Skip to content
Permalink
Browse files

OSPF fixes, added handleRawPacketData func

  • Loading branch information...
dreadl0ck committed Jan 12, 2019
1 parent c232065 commit 5725bf952d991371a32ac26a7272eb825128d91c
Showing with 73 additions and 122 deletions.
  1. +3 −0 cmd/flags.go
  2. +2 −0 cmd/main.go
  3. +1 −19 collector/live.go
  4. +1 −19 collector/live_linux.go
  5. +1 −23 collector/pcap.go
  6. +1 −23 collector/pcapNG.go
  7. +25 −0 collector/utils.go
  8. +14 −14 encoder/ospfv3.go
  9. +20 −20 types/ospfv2.go
  10. +4 −3 types/utils.go
  11. +1 −1 zeus/data.yml
@@ -55,4 +55,7 @@ var (
flagPromiscMode = flag.Bool("promisc", true, "toggle promiscous mode for live capture")
flagSnapLen = flag.Int("snaplen", 1024, "configure snaplen for live capture from interface")
flagPrintProtocolOverview = flag.Bool("overview", false, "print a list of all available encoders and fields")

flagBaseLayer = flag.String("base", "ethernet", "select base layer")
flagDecodeOptions = flag.String("opts", "lazy", "select decoding options")
)
@@ -140,6 +140,8 @@ func main() {
Source: source,
Version: netcap.Version,
},
BaseLayer: utils.GetBaseLayer(*flagBaseLayer),
DecodeOptions: utils.GetDecodeOptions(*flagDecodeOptions),
})

// read ncap file and print to stdout
@@ -19,8 +19,6 @@ import (
"io"

"github.com/dreadl0ck/netcap/encoder"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/pkg/errors"
)
@@ -66,23 +64,7 @@ func (c *Collector) CollectLive(i string, bpf string) error {
return errors.Wrap(err, "Error reading packet data")
}

c.printProgressLive()

// init packet and set capture info and timestamp
p := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Lazy)
p.Metadata().Timestamp = ci.Timestamp
p.Metadata().CaptureInfo = ci

// if HTTP capture is desired, tcp stream reassembly needs to be performed.
// the gopacket/reassembly implementation does not allow packets to arrive out of order
// therefore the http decoding must not happen in a worker thread
// and instead be performed here to guarantee packets are being processed sequentially
if encoder.HTTPActive {
encoder.DecodeHTTP(p)
}

// pass packet to worker for decoding and further processing
c.handlePacket(p)
c.handleRawPacketData(data, ci)
}

// run cleanup on channel exit
@@ -19,8 +19,6 @@ import (
"io"

"github.com/dreadl0ck/netcap/encoder"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
"github.com/pkg/errors"
)
@@ -66,23 +64,7 @@ func (c *Collector) CollectLive(i string, bpf string) error {
return errors.Wrap(err, "Error reading packet data")
}

c.printProgressLive()

// init packet and set capture info and timestamp
p := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Lazy)
p.Metadata().Timestamp = ci.Timestamp
p.Metadata().CaptureInfo = ci

// if HTTP capture is desired, tcp stream reassembly needs to be performed.
// the gopacket/reassembly implementation does not allow packets to arrive out of order
// therefore the http decoding must not happen in a worker thread
// and instead be performed here to guarantee packets are being processed sequentially
if encoder.HTTPActive {
encoder.DecodeHTTP(p)
}

// pass packet to worker for decoding and further processing
c.handlePacket(p)
c.handleRawPacketData(data, ci)
}

// run cleanup on channel exit
@@ -20,10 +20,7 @@ import (
"os"
"time"

"github.com/dreadl0ck/netcap/encoder"
humanize "github.com/dustin/go-humanize"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
"github.com/pkg/errors"
)
@@ -139,26 +136,7 @@ func (c *Collector) CollectPcap(path string) error {
return errors.Wrap(err, "Error reading packet data: ")
}

// show progress
c.printProgress()

// create a new gopacket with lazy decoding
// base layer is currently Ethernet
// TODO make base layer configurable
p := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Lazy)
p.Metadata().Timestamp = ci.Timestamp
p.Metadata().CaptureInfo = ci

// if HTTP capture is desired, tcp stream reassembly needs to be performed.
// the gopacket/reassembly implementation does not allow packets to arrive out of order
// therefore the http decoding must not happen in a worker thread
// and instead be performed here to guarantee packets are being processed sequentially
if encoder.HTTPActive {
encoder.DecodeHTTP(p)
}

// pass packet to a worker routine
c.handlePacket(p)
c.handleRawPacketData(data, ci)
}
c.cleanup()
return nil
@@ -19,10 +19,7 @@ import (
"os"
"time"

"github.com/dreadl0ck/netcap/encoder"
humanize "github.com/dustin/go-humanize"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
"github.com/pkg/errors"
)
@@ -118,26 +115,7 @@ func (c *Collector) CollectPcapNG(path string) error {
return errors.Wrap(err, "Error reading packet data")
}

// show progress
c.printProgress()

// create a new gopacket with lazy decoding
// base layer is currently Ethernet
// TODO make base layer configurable
p := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Lazy)
p.Metadata().Timestamp = ci.Timestamp
p.Metadata().CaptureInfo = ci

// if HTTP capture is desired, tcp stream reassembly needs to be performed.
// the gopacket/reassembly implementation does not allow packets to arrive out of order
// therefore the http decoding must not happen in a worker thread
// and instead be performed here to guarantee packets are being processed sequentially
if encoder.HTTPActive {
encoder.DecodeHTTP(p)
}

// pass packet to a worker routine
c.handlePacket(p)
c.handleRawPacketData(data, ci)
}
c.cleanup()
return nil
@@ -19,12 +19,37 @@ import (
"sync/atomic"
"time"

"github.com/dreadl0ck/netcap/encoder"
"github.com/golang/protobuf/proto"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"golang.org/x/net/bpf"
)

func (c *Collector) handleRawPacketData(data []byte, ci gopacket.CaptureInfo) {

// show progress
c.printProgress()

// create a new gopacket with lazy decoding
// base layer is by default Ethernet
p := gopacket.NewPacket(data, c.config.BaseLayer, c.config.DecodeOptions)
p.Metadata().Timestamp = ci.Timestamp
p.Metadata().CaptureInfo = ci

// if HTTP capture is desired, tcp stream reassembly needs to be performed.
// the gopacket/reassembly implementation does not allow packets to arrive out of order
// therefore the http decoding must not happen in a worker thread
// and instead be performed here to guarantee packets are being processed sequentially
if encoder.HTTPActive {
encoder.DecodeHTTP(p)
}

// pass packet to a worker routine
c.handlePacket(p)
}

// printProgressLive prints live statistics.
func (c *Collector) printProgressLive() {
// must be locked, otherwise a race occurs when sending a SIGINT and triggering wg.Wait() in another goroutine...
@@ -30,7 +30,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
lSAs []*types.LSAheader
)
switch v := ospf3.Content.(type) {
case *layers.HelloPkg:
case layers.HelloPkg:
hello = &types.HelloPkg{
InterfaceID: uint32(v.InterfaceID),
RtrPriority: int32(v.RtrPriority),
@@ -41,7 +41,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
BackupDesignatedRouterID: uint32(v.BackupDesignatedRouterID),
NeighborID: []uint32(v.NeighborID),
}
case *layers.DbDescPkg:
case layers.DbDescPkg:
var lsas []*types.LSAheader
for _, h := range v.LSAinfo {
lsas = append(lsas, &types.LSAheader{
@@ -62,15 +62,15 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
DDSeqNumber: uint32(v.DDSeqNumber),
LSAinfo: lsas, // []*LSAheader
}
case []*layers.LSReq:
case []layers.LSReq:
for _, r := range v {
lSR = append(lSR, &types.LSReq{
LSType: int32(r.LSType),
LSID: uint32(r.LSID),
AdvRouter: uint32(r.AdvRouter),
})
}
case *layers.LSUpdate:
case layers.LSUpdate:
var lsas []*types.LSA
for _, l := range v.LSAs {
var (
@@ -85,7 +85,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
intraAreaPrefixLSA *types.IntraAreaPrefixLSA
)
switch v := l.Content.(type) {
case *layers.RouterLSAV2:
case layers.RouterLSAV2:
var routers []*types.RouterV2
for _, r := range v.Routers {
routers = append(routers, &types.RouterV2{
@@ -100,15 +100,15 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
Links: int32(v.Links),
Routers: routers, // []*RouterV2,
}
case *layers.ASExternalLSAV2:
case layers.ASExternalLSAV2:
asExternalLSAV2 = &types.ASExternalLSAV2{
NetworkMask: uint32(v.NetworkMask),
ExternalBit: int32(v.ExternalBit),
Metric: uint32(v.Metric),
ForwardingAddress: uint32(v.ForwardingAddress),
ExternalRouteTag: uint32(v.ExternalRouteTag),
}
case *layers.RouterLSA:
case layers.RouterLSA:
var routers []*types.Router
for _, r := range v.Routers {
routers = append(routers, &types.Router{
@@ -124,25 +124,25 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
Options: uint32(v.Options),
Routers: routers, // []*Router
}
case *layers.NetworkLSA:
case layers.NetworkLSA:
networkLSA = &types.NetworkLSA{
Options: uint32(v.Options),
AttachedRouter: []uint32(v.AttachedRouter),
}
case *layers.InterAreaPrefixLSA:
case layers.InterAreaPrefixLSA:
interAreaPrefixLSA = &types.InterAreaPrefixLSA{
Metric: uint32(v.Metric),
PrefixLength: int32(v.PrefixLength),
PrefixOptions: int32(v.PrefixOptions),
AddressPrefix: []byte(v.AddressPrefix),
}
case *layers.InterAreaRouterLSA:
case layers.InterAreaRouterLSA:
interAreaRouterLSA = &types.InterAreaRouterLSA{
Options: uint32(v.Options),
Metric: uint32(v.Metric),
DestinationRouterID: uint32(v.DestinationRouterID),
}
case *layers.ASExternalLSA:
case layers.ASExternalLSA:
asExternalLSA = &types.ASExternalLSA{
Flags: int32(v.Flags),
Metric: uint32(v.Metric),
@@ -154,7 +154,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
ExternalRouteTag: uint32(v.ExternalRouteTag),
RefLinkStateID: uint32(v.RefLinkStateID),
}
case *layers.LinkLSA:
case layers.LinkLSA:
var prefixes []*types.LSAPrefix
for _, r := range v.Prefixes {
prefixes = append(prefixes, &types.LSAPrefix{
@@ -171,7 +171,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
NumOfPrefixes: uint32(v.NumOfPrefixes),
Prefixes: prefixes, // []*LSAPrefix
}
case *layers.IntraAreaPrefixLSA:
case layers.IntraAreaPrefixLSA:
var prefixes []*types.LSAPrefix
for _, r := range v.Prefixes {
prefixes = append(prefixes, &types.LSAPrefix{
@@ -215,7 +215,7 @@ var ospfv3Encoder = CreateLayerEncoder(types.Type_NC_OSPFv3, layers.LayerTypeOSP
NumOfLSAs: uint32(v.NumOfLSAs),
LSAs: lsas, // []*LSA
}
case []*layers.LSAheader:
case []layers.LSAheader:
for _, r := range v {
lSAs = append(lSAs, &types.LSAheader{
LSAge: int32(r.LSAge),

0 comments on commit 5725bf9

Please sign in to comment.
You can’t perform that action at this time.