wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-11-29 23:27:12 +03:00
Code Issues Projects Releases Wiki Activity

tcp: Ignore TCP option check for now as it seems unreliable in dumps

Browse Source 
For example MSS can be to small in local dumps
This commit is contained in:
Mattias Wadman 2023-01-28 20:48:31 +01:00
parent a2cdb3d6c9
commit 1eb5e502af
5 changed files with 46 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
format/inet/flowsdecoder/flowsdecoder.go
View File

@ -30,7 +30,7 @@ type TCPConnection struct {
Client TCPDirection Client TCPDirection
Server TCPDirection Server TCPDirection
tcpState *reassembly.TCPSimpleFSM tcpState *reassembly.TCPSimpleFSM
optChecker reassembly.TCPOptionCheck optChecker *reassembly.TCPOptionCheck
net gopacket.Flow net gopacket.Flow
transport gopacket.Flow transport gopacket.Flow
} }
@ -41,11 +41,13 @@ func (t *TCPConnection) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir rea
// TODO: handle err? // TODO: handle err?
return false return false
} }
if t.optChecker != nil {
// has ok options? // has ok options?
if err := t.optChecker.Accept(tcp, ci, dir, nextSeq, start); err != nil { if err := t.optChecker.Accept(tcp, ci, dir, nextSeq, start); err != nil {
// TODO: handle err? // TODO: handle err?
return false return false
} }
}
// TODO: checksum? // TODO: checksum?
// accept // accept
@ -130,7 +132,11 @@ func (fd *Decoder) New(net, transport gopacket.Flow, tcp *layers.TCP, ac reassem
net: net, net: net,
transport: transport, transport: transport,
tcpState: reassembly.NewTCPSimpleFSM(fsmOptions), tcpState: reassembly.NewTCPSimpleFSM(fsmOptions),
optChecker: reassembly.NewTCPOptionCheck(), }
if fd.Options.CheckTCPOptions {
c := reassembly.NewTCPOptionCheck()
stream.optChecker = &c
} }
fd.TCPConnections = append(fd.TCPConnections, stream) fd.TCPConnections = append(fd.TCPConnections, stream)
@ -139,6 +145,8 @@ func (fd *Decoder) New(net, transport gopacket.Flow, tcp *layers.TCP, ac reassem
} }
type Decoder struct { type Decoder struct {
Options DecoderOptions
TCPConnections []*TCPConnection TCPConnections []*TCPConnection
IPV4Reassembled []IPV4Reassembled IPV4Reassembled []IPV4Reassembled
@ -146,8 +154,14 @@ type Decoder struct {
tcpAssembler *reassembly.Assembler tcpAssembler *reassembly.Assembler
} }
func New() *Decoder { type DecoderOptions struct {
flowDecoder := &Decoder{} CheckTCPOptions bool
}
func New(options DecoderOptions) *Decoder {
flowDecoder := &Decoder{
Options: options,
}
streamPool := reassembly.NewStreamPool(flowDecoder) streamPool := reassembly.NewStreamPool(flowDecoder)
tcpAssembler := reassembly.NewAssembler(streamPool) tcpAssembler := reassembly.NewAssembler(streamPool)
flowDecoder.tcpAssembler = tcpAssembler flowDecoder.tcpAssembler = tcpAssembler

2
format/pcap/pcap.go
View File

@ -90,7 +90,7 @@ func decodePcap(d *decode.D, _ any) any {
}) })
d.Endian = endian d.Endian = endian
fd := flowsdecoder.New() fd := flowsdecoder.New(flowsdecoder.DecoderOptions{CheckTCPOptions: false})
d.FieldArray("packets", func(d *decode.D) { d.FieldArray("packets", func(d *decode.D) {
for !d.End() { for !d.End() {

2
format/pcap/pcapng.go
View File

@ -364,7 +364,7 @@ type decodeContext struct {
func decodePcapng(d *decode.D, _ any) any { func decodePcapng(d *decode.D, _ any) any {
sectionHeaders := 0 sectionHeaders := 0
for !d.End() { for !d.End() {
fd := flowsdecoder.New() fd := flowsdecoder.New(flowsdecoder.DecoderOptions{CheckTCPOptions: false})
dc := decodeContext{ dc := decodeContext{
interfaceTypes: map[int]int{}, interfaceTypes: map[int]int{},
flowDecoder: fd, flowDecoder: fd,

19
format/pcap/testdata/sll2_tcp_mss_wrong.fqtest vendored Normal file
View File

@ -0,0 +1,19 @@
# test that fq ignores tcp mss option that is too small as it seems to be unreliable when dumping packets
$ fq -d pcap '.tcp_connections | dv' sll2_tcp_mss_wrong.pcap
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.tcp_connections[0:1]: 0x1e5-NA (0)
| | | [0]{}: tcp_connection 0x1e5-NA (0)
| | | client{}: 0x1e5-NA (0)
| | | ip: "127.0.0.1" 0x1e5-NA (0)
| | | port: 47174 0x1e5-NA (0)
| | | has_start: true 0x1e5-NA (0)
| | | has_end: false 0x1e5-NA (0)
| | | skipped_bytes: 0 0x1e5-NA (0)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|
0x0|74 65 73 74 0a| |test.| | stream: raw bits 0x0-0x4.7 (5)
| | | server{}: 0x1e5-NA (0)
| | | ip: "127.0.0.1" 0x1e5-NA (0)
| | | port: 1234 0x1e5-NA (0)
| | | has_start: true 0x1e5-NA (0)
| | | has_end: false 0x1e5-NA (0)
| | | skipped_bytes: 0 0x1e5-NA (0)
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef| stream: raw bits 0x0-NA (0)

BIN
format/pcap/testdata/sll2_tcp_mss_wrong.pcap vendored Normal file
View File

Binary file not shown.