capture: add support for IP-IP tunnel

This commit is contained in:
Evgeny Khramtsov 2021-12-15 20:54:42 +03:00 committed by FIRST_NAME LAST_NAME
parent 0e96a6f81d
commit f1492d8e41
7 changed files with 99 additions and 41 deletions

View File

@ -485,57 +485,69 @@ capture_packet_reasm_ip(capture_info_t *capinfo, const struct pcap_pkthdr *heade
}
}
// Get IP header
ip4 = (struct ip *) (packet + link_hl);
while (*size >= sizeof(struct ip)) {
// Get IP header
ip4 = (struct ip *) (packet + link_hl);
#ifdef USE_IPV6
// Get IPv6 header
ip6 = (struct ip6_hdr *) (packet + link_hl);
// Get IPv6 header
ip6 = (struct ip6_hdr *) (packet + link_hl);
#endif
// Get IP version
ip_ver = ip4->ip_v;
// Get IP version
ip_ver = ip4->ip_v;
switch (ip_ver) {
case 4:
ip_hl = ip4->ip_hl * 4;
ip_proto = ip4->ip_p;
ip_off = ntohs(ip4->ip_off);
ip_len = ntohs(ip4->ip_len);
switch (ip_ver) {
case 4:
ip_hl = ip4->ip_hl * 4;
ip_proto = ip4->ip_p;
ip_off = ntohs(ip4->ip_off);
ip_len = ntohs(ip4->ip_len);
ip_frag = ip_off & (IP_MF | IP_OFFMASK);
ip_frag_off = (ip_frag) ? (ip_off & IP_OFFMASK) * 8 : 0;
ip_id = ntohs(ip4->ip_id);
ip_frag = ip_off & (IP_MF | IP_OFFMASK);
ip_frag_off = (ip_frag) ? (ip_off & IP_OFFMASK) * 8 : 0;
ip_id = ntohs(ip4->ip_id);
inet_ntop(AF_INET, &ip4->ip_src, src.ip, sizeof(src.ip));
inet_ntop(AF_INET, &ip4->ip_dst, dst.ip, sizeof(dst.ip));
break;
inet_ntop(AF_INET, &ip4->ip_src, src.ip, sizeof(src.ip));
inet_ntop(AF_INET, &ip4->ip_dst, dst.ip, sizeof(dst.ip));
break;
#ifdef USE_IPV6
case 6:
ip_hl = sizeof(struct ip6_hdr);
ip_proto = ip6->ip6_nxt;
ip_len = ntohs(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen) + ip_hl;
case 6:
ip_hl = sizeof(struct ip6_hdr);
ip_proto = ip6->ip6_nxt;
ip_len = ntohs(ip6->ip6_ctlun.ip6_un1.ip6_un1_plen) + ip_hl;
if (ip_proto == IPPROTO_FRAGMENT) {
struct ip6_frag *ip6f = (struct ip6_frag *) (ip6 + ip_hl);
ip_frag_off = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
ip_id = ntohl(ip6f->ip6f_ident);
}
if (ip_proto == IPPROTO_FRAGMENT) {
struct ip6_frag *ip6f = (struct ip6_frag *) (ip6 + ip_hl);
ip_frag_off = ntohs(ip6f->ip6f_offlg & IP6F_OFF_MASK);
ip_id = ntohl(ip6f->ip6f_ident);
}
inet_ntop(AF_INET6, &ip6->ip6_src, src.ip, sizeof(src.ip));
inet_ntop(AF_INET6, &ip6->ip6_dst, dst.ip, sizeof(dst.ip));
break;
inet_ntop(AF_INET6, &ip6->ip6_src, src.ip, sizeof(src.ip));
inet_ntop(AF_INET6, &ip6->ip6_dst, dst.ip, sizeof(dst.ip));
break;
#endif
default:
return NULL;
default:
return NULL;
}
// Fixup VSS trailer in ethernet packets
*caplen = link_hl + ip_len;
// Remove IP Header length from payload
*size = *caplen - link_hl - ip_hl;
if (ip_proto == IPPROTO_IPIP) {
// The payload is an incapsulated IP packet (IP-IP tunnel)
// so we simply skip the "outer" IP header and repeat.
// NOTE: this will break IP reassembly if the "outer"
// packet is fragmented.
link_hl += ip_hl;
} else {
break;
}
}
// Fixup VSS trailer in ethernet packets
*caplen = link_hl + ip_len;
// Remove IP Header length from payload
*size = *caplen - link_hl - ip_hl;
// If no fragmentation
if (ip_frag == 0) {
// Just create a new packet with given network data

View File

@ -2,6 +2,7 @@ AUTOMAKE_OPTIONS=subdir-objects
check_PROGRAMS=test-001 test-002 test-003 test-004 test-005
check_PROGRAMS+=test-006 test-007 test-008 test-009 test-010
check_PROGRAMS+=test-011
test_001_SOURCES=test_001.c
test_002_SOURCES=test_002.c
@ -13,5 +14,6 @@ test_007_SOURCES=test_007.c ../src/vector.c ../src/util.c
test_008_SOURCES=test_008.c
test_009_SOURCES=test_009.c
test_010_SOURCES=test_010.c ../src/hash.c
test_011_SOURCES=test_011.c
TESTS = $(check_PROGRAMS)

View File

@ -1,6 +1,6 @@
Basic testing programs for sngrep.
This set of test will do some basic inputs to check sngrep screen navigation
This set of test will do some basic inputs to check sngrep screen navigation
doesn't crash. This checks are ultra-super-basic.
- test_001 : UI testing
@ -10,6 +10,7 @@ doesn't crash. This checks are ultra-super-basic.
- test_005 : Column selection testing
- test_006 : Message diff testing
- test_007: Test vector container structures
- test_011: Test mix of normal packets with IPIP tunneled packets
Sample capture files has been taken from wireshark Wiki:
- https://wiki.wireshark.org/SampleCaptures

BIN
tests/ipip.pcap Normal file

Binary file not shown.

View File

@ -20,7 +20,7 @@
**
****************************************************************************/
/**
* @file test_001.c
* @file test_008.c
* @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
*
* Test for sorting columns based on standard attributes

View File

@ -20,7 +20,7 @@
**
****************************************************************************/
/**
* @file test_001.c
* @file test_009.c
* @author Ivan Alonso [aka Kaian] <kaian@irontec.com>
*
* Test for adding a new attribute column and sorting using it.

43
tests/test_011.c Normal file
View File

@ -0,0 +1,43 @@
/**************************************************************************
**
** sngrep - SIP Messages flow viewer
**
** Copyright (C) 2013-2018 Ivan Alonso (Kaian)
** Copyright (C) 2013-2018 Irontec SL. All rights reserved.
**
** This program is free software: you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation, either version 3 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program. If not, see <http://www.gnu.org/licenses/>.
**
****************************************************************************/
/**
* @file test_011.c
* @author Evgeny Khramtsov <evgeny.khramtsov@nordigy.ru>
*
* IP-IP tunnel test from ipip.pcap
*/
const char keys[] =
{
/* Enter Call Flow */
10,
/* Leave Call Flow */
27,
/* Exit */
27,
10,
0
};
#define TEST_PCAP_INPUT "ipip.pcap"
#include "test_input.c"