, 0xcd, 0x40, 0x9d, 0x47, 0x76, 0x3e, 0x4b, 0xc7, 0x2f, 0x16, 0x96, 0x64, 0x9d, 0x4e, 0x8c, 0xfb, 0x0f, 0xd2, 0xec, 0x6c, 0xba, 0xf2, + 0x9c, 0xca, 0xd2, 0x3e, 0x64, 0x37, 0x32, 0x20, 0xd7, 0x4c, 0xb0, 0xe7, 0xd3, 0x75, 0x51, 0x3a, 0x94, 0xc1, 0xdf, 0x1c, 0xb3, 0x10, 0xd5, 0x1e, 0xcf, 0x7c, + 0xb7, 0xab, 0x4a, 0x93, 0xf0, 0x78, 0x58, 0x28, 0x63, 0x10, 0xee, 0xb0, 0xd6, 0x14, 0x81, 0x47, 0xeb, 0x2e, 0xc8, 0x6e, 0x33, 0x7e, 0xf3, 0x2d, 0xc8, 0xdb, + 0x29, 0x0c, 0x80, 0xe4, 0x2f, 0x10, 0x07, 0x8e, 0x08, 0x86, 0x97, 0x1b, 0x39, 0x98, 0x39, 0x06, 0xb3, 0x85, 0x53, 0xb7, 0xbb, 0x65, 0x65, 0x85, 0x0e, 0x0a, + 0x7d, 0x29, 0x3d, 0x3f, 0x52, 0xc2, 0x7b, 0x2b, 0x30, 0x94, 0x99, 0x6a, 0x4b, 0xad, 0xe9, 0xec, 0xcb, 0xcd, 0xae, 0x97, 0x45, 0x54, 0xd5, 0x00, 0x5e, 0xd8, + 0xac, 0xeb, 0x99, 0xdc, 0x58, 0x0b, 0x01, 0xeb, 0x32, 0x22, 0xc4, 0xec, 0x4f, 0xd2, 0x15, 0x03, 0x30, 0x88, 0xc7, 0x28, 0xaf, 0x78, 0xf5, 0x38, 0x84, 0x3b, + 0x3b, 0xe9, 0x29, 0x71, 0x50, 0xa3, 0x07, 0x49, 0x3b, 0xc6, 0x97, 0xc6, 0xf9, 0x53, 0x95, 0x51, 0x65, 0x7e, 0xd7, 0xd4, 0xe8, 0x76, 0x6a, 0x6d, 0x37, 0x6b, + 0xa5, 0x59, 0xaa, 0x14, 0x18, 0x8c, 0x8d, 0x65, 0x78, 0x67, 0xfb, 0x60, 0x56, 0xab, 0x04, 0xa0, 0xc2, 0x93, 0x46, 0xf1, 0x2b, 0x0d, 0x3b, 0x38, 0x62, 0x62, + 0x5e, 0xc8, 0x30, 0xf9, 0x45, 0x28, 0x6f, 0xa1, 0xb1, 0x88, 0xf1, 0x2b, 0x3b, 0xf8, 0xae, 0x91, 0x52, 0xc3, 0x72, 0x86, 0xe4, 0xec, 0xc3, 0x54, 0x86, 0xbf, + 0x8f, 0x33, 0xb1, 0x0f, 0x42, 0xc5, 0x9c, 0xb8, 0xc2, 0x67, 0x8b, 0xac, 0x78, 0xd7, 0x63, 0xab, 0x05, 0xc6, 0x6c, 0x37, 0xa1, 0x28, 0xef, 0x95, 0xc9, 0xf5, + 0x12, 0x38, 0x54, 0x34, 0x2e, 0x03, 0x6a, 0xaa, 0xa9, 0x97, 0x72, 0x22, 0x9f, 0x20, 0xec, 0x9e, 0x29, 0x09, 0xd8, 0x38, 0xd1, 0x86, 0x82, 0x99, 0xbd, 0x2a, + 0x03, 0xe9, 0x3d, 0xbd, 0xea, 0xc5, 0x8b, 0xb0, 0x4c, 0x8b, 0x7e, 0x78, 0x08, 0xef, 0x39, 0xa8, 0xb4, 0x47, 0xce, 0x44, 0xc3, 0x3f, 0x52, 0xe4, 0xbd, 0x9e, + 0xf6, 0xed, 0x6f, 0x6c, 0x05, 0x19, 0xa6, 0x0a, 0x1e, 0x48, 0xe3, 0x9b, 0x91, 0x61, 0xef, 0xf5, 0x91, 0x39, 0x70, 0x44, 0x1c, 0x08, 0x2e, 0x2c, 0x6c, 0x27, + 0xb9, 0x0e, 0xcc, 0x74, 0x69, 0xa5, 0xf8, 0x19, 0xd6, 0xbf, 0x57, 0x6c, 0x9a, 0x91, 0x74, 0xfd, 0xc2, 0x31, 0x32, 0x12, 0x06, 0xa3, 0x69, 0x71, 0xda, 0x40, + 0xa1, 0xf3, 0xb5, 0x9a, 0x43, 0xcc, 0xb4, 0x3c, 0x16, 0x40, 0x65, 0x2b, 0x02, 0xac, 0x5c, 0xae, 0xd6, 0x34, 0x34, 0xe3, 0x69, 0x76, 0x2c, 0xa8, 0xdd, 0x04, + 0x92, 0xa6, 0x7a, 0xc0, 0x87, 0x70, 0x8b, 0x85, 0xba, 0x5d, 0xbb, 0x62, 0x70, 0xcc, 0x1f, 0x21, 0x2c, 0x7e, 0xc3, 0x77, 0xcf, 0x23, 0x22, 0xf4, 0x16, 0x8e, + 0xf1, 0x3d, 0xdc, 0x33, 0x99, 0x5e, 0xaa, 0xa2, 0x50, 0x68, 0xde, 0x03, 0x44, 0xbb, 0xc7, 0x16, 0x2a, 0xf2, 0x08, 0xeb, 0x3d, 0x12, 0x6d, 0xcb, 0x2a, 0xaf, + 0xb4, 0x79, 0xdb, 0x74, 0x5e, 0x54, 0x89, 0x73, 0x0c, 0x48, 0x9c, 0x03, 0x33, 0xd2, 0x92, 0x22, 0xdb, 0x3a, 0xa0, 0x8c, 0xe2, 0x30, 0x6f, 0x39, 0xe4, 0xa9, + 0x24, 0x04, 0xbb, 0x85, 0x7d, 0x62, 0xc5, 0xa9, 0x98, 0x92, 0xef, 0xc6, 0xc8, 0xd1, 0x81, 0xad, 0x95, 0x40, 0x27, 0x09, 0xc7, 0x43, 0xcd, 0xb6, 0x94, 0xfc, + 0x1c, 0x7d, 0x1c, 0xd3, 0x47, 0xfe, 0x62, 0x9c, 0xfa, 0xeb, 0xfc, 0x02, 0x2e, 0x48, 0x62, 0xcf, 0x63, 0xdb, 0x63, 0xd9, 0x21, 0x86, 0xe8, 0x96, 0x54, 0xeb, + 0x6a, 0xa8, 0x78, 0x3c, 0x5b, 0xb6, 0xde, 0xa9, 0x04, 0x48, 0x63, 0xb2, 0x10, 0x02, 0x6a, 0x7f, 0x6d, 0xc8, 0x04, 0xdd, 0x99, 0x25, 0x08, 0xff, 0x80, 0x11, + 0x53, 0xfb, 0x7a, 0x07, 0x39, 0xd9, 0x97, 0xca, 0xf0, 0xa7, 0x46, 0x9c, 0xc2, 0xae, 0x2e, 0x05, 0x62, 0xa0, 0xd5, 0x5d, 0x17, 0x0e, 0x5c, 0x7e, 0x9a, 0xb2, + 0xb7, 0x9d, 0xd4, 0x4f, 0xe3, 0xac, 0x64, 0xdb, 0x6f, 0x1d, 0xdf, 0xd8, 0x41, 0xd7, 0xd9, 0x50, 0x55, 0x30, 0xeb, 0x4b, 0x19, 0xce, 0x78, 0x1f, 0xa8, 0x1e, + 0x87, 0x9c, 0x8f, 0x93, 0x97, 0xd4, 0xa2, 0x28, 0x2c, 0x79, 0x22, 0xc8}; + +#if 1 +TEST(DATA_PACKET, ETH_IP6_UDP_GTP_IP6_TCP_TLS) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data9, sizeof(data9)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data9 == 130); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 1428); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 1388); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv6_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record == inner_udp_record); + EXPECT_TRUE(outer_udp_record->hdr_offset == 54); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 1380); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + // LAYER_TYPE_GTPV1_U + const struct layer_record *outer_gtp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_GTPV1_U); + const struct layer_record *inner_gtp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_GTPV1_U); + + EXPECT_TRUE(outer_gtp_record != nullptr); + EXPECT_TRUE(inner_gtp_record != nullptr); + EXPECT_TRUE(outer_gtp_record == inner_gtp_record); + EXPECT_TRUE(outer_gtp_record->hdr_offset == 62); + EXPECT_TRUE(outer_gtp_record->hdr_len == 8); + EXPECT_TRUE(outer_gtp_record->pld_len == 1372); + + // LAYER_TYPE_IPV6 + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record->hdr_offset == 70); + EXPECT_TRUE(inner_ipv6_record->hdr_len == 40); + EXPECT_TRUE(inner_ipv6_record->pld_len == 1332); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == inner_ipv6_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 110); + EXPECT_TRUE(outer_tcp_record->hdr_len == 20); + EXPECT_TRUE(outer_tcp_record->pld_len == 1312); + + // LAYER_TYPE_L4 + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4040:5300::105 -> 2409:8034:4025::60:61"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8c34:4400:700:0:4:0:3 -> 2409:8934:5082:2100:ecad:e0e4:530a:c269"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4040:5300::105:2152 -> 2409:8034:4025::60:61:2152"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8c34:4400:700:0:4:0:3:443 -> 2409:8934:5082:2100:ecad:e0e4:530a:c269:46582"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4040:5300::105:2152 -> 2409:8034:4025::60:61:2152, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8c34:4400:700:0:4:0:3:443 -> 2409:8934:5082:2100:ecad:e0e4:530a:c269:46582, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 10-ETH_IP6_UDP_GTP_IP4_TCP_TLS.pcap + * [Protocols in frame: eth:ethertype:ipv6:udp:gtp:ip:tcp:ja3:tls] + ****************************************************************************** + * + * Frame 1: 1470 bytes on wire (11760 bits), 1470 bytes captured (11760 bits) + * Ethernet II, Src: HuaweiTe_62:ee:70 (60:d7:55:62:ee:70), Dst: zte_0e:f5:1c (74:4a:a4:0e:f5:1c) + * Destination: zte_0e:f5:1c (74:4a:a4:0e:f5:1c) + * Source: HuaweiTe_62:ee:70 (60:d7:55:62:ee:70) + * Type: IPv6 (0x86dd) + * Internet Protocol Version 6, Src: 2409:8034:4025::50:a31, Dst: 2409:8034:4040:5301::204 + * 0110 .... = Version: 6 + * .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) + * .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 + * Payload Length: 1416 + * Next Header: UDP (17) + * Hop Limit: 252 + * Source Address: 2409:8034:4025::50:a31 + * Destination Address: 2409:8034:4040:5301::204 + * User Datagram Protocol, Src Port: 2152, Dst Port: 2152 + * Source Port: 2152 + * Destination Port: 2152 + * Length: 1416 + * Checksum: 0xc8df [unverified] + * [Checksum Status: Unverified] + * [Stream index: 0] + * [Timestamps] + * UDP payload (1408 bytes) + * GPRS Tunneling Protocol + * Flags: 0x30 + * Message Type: T-PDU (0xff) + * Length: 1400 + * TEID: 0x6c2a4753 (1814710099) + * Internet Protocol Version 4, Src: 10.49.115.138, Dst: 121.196.250.66 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 1400 + * Identification: 0x0003 (3) + * 010. .... = Flags: 0x2, Don't fragment + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: TCP (6) + * Header Checksum: 0x43bb [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 10.49.115.138 + * Destination Address: 121.196.250.66 + * Transmission Control Protocol, Src Port: 50081, Dst Port: 443, Seq: 1, Ack: 1, Len: 1348 + * Source Port: 50081 + * Destination Port: 443 + * [Stream index: 0] + * [Conversation completeness: Incomplete (8)] + * [TCP Segment Len: 1348] + * Sequence Number: 1 (relative sequence number) + * Sequence Number (raw): 1522577104 + * [Next Sequence Number: 1349 (relative sequence number)] + * Acknowledgment Number: 1 (relative ack number) + * Acknowledgment number (raw): 3419365570 + * 1000 .... = Header Length: 32 bytes (8) + * Flags: 0x010 (ACK) + * Window: 2038 + * [Calculated window size: 2038] + * [Window size scaling factor: -1 (unknown)] + * Checksum: 0xd3c2 [unverified] + * [Checksum Status: Unverified] + * Urgent Pointer: 0 + * Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps + * [Timestamps] + * [SEQ/ACK analysis] + * TCP payload (1348 bytes) + * Transport Layer Security + */ + +unsigned char data10[] = { + 0x74, 0x4a, 0xa4, 0x0e, 0xf5, 0x1c, 0x60, 0xd7, 0x55, 0x62, 0xee, 0x70, 0x86, 0xdd, 0x60, 0x00, 0x00, 0x00, 0x05, 0x88, 0x11, 0xfc, 0x24, 0x09, 0x80, 0x34, + 0x40, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x0a, 0x31, 0x24, 0x09, 0x80, 0x34, 0x40, 0x40, 0x53, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x04, 0x08, 0x68, 0x08, 0x68, 0x05, 0x88, 0xc8, 0xdf, 0x30, 0xff, 0x05, 0x78, 0x6c, 0x2a, 0x47, 0x53, 0x45, 0x00, 0x05, 0x78, 0x00, 0x03, 0x40, 0x00, + 0x40, 0x06, 0x43, 0xbb, 0x0a, 0x31, 0x73, 0x8a, 0x79, 0xc4, 0xfa, 0x42, 0xc3, 0xa1, 0x01, 0xbb, 0x5a, 0xc0, 0xae, 0xd0, 0xcb, 0xcf, 0x60, 0xc2, 0x80, 0x10, + 0x07, 0xf6, 0xd3, 0xc2, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x85, 0x14, 0x0e, 0xb0, 0xcc, 0x45, 0xf8, 0x5f, 0xef, 0x49, 0x45, 0xa0, 0xbe, 0x21, 0xd6, 0x46, + 0x9f, 0xb5, 0x17, 0xb2, 0xfe, 0x61, 0x2d, 0xed, 0x4f, 0x0c, 0x1e, 0xb5, 0xda, 0x91, 0x40, 0x87, 0xab, 0x02, 0x0d, 0x01, 0xc8, 0xf1, 0x24, 0x05, 0x8a, 0x9d, + 0x8d, 0xfc, 0xbb, 0x82, 0x24, 0xf5, 0x7d, 0x2d, 0x10, 0x66, 0x30, 0x2a, 0xaa, 0x4a, 0x51, 0x8d, 0xe9, 0x9a, 0x65, 0xcf, 0x89, 0x0c, 0x9e, 0x0d, 0x82, 0xda, + 0x5e, 0xd3, 0x98, 0xe3, 0x23, 0xf7, 0x5a, 0xd4, 0x88, 0x94, 0xd2, 0xdf, 0xbe, 0x44, 0x20, 0x2b, 0x21, 0x2d, 0x38, 0xca, 0x29, 0x5e, 0xa3, 0xb7, 0xbb, 0x34, + 0x20, 0x42, 0x02, 0x71, 0x04, 0xda, 0xd2, 0xeb, 0xb8, 0x81, 0xa3, 0x48, 0xc8, 0x54, 0xad, 0x42, 0x35, 0xc4, 0x4f, 0x6b, 0x15, 0x50, 0x22, 0x3e, 0x26, 0xb3, + 0xfc, 0x30, 0x49, 0x71, 0x6f, 0x41, 0x66, 0xa2, 0x2e, 0xe9, 0xd3, 0x1a, 0x69, 0xa8, 0x87, 0x71, 0x65, 0xa2, 0xc7, 0xc7, 0x2b, 0x25, 0x1d, 0x3f, 0xfb, 0xe6, + 0x05, 0xe1, 0x09, 0xb9, 0x76, 0x1d, 0xb9, 0xf9, 0xaf, 0xb4, 0x79, 0xa1, 0x35, 0x05, 0x59, 0x88, 0xa0, 0x07, 0xb5, 0x2d, 0x02, 0x11, 0x0a, 0x89, 0xf1, 0x67, + 0xdb, 0xe5, 0x5c, 0x5c, 0xaa, 0x0e, 0x21, 0xa6, 0xa4, 0x1a, 0x9f, 0x9e, 0xc8, 0x2a, 0x36, 0x6f, 0xcc, 0xa3, 0x13, 0x78, 0xf1, 0xbe, 0x34, 0xa0, 0x35, 0xef, + 0x1f, 0xf4, 0x79, 0xcb, 0x37, 0x3e, 0x77, 0x14, 0xfb, 0x2e, 0x21, 0x4f, 0x6b, 0xe5, 0xe9, 0x3a, 0x90, 0x76, 0xa8, 0x55, 0x09, 0xb6, 0x68, 0xbf, 0x66, 0xae, + 0xf1, 0x55, 0xc0, 0x76, 0x8f, 0x16, 0x86, 0x49, 0x9a, 0x88, 0x01, 0xdb, 0x78, 0x1f, 0xde, 0xc2, 0x33, 0x92, 0xe3, 0x22, 0xc6, 0x8c, 0x20, 0x17, 0xa0, 0xb2, + 0x79, 0xf4, 0x60, 0x8e, 0x98, 0x53, 0xcd, 0x8f, 0xb2, 0x8f, 0x80, 0xda, 0x9f, 0xf6, 0x00, 0x0c, 0xf8, 0x6b, 0xdf, 0x7d, 0x93, 0x48, 0x5a, 0x23, 0x35, 0x0e, + 0x1b, 0xf7, 0x50, 0x87, 0x93, 0x29, 0xaa, 0xa1, 0xb8, 0x98, 0x9f, 0x89, 0xb2, 0x0a, 0x02, 0x27, 0x95, 0x01, 0x84, 0x5a, 0x09, 0xb8, 0xff, 0x23, 0x02, 0x89, + 0xef, 0x1b, 0x64, 0xb2, 0x38, 0x81, 0xc4, 0x36, 0xe3, 0xda, 0xb5, 0x3b, 0x80, 0x45, 0x52, 0x96, 0xab, 0x0e, 0xdb, 0xb6, 0x9c, 0xcb, 0xc4, 0xe5, 0xb9, 0x72, + 0x67, 0x57, 0x4b, 0xb9, 0x55, 0xcb, 0x6b, 0xc4, 0xec, 0x46, 0x4d, 0xa3, 0xe0, 0xda, 0xba, 0x70, 0x3d, 0xa6, 0xa7, 0x3f, 0x58, 0xd2, 0x9f, 0xb0, 0x11, 0x66, + 0xaf, 0x73, 0x09, 0x60, 0x6e, 0xe0, 0x71, 0xa5, 0x65, 0x41, 0x28, 0x3e, 0x70, 0x1d, 0x25, 0x77, 0x6a, 0x4e, 0xed, 0xb9, 0x27, 0x6c, 0xf0, 0xba, 0x54, 0x8d, + 0x77, 0xfb, 0xb6, 0x4e, 0xe2, 0xab, 0x8f, 0xe3, 0xd4, 0x02, 0x65, 0x0a, 0x49, 0xf3, 0xf9, 0xc7, 0x09, 0x76, 0x81, 0xf4, 0xf8, 0x3e, 0x1f, 0x74, 0x30, 0xaf, + 0x3b, 0x9e, 0x97, 0x00, 0xde, 0xd8, 0x9a, 0xaf, 0xcc, 0x72, 0xeb, 0x0a, 0xe7, 0xab, 0xc1, 0x53, 0x62, 0x3f, 0x08, 0xba, 0x43, 0x06, 0x13, 0x0a, 0x3b, 0x5c, + 0xb4, 0xe0, 0xc8, 0xa6, 0x41, 0x45, 0xaa, 0x1a, 0xc9, 0x88, 0x86, 0x31, 0x25, 0x02, 0x4a, 0x76, 0x66, 0xb6, 0x6d, 0xff, 0x50, 0x1d, 0x3c, 0xf3, 0x2d, 0xfe, + 0x7b, 0xb2, 0x75, 0x5d, 0x9a, 0x9a, 0xe5, 0x39, 0x31, 0x4f, 0x7b, 0xa5, 0x6f, 0x94, 0xed, 0x31, 0xd4, 0x61, 0xc7, 0x44, 0x1d, 0x37, 0x19, 0x76, 0x04, 0x0e, + 0xbd, 0xc4, 0x9e, 0xe3, 0xdf, 0x94, 0x49, 0x32, 0x65, 0xd0, 0x37, 0x64, 0xb5, 0x2a, 0x61, 0x2d, 0x05, 0xc5, 0xe5, 0x79, 0x3e, 0xcf, 0x5f, 0x77, 0x0a, 0x7c, + 0x29, 0x34, 0x1a, 0x45, 0x7e, 0x11, 0x68, 0xb4, 0x3a, 0xf6, 0x5b, 0x23, 0xe4, 0x32, 0xa4, 0x11, 0x1a, 0xba, 0xd6, 0x4a, 0x45, 0x42, 0x29, 0xac, 0xb0, 0x17, + 0x05, 0x1b, 0xee, 0xf6, 0x52, 0x6d, 0x8b, 0xb4, 0x3b, 0x63, 0xe2, 0xca, 0xbf, 0x7e, 0xd3, 0xf7, 0x96, 0x75, 0x67, 0x9d, 0x27, 0x15, 0x39, 0xde, 0x5f, 0x66, + 0x74, 0x7c, 0x46, 0x01, 0x48, 0xf7, 0x99, 0x33, 0x7d, 0xc6, 0x81, 0xc4, 0x82, 0x09, 0x00, 0x20, 0x3f, 0x5c, 0xe4, 0x51, 0x88, 0x5b, 0xac, 0x31, 0x17, 0x04, + 0xa4, 0xac, 0xbf, 0x3d, 0xff, 0xad, 0x51, 0x07, 0x0b, 0xc7, 0x26, 0xa7, 0x9f, 0x83, 0x17, 0xd8, 0x2f, 0x6a, 0x47, 0x96, 0x14, 0x47, 0x68, 0xd4, 0xc0, 0xc0, + 0x3b, 0x87, 0x51, 0x30, 0xe9, 0xfa, 0x21, 0x46, 0x80, 0x1a, 0x5a, 0xef, 0x78, 0xd0, 0x3a, 0xac, 0x73, 0x1e, 0x39, 0xba, 0x82, 0x43, 0x5d, 0xef, 0x15, 0x2c, + 0x9a, 0xe5, 0xeb, 0x6a, 0xe7, 0x24, 0x12, 0xe6, 0x2a, 0xd2, 0x09, 0xc2, 0x85, 0x69, 0x9d, 0x73, 0x16, 0xb0, 0xad, 0x51, 0xf8, 0x3d, 0x94, 0x6b, 0xb7, 0xb3, + 0x7f, 0xb4, 0x9e, 0xc1, 0xdc, 0x31, 0x27, 0xa1, 0x2d, 0xfe, 0x30, 0x15, 0x04, 0x20, 0x82, 0xdc, 0xbd, 0x8b, 0xc5, 0xb4, 0xcf, 0x91, 0x85, 0xae, 0x21, 0x5e, + 0x00, 0x10, 0x04, 0x62, 0x8a, 0xe2, 0x66, 0x74, 0xf8, 0x8d, 0x8b, 0x52, 0x17, 0xd9, 0x1a, 0xbd, 0x06, 0x2d, 0x07, 0x6a, 0xf5, 0x8b, 0xdf, 0x85, 0x2e, 0x36, + 0xec, 0x15, 0x6f, 0x7e, 0xd2, 0x04, 0x43, 0x6a, 0xd7, 0x60, 0xf5, 0x53, 0x0d, 0x2e, 0x2d, 0xf5, 0x52, 0x4c, 0xcc, 0xe5, 0xf4, 0x47, 0xdd, 0x34, 0xda, 0xc1, + 0xfc, 0x60, 0x00, 0xaa, 0x68, 0x01, 0x5c, 0x82, 0x4b, 0xf9, 0x57, 0x54, 0x9d, 0xd5, 0x8b, 0xb6, 0x42, 0x77, 0xd4, 0x47, 0x70, 0x23, 0x4c, 0xad, 0xc5, 0x00, + 0x73, 0x9b, 0xbb, 0x65, 0xa7, 0x46, 0x74, 0xcd, 0x2e, 0x61, 0x0f, 0xac, 0xeb, 0x53, 0x5a, 0x87, 0x70, 0xfc, 0x5d, 0x2e, 0xa1, 0xe3, 0x9a, 0x87, 0x01, 0x0f, + 0x2e, 0xef, 0x10, 0xe2, 0x82, 0xd8, 0x12, 0xe7, 0xb8, 0x94, 0xa4, 0xdd, 0x5f, 0xea, 0x21, 0x63, 0x26, 0x43, 0xec, 0xc3, 0x54, 0x76, 0xb1, 0xb2, 0x1c, 0x03, + 0x4c, 0x5c, 0x22, 0xb5, 0x00, 0x7d, 0x77, 0x3a, 0xb6, 0xbf, 0x50, 0xbd, 0xfd, 0x0a, 0x31, 0x2c, 0xdc, 0xab, 0xe2, 0xc0, 0x0b, 0xb6, 0x66, 0xad, 0x9c, 0xca, + 0x94, 0xed, 0xd8, 0x77, 0x1b, 0xf1, 0x94, 0xdd, 0x65, 0x61, 0xda, 0x7b, 0x04, 0x3c, 0x93, 0xcf, 0x96, 0x74, 0x35, 0x8e, 0x41, 0xe1, 0xa4, 0xbc, 0xf2, 0x4f, + 0xe9, 0xb8, 0x16, 0x55, 0x05, 0x5a, 0xac, 0x10, 0xd3, 0xdf, 0xea, 0x6a, 0xf8, 0xe0, 0xf3, 0xdf, 0x66, 0x00, 0xab, 0x3d, 0xb9, 0x44, 0x65, 0x34, 0x49, 0x89, + 0xf2, 0x1d, 0x09, 0xc9, 0xfc, 0xa5, 0x84, 0xa1, 0x03, 0x5b, 0x7a, 0x5c, 0x7e, 0x21, 0xe9, 0xb4, 0x3a, 0x4c, 0x2b, 0x94, 0x64, 0x1d, 0x9b, 0xa5, 0xbf, 0x7e, + 0x1c, 0x97, 0x7e, 0x3d, 0xbe, 0x84, 0xfc, 0xab, 0x6d, 0x2a, 0x50, 0x23, 0x9e, 0x11, 0x3f, 0xe2, 0xa0, 0x68, 0xe7, 0xd5, 0xba, 0x5e, 0x24, 0x8c, 0x4c, 0x46, + 0xe6, 0x5b, 0x10, 0xc3, 0x82, 0x32, 0x17, 0x32, 0xdc, 0xec, 0xaa, 0x1e, 0x73, 0xe5, 0x7d, 0xb8, 0x1c, 0x6c, 0x4c, 0x9f, 0x60, 0x7b, 0x66, 0x4c, 0x90, 0x69, + 0xc4, 0x23, 0x66, 0x67, 0xce, 0x6d, 0x24, 0x1d, 0xcc, 0x8e, 0x78, 0xa1, 0xa7, 0xde, 0x87, 0x81, 0xac, 0x62, 0x54, 0xbc, 0x47, 0x82, 0x3c, 0xad, 0x92, 0x29, + 0xd9, 0xc0, 0xed, 0x0c, 0x11, 0x0e, 0xc5, 0x75, 0xa4, 0xbd, 0xbf, 0xcb, 0x3a, 0xaf, 0x2b, 0x9f, 0xbe, 0xbb, 0xbc, 0x31, 0x07, 0xa7, 0xbe, 0x6c, 0xa9, 0x4e, + 0xff, 0x35, 0x80, 0x2f, 0x09, 0x77, 0xe0, 0xc0, 0xdc, 0x9c, 0xc6, 0xa6, 0x63, 0xab, 0x47, 0x74, 0x5f, 0x5c, 0xae, 0x75, 0xbf, 0x42, 0x67, 0x55, 0x89, 0xcf, + 0xd3, 0x65, 0x8d, 0x5b, 0x6f, 0x5c, 0xf9, 0xd1, 0x78, 0xa2, 0xfd, 0x4f, 0x54, 0x6a, 0x71, 0x0c, 0x58, 0x13, 0xb0, 0x48, 0x0a, 0x7b, 0xcc, 0x84, 0x61, 0xa7, + 0x7d, 0x39, 0xa2, 0xd1, 0xc0, 0xdb, 0x8e, 0x97, 0x20, 0x86, 0x97, 0x20, 0xda, 0xca, 0x56, 0x78, 0x61, 0xc2, 0x2f, 0x36, 0xdb, 0x95, 0xae, 0x7e, 0x8d, 0x97, + 0xcb, 0x45, 0x6a, 0x6d, 0x27, 0xaa, 0xab, 0x4e, 0x88, 0x23, 0xb6, 0x6a, 0x8a, 0xca, 0x71, 0xca, 0x39, 0xa2, 0x98, 0x0d, 0x53, 0xa9, 0x38, 0xd5, 0x9c, 0x5d, + 0x0e, 0x5e, 0xc9, 0xeb, 0x21, 0xab, 0x00, 0xca, 0xff, 0x92, 0x20, 0x9d, 0x65, 0x9d, 0x8d, 0x49, 0x46, 0xbe, 0x51, 0x97, 0xc1, 0x61, 0x02, 0x9e, 0xa8, 0xb9, + 0x2c, 0x27, 0x7d, 0x73, 0xf9, 0x12, 0x16, 0x45, 0x25, 0xbb, 0xb0, 0x51, 0x14, 0x18, 0x07, 0xab, 0xc7, 0x06, 0xc0, 0xe9, 0x1c, 0xf8, 0x6d, 0xe1, 0x80, 0x21, + 0x21, 0x68, 0x24, 0xf7, 0x28, 0xb9, 0x07, 0xd4, 0xd7, 0xdf, 0x3e, 0xff, 0xbc, 0xe3, 0xbc, 0x6e, 0x42, 0x76, 0x63, 0xbc, 0x82, 0x0a, 0xf5, 0x99, 0x65, 0x17, + 0xd2, 0x38, 0xa9, 0xa8, 0x31, 0xce, 0x1f, 0xf7, 0xef, 0x8d, 0x94, 0xae, 0x99, 0x50, 0x30, 0x12, 0xbd, 0x4b, 0x65, 0x56, 0x59, 0xfb, 0x33, 0x7b, 0x99, 0xc7, + 0xe5, 0x80, 0xe6, 0x92, 0x0e, 0x44, 0x1d, 0x17, 0xc2, 0xd0, 0x78, 0x76, 0x9d, 0x5b, 0x7d, 0x3c, 0xb4, 0xf8, 0xcb, 0x2f, 0x83, 0x23, 0x35, 0x49, 0xc0, 0x78, + 0x2d, 0x44, 0x05, 0x64, 0x0f, 0xaa, 0x84, 0x9d, 0x3f, 0xac, 0xef, 0x5b, 0x46, 0x44, 0xb8, 0x15, 0xbe, 0x4f, 0xe7, 0x25, 0xb7, 0xa0, 0xc8, 0x0f, 0x70, 0x1a, + 0xca, 0x7f, 0xce, 0x79, 0x7b, 0xf5, 0x7e, 0x21, 0x35, 0xc7, 0x0e, 0x99, 0xdc, 0x76, 0xe0, 0x36, 0x09, 0x6e, 0x6d, 0x5f, 0x98, 0x5e, 0xb8, 0xa4, 0x88, 0xea, + 0x0b, 0x4b, 0x21, 0xa2, 0x52, 0x86, 0x95, 0x4e, 0x18, 0xac, 0xa2, 0xaf, 0x29, 0x5b, 0xe7, 0x05, 0xa1, 0xc8, 0xe1, 0x80, 0xfa, 0xb6, 0x5a, 0xed, 0x94, 0x32, + 0x4f, 0xe9, 0xf5, 0xf0, 0x61, 0x5d, 0x7f, 0xc4, 0xc4, 0xd1, 0x05, 0x54, 0x13, 0xdb}; + +#if 1 +TEST(DATA_PACKET, ETH_IP6_UDP_GTP_IP4_TCP_TLS) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data10, sizeof(data10)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data10 == 122); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record == inner_eth_record); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 1456); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == inner_l2_record); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV6 + const struct layer_record *outer_ipv6_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV6); + const struct layer_record *inner_ipv6_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV6); + + EXPECT_TRUE(outer_ipv6_record != nullptr); + EXPECT_TRUE(inner_ipv6_record != nullptr); + EXPECT_TRUE(outer_ipv6_record == inner_ipv6_record); + EXPECT_TRUE(outer_ipv6_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv6_record->hdr_len == 40); + EXPECT_TRUE(outer_ipv6_record->pld_len == 1416); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv6_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record == inner_udp_record); + EXPECT_TRUE(outer_udp_record->hdr_offset == 54); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 1408); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + // LAYER_TYPE_GTPV1_U + const struct layer_record *outer_gtp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_GTPV1_U); + const struct layer_record *inner_gtp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_GTPV1_U); + + EXPECT_TRUE(outer_gtp_record != nullptr); + EXPECT_TRUE(inner_gtp_record != nullptr); + EXPECT_TRUE(outer_gtp_record == inner_gtp_record); + EXPECT_TRUE(outer_gtp_record->hdr_offset == 62); + EXPECT_TRUE(outer_gtp_record->hdr_len == 8); + EXPECT_TRUE(outer_gtp_record->pld_len == 1400); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record == inner_ipv4_record); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 70); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 1380); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == outer_ipv4_record); + + // LAYER_TYPE_TCP + const struct layer_record *outer_tcp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_TCP); + const struct layer_record *inner_tcp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_TCP); + + EXPECT_TRUE(outer_tcp_record != nullptr); + EXPECT_TRUE(inner_tcp_record != nullptr); + EXPECT_TRUE(outer_tcp_record == inner_tcp_record); + EXPECT_TRUE(outer_tcp_record->hdr_offset == 90); + EXPECT_TRUE(outer_tcp_record->hdr_len == 32); + EXPECT_TRUE(outer_tcp_record->pld_len == 1348); + + // LAYER_TYPE_L4 + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record == outer_tcp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4025::50:a31 -> 2409:8034:4040:5301::204"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.49.115.138 -> 121.196.250.66"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4025::50:a31:2152 -> 2409:8034:4040:5301::204:2152"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.49.115.138:50081 -> 121.196.250.66:443"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "2409:8034:4025::50:a31:2152 -> 2409:8034:4040:5301::204:2152, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.49.115.138:50081 -> 121.196.250.66:443, proto: 6, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 11-ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS.pcap + * [Protocols in frame: eth:ethertype:ip:udp:vxlan:eth:ethertype:ip:udp:dns] + ****************************************************************************** + * + * Frame 1: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) + * Ethernet II, Src: zte_6c:fa:43 (00:1e:73:6c:fa:43), Dst: Shanghai_0d:0a (e4:95:6e:20:0d:0a) + * Destination: Shanghai_0d:0a (e4:95:6e:20:0d:0a) + * Source: zte_6c:fa:43 (00:1e:73:6c:fa:43) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 10.1.1.1, Dst: 192.168.1.10 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 110 + * Identification: 0x0000 (0) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 254 + * Protocol: UDP (17) + * Header Checksum: 0xefca [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 10.1.1.1 + * Destination Address: 192.168.1.10 + * User Datagram Protocol, Src Port: 50709, Dst Port: 4789 + * Source Port: 50709 + * Destination Port: 4789 + * Length: 90 + * Checksum: 0x0000 [zero-value ignored] + * [Stream index: 0] + * [Timestamps] + * UDP payload (82 bytes) + * Virtual eXtensible Local Area Network + * Flags: 0x0800, VXLAN Network ID (VNI) + * Group Policy ID: 0 + * VXLAN Network Identifier (VNI): 458755 + * Reserved: 0 + * Ethernet II, Src: WistronI_18:18:41 (3c:97:0e:18:18:41), Dst: DawningI_13:70:7a (e8:61:1f:13:70:7a) + * Destination: DawningI_13:70:7a (e8:61:1f:13:70:7a) + * Source: WistronI_18:18:41 (3c:97:0e:18:18:41) + * Type: IPv4 (0x0800) + * Internet Protocol Version 4, Src: 192.168.11.193, Dst: 114.114.114.114 + * 0100 .... = Version: 4 + * .... 0101 = Header Length: 20 bytes (5) + * Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) + * Total Length: 60 + * Identification: 0x0cb6 (3254) + * 000. .... = Flags: 0x0 + * ...0 0000 0000 0000 = Fragment Offset: 0 + * Time to Live: 64 + * Protocol: UDP (17) + * Header Checksum: 0xbcad [validation disabled] + * [Header checksum status: Unverified] + * Source Address: 192.168.11.193 + * Destination Address: 114.114.114.114 + * User Datagram Protocol, Src Port: 65290, Dst Port: 53 + * Source Port: 65290 + * Destination Port: 53 + * Length: 40 + * Checksum: 0x39e4 [unverified] + * [Checksum Status: Unverified] + * [Stream index: 1] + * [Timestamps] + * UDP payload (32 bytes) + * Domain Name System (query) + */ + +unsigned char data11[] = { + 0xe4, 0x95, 0x6e, 0x20, 0x0d, 0x0a, 0x00, 0x1e, 0x73, 0x6c, 0xfa, 0x43, 0x08, 0x00, 0x45, 0x00, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x00, 0xfe, 0x11, 0xef, 0xca, + 0x0a, 0x01, 0x01, 0x01, 0xc0, 0xa8, 0x01, 0x0a, 0xc6, 0x15, 0x12, 0xb5, 0x00, 0x5a, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x07, 0x00, 0x03, 0x00, 0xe8, 0x61, + 0x1f, 0x13, 0x70, 0x7a, 0x3c, 0x97, 0x0e, 0x18, 0x18, 0x41, 0x08, 0x00, 0x45, 0x00, 0x00, 0x3c, 0x0c, 0xb6, 0x00, 0x00, 0x40, 0x11, 0xbc, 0xad, 0xc0, 0xa8, + 0x0b, 0xc1, 0x72, 0x72, 0x72, 0x72, 0xff, 0x0a, 0x00, 0x35, 0x00, 0x28, 0x39, 0xe4, 0x86, 0x84, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0x77, 0x77, 0x77, 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01}; + +#if 1 +TEST(DATA_PACKET, ETH_IP4_UDP_VXLAN_ETH_IP4_UDP_DNS) +{ + char buffer[256]; + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data11, sizeof(data11)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data11 == 92); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 110); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *outer_ipv4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(outer_ipv4_record != nullptr); + EXPECT_TRUE(outer_ipv4_record->hdr_offset == 14); + EXPECT_TRUE(outer_ipv4_record->hdr_len == 20); + EXPECT_TRUE(outer_ipv4_record->pld_len == 90); + + // LAYER_TYPE_L3 + const struct layer_record *outer_l3_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(outer_l3_record != nullptr); + EXPECT_TRUE(outer_l3_record == outer_ipv4_record); + + // LAYER_TYPE_UDP + const struct layer_record *outer_udp_record = packet_get_outermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(outer_udp_record != nullptr); + EXPECT_TRUE(outer_udp_record->hdr_offset == 34); + EXPECT_TRUE(outer_udp_record->hdr_len == 8); + EXPECT_TRUE(outer_udp_record->pld_len == 82); + + // LAYER_TYPE_L4 + const struct layer_record *outer_l4_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(outer_l4_record != nullptr); + EXPECT_TRUE(outer_l4_record == outer_udp_record); + + // LAYER_TYPE_VXLAN + const struct layer_record *outer_g_vlan_record = packet_get_outermost_layer(&handler, LAYER_TYPE_VXLAN); + const struct layer_record *inner_g_vlan_record = packet_get_innermost_layer(&handler, LAYER_TYPE_VXLAN); + + EXPECT_TRUE(outer_g_vlan_record != nullptr); + EXPECT_TRUE(inner_g_vlan_record != nullptr); + EXPECT_TRUE(outer_g_vlan_record == inner_g_vlan_record); + + EXPECT_TRUE(outer_g_vlan_record->hdr_offset == 42); + EXPECT_TRUE(outer_g_vlan_record->hdr_len == 8); + EXPECT_TRUE(outer_g_vlan_record->pld_len == 74); + + // LAYER_TYPE_ETHER + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record->hdr_offset == 50); + EXPECT_TRUE(inner_eth_record->hdr_len == 14); + EXPECT_TRUE(inner_eth_record->pld_len == 60); + + // LAYER_TYPE_L2 + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record == inner_eth_record); + + // LAYER_TYPE_IPV4 + const struct layer_record *inner_ipv4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_IPV4); + + EXPECT_TRUE(inner_ipv4_record != nullptr); + EXPECT_TRUE(inner_ipv4_record->hdr_offset == 64); + EXPECT_TRUE(inner_ipv4_record->hdr_len == 20); + EXPECT_TRUE(inner_ipv4_record->pld_len == 40); + + // LAYER_TYPE_L3 + const struct layer_record *inner_l3_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L3); + + EXPECT_TRUE(inner_l3_record != nullptr); + EXPECT_TRUE(inner_l3_record == inner_ipv4_record); + + // LAYER_TYPE_UDP + const struct layer_record *inner_udp_record = packet_get_innermost_layer(&handler, LAYER_TYPE_UDP); + + EXPECT_TRUE(inner_udp_record != nullptr); + EXPECT_TRUE(inner_udp_record->hdr_offset == 84); + EXPECT_TRUE(inner_udp_record->hdr_len == 8); + EXPECT_TRUE(inner_udp_record->pld_len == 32); + + // LAYER_TYPE_L4 + const struct layer_record *inner_l4_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L4); + + EXPECT_TRUE(inner_l4_record != nullptr); + EXPECT_TRUE(inner_l4_record == inner_udp_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == 0); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&outer_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.1.1.1 -> 192.168.1.10"); + memset(buffer, 0, sizeof(buffer)); + tuple2_tostring(&inner_tuple2, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "192.168.11.193 -> 114.114.114.114"); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == 0); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&outer_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.1.1.1:50709 -> 192.168.1.10:4789"); + memset(buffer, 0, sizeof(buffer)); + tuple4_tostring(&inner_tuple4, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "192.168.11.193:65290 -> 114.114.114.114:53"); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == 0); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == 0); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&outer_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "10.1.1.1:50709 -> 192.168.1.10:4789, proto: 17, zone: 0"); + memset(buffer, 0, sizeof(buffer)); + tuple6_tostring(&inner_tuple6, buffer, sizeof(buffer)); + EXPECT_STREQ(buffer, "192.168.11.193:65290 -> 114.114.114.114:53, proto: 17, zone: 0"); +} +#endif + +/****************************************************************************** + * Pcap file: 12-ETH_MPLS_MPLS_PWETHCW_ETH_ARP.pcap + * [Protocols in frame: eth:ethertype:mpls:pwethheuristic:pwethcw:eth:ethertype:arp] + ****************************************************************************** + * + * Frame 1: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) + * Ethernet II, Src: cc:01:0d:5c:00:10 (cc:01:0d:5c:00:10), Dst: cc:00:0d:5c:00:10 (cc:00:0d:5c:00:10) + * Destination: cc:00:0d:5c:00:10 (cc:00:0d:5c:00:10) + * Source: cc:01:0d:5c:00:10 (cc:01:0d:5c:00:10) + * Type: MPLS label switched packet (0x8847) + * MultiProtocol Label Switching Header, Label: 19, Exp: 0, S: 0, TTL: 254 + * 0000 0000 0000 0001 0011 .... .... .... = MPLS Label: 19 (0x00013) + * .... .... .... .... .... 000. .... .... = MPLS Experimental Bits: 0 + * .... .... .... .... .... ...0 .... .... = MPLS Bottom Of Label Stack: 0 + * .... .... .... .... .... .... 1111 1110 = MPLS TTL: 254 + * MultiProtocol Label Switching Header, Label: 16, Exp: 0, S: 1, TTL: 255 + * 0000 0000 0000 0001 0000 .... .... .... = MPLS Label: 16 (0x00010) + * .... .... .... .... .... 000. .... .... = MPLS Experimental Bits: 0 + * .... .... .... .... .... ...1 .... .... = MPLS Bottom Of Label Stack: 1 + * .... .... .... .... .... .... 1111 1111 = MPLS TTL: 255 + * PW Ethernet Control Word + * Sequence Number: 0 + * Ethernet II, Src: Private_66:68:00 (00:50:79:66:68:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff) + * Destination: Broadcast (ff:ff:ff:ff:ff:ff) + * Source: Private_66:68:00 (00:50:79:66:68:00) + * Type: ARP (0x0806) + * Trailer: 00000000000000000000000000000000000000000000 + * Address Resolution Protocol (request) + */ + +unsigned char data12[] = { + 0xcc, 0x00, 0x0d, 0x5c, 0x00, 0x10, 0xcc, 0x01, 0x0d, 0x5c, 0x00, 0x10, 0x88, 0x47, 0x00, 0x01, 0x30, 0xfe, 0x00, 0x01, 0x01, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x50, 0x79, 0x66, 0x68, 0x00, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x00, 0x50, 0x79, 0x66, + 0x68, 0x00, 0xc0, 0xa8, 0x00, 0x0a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xc0, 0xa8, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + +#if 1 +TEST(DATA_PACKET, ETH_MPLS_MPLS_PWETHCW_ETH_ARP) +{ + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data12, sizeof(data12)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data12 == 40); + packet_print(&handler); + + /****************************************************** + * packet_get_outermost/innermost_layer + ******************************************************/ + + // LAYER_TYPE_ETHER + const struct layer_record *outer_eth_record = packet_get_outermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(outer_eth_record != nullptr); + EXPECT_TRUE(outer_eth_record->hdr_offset == 0); + EXPECT_TRUE(outer_eth_record->hdr_len == 14); + EXPECT_TRUE(outer_eth_record->pld_len == 76); + + // LAYER_TYPE_L2 + const struct layer_record *outer_l2_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(outer_l2_record != nullptr); + EXPECT_TRUE(outer_l2_record == outer_eth_record); + + // LAYER_TYPE_MPLS + const struct layer_record *outer_mpls_record = packet_get_outermost_layer(&handler, LAYER_TYPE_MPLS); + + EXPECT_TRUE(outer_mpls_record != nullptr); + EXPECT_TRUE(outer_mpls_record->hdr_offset == 14); + EXPECT_TRUE(outer_mpls_record->hdr_len == 4); + EXPECT_TRUE(outer_mpls_record->pld_len == 72); + + // LAYER_TYPE_L2_TUN + const struct layer_record *outer_l2_tun_record = packet_get_outermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(outer_l2_tun_record != nullptr); + EXPECT_TRUE(outer_l2_tun_record == outer_mpls_record); + + // LAYER_TYPE_MPLS + const struct layer_record *inner_mpls_record = packet_get_innermost_layer(&handler, LAYER_TYPE_MPLS); + + EXPECT_TRUE(inner_mpls_record != nullptr); + EXPECT_TRUE(inner_mpls_record->hdr_offset == 18); + EXPECT_TRUE(inner_mpls_record->hdr_len == 4 + 4); // MPLS + PWETH + EXPECT_TRUE(inner_mpls_record->pld_len == 64); + + // LAYER_TYPE_L2_TUN + const struct layer_record *inner_l2_tun_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2_TUN); + + EXPECT_TRUE(inner_l2_tun_record != nullptr); + EXPECT_TRUE(inner_l2_tun_record == inner_mpls_record); + + // LAYER_TYPE_ETHER + const struct layer_record *inner_eth_record = packet_get_innermost_layer(&handler, LAYER_TYPE_ETHER); + + EXPECT_TRUE(inner_eth_record != nullptr); + EXPECT_TRUE(inner_eth_record->hdr_offset == 26); + EXPECT_TRUE(inner_eth_record->hdr_len == 14); + EXPECT_TRUE(inner_eth_record->pld_len == 50); + + // LAYER_TYPE_L2 + const struct layer_record *inner_l2_record = packet_get_innermost_layer(&handler, LAYER_TYPE_L2); + + EXPECT_TRUE(inner_l2_record != nullptr); + EXPECT_TRUE(inner_l2_record == inner_eth_record); + + /****************************************************** + * packet_get_outermost/innermost_tuple2 + ******************************************************/ + + struct tuple2 outer_tuple2; + struct tuple2 inner_tuple2; + EXPECT_TRUE(packet_get_outermost_tuple2(&handler, &outer_tuple2) == -1); + EXPECT_TRUE(packet_get_innermost_tuple2(&handler, &inner_tuple2) == -1); + + /****************************************************** + * packet_get_outermost/innermost_tuple4 + ******************************************************/ + + struct tuple4 outer_tuple4; + struct tuple4 inner_tuple4; + EXPECT_TRUE(packet_get_outermost_tuple4(&handler, &outer_tuple4) == -1); + EXPECT_TRUE(packet_get_innermost_tuple4(&handler, &inner_tuple4) == -1); + + /****************************************************** + * packet_get_outermost/innermost_tuple6 + ******************************************************/ + + struct tuple6 outer_tuple6; + struct tuple6 inner_tuple6; + EXPECT_TRUE(packet_get_outermost_tuple6(&handler, &outer_tuple6) == -1); + EXPECT_TRUE(packet_get_innermost_tuple6(&handler, &inner_tuple6) == -1); +} +#endif + +#if 1 +TEST(DATA_PACKET, HASH_VALUE) +{ + struct packet handler; + + const char *payload = packet_parse(&handler, (const char *)data4, sizeof(data4)); + EXPECT_TRUE(payload != nullptr); + EXPECT_TRUE((char *)payload - (char *)&data4 == 106); + packet_print(&handler); + + // buffer: "2001:da8:200:900e:200:5efe:d24d:58a3 0 2600:140e:6::1702:1058 0" + // buffer: "210.77.88.163 0 59.66.4.50 0" + + EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, 0)); + EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_EXT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP, 0)); + + EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INT_IP_AND_EXT_IP, 0)); + EXPECT_TRUE(packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_INT_IP, 1) == packet_get_hash(&handler, LDBC_METHOD_HASH_INNERMOST_EXT_IP, 0)); +} +#endif + +int main(int argc, char **argv) +{ + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} diff --git a/src/packet/packet.cpp b/src/packet/packet.cpp new file mode 100644 index 0000000..6bbda4a --- /dev/null +++ b/src/packet/packet.cpp @@ -0,0 +1,1474 @@ +#include +#include +#include +#include +#define __FAVOR_BSD 1 +#include +#include +#include +#include + +#include "uthash.h" +#include "packet.h" + +#define likely(expr) __builtin_expect((expr), 1) +#define unlikely(expr) __builtin_expect((expr), 0) + +#define LOG_PACKET "PACKET" +#define PACKET_LOG_DATA_INSUFFICIENCY(type) \ + { \ + PACKET_LOG_ERROR("%s: layer: %s, data insufficiency", \ + LOG_PACKET, layer_type_tostring((type))); \ + } + +#define PACKET_LOG_UNSUPPORT_PROTO(tag, next_proto) \ + { \ + PACKET_LOG_ERROR("%s: %s: unsupport next proto %d", \ + LOG_PACKET, (tag), (next_proto)); \ + } + +#define PACKET_LOG_UNSUPPORT_ETHPROTO(tag, next_proto) \ + { \ + PACKET_LOG_ERROR("%s: %s: unsupport next proto %d: %s", \ + LOG_PACKET, (tag), (next_proto), ethproto_tostring(next_proto)); \ + } + +#define PACKET_LOG_UNSUPPORT_IPPROTO(tag, next_proto) \ + { \ + PACKET_LOG_ERROR("%s: %s: unsupport next proto %d: %s", \ + LOG_PACKET, (tag), (next_proto), ipproto_tostring(next_proto)); \ + } + +/****************************************************************************** + * Static API + ******************************************************************************/ + +static const char *ethproto_tostring(uint16_t proto); +static const char *ipproto_tostring(uint16_t proto); +static inline const char *ldbc_method_tostring(enum ldbc_method method); +static inline const char *layer_type_tostring(enum layer_type type); + +static inline void set_tuple2(const char *data, enum layer_type type, struct tuple2 *tuple); +static inline void set_tuple4(const char *data, enum layer_type type, struct tuple4 *tuple); +static inline void set_tuple6(const char *data, enum layer_type type, struct tuple6 *tuple, uint64_t zone_id); + +static inline struct layer_record *get_free_layer(struct packet *handler); + +static inline uint16_t get_gtp_hdr_len(const char *data, uint16_t len); +static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len); + +// 数据链路层 +static inline const char *parse_ether(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_ppp(struct packet *handler, const char *data, uint16_t len); +// 数据链路层 -- 隧道 +static inline const char *parse_vlan(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_pppoe_ses(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_mpls(struct packet *handler, const char *data, uint16_t len); +// 网络层 +static inline const char *parse_ipv4(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_ipv6(struct packet *handler, const char *data, uint16_t len); +// 网络层 -- 隧道 +static inline const char *parse_gre(struct packet *handler, const char *data, uint16_t len); +// 传输层 +static inline const char *parse_udp(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_tcp(struct packet *handler, const char *data, uint16_t len); +// 传输层 -- 隧道 +static inline const char *parse_vxlan(struct packet *handler, const char *data, uint16_t len); +static inline const char *parse_gtpv1_u(struct packet *handler, const char *data, uint16_t len); +// L3/L4 +static inline const char *parse_l3(struct packet *handler, uint16_t next_proto, const char *data, uint16_t len); +static inline const char *parse_l4(struct packet *handler, uint8_t next_proto, const char *data, uint16_t len); + +/****************************************************************************** + * Private API -- Utils + ******************************************************************************/ + +static const char *ethproto_tostring(uint16_t proto) +{ + switch (proto) + { + case ETH_P_LOOP: + return "LOOP"; + case ETH_P_PUP: + return "PUP"; + case ETH_P_PUPAT: + return "PUPAT"; + case ETH_P_IP: + return "IP"; + case ETH_P_X25: + return "X25"; + case ETH_P_ARP: + return "ARP"; + case ETH_P_BPQ: + return "BPQ"; + case ETH_P_IEEEPUP: + return "IEEEPUP"; + case ETH_P_IEEEPUPAT: + return "IEEEPUPAT"; + case ETH_P_DEC: + return "DEC"; + case ETH_P_DNA_DL: + return "DNA_DL"; + case ETH_P_DNA_RC: + return "DNA_RC"; + case ETH_P_DNA_RT: + return "DNA_RT"; + case ETH_P_LAT: + return "LAT"; + case ETH_P_DIAG: + return "DIAG"; + case ETH_P_CUST: + return "CUST"; + case ETH_P_SCA: + return "SCA"; + case ETH_P_TEB: + return "TEB"; + case ETH_P_RARP: + return "RARP"; + case ETH_P_ATALK: + return "ATALK"; + case ETH_P_AARP: + return "AARP"; + case ETH_P_8021Q: + return "8021Q"; + case ETH_P_IPX: + return "IPX"; + case ETH_P_IPV6: + return "IPV6"; + case ETH_P_PAUSE: + return "PAUSE"; + case ETH_P_SLOW: + return "SLOW"; + case ETH_P_WCCP: + return "WCCP"; + case ETH_P_PPP_DISC: + return "PPP_DISC"; + case ETH_P_PPP_SES: + return "PPP_SES"; + case ETH_P_MPLS_UC: + return "MPLS_UC"; + case ETH_P_MPLS_MC: + return "MPLS_MC"; + case ETH_P_ATMMPOA: + return "ATMMPOA"; + case ETH_P_LINK_CTL: + return "LINK_CTL"; + case ETH_P_ATMFATE: + return "ATMFATE"; + case ETH_P_PAE: + return "PAE"; + case ETH_P_AOE: + return "AOE"; + case ETH_P_8021AD: + return "8021AD"; + case ETH_P_802_EX1: + return "802_EX1"; + case ETH_P_TIPC: + return "TIPC"; + case ETH_P_8021AH: + return "8021AH"; + case ETH_P_1588: + return "1588"; + case ETH_P_FCOE: + return "FCOE"; + case ETH_P_TDLS: + return "TDLS"; + case ETH_P_FIP: + return "FIP"; + case ETH_P_QINQ1: + return "QINQ1"; + case ETH_P_QINQ2: + return "QINQ2"; + case ETH_P_QINQ3: + return "QINQ3"; + case ETH_P_EDSA: + return "EDSA"; + case ETH_P_AF_IUCV: + return "AF_IUCV"; + default: + return "UNKNOWN"; + } +} + +static const char *ipproto_tostring(uint16_t proto) +{ + switch (proto) + { + case IPPROTO_IP: + return "IP"; + case IPPROTO_ICMP: + return "ICMP"; + case IPPROTO_IGMP: + return "IGMP"; + case IPPROTO_IPIP: + return "IPIP"; + case IPPROTO_TCP: + return "TCP"; + case IPPROTO_EGP: + return "EGP"; + case IPPROTO_PUP: + return "PUP"; + case IPPROTO_UDP: + return "UDP"; + case IPPROTO_IDP: + return "IDP"; + case IPPROTO_TP: + return "TP"; + case IPPROTO_DCCP: + return "DCCP"; + case IPPROTO_IPV6: + return "IPV6"; + case IPPROTO_ROUTING: + return "ROUTING"; + case IPPROTO_FRAGMENT: + return "FRAGMENT"; + case IPPROTO_RSVP: + return "RSVP"; + case IPPROTO_GRE: + return "GRE"; + case IPPROTO_ESP: + return "ESP"; + case IPPROTO_AH: + return "AH"; + case IPPROTO_ICMPV6: + return "ICMPV6"; + case IPPROTO_NONE: + return "NONE"; + case IPPROTO_DSTOPTS: + return "DSTOPTS"; + case IPPROTO_MTP: + return "MTP"; + case IPPROTO_ENCAP: + return "ENCAP"; + case IPPROTO_PIM: + return "PIM"; + case IPPROTO_COMP: + return "COMP"; + case IPPROTO_SCTP: + return "SCTP"; + case IPPROTO_UDPLITE: + return "UDPLITE"; + case IPPROTO_RAW: + return "RAW"; + default: + return "UNKNOWN"; + } +} + +static inline const char *ldbc_method_tostring(enum ldbc_method method) +{ + switch (method) + { + case LDBC_METHOD_HASH_INT_IP: + return "outter_internal_ip"; + case LDBC_METHOD_HASH_EXT_IP: + return "outter_external_ip"; + case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP: + return "outter_internal_ip_and_external_ip"; + case LDBC_METHOD_HASH_INNERMOST_INT_IP: + return "inner_internal_ip"; + case LDBC_METHOD_HASH_INNERMOST_EXT_IP: + return "inner_external_ip"; + default: + return "unknown"; + } +} + +static inline const char *layer_type_tostring(enum layer_type type) +{ + switch (type) + { + case LAYER_TYPE_ETHER: + return "ETH"; + case LAYER_TYPE_PPP: + return "PPP"; + case LAYER_TYPE_HDLC: + return "HDLC"; + case LAYER_TYPE_VLAN: + return "VLAN"; + case LAYER_TYPE_PPPOE: + return "PPPOE"; + case LAYER_TYPE_MPLS: + return "MPLS"; + case LAYER_TYPE_IPV4: + return "IPV4"; + case LAYER_TYPE_IPV6: + return "IPV6"; + case LAYER_TYPE_GRE: + return "GRE"; + case LAYER_TYPE_UDP: + return "UDP"; + case LAYER_TYPE_TCP: + return "TCP"; + case LAYER_TYPE_VXLAN: + return "VXLAN"; + case LAYER_TYPE_GTPV1_U: + return "GTPV1"; + default: + return "UNKNOWN"; + } +} + +static inline void set_tuple2(const char *data, enum layer_type type, struct tuple2 *tuple) +{ + const struct ip *ipv4 = NULL; + const struct ip6_hdr *ipv6 = NULL; + + switch (type) + { + case LAYER_TYPE_IPV4: + ipv4 = (const struct ip *)data; + tuple->ip_type = IP_TYPE_V4; + tuple->src_addr.v4.s_addr = ipv4->ip_src.s_addr; + tuple->dst_addr.v4.s_addr = ipv4->ip_dst.s_addr; + break; + case LAYER_TYPE_IPV6: + ipv6 = (const struct ip6_hdr *)data; + tuple->ip_type = IP_TYPE_V6; + tuple->src_addr.v6 = ipv6->ip6_src; + tuple->dst_addr.v6 = ipv6->ip6_dst; + break; + default: + break; + } +} + +static inline void set_tuple4(const char *data, enum layer_type type, struct tuple4 *tuple) +{ + const struct ip *ipv4 = NULL; + const struct ip6_hdr *ipv6 = NULL; + const struct tcphdr *tcp = NULL; + const struct udphdr *udp = NULL; + + switch (type) + { + case LAYER_TYPE_TCP: + tcp = (const struct tcphdr *)data; + tuple->src_port = tcp->th_sport; + tuple->dst_port = tcp->th_dport; + break; + case LAYER_TYPE_UDP: + udp = (const struct udphdr *)data; + tuple->src_port = udp->uh_sport; + tuple->dst_port = udp->uh_dport; + break; + case LAYER_TYPE_IPV4: + ipv4 = (const struct ip *)data; + tuple->ip_type = IP_TYPE_V4; + tuple->src_addr.v4.s_addr = ipv4->ip_src.s_addr; + tuple->dst_addr.v4.s_addr = ipv4->ip_dst.s_addr; + break; + case LAYER_TYPE_IPV6: + ipv6 = (const struct ip6_hdr *)data; + tuple->ip_type = IP_TYPE_V6; + tuple->src_addr.v6 = ipv6->ip6_src; + tuple->dst_addr.v6 = ipv6->ip6_dst; + break; + default: + break; + } +} + +static inline void set_tuple6(const char *data, enum layer_type type, struct tuple6 *tuple, uint64_t zone_id) +{ + const struct ip *ipv4 = NULL; + const struct ip6_hdr *ipv6 = NULL; + const struct tcphdr *tcp = NULL; + const struct udphdr *udp = NULL; + + tuple->security_zone = zone_id; + + switch (type) + { + case LAYER_TYPE_TCP: + tcp = (const struct tcphdr *)data; + tuple->ip_proto = IPPROTO_TCP; + tuple->src_port = tcp->th_sport; + tuple->dst_port = tcp->th_dport; + break; + case LAYER_TYPE_UDP: + udp = (const struct udphdr *)data; + tuple->ip_proto = IPPROTO_UDP; + tuple->src_port = udp->uh_sport; + tuple->dst_port = udp->uh_dport; + break; + case LAYER_TYPE_IPV4: + ipv4 = (const struct ip *)data; + tuple->ip_type = IP_TYPE_V4; + tuple->src_addr.v4.s_addr = ipv4->ip_src.s_addr; + tuple->dst_addr.v4.s_addr = ipv4->ip_dst.s_addr; + break; + case LAYER_TYPE_IPV6: + ipv6 = (const struct ip6_hdr *)data; + tuple->ip_type = IP_TYPE_V6; + tuple->src_addr.v6 = ipv6->ip6_src; + tuple->dst_addr.v6 = ipv6->ip6_dst; + break; + default: + break; + } +} + +static inline struct layer_record *get_free_layer(struct packet *handler) +{ + if (handler->layers_used >= handler->layers_size) + { + return NULL; + } + + return &handler->layers[handler->layers_used]; +} + +#define SET_LAYER(_handler, _layer, _type, _hdr_len, _data, _len) \ + { \ + (_layer)->type = (_type); \ + (_layer)->hdr_offset = (_handler)->data_len - (_len); \ + (_layer)->hdr_ptr = (_data); \ + (_layer)->hdr_len = (_hdr_len); \ + (_layer)->pld_ptr = (_data) + (_hdr_len); \ + (_layer)->pld_len = (_len) - (_hdr_len); \ + (_handler)->layers_used++; \ + } + +/****************************************************************************** + * Private API -- Parses + ******************************************************************************/ + +static inline uint16_t get_gtp_hdr_len(const char *data, uint16_t len) +{ +#define GTP_HDR_VER (0xE0) +#define GTP_HDR_FLAG_N_PDU (0x01) +#define GTP_HDR_FLAG_SEQ_NUM (0x02) +#define GTP_HDR_FLAG_EXT_HDR (0x04) + + struct gtp_hdr + { + uint8_t flags; + uint8_t msg_type; + uint16_t msg_len; + uint32_t teid; + } __attribute__((__packed__)); + + struct gtp_opt + { + uint16_t seq_num; + uint8_t npdu; + uint8_t next_ext_hdr; + } __attribute__((__packed__)); + + uint16_t hdr_offset = 0; + if (len < sizeof(struct gtp_hdr)) + { + return 0; + } + const struct gtp_hdr *gtp = (const struct gtp_hdr *)data; + hdr_offset += sizeof(struct gtp_hdr); // skip gre hdr + + // GTPv0 Not Supported + if (((gtp->flags & GTP_HDR_VER) >> 5) != 1) + { + return 0; + } + + if (gtp->flags & (GTP_HDR_FLAG_SEQ_NUM | GTP_HDR_FLAG_N_PDU | GTP_HDR_FLAG_EXT_HDR)) + { + if (hdr_offset + sizeof(struct gtp_opt) > len) + { + return 0; + } + struct gtp_opt *opt_hdr = (struct gtp_opt *)((char *)data + hdr_offset); + uint8_t next_ext_hdr = opt_hdr->next_ext_hdr; + hdr_offset += sizeof(struct gtp_opt); // skip gre opt + + while (next_ext_hdr) + { + if (hdr_offset + 1 > len) + { + return 0; + } + uint8_t length = *((char *)data + hdr_offset) * 4 - 2; + hdr_offset += 1; // skip length field + + if (hdr_offset + length + 1 > len) + { + return 0; + } + hdr_offset += length; // skip data field + next_ext_hdr = *((char *)data + hdr_offset); + hdr_offset += 1; // skip next ext hdr field + } + } + + return hdr_offset; +} + +static inline uint16_t get_gre_hdr_len(const char *data, uint16_t len) +{ + /* + * GRE Header Format (Version 0) + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |C|R|K|S|s|Recur| Flags | Ver | Protocol Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Checksum (optional) | Offset (optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Key (optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Sequence Number (optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Routing (optional) + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Address Family | SRE Offset | SRE Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Routing Information ... + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * https://datatracker.ietf.org/doc/html/rfc1701 + * https://datatracker.ietf.org/doc/html/rfc2890 + */ + + /* + * Enhanced GRE header (Version 1) + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |C|R|K|S|s|Recur|A| Flags | Ver | Protocol Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Key (HW) Payload Length | Key (LW) Call ID | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Sequence Number (Optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Acknowledgment Number (Optional) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * https://datatracker.ietf.org/doc/html/rfc2637 + */ + +/* bit positions for flags in header */ +#define GRE_CHECKSUM 0x8000 +#define GRE_ROUTING 0x4000 +#define GRE_KEY 0x2000 +#define GRE_SEQUENCE 0x1000 +#define GRE_STRICTSOURCE 0x0800 +#define GRE_RECURSION 0x0700 +#define GRE_ACK 0x0080 /* only in special PPTPized GRE header */ +#define GRE_RESERVED_PPP 0x0078 /* only in special PPTPized GRE header */ +#define GRE_RESERVED 0x00F8 +#define GRE_VERSION 0x0007 + + if (len < 4) + { + return 0; + } + + struct SRE + { + uint16_t address_family; + uint8_t sre_offset; + uint8_t sre_length; + } __attribute__((__packed__)); + + uint16_t sre_size = sizeof(struct SRE); + const uint16_t *gre = (const uint16_t *)data; + uint16_t flags = ntohs(gre[0]); + uint16_t version = flags & GRE_VERSION; + uint16_t hdr_offset = 0; + + if (version == 0) + { + hdr_offset = 4; + + if ((flags & GRE_CHECKSUM) || (flags & GRE_ROUTING)) + { + hdr_offset += 4; + } + if (flags & GRE_KEY) + { + hdr_offset += 4; + } + if (flags & GRE_SEQUENCE) + { + hdr_offset += 4; + } + if (flags & GRE_ROUTING) + { + while (hdr_offset + sre_size <= len) + { + struct SRE *sre = (struct SRE *)((char *)data + hdr_offset); + if (sre->sre_length == 0) + { + hdr_offset += sre_size; + break; + } + else + { + hdr_offset += sre_size + sre->sre_length; + } + } + } + } + + if (version == 1) + { + hdr_offset = 8; + if (flags & GRE_SEQUENCE) + { + hdr_offset += 4; + } + if (flags & GRE_ACK) + { + hdr_offset += 4; + } + } + + if (hdr_offset > len) + { + return 0; + } + + return hdr_offset; +} + +static inline const char *parse_ether(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < sizeof(struct ethhdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_ETHER); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t next_proto = ntohs(((struct ethhdr *)data)->h_proto); + SET_LAYER(handler, layer, LAYER_TYPE_ETHER, sizeof(struct ethhdr), data, len); + + // TESTED + return parse_l3(handler, next_proto, layer->pld_ptr, layer->pld_len); +} + +static inline const char *parse_ppp(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < 4)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPP); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t next_proto = ntohs(*((uint16_t *)data + 1)); + SET_LAYER(handler, layer, LAYER_TYPE_PPP, 4, data, len); + + switch (next_proto) + { + // TESTED + case PPP_IP: + return parse_ipv4(handler, layer->pld_ptr, layer->pld_len); + case PPP_IPV6: + return parse_ipv6(handler, layer->pld_ptr, layer->pld_len); + default: + PACKET_LOG_UNSUPPORT_PROTO("ppp", next_proto); + return layer->pld_ptr; + } +} + +static inline const char *parse_vlan(struct packet *handler, const char *data, uint16_t len) +{ + struct vlan_hdr + { + uint16_t vlan_cfi; + uint16_t protocol; + } __attribute__((__packed__)); + + if (unlikely(len < sizeof(struct vlan_hdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VLAN); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t next_proto = ntohs(((struct vlan_hdr *)data)->protocol); + SET_LAYER(handler, layer, LAYER_TYPE_VLAN, sizeof(struct vlan_hdr), data, len); + + // TESTED + return parse_l3(handler, next_proto, layer->pld_ptr, layer->pld_len); +} + +static inline const char *parse_pppoe_ses(struct packet *handler, const char *data, uint16_t len) +{ +#define PPPOE_TYPE_IPV4 0x2100 +#define PPPOE_TYPE_IPV6 0x5700 + + if (unlikely(len < 8)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_PPPOE); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t next_proto = *((uint16_t *)data + 3); + SET_LAYER(handler, layer, LAYER_TYPE_PPPOE, 8, data, len); + + switch (next_proto) + { + // TESTED + case PPPOE_TYPE_IPV4: + return parse_ipv4(handler, layer->pld_ptr, layer->pld_len); + case PPPOE_TYPE_IPV6: + return parse_ipv6(handler, layer->pld_ptr, layer->pld_len); + default: + PACKET_LOG_UNSUPPORT_PROTO("pppoe", next_proto); + return layer->pld_ptr; + } +} + +static inline const char *parse_mpls(struct packet *handler, const char *data, uint16_t len) +{ + /* + * MPLS Format + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Label | Exp |S| TTL | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * Label : Label Value 20 bits + * Exp : Experimental Use 3 bits + * S : Bottom of Stack 1 bit + * TTL : Time to Live 8 bits + */ + +#define MPLS_LABEL_MASK (0xFFFFF000) +#define MPLS_EXP_MASK (0x00000E00) +#define MPLS_BLS_MASK (0x00000100) +#define MPLS_TTL_MASK (0x000000FF) + + enum mpls_next_proto + { + MPLS_NEXT_PROTO_ETHER = 0x0, + MPLS_NEXT_PROTO_MPLS = 0x1, + MPLS_NEXT_PROTO_IPV4 = 0x4, + MPLS_NEXT_PROTO_IPV6 = 0x6, + }; + + // 4 + 1 + if (unlikely(len < 5)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_MPLS); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + + uint16_t hdr_len = 4; + uint32_t *hdr = (uint32_t *)data; + unsigned int mpls_bls = (ntohl(*hdr) & MPLS_BLS_MASK) >> 8; + enum mpls_next_proto next_proto; + if (mpls_bls == 1) + { + switch ((((uint8_t *)(data + 4))[0]) >> 4) + { + case 0: + /* + * PW Ethernet Control Word + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |0 0 0 0| Reserved | Sequence Number | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * Reference: https://tools.ietf.org/html/rfc4448 + */ + hdr_len += 4; // skip PW Ethernet Control Word + next_proto = MPLS_NEXT_PROTO_ETHER; + break; + case 4: + next_proto = MPLS_NEXT_PROTO_IPV4; + break; + case 6: + next_proto = MPLS_NEXT_PROTO_IPV6; + break; + default: + next_proto = MPLS_NEXT_PROTO_ETHER; + break; + } + } + else + { + next_proto = MPLS_NEXT_PROTO_MPLS; + } + SET_LAYER(handler, layer, LAYER_TYPE_MPLS, hdr_len, data, len); + + switch (next_proto) + { + // TESTED + case MPLS_NEXT_PROTO_IPV4: + return parse_ipv4(handler, layer->pld_ptr, layer->pld_len); + case MPLS_NEXT_PROTO_IPV6: + return parse_ipv6(handler, layer->pld_ptr, layer->pld_len); + // TESTED + case MPLS_NEXT_PROTO_ETHER: + return parse_ether(handler, layer->pld_ptr, layer->pld_len); + // TESTED + case MPLS_NEXT_PROTO_MPLS: + return parse_mpls(handler, layer->pld_ptr, layer->pld_len); + default: + // unreachable + return layer->pld_ptr; + } +} + +static inline const char *parse_ipv4(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < sizeof(struct ip))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV4); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + struct ip *hdr = (struct ip *)data; + uint8_t next_proto = hdr->ip_p; + uint16_t hdr_len = (hdr->ip_hl & 0xf) * 4u; + SET_LAYER(handler, layer, LAYER_TYPE_IPV4, hdr_len, data, len); + + // TESTED + return parse_l4(handler, next_proto, layer->pld_ptr, layer->pld_len); +} + +static inline const char *parse_ipv6(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < sizeof(struct ip6_hdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_IPV6); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint8_t next_proto = ((struct ip6_hdr *)data)->ip6_nxt; + SET_LAYER(handler, layer, LAYER_TYPE_IPV6, sizeof(struct ip6_hdr), data, len); + + // TESTED + return parse_l4(handler, next_proto, layer->pld_ptr, layer->pld_len); +} + +static inline const char *parse_gre(struct packet *handler, const char *data, uint16_t len) +{ +#define GRE_PRO_IPV4 (0x0800) +#define GRE_PRO_IPV6 (0x86DD) +#define GRE_PRO_ARP (0x0806) +#define GRE_PRO_PPP (0x880B) + + uint16_t hdr_len = get_gre_hdr_len(data, len); + if (unlikely(hdr_len == 0)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GRE); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t next_proto = ntohs(*((uint16_t *)data + 1)); + SET_LAYER(handler, layer, LAYER_TYPE_GRE, hdr_len, data, len); + + switch (next_proto) + { + case GRE_PRO_IPV4: + return parse_ipv4(handler, layer->pld_ptr, layer->pld_len); + case GRE_PRO_IPV6: + return parse_ipv6(handler, layer->pld_ptr, layer->pld_len); + // TESTED + case GRE_PRO_PPP: + return parse_ppp(handler, layer->pld_ptr, layer->pld_len); + default: + PACKET_LOG_UNSUPPORT_PROTO("gre", next_proto); + return layer->pld_ptr; + } +} + +static inline const char *parse_udp(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < sizeof(struct udphdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_UDP); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + struct udphdr *hdr = (struct udphdr *)data; + SET_LAYER(handler, layer, LAYER_TYPE_UDP, sizeof(struct udphdr), data, len); + + switch (ntohs(hdr->uh_dport)) + { + // TESTED + // VXLAN_DPORT + case 4789: + return parse_vxlan(handler, layer->pld_ptr, layer->pld_len); + // TESTED + // GTP1U_PORT + case 2152: + return parse_gtpv1_u(handler, layer->pld_ptr, layer->pld_len); + default: + return layer->pld_ptr; + } +} + +static inline const char *parse_tcp(struct packet *handler, const char *data, uint16_t len) +{ + if (unlikely(len < sizeof(struct tcphdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_TCP); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint16_t hdr_len = ((struct tcphdr *)data)->th_off << 2; + SET_LAYER(handler, layer, LAYER_TYPE_TCP, hdr_len, data, len); + + return layer->pld_ptr; +} + +static inline const char *parse_vxlan(struct packet *handler, const char *data, uint16_t len) +{ + struct vxlan_hdr + { + uint8_t flags[2]; + uint16_t gdp; + uint8_t vni[3]; + uint8_t reserved; + } __attribute__((__packed__)); + + if (unlikely(len < sizeof(struct vxlan_hdr))) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_VXLAN); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + SET_LAYER(handler, layer, LAYER_TYPE_VXLAN, sizeof(struct vxlan_hdr), data, len); + + // TESTED + return parse_ether(handler, layer->pld_ptr, layer->pld_len); +} + +static inline const char *parse_gtpv1_u(struct packet *handler, const char *data, uint16_t len) +{ + uint16_t hdr_len = get_gtp_hdr_len(data, len); + if (unlikely(hdr_len == 0)) + { + PACKET_LOG_DATA_INSUFFICIENCY(LAYER_TYPE_GTPV1_U); + return data; + } + + struct layer_record *layer = get_free_layer(handler); + if (unlikely(layer == NULL)) + { + return data; + } + uint8_t next_proto = (((const uint8_t *)(data + hdr_len))[0]) >> 4; + SET_LAYER(handler, layer, LAYER_TYPE_GTPV1_U, hdr_len, data, len); + + switch (next_proto) + { + // TESTED + case 4: + return parse_ipv4(handler, layer->pld_ptr, layer->pld_len); + // TESTED + case 6: + return parse_ipv6(handler, layer->pld_ptr, layer->pld_len); + default: + PACKET_LOG_UNSUPPORT_PROTO("gtp", next_proto); + return layer->pld_ptr; + } +} + +static inline const char *parse_l3(struct packet *handler, uint16_t next_proto, const char *data, uint16_t len) +{ + switch (next_proto) + { + // TESTED + case ETH_P_8021Q: + case ETH_P_8021AD: + return parse_vlan(handler, data, len); + // TESTED + case ETH_P_IP: + return parse_ipv4(handler, data, len); + // TESTED + case ETH_P_IPV6: + return parse_ipv6(handler, data, len); + // TESTED + case ETH_P_PPP_SES: + return parse_pppoe_ses(handler, data, len); + // TESTED + case ETH_P_MPLS_UC: + return parse_mpls(handler, data, len); + default: + // TESTED ARP + PACKET_LOG_UNSUPPORT_ETHPROTO("l3", next_proto); + return data; + } +} + +static inline const char *parse_l4(struct packet *handler, uint8_t next_proto, const char *data, uint16_t len) +{ + switch (next_proto) + { + // TESTED + case IPPROTO_TCP: + return parse_tcp(handler, data, len); + // TESTED + case IPPROTO_UDP: + return parse_udp(handler, data, len); + // TESTED + case IPPROTO_IPIP: + return parse_ipv4(handler, data, len); + // TESTED + case IPPROTO_IPV6: + return parse_ipv6(handler, data, len); + // TESTED + case IPPROTO_GRE: + return parse_gre(handler, data, len); + default: + PACKET_LOG_UNSUPPORT_IPPROTO("l4", next_proto); + return data; + } +} + +/****************************************************************************** + * Public API + ******************************************************************************/ + +// return innermost payload +const char *packet_parse(struct packet *handler, const char *data, uint16_t len) +{ + handler->layers_used = 0; + handler->layers_size = PACKET_MAX_LAYERS; + handler->data_ptr = data; + handler->data_len = len; + handler->zone_id = 0; + + // TESTED + return parse_ether(handler, data, len); +} + +void packet_print(const struct packet *handler) +{ + if (handler == NULL) + { + return; + } + + printf("packet: %p, data_ptr: %p, data_len: %u, layers_used: %u, layers_size: %u\n", + handler, handler->data_ptr, handler->data_len, + handler->layers_used, handler->layers_size); + for (uint8_t i = 0; i < handler->layers_used; i++) + { + const struct layer_record *layer = &handler->layers[i]; + printf(" layer[%u]: %p, type: %s, hdr_offset: %u, hdr_ptr: %p, hdr_len: %u, pld_ptr: %p, pld_len: %u\n", + i, layer, layer_type_tostring(layer->type), layer->hdr_offset, + layer->hdr_ptr, layer->hdr_len, layer->pld_ptr, layer->pld_len); + } +} + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple2(const struct packet *handler, struct tuple2 *tuple) +{ + const struct layer_record *layer = NULL; + + for (int8_t i = handler->layers_used - 1; i >= 0; i--) + { + layer = &handler->layers[i]; + + if (layer->type & LAYER_TYPE_L3) + { + set_tuple2((const char *)handler->data_ptr + layer->hdr_offset, layer->type, tuple); + return 0; + } + } + + return -1; +} + +// return 0 : found +// return -1 : not found +int packet_get_outermost_tuple2(const struct packet *handler, struct tuple2 *tuple) +{ + const struct layer_record *layer = NULL; + + for (int8_t i = 0; i < handler->layers_used; i++) + { + layer = &handler->layers[i]; + + if (layer->type & LAYER_TYPE_L3) + { + set_tuple2((const char *)handler->data_ptr + layer->hdr_offset, layer->type, tuple); + return 0; + } + } + + return -1; +} + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple4(const struct packet *handler, struct tuple4 *tuple) +{ + const struct layer_record *layer_l3 = NULL; + const struct layer_record *layer_l4 = NULL; + const struct layer_record *layer = NULL; + + for (int8_t i = handler->layers_used - 1; i >= 0; i--) + { + layer = &handler->layers[i]; + + // first get L4 layer + if (layer->type & LAYER_TYPE_L4) + { + layer_l4 = layer; + continue; + } + + // second get L3 layer + if (layer->type & LAYER_TYPE_L3) + { + layer_l3 = layer; + break; + } + } + + if (layer_l3 && layer_l4) + { + set_tuple4((const char *)handler->data_ptr + layer_l3->hdr_offset, layer_l3->type, tuple); + set_tuple4((const char *)handler->data_ptr + layer_l4->hdr_offset, layer_l4->type, tuple); + return 0; + } + else + { + return -1; + } +} + +// return 0 : found +// return -1 : not found +int packet_get_outermost_tuple4(const struct packet *handler, struct tuple4 *tuple) +{ + const struct layer_record *layer_l3 = NULL; + const struct layer_record *layer_l4 = NULL; + const struct layer_record *layer = NULL; + + for (int8_t i = 0; i < handler->layers_used; i++) + { + layer = &handler->layers[i]; + + // first get L3 layer + if (layer->type & LAYER_TYPE_L3) + { + layer_l3 = layer; + continue; + } + + // second get L4 layer + if (layer->type & LAYER_TYPE_L4) + { + layer_l4 = layer; + break; + } + } + + if (layer_l3 && layer_l4) + { + set_tuple4((const char *)handler->data_ptr + layer_l3->hdr_offset, layer_l3->type, tuple); + set_tuple4((const char *)handler->data_ptr + layer_l4->hdr_offset, layer_l4->type, tuple); + return 0; + } + else + { + return -1; + } +} + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple6(const struct packet *handler, struct tuple6 *tuple) +{ + const struct layer_record *layer_l3 = NULL; + const struct layer_record *layer_l4 = NULL; + const struct layer_record *layer = NULL; + + for (int8_t i = handler->layers_used - 1; i >= 0; i--) + { + layer = &handler->layers[i]; + + // first get L4 layer + if (layer->type & LAYER_TYPE_L4) + { + layer_l4 = layer; + continue; + } + + // second get L3 layer + if (layer->type & LAYER_TYPE_L3) + { + layer_l3 = layer; + break; + } + } + + if (layer_l3 && layer_l4) + { + set_tuple6((const char *)handler->data_ptr + layer_l3->hdr_offset, layer_l3->type, tuple, handler->zone_id); + set_tuple6((const char *)handler->data_ptr + layer_l4->hdr_offset, layer_l4->type, tuple, handler->zone_id); + return 0; + } + else + { + return -1; + } +} + +// return 0 : found +// return -1 : not found +int packet_get_outermost_tuple6(const struct packet *handler, struct tuple6 *tuple) +{ + const struct layer_record *layer_l3 = NULL; + const struct layer_record *layer_l4 = NULL; + const struct layer_record *layer = NULL; + + for (int8_t i = 0; i < handler->layers_used; i++) + { + layer = &handler->layers[i]; + + // first get L3 layer + if (layer->type & LAYER_TYPE_L3) + { + layer_l3 = layer; + continue; + } + + // second get L4 layer + if (layer->type & LAYER_TYPE_L4) + { + layer_l4 = layer; + break; + } + } + + if (layer_l3 && layer_l4) + { + set_tuple6((const char *)handler->data_ptr + layer_l3->hdr_offset, layer_l3->type, tuple, handler->zone_id); + set_tuple6((const char *)handler->data_ptr + layer_l4->hdr_offset, layer_l4->type, tuple, handler->zone_id); + return 0; + } + else + { + return -1; + } +} + +const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type) +{ + const struct layer_record *layer = NULL; + + for (int8_t i = handler->layers_used - 1; i >= 0; i--) + { + layer = &handler->layers[i]; + if (layer->type & type) + { + return layer; + } + } + + return NULL; +} + +const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type) +{ + const struct layer_record *layer = NULL; + + for (int8_t i = 0; i < handler->layers_used; i++) + { + layer = &handler->layers[i]; + if (layer->type & type) + { + return layer; + } + } + + return NULL; +} + +// direction 1: E2I +// direction 0: I2E +uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction) +{ + uint64_t temp = 0; + uint64_t hash_value = 1; + + int inner_addr_len = 0; + int outer_addr_len = 0; + const char *inner_src_addr = NULL; + const char *inner_dst_addr = NULL; + const char *outer_src_addr = NULL; + const char *outer_dst_addr = NULL; + + struct tuple2 inner_addr; + struct tuple2 outer_addr; + + if (handler == NULL) + { + return hash_value; + } + + if (packet_get_innermost_tuple2(handler, &inner_addr) == -1) + { + return hash_value; + } + + if (packet_get_outermost_tuple2(handler, &outer_addr) == -1) + { + return hash_value; + } + + if (inner_addr.ip_type == IP_TYPE_V4) + { + inner_src_addr = (const char *)&inner_addr.src_addr.v4; + inner_dst_addr = (const char *)&inner_addr.dst_addr.v4; + inner_addr_len = sizeof(struct in_addr); + } + else + { + inner_src_addr = (const char *)&inner_addr.src_addr.v6; + inner_dst_addr = (const char *)&inner_addr.dst_addr.v6; + inner_addr_len = sizeof(struct in6_addr); + } + + if (outer_addr.ip_type == IP_TYPE_V4) + { + outer_src_addr = (const char *)&outer_addr.src_addr.v4; + outer_dst_addr = (const char *)&outer_addr.dst_addr.v4; + outer_addr_len = sizeof(struct in_addr); + } + else + { + outer_src_addr = (const char *)&outer_addr.src_addr.v6; + outer_dst_addr = (const char *)&outer_addr.dst_addr.v6; + outer_addr_len = sizeof(struct in6_addr); + } + + switch (method) + { + case LDBC_METHOD_HASH_INT_IP: + if (direction) + { + // direction 1: E2I + HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value); + } + else + { + // direction 0: I2E + HASH_VALUE(outer_src_addr, outer_addr_len, hash_value); + } + break; + case LDBC_METHOD_HASH_EXT_IP: + if (direction) + { + // direction 1: E2I + HASH_VALUE(outer_src_addr, outer_addr_len, hash_value); + } + else + { + // direction 0: I2E + HASH_VALUE(outer_dst_addr, outer_addr_len, hash_value); + } + break; + case LDBC_METHOD_HASH_INT_IP_AND_EXT_IP: + HASH_VALUE(outer_src_addr, outer_addr_len, hash_value); + HASH_VALUE(outer_dst_addr, outer_addr_len, temp); + hash_value = hash_value ^ temp; + break; + case LDBC_METHOD_HASH_INNERMOST_INT_IP: + if (direction) + { + // direction 1: E2I + HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value); + } + else + { + // direction 0: I2E + HASH_VALUE(inner_src_addr, inner_addr_len, hash_value); + } + break; + case LDBC_METHOD_HASH_INNERMOST_EXT_IP: + if (direction) + { + // direction 1: E2I + HASH_VALUE(inner_src_addr, inner_addr_len, hash_value); + } + else + { + // direction 0: I2E + HASH_VALUE(inner_dst_addr, inner_addr_len, hash_value); + } + break; + default: + return hash_value; + } + +#if 0 + char *inner_addr_str = tuple2_tostring(&inner_addr); + char *outer_addr_str = tuple2_tostring(&outer_addr); + printf("%s: outer_addr: %s, inner_addr: %s, dir: %s, hash_method: %s, hash_value: %lu\n", + LOG_PACKET, outer_addr_str, inner_addr_str, (direction ? "E2I" : "I2E"), ldbc_method_tostring(method), hash_value); + free(inner_addr_str); + free(outer_addr_str); +#endif + + return hash_value; +} diff --git a/src/packet/packet.h b/src/packet/packet.h index fbde808..e718041 100644 --- a/src/packet/packet.h +++ b/src/packet/packet.h @@ -6,7 +6,108 @@ extern "C" { #endif -struct packet; +#include +#include +#include "tuple.h" + +#define PACKET_MAX_LAYERS 16 +//#define PACKET_LOG_ERROR(format, ...) void(0) +#ifndef PACKET_LOG_ERROR +#define PACKET_LOG_ERROR(format, ...) \ + fprintf(stderr, "ERROR " format "\n", ##__VA_ARGS__); +#endif + +enum layer_type +{ + // 数据链路层 + LAYER_TYPE_ETHER = 1 << 0, + LAYER_TYPE_PPP = 1 << 1, + LAYER_TYPE_HDLC = 1 << 2, + LAYER_TYPE_L2 = (LAYER_TYPE_ETHER | LAYER_TYPE_PPP | LAYER_TYPE_HDLC), + + // 数据链路层 -- 隧道 + LAYER_TYPE_VLAN = 1 << 3, + LAYER_TYPE_PPPOE = 1 << 4, + LAYER_TYPE_MPLS = 1 << 5, + LAYER_TYPE_L2_TUN = (LAYER_TYPE_VLAN | LAYER_TYPE_PPPOE | LAYER_TYPE_MPLS), + + // 网络层 + LAYER_TYPE_IPV4 = 1 << 6, + LAYER_TYPE_IPV6 = 1 << 7, + LAYER_TYPE_L3 = (LAYER_TYPE_IPV4 | LAYER_TYPE_IPV6), + + // 网络层 -- 隧道 + LAYER_TYPE_GRE = 1 << 8, + LAYER_TYPE_L3_TUN = (LAYER_TYPE_GRE), + + // 传输层 + LAYER_TYPE_UDP = 1 << 9, + LAYER_TYPE_TCP = 1 << 10, + LAYER_TYPE_L4 = (LAYER_TYPE_UDP | LAYER_TYPE_TCP), + + // 传输层 -- 隧道 + LAYER_TYPE_VXLAN = 1 << 11, + LAYER_TYPE_GTPV1_U = 1 << 12, + + // ALL + LAYER_TYPE_ALL = (LAYER_TYPE_L2 | LAYER_TYPE_L2_TUN | LAYER_TYPE_L3 | LAYER_TYPE_L3_TUN | LAYER_TYPE_L4 | LAYER_TYPE_VXLAN | LAYER_TYPE_GTPV1_U), +}; + +enum ldbc_method +{ + LDBC_METHOD_HASH_INT_IP = 1, + LDBC_METHOD_HASH_EXT_IP = 2, + LDBC_METHOD_HASH_INT_IP_AND_EXT_IP = 3, + LDBC_METHOD_HASH_INNERMOST_INT_IP = 4, + LDBC_METHOD_HASH_INNERMOST_EXT_IP = 5, +}; + +struct layer_record +{ + enum layer_type type; + const char *hdr_ptr; // header pointer + const char *pld_ptr; // payload pointer + uint16_t hdr_offset; // header offset from data_ptr + uint16_t hdr_len; // header length + uint16_t pld_len; // payload length +}; + +struct packet +{ + struct layer_record layers[PACKET_MAX_LAYERS]; + int8_t layers_used; + int8_t layers_size; + + const char *data_ptr; + uint16_t data_len; + uint64_t zone_id; +}; + +// return innermost payload +const char *packet_parse(struct packet *handler, const char *data, uint16_t len); +void packet_print(const struct packet *handler); + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple2(const struct packet *handler, struct tuple2 *tuple); +int packet_get_outermost_tuple2(const struct packet *handler, struct tuple2 *tuple); + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple4(const struct packet *handler, struct tuple4 *tuple); +int packet_get_outermost_tuple4(const struct packet *handler, struct tuple4 *tuple); + +// return 0 : found +// return -1 : not found +int packet_get_innermost_tuple6(const struct packet *handler, struct tuple6 *tuple); +int packet_get_outermost_tuple6(const struct packet *handler, struct tuple6 *tuple); + +const struct layer_record *packet_get_innermost_layer(const struct packet *handler, enum layer_type type); +const struct layer_record *packet_get_outermost_layer(const struct packet *handler, enum layer_type type); + +// direction 1: E2I +// direction 0: I2E +uint64_t packet_get_hash(const struct packet *handler, enum ldbc_method method, int direction); #ifdef __cpluscplus }