gfwleak/stellar-stellar
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for parsing PPP headers with variable lengths

Browse Source
This commit is contained in:
luwenpeng
2024-05-31 14:35:58 +08:00
parent 2d958dbe07
commit f3b92a8a15
4 changed files with 226 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
test/packet_parser/cmp_layers.sh
View File

@@ -13,38 +13,143 @@ else
fi
# remove l7 protocol fields
function replace() {
file=$1
array=(":data" ":ntp" ":rip" ":isakmp" ":esp" ":udpencap" ":sip" ":sdp" ":rtcp" ":rtp" ":ssh" ":dns" ":ssl" ":gquic" ":http-text-lines" ":http" ":msmms" ":bfd" ":ftp-data-text-lines" ":ftp" ":ssdp" ":mdns" ":radius" ":pop" ":smtp" ":rtmpt" ":bittorrent" ":oicq" ":json" ":media" ":x11" ":telnet" ":nbss:smb" ":memcache" ":rtspi" ":rdt" ":rtsp" ":nbns" ":nbdgm:smb:browser" ":lcp" ":chap" ":ipcp" ":comp_data" ":ccp" ":snmp" ":socks" ":bgp" ":eigrp" ":bootp" ":xml" ":echo" ":vssmonitoring" ":mndp" ":websocket-text-lines" ":websocket" ":image-jfif" ":png" ":pkix1implicit" ":x509sat" ":x509ce" ":pkix1explicit" ":llmnr" ":pkcs-1")
for key in "${array[@]}"; do
sed "s/$key//g" ${file} >.tmp.txt
mv .tmp.txt ${file}
function preprocess_tshark_ouput() {
input_file=$1
output_file=$2
cp ${input_file} ${output_file}
kv_array=(
":data" ""
":ntp" ""
":rip" ""
":isakmp" ""
":esp" ""
":udpencap" ""
":sip" ""
":sdp" ""
":rtcp" ""
":rtp" ""
":ssh" ""
":dns" ""
":ssl" ""
":gquic" ""
":http-text-lines" ""
":http" ""
":msmms" ""
":bfd" ""
":ftp-data-text-lines" ""
":ftp" ""
":ssdp" ""
":mdns" ""
":radius" ""
":pop" ""
":smtp" ""
":rtmpt" ""
":bittorrent" ""
":oicq" ""
":json" ""
":media" ""
":x11" ""
":telnet" ""
":nbss:smb" ""
":memcache" ""
":rtspi" ""
":rdt" ""
":rtsp" ""
":nbns" ""
":nbdgm:smb:browser" ""
":lcp" ""
":chap" ""
":ipcp" ""
":comp_data" ""
":ccp" ""
":snmp" ""
":socks" ""
":bgp" ""
":eigrp" ""
":bootp" ""
":xml" ""
":echo" ""
":vssmonitoring" ""
":mndp" ""
":websocket-text-lines" ""
":websocket" ""
":image-jfif" ""
":png" ""
":pkix1implicit" ""
":x509sat" ""
":x509ce" ""
":pkix1explicit" ""
":llmnr" ""
":pkcs-1" ""
":bitcoin" ""
":image-gif" ""
":dhcpv6" ""
":tcp:pptp" ":tcp"
":ieee8021ad" ":vlan"
":tcp-text-lines" ":tcp"
)
for ((i = 0; i < ${#kv_array[@]}; i += 2)); do
key=${kv_array[i]}
val=${kv_array[i + 1]}
sed "s/$key/$val/g" ${output_file} >${output_file}.tmp
mv ${output_file}.tmp ${output_file}
done
}
output_dir="cmp_output/"
# When MPLS is nested, packet_parser will output multiple mpls fields, and tshark will only output one mpls field, so we need to preprocess the output
function preprocess_parser_ouput() {
input_file=$1
output_file=$2
cp ${input_file} ${output_file}
kv_array=(
":mpls:mpls" ":mpls"
)
for ((i = 0; i < ${#kv_array[@]}; i += 2)); do
key=${kv_array[i]}
val=${kv_array[i + 1]}
sed "s/$key/$val/g" ${output_file} >${output_file}.tmp
mv ${output_file}.tmp ${output_file}
done
}
err_count=0
pass_count=0
curr_count=0
total_count=${#pcap_files[@]}
tmp_file_dir="cmp_tmp_files/"
err_pcap_dir="cmp_err_pcaps/"
rm -rf ${err_pcap_dir} && mkdir ${err_pcap_dir}
for pcap in "${pcap_files[@]}"; do
rm -rf ${output_dir} && mkdir ${output_dir}
rm -rf ${tmp_file_dir} && mkdir ${tmp_file_dir}
curr_count=$((curr_count + 1))
# tshark output frame.protocols
tshark -r ${pcap} -T fields -e frame.number -e frame.protocols >>${output_dir}/tshark.txt
tshark -r ${pcap} -T fields -e frame.number -e frame.protocols >>${tmp_file_dir}/tshark_output.txt
# packet_parser output frame.protocols
./packet_parser -f ${pcap} -p >>${output_dir}/parser.txt
./packet_parser -f ${pcap} -p >>${tmp_file_dir}/parser_output.txt
# compare tshark and packet_parser output
cp ${output_dir}/tshark.txt ${output_dir}/expect.txt
replace ${output_dir}/expect.txt
diff ${output_dir}/expect.txt ${output_dir}/parser.txt >>${output_dir}/diff.txt
preprocess_tshark_ouput ${tmp_file_dir}/tshark_output.txt ${tmp_file_dir}/tshark_format.txt
preprocess_parser_ouput ${tmp_file_dir}/parser_output.txt ${tmp_file_dir}/parser_format.txt
diff ${tmp_file_dir}/tshark_format.txt ${tmp_file_dir}/parser_format.txt >>${tmp_file_dir}/diff.txt
# print result
line_count=$(cat ${output_dir}/diff.txt | wc -l)
line_count=$(cat ${tmp_file_dir}/diff.txt | wc -l)
if [ "$line_count" -ne 0 ]; then
printf "\033[31m ${pcap} TEST FAILED \033[0m\n"
cat ${output_dir}/diff.txt | head -n 100
#exit 0
printf "\033[31m [${curr_count}/${total_count}] ${pcap} TEST FAILED \033[0m\n"
cat ${tmp_file_dir}/diff.txt | head -n 100
cp ${pcap} ${err_pcap_dir}
err_count=$((err_count + 1))
else
printf "\033[32m ${pcap} TEST PASSED \033[0m\n"
printf "\033[32m [${curr_count}/${total_count}] ${pcap} TEST PASSED \033[0m\n"
pass_count=$((pass_count + 1))
fi
done
printf "\033[32m\nTotal: ${total_count}, Passed: ${pass_count}, Failed: ${err_count}\033[0m\n"
if [ "$err_count" -ne 0 ]; then
printf "\033[31mFailed pcap files are saved in ${err_pcap_dir}\033[0m\n"
fi