Skip to content

Commit

Permalink
pcap: Add ipv4 fragments tcp test
Browse files Browse the repository at this point in the history
  • Loading branch information
@wader
wader committed Feb 20, 2023
1 parent ab80713 commit d4ea663
Show file tree
Hide file tree
Showing 3 changed files with 122 additions and 0 deletions.
3 changes: 3 additions & 0 deletions format/inet/flowsdecoder/flowsdecoder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,9 @@ func (fd *Decoder) packet(p gopacket.Packet) error {
Datagram: sb.Bytes(),
})

// i think this replaces p with the newly defragmented ip packet and is
// used below when reassembling tcp streams
// see gopacket reassemblydump example
pb, ok := p.(gopacket.PacketBuilder)
if !ok {
panic("not a PacketBuilder")
Expand Down
Binary file added format/pcap/testdata/tcp-ipv4frag.pcap
View file
Binary file not shown.
119 changes: 119 additions & 0 deletions format/pcap/testdata/tcp-ipv4frag.pcap.fqtest
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
# tcprewrite --fragroute=<(echo ip_frag 1000) --infile=http_gzip.cap --outfile=tcp-ipv4frag.pcap
$ fq '.ipv4_reassembled, .tcp_connections | dv' tcp-ipv4frag.pcap
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.ipv4_reassembled[0:2]: 0x70f-NA (0)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| [0]{}: ipv4_packet (ipv4_packet) 0x0-0x1f0.7 (497)
0x000|45 |E | version: 4 0x0-0x0.3 (0.4)
0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4)
0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6)
0x000| 00 | . | ecn: 0 0x1.6-0x1.7 (0.2)
0x000| 01 f1 | .. | total_length: 497 0x2-0x3.7 (2)
0x000| f5 db | .. | identification: 62939 0x4-0x5.7 (2)
0x000| 00 | . | reserved: 0 0x6-0x6 (0.1)
0x000| 00 | . | dont_fragment: false 0x6.1-0x6.1 (0.1)
0x000| 00 | . | more_fragments: false 0x6.2-0x6.2 (0.1)
0x000| 00 00 | .. | fragment_offset: 0 0x6.3-0x7.7 (1.5)
0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1)
0x000| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x9-0x9.7 (1)
0x000| 77 d7 | w. | header_checksum: 0x77d7 (valid) 0xa-0xb.7 (2)
0x000| c0 a8 45 02| ..E.| source_ip: "192.168.69.2" (0xc0a84502) 0xc-0xf.7 (4)
0x001|c0 a8 45 01 |..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x10-0x13.7 (4)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (tcp_segment) 0x14-0x1f0.7 (477)
0x001| 85 0b | .. | source_port: 34059 0x14-0x15.7 (2)
0x001| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x16-0x17.7 (2)
0x001| 8f f5 a2 33 | ...3 | sequence_number: 2415239731 0x18-0x1b.7 (4)
0x001| 96 18 93 27| ...'| acknowledgment_number: 2518192935 0x1c-0x1f.7 (4)
0x002|80 |. | data_offset: 8 0x20-0x20.3 (0.4)
0x002|80 |. | reserved: 0 0x20.4-0x20.6 (0.3)
0x002|80 |. | ns: false 0x20.7-0x20.7 (0.1)
0x002| 18 | . | cwr: false 0x21-0x21 (0.1)
0x002| 18 | . | ece: false 0x21.1-0x21.1 (0.1)
0x002| 18 | . | urg: false 0x21.2-0x21.2 (0.1)
0x002| 18 | . | ack: true 0x21.3-0x21.3 (0.1)
0x002| 18 | . | psh: true 0x21.4-0x21.4 (0.1)
0x002| 18 | . | rst: false 0x21.5-0x21.5 (0.1)
0x002| 18 | . | syn: false 0x21.6-0x21.6 (0.1)
0x002| 18 | . | fin: false 0x21.7-0x21.7 (0.1)
0x002| 00 2e | .. | window_size: 46 0x22-0x23.7 (2)
0x002| 16 ca | .. | checksum: 0x16ca 0x24-0x25.7 (2)
0x002| 00 00 | .. | urgent_pointer: 0 0x26-0x27.7 (2)
| | | options[0:3]: 0x28-0x33.7 (12)
| | | [0]{}: option 0x28-0x28.7 (1)
0x002| 01 | . | kind: "nop" (1) (No operation) 0x28-0x28.7 (1)
| | | [1]{}: option 0x29-0x29.7 (1)
0x002| 01 | . | kind: "nop" (1) (No operation) 0x29-0x29.7 (1)
| | | [2]{}: option 0x2a-0x33.7 (10)
0x002| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2a-0x2a.7 (1)
0x002| 0a | . | length: 10 0x2b-0x2b.7 (1)
0x002| 77 e3 57 eb| w.W.| value: 2011387883 0x2c-0x2f.7 (4)
0x003|19 c9 2c e4 |..,. | echo_reply: 432614628 0x30-0x33.7 (4)
0x003| 47 45 54 20 2f 74 65 73 74 2f 65 74| GET /test/et| payload: raw bits 0x34-0x1f0.7 (445)
0x004|68 65 72 65 61 6c 2e 68 74 6d 6c 20 48 54 54 50|hereal.html HTTP|
* |until 0x1f0.7 (end) (445) | |
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| [1]{}: ipv4_packet (ipv4_packet) 0x0-0x1c5.7 (454)
0x000|45 |E | version: 4 0x0-0x0.3 (0.4)
0x000|45 |E | ihl: 5 0x0.4-0x0.7 (0.4)
0x000| 00 | . | dscp: 0 0x1-0x1.5 (0.6)
0x000| 00 | . | ecn: 0 0x1.6-0x1.7 (0.2)
0x000| 01 c6 | .. | total_length: 454 0x2-0x3.7 (2)
0x000| bf c4 | .. | identification: 49092 0x4-0x5.7 (2)
0x000| 00 | . | reserved: 0 0x6-0x6 (0.1)
0x000| 00 | . | dont_fragment: false 0x6.1-0x6.1 (0.1)
0x000| 00 | . | more_fragments: false 0x6.2-0x6.2 (0.1)
0x000| 00 00 | .. | fragment_offset: 0 0x6.3-0x7.7 (1.5)
0x000| 40 | @ | ttl: 64 0x8-0x8.7 (1)
0x000| 06 | . | protocol: "tcp" (6) (Transmission control protocol) 0x9-0x9.7 (1)
0x000| ae 19 | .. | header_checksum: 0xae19 (valid) 0xa-0xb.7 (2)
0x000| c0 a8 45 01| ..E.| source_ip: "192.168.69.1" (0xc0a84501) 0xc-0xf.7 (4)
0x001|c0 a8 45 02 |..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x10-0x13.7 (4)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| payload{}: (tcp_segment) 0x14-0x1c5.7 (434)
0x001| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x14-0x15.7 (2)
0x001| 85 0b | .. | destination_port: 34059 0x16-0x17.7 (2)
0x001| 96 18 93 27 | ...' | sequence_number: 2518192935 0x18-0x1b.7 (4)
0x001| 8f f5 a3 f0| ....| acknowledgment_number: 2415240176 0x1c-0x1f.7 (4)
0x002|80 |. | data_offset: 8 0x20-0x20.3 (0.4)
0x002|80 |. | reserved: 0 0x20.4-0x20.6 (0.3)
0x002|80 |. | ns: false 0x20.7-0x20.7 (0.1)
0x002| 18 | . | cwr: false 0x21-0x21 (0.1)
0x002| 18 | . | ece: false 0x21.1-0x21.1 (0.1)
0x002| 18 | . | urg: false 0x21.2-0x21.2 (0.1)
0x002| 18 | . | ack: true 0x21.3-0x21.3 (0.1)
0x002| 18 | . | psh: true 0x21.4-0x21.4 (0.1)
0x002| 18 | . | rst: false 0x21.5-0x21.5 (0.1)
0x002| 18 | . | syn: false 0x21.6-0x21.6 (0.1)
0x002| 18 | . | fin: false 0x21.7-0x21.7 (0.1)
0x002| 19 20 | . | window_size: 6432 0x22-0x23.7 (2)
0x002| 2e ef | .. | checksum: 0x2eef 0x24-0x25.7 (2)
0x002| 00 00 | .. | urgent_pointer: 0 0x26-0x27.7 (2)
| | | options[0:3]: 0x28-0x33.7 (12)
| | | [0]{}: option 0x28-0x28.7 (1)
0x002| 01 | . | kind: "nop" (1) (No operation) 0x28-0x28.7 (1)
| | | [1]{}: option 0x29-0x29.7 (1)
0x002| 01 | . | kind: "nop" (1) (No operation) 0x29-0x29.7 (1)
| | | [2]{}: option 0x2a-0x33.7 (10)
0x002| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x2a-0x2a.7 (1)
0x002| 0a | . | length: 10 0x2b-0x2b.7 (1)
0x002| 19 c9 2c e6| ..,.| value: 432614630 0x2c-0x2f.7 (4)
0x003|77 e3 57 eb |w.W. | echo_reply: 2011387883 0x30-0x33.7 (4)
0x003| 48 54 54 50 2f 31 2e 31 20 32 30 30| HTTP/1.1 200| payload: raw bits 0x34-0x1c5.7 (402)
0x004|20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20| OK..Date: Fri, |
* |until 0x1c5.7 (end) (402) | |
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.tcp_connections[0:1]: 0x70f-NA (0)
| | | [0]{}: tcp_connection 0x70f-NA (0)
| | | client{}: 0x70f-NA (0)
| | | ip: "192.168.69.2" 0x70f-NA (0)
| | | port: 34059 0x70f-NA (0)
| | | has_start: true 0x70f-NA (0)
| | | has_end: true 0x70f-NA (0)
| | | skipped_bytes: 0 0x70f-NA (0)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|47 45 54 20 2f 74 65 73 74 2f 65 74 68 65 72 65|GET /test/ethere| stream: raw bits 0x0-0x1bc.7 (445)
* |until 0x1bc.7 (end) (445) | |
| | | server{}: 0x70f-NA (0)
| | | ip: "192.168.69.1" 0x70f-NA (0)
| | | port: "http" (80) (World Wide Web HTTP) 0x70f-NA (0)
| | | has_start: true 0x70f-NA (0)
| | | has_end: true 0x70f-NA (0)
| | | skipped_bytes: 0 0x70f-NA (0)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x000|48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d|HTTP/1.1 200 OK.| stream: raw bits 0x0-0x191.7 (402)
* |until 0x191.7 (end) (402) | |

0 comments on commit d4ea663

Please sign in to comment.