1
1
mirror of https://github.com/wader/fq.git synced 2024-11-23 18:56:52 +03:00

Merge pull request #49 from wader/bsd-lo-and-link-group

pcap,pcapng,bsd_loopback_frame: Add decoder, refactor link frame into…
This commit is contained in:
Mattias Wadman 2022-01-03 21:16:18 +01:00 committed by GitHub
commit cbb90cdb85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 1098 additions and 956 deletions

View File

@ -94,7 +94,7 @@ cp fq /usr/local/bin
[./formats_list.jq]: sh-start [./formats_list.jq]: sh-start
aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bzip2, dns, dns_tcp, elf, ether8023_frame, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, icmp, id3v1, id3v11, id3v2, ipv4_packet, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, sll2_packet, sll_packet, tar, tcp_segment, tiff, udp_datagram, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bsd_loopback_frame, bzip2, dns, dns_tcp, elf, ether8023_frame, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, icmp, id3v1, id3v11, id3v2, ipv4_packet, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, sll2_packet, sll_packet, tar, tcp_segment, tiff, udp_datagram, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip
[#]: sh-end [#]: sh-end

View File

@ -18,6 +18,7 @@
|`avc_pps` |H.264/AVC&nbsp;Picture&nbsp;Parameter&nbsp;Set |<sub></sub>| |`avc_pps` |H.264/AVC&nbsp;Picture&nbsp;Parameter&nbsp;Set |<sub></sub>|
|`avc_sei` |H.264/AVC&nbsp;Supplemental&nbsp;Enhancement&nbsp;Information |<sub></sub>| |`avc_sei` |H.264/AVC&nbsp;Supplemental&nbsp;Enhancement&nbsp;Information |<sub></sub>|
|`avc_sps` |H.264/AVC&nbsp;Sequence&nbsp;Parameter&nbsp;Set |<sub></sub>| |`avc_sps` |H.264/AVC&nbsp;Sequence&nbsp;Parameter&nbsp;Set |<sub></sub>|
|`bsd_loopback_frame` |BSD&nbsp;loopback&nbsp;frame |<sub>`ipv4_packet`</sub>|
|`bzip2` |bzip2&nbsp;compression |<sub>`probe`</sub>| |`bzip2` |bzip2&nbsp;compression |<sub>`probe`</sub>|
|`dns` |DNS&nbsp;packet |<sub></sub>| |`dns` |DNS&nbsp;packet |<sub></sub>|
|`dns_tcp` |DNS&nbsp;packet&nbsp;(TCP) |<sub></sub>| |`dns_tcp` |DNS&nbsp;packet&nbsp;(TCP) |<sub></sub>|
@ -57,8 +58,8 @@
|`ogg` |OGG&nbsp;file |<sub>`ogg_page` `vorbis_packet` `opus_packet` `flac_metadatablock` `flac_frame`</sub>| |`ogg` |OGG&nbsp;file |<sub>`ogg_page` `vorbis_packet` `opus_packet` `flac_metadatablock` `flac_frame`</sub>|
|`ogg_page` |OGG&nbsp;page |<sub></sub>| |`ogg_page` |OGG&nbsp;page |<sub></sub>|
|`opus_packet` |Opus&nbsp;packet |<sub>`vorbis_comment`</sub>| |`opus_packet` |Opus&nbsp;packet |<sub>`vorbis_comment`</sub>|
|`pcap` |PCAP&nbsp;packet&nbsp;capture |<sub>`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`</sub>| |`pcap` |PCAP&nbsp;packet&nbsp;capture |<sub>`link_frame` `tcp_stream` `ipv4_packet`</sub>|
|`pcapng` |PCAPNG&nbsp;packet&nbsp;capture |<sub>`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`</sub>| |`pcapng` |PCAPNG&nbsp;packet&nbsp;capture |<sub>`link_frame` `tcp_stream` `ipv4_packet`</sub>|
|`png` |Portable&nbsp;Network&nbsp;Graphics&nbsp;file |<sub>`icc_profile` `exif`</sub>| |`png` |Portable&nbsp;Network&nbsp;Graphics&nbsp;file |<sub>`icc_profile` `exif`</sub>|
|`protobuf` |Protobuf |<sub></sub>| |`protobuf` |Protobuf |<sub></sub>|
|`protobuf_widevine` |Widevine&nbsp;protobuf |<sub>`protobuf`</sub>| |`protobuf_widevine` |Widevine&nbsp;protobuf |<sub>`protobuf`</sub>|
@ -81,6 +82,7 @@
|`xing` |Xing&nbsp;header |<sub></sub>| |`xing` |Xing&nbsp;header |<sub></sub>|
|`zip` |ZIP&nbsp;archive |<sub>`probe`</sub>| |`zip` |ZIP&nbsp;archive |<sub>`probe`</sub>|
|`image` |Group |<sub>`gif` `jpeg` `mp4` `png` `tiff` `webp`</sub>| |`image` |Group |<sub>`gif` `jpeg` `mp4` `png` `tiff` `webp`</sub>|
|`link_frame` |Group |<sub>`bsd_loopback_frame` `ether8023_frame` `sll2_packet` `sll_packet`</sub>|
|`probe` |Group |<sub>`adts` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`</sub>| |`probe` |Group |<sub>`adts` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`</sub>|
|`tcp_stream` |Group |<sub>`dns`</sub>| |`tcp_stream` |Group |<sub>`dns`</sub>|
|`udp_payload` |Group |<sub>`dns`</sub>| |`udp_payload` |Group |<sub>`dns`</sub>|

File diff suppressed because it is too large Load Diff

Before

Width:  |  Height:  |  Size: 102 KiB

After

Width:  |  Height:  |  Size: 99 KiB

View File

@ -271,9 +271,9 @@ func dnsUDPDecode(d *decode.D, in interface{}) interface{} {
} }
d.Fatalf("wrong port") d.Fatalf("wrong port")
} }
if udi, ok := in.(format.UDPDatagramIn); ok { if upi, ok := in.(format.UDPPayloadIn); ok {
if udi.DestinationPort == format.UDPPortDomain || udi.SourcePort == format.UDPPortDomain || if upi.DestinationPort == format.UDPPortDomain || upi.SourcePort == format.UDPPortDomain ||
udi.DestinationPort == format.UDPPortMDNS || udi.SourcePort == format.UDPPortMDNS { upi.DestinationPort == format.UDPPortMDNS || upi.SourcePort == format.UDPPortMDNS {
return dnsDecode(d, false) return dnsDecode(d, false)
} }
d.Fatalf("wrong port") d.Fatalf("wrong port")

View File

@ -8,6 +8,7 @@ const (
IMAGE = "image" IMAGE = "image"
TCP_STREAM = "tcp_stream" TCP_STREAM = "tcp_stream"
UDP_PAYLOAD = "udp_payload" UDP_PAYLOAD = "udp_payload"
LINK_FRAME = "link_frame"
RAW = "raw" RAW = "raw"
JSON = "json" JSON = "json"
@ -15,6 +16,7 @@ const (
DNS = "dns" DNS = "dns"
DNS_TCP = "dns_tcp" DNS_TCP = "dns_tcp"
ETHER8023_FRAME = "ether8023_frame" ETHER8023_FRAME = "ether8023_frame"
BSD_LOOPBACK_FRAME = "bsd_loopback_frame"
SLL_PACKET = "sll_packet" SLL_PACKET = "sll_packet"
SLL2_PACKET = "sll2_packet" SLL2_PACKET = "sll2_packet"
IPV4_PACKET = "ipv4_packet" IPV4_PACKET = "ipv4_packet"
@ -187,7 +189,17 @@ type MP3FrameOut struct {
ChannelModeIndex int ChannelModeIndex int
} }
type UDPDatagramIn struct { type In struct {
SourcePort int
DestinationPort int
}
type LinkFrameIn struct {
Type int
LittleEndian bool // pcap endian etc
}
type UDPPayloadIn struct {
SourcePort int SourcePort int
DestinationPort int DestinationPort int
} }

View File

@ -0,0 +1,58 @@
package inet
// TODO: rename NetworkLayer? wireshark calls it "Family", pcap-linktype(7) calls it "network-layer protocol"
import (
"github.com/wader/fq/format"
"github.com/wader/fq/format/registry"
"github.com/wader/fq/pkg/decode"
"github.com/wader/fq/pkg/scalar"
)
var bsdLoopbackFrameIPv4Format decode.Group
func init() {
registry.MustRegister(decode.Format{
Name: format.BSD_LOOPBACK_FRAME,
Description: "BSD loopback frame",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{
{Names: []string{format.IPV4_PACKET}, Group: &bsdLoopbackFrameIPv4Format},
},
DecodeFn: decodeLoopbackFrame,
})
}
const (
bsdLoopbackNetworkLayerIPv4 = 2
)
var bsdLoopbackFrameNetworkLayerFormat = map[uint64]*decode.Group{
bsdLoopbackNetworkLayerIPv4: &bsdLoopbackFrameIPv4Format,
}
var bsdLookbackNetworkLayerMap = scalar.UToScalar{
bsdLoopbackNetworkLayerIPv4: {Sym: "ipv4", Description: `Internet protocol v4`},
}
func decodeLoopbackFrame(d *decode.D, in interface{}) interface{} {
lsi, ok := in.(format.LinkFrameIn)
if ok {
if lsi.Type != format.LinkTypeNULL {
d.Fatalf("wrong link type")
}
if lsi.LittleEndian {
d.Endian = decode.LittleEndian
}
}
// if no LinkFrameIn assume big endian for now
networkLayer := d.FieldU32("network_layer", bsdLookbackNetworkLayerMap, scalar.Hex)
if g, ok := bsdLoopbackFrameNetworkLayerFormat[networkLayer]; ok {
d.FieldFormatLen("packet", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
}
return nil
}

View File

@ -18,10 +18,11 @@ func init() {
registry.MustRegister(decode.Format{ registry.MustRegister(decode.Format{
Name: format.ETHER8023_FRAME, Name: format.ETHER8023_FRAME,
Description: "Ethernet 802.3 frame", Description: "Ethernet 802.3 frame",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{ Dependencies: []decode.Dependency{
{Names: []string{format.IPV4_PACKET}, Group: &ether8023FrameIPv4Format}, {Names: []string{format.IPV4_PACKET}, Group: &ether8023FrameIPv4Format},
}, },
DecodeFn: decodeEthernet, DecodeFn: decodeEthernetFrame,
}) })
} }
@ -37,7 +38,13 @@ var mapUToEtherSym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
return s, nil return s, nil
}) })
func decodeEthernet(d *decode.D, in interface{}) interface{} { func decodeEthernetFrame(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeETHERNET {
d.Fatalf("wrong link type")
}
}
d.FieldU("destination", 48, mapUToEtherSym, scalar.Hex) d.FieldU("destination", 48, mapUToEtherSym, scalar.Hex)
d.FieldU("source", 48, mapUToEtherSym, scalar.Hex) d.FieldU("source", 48, mapUToEtherSym, scalar.Hex)
etherType := d.FieldU16("ether_type", format.EtherTypeMap, scalar.Hex) etherType := d.FieldU16("ether_type", format.EtherTypeMap, scalar.Hex)

View File

@ -141,6 +141,10 @@ func (fd *Decoder) EthernetFrame(bs []byte) error {
return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeEthernet, gopacket.Lazy)) return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeEthernet, gopacket.Lazy))
} }
func (fd *Decoder) LoopbackFrame(bs []byte) error {
return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeLoopback, gopacket.Lazy))
}
func (fd *Decoder) packet(p gopacket.Packet) error { func (fd *Decoder) packet(p gopacket.Packet) error {
// TODO: linkType // TODO: linkType
ip4Layer := p.Layer(layers.LayerTypeIPv4) ip4Layer := p.Layer(layers.LayerTypeIPv4)

View File

@ -16,6 +16,7 @@ func init() {
registry.MustRegister(decode.Format{ registry.MustRegister(decode.Format{
Name: format.SLL2_PACKET, Name: format.SLL2_PACKET,
Description: "Linux cooked capture encapsulation v2", Description: "Linux cooked capture encapsulation v2",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{ Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format}, {Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format},
}, },
@ -28,6 +29,12 @@ var sllPacket2FrameTypeFormat = map[uint64]*decode.Group{
} }
func decodeSLL2(d *decode.D, in interface{}) interface{} { func decodeSLL2(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeLINUX_SLL2 {
d.Fatalf("wrong link type")
}
}
protcolType := d.FieldU16("protocol_type", format.EtherTypeMap, scalar.Hex) protcolType := d.FieldU16("protocol_type", format.EtherTypeMap, scalar.Hex)
d.FieldU16("reserved") d.FieldU16("reserved")
d.FieldU32("interface_index") d.FieldU32("interface_index")

View File

@ -16,6 +16,7 @@ func init() {
registry.MustRegister(decode.Format{ registry.MustRegister(decode.Format{
Name: format.SLL_PACKET, Name: format.SLL_PACKET,
Description: "Linux cooked capture encapsulation", Description: "Linux cooked capture encapsulation",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{ Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format}, {Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format},
}, },
@ -112,6 +113,12 @@ var arpHdrTypeMAp = scalar.UToScalar{
} }
func decodeSLL(d *decode.D, in interface{}) interface{} { func decodeSLL(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeLINUX_SLL {
d.Fatalf("wrong link type")
}
}
d.FieldU16("packet_type", sllPacketTypeMap) d.FieldU16("packet_type", sllPacketTypeMap)
arpHdrType := d.FieldU16("arphdr_type", arpHdrTypeMAp) arpHdrType := d.FieldU16("arphdr_type", arpHdrTypeMAp)
addressLength := d.FieldU16("link_address_length") addressLength := d.FieldU16("link_address_length")

View File

@ -27,7 +27,7 @@ func decodeUDP(d *decode.D, in interface{}) interface{} {
d.FieldU16("checksum", scalar.Hex) d.FieldU16("checksum", scalar.Hex)
dataLen := int64(length-8) * 8 dataLen := int64(length-8) * 8
if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpPayloadFormat, format.UDPDatagramIn{ if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpPayloadFormat, format.UDPPayloadIn{
SourcePort: int(soucePort), SourcePort: int(soucePort),
DestinationPort: int(destPort), DestinationPort: int(destPort),
}); dv == nil { }); dv == nil {

View File

@ -11,9 +11,7 @@ import (
"github.com/wader/fq/pkg/scalar" "github.com/wader/fq/pkg/scalar"
) )
var pcapEther8023Format decode.Group var pcapLinkFrameFormat decode.Group
var pcapSLLPacket decode.Group
var pcapSLL2Packet decode.Group
var pcapTCPStreamFormat decode.Group var pcapTCPStreamFormat decode.Group
var pcapIPv4PacketFormat decode.Group var pcapIPv4PacketFormat decode.Group
@ -33,9 +31,7 @@ func init() {
Description: "PCAP packet capture", Description: "PCAP packet capture",
Groups: []string{format.PROBE}, Groups: []string{format.PROBE},
Dependencies: []decode.Dependency{ Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &pcapEther8023Format}, {Names: []string{format.LINK_FRAME}, Group: &pcapLinkFrameFormat},
{Names: []string{format.SLL_PACKET}, Group: &pcapSLLPacket},
{Names: []string{format.SLL2_PACKET}, Group: &pcapSLL2Packet},
{Names: []string{format.TCP_STREAM}, Group: &pcapTCPStreamFormat}, {Names: []string{format.TCP_STREAM}, Group: &pcapTCPStreamFormat},
{Names: []string{format.IPV4_PACKET}, Group: &pcapIPv4PacketFormat}, {Names: []string{format.IPV4_PACKET}, Group: &pcapIPv4PacketFormat},
}, },
@ -89,9 +85,10 @@ func decodePcap(d *decode.D, in interface{}) interface{} {
_ = fn(fd, bs) _ = fn(fd, bs)
} }
if g, ok := linkToFormat[linkType]; ok { if dv, _, _ := d.TryFieldFormatLen("packet", int64(inclLen)*8, pcapLinkFrameFormat, format.LinkFrameIn{
d.FieldFormatLen("packet", int64(inclLen)*8, *g, nil) Type: linkType,
} else { LittleEndian: d.Endian == decode.LittleEndian,
}); dv == nil {
d.FieldRawLen("packet", int64(inclLen)*8) d.FieldRawLen("packet", int64(inclLen)*8)
} }
}) })

View File

@ -13,9 +13,7 @@ import (
"github.com/wader/fq/pkg/scalar" "github.com/wader/fq/pkg/scalar"
) )
var pcapngEther8023Format decode.Group var pcapngLinkFrameFormat decode.Group
var pcapngSLLPacketFormat decode.Group
var pcapngSLL2PacketFormat decode.Group
var pcapngTCPStreamFormat decode.Group var pcapngTCPStreamFormat decode.Group
var pcapngIPvPacket4Format decode.Group var pcapngIPvPacket4Format decode.Group
@ -26,9 +24,7 @@ func init() {
RootArray: true, RootArray: true,
Groups: []string{format.PROBE}, Groups: []string{format.PROBE},
Dependencies: []decode.Dependency{ Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &pcapngEther8023Format}, {Names: []string{format.LINK_FRAME}, Group: &pcapngLinkFrameFormat},
{Names: []string{format.SLL_PACKET}, Group: &pcapngSLLPacketFormat},
{Names: []string{format.SLL2_PACKET}, Group: &pcapngSLL2PacketFormat},
{Names: []string{format.TCP_STREAM}, Group: &pcapngTCPStreamFormat}, {Names: []string{format.TCP_STREAM}, Group: &pcapngTCPStreamFormat},
{Names: []string{format.IPV4_PACKET}, Group: &pcapngIPvPacket4Format}, {Names: []string{format.IPV4_PACKET}, Group: &pcapngIPvPacket4Format},
}, },
@ -244,12 +240,12 @@ var blockFns = map[uint64]func(d *decode.D, dc *decodeContext){
if fn, ok := linkToDecodeFn[linkType]; ok { if fn, ok := linkToDecodeFn[linkType]; ok {
// TODO: report decode errors // TODO: report decode errors
_ = fn(dc.flowDecoder, bs) _ = fn(dc.flowDecoder, bs)
_ = fn(dc.flowDecoder, bs)
} }
if g, ok := linkToFormat[linkType]; ok { if dv, _, _ := d.TryFieldFormatLen("packet", int64(capturedLength)*8, pcapngLinkFrameFormat, format.LinkFrameIn{
d.FieldFormatLen("packet", int64(capturedLength)*8, *g, nil) Type: linkType,
} else { LittleEndian: d.Endian == decode.LittleEndian,
}); dv == nil {
d.FieldRawLen("packet", int64(capturedLength)*8) d.FieldRawLen("packet", int64(capturedLength)*8)
} }

View File

@ -9,14 +9,8 @@ import (
"github.com/wader/fq/pkg/decode" "github.com/wader/fq/pkg/decode"
) )
// TODO: is shared between pcap and pcapng
var linkToFormat = map[int]*decode.Group{
format.LinkTypeETHERNET: &pcapngEther8023Format,
format.LinkTypeLINUX_SLL: &pcapngSLLPacketFormat,
format.LinkTypeLINUX_SLL2: &pcapngSLL2PacketFormat,
}
var linkToDecodeFn = map[int]func(fd *flowsdecoder.Decoder, bs []byte) error{ var linkToDecodeFn = map[int]func(fd *flowsdecoder.Decoder, bs []byte) error{
format.LinkTypeNULL: (*flowsdecoder.Decoder).LoopbackFrame,
format.LinkTypeETHERNET: (*flowsdecoder.Decoder).EthernetFrame, format.LinkTypeETHERNET: (*flowsdecoder.Decoder).EthernetFrame,
format.LinkTypeLINUX_SLL: (*flowsdecoder.Decoder).SLLPacket, format.LinkTypeLINUX_SLL: (*flowsdecoder.Decoder).SLLPacket,
format.LinkTypeLINUX_SLL2: func(fd *flowsdecoder.Decoder, bs []byte) error { format.LinkTypeLINUX_SLL2: func(fd *flowsdecoder.Decoder, bs []byte) error {

View File

@ -490,9 +490,32 @@ $ fq -d pcapng verbose /many_interfaces.pcapng
0x0750| c0 6d 62 c9 | .mb. | timestamp_low: 3378671040 0x758-0x75b.7 (4) 0x0750| c0 6d 62 c9 | .mb. | timestamp_low: 3378671040 0x758-0x75b.7 (4)
0x0750| a8 00 00 00| ....| capture_packet_length: 168 0x75c-0x75f.7 (4) 0x0750| a8 00 00 00| ....| capture_packet_length: 168 0x75c-0x75f.7 (4)
0x0760|a8 00 00 00 |.... | original_packet_length: 168 0x760-0x763.7 (4) 0x0760|a8 00 00 00 |.... | original_packet_length: 168 0x760-0x763.7 (4)
0x0760| 02 00 00 00 45 00 00 a4 c6 ce 00 00| ....E.......| packet: raw bits 0x764-0x80b.7 (168) | | | packet{}: (bsd_loopback_frame) 0x764-0x80b.7 (168)
0x0770|40 11 f1 47 c0 a8 01 8b ff ff ff ff 44 5c 44 5c|@..G........D\D\| 0x0760| 02 00 00 00 | .... | network_layer: "ipv4" (0x2) (Internet protocol v4) 0x764-0x767.7 (4)
* |until 0x80b.7 (168) | | | | | packet{}: (ipv4_packet) 0x768-0x80b.7 (164)
0x0760| 45 | E | version: 4 0x768-0x768.3 (0.4)
0x0760| 45 | E | ihl: 5 0x768.4-0x768.7 (0.4)
0x0760| 00 | . | dscp: 0 0x769-0x769.5 (0.6)
0x0760| 00 | . | ecn: 0 0x769.6-0x769.7 (0.2)
0x0760| 00 a4 | .. | total_length: 164 0x76a-0x76b.7 (2)
0x0760| c6 ce | .. | identification: 50894 0x76c-0x76d.7 (2)
0x0760| 00 | . | reserved: 0 0x76e-0x76e (0.1)
0x0760| 00 | . | dont_fragment: false 0x76e.1-0x76e.1 (0.1)
0x0760| 00 | . | more_fragments: false 0x76e.2-0x76e.2 (0.1)
0x0760| 00 00| ..| fragment_offset: 0 0x76e.3-0x76f.7 (1.5)
0x0770|40 |@ | ttl: 64 0x770-0x770.7 (1)
0x0770| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x771-0x771.7 (1)
0x0770| f1 47 | .G | header_checksum: 0xf147 (valid) 0x772-0x773.7 (2)
0x0770| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x774-0x777.7 (4)
0x0770| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x778-0x77b.7 (4)
| | | data{}: (udp_datagram) 0x77c-0x80b.7 (144)
0x0770| 44 5c | D\ | source_port: 17500 0x77c-0x77d.7 (2)
0x0770| 44 5c| D\| destination_port: 17500 0x77e-0x77f.7 (2)
0x0780|00 90 |.. | length: 144 0x780-0x781.7 (2)
0x0780| ba 03 | .. | checksum: 0xba03 0x782-0x783.7 (2)
0x0780| 7b 22 68 6f 73 74 5f 69 6e 74 22 3a| {"host_int":| data: raw bits 0x784-0x80b.7 (136)
0x0790|20 34 30 39 34 35 31 34 34 38 33 2c 20 22 76 65| 4094514483, "ve|
* |until 0x80b.7 (136) | |
| | | padding: raw bits 0x80c-NA (0) | | | padding: raw bits 0x80c-NA (0)
| | | options[0:0]: 0x80c-NA (0) | | | options[0:0]: 0x80c-NA (0)
0x0800| c8 00 00 00| ....| footer_length: 200 0x80c-0x80f.7 (4) 0x0800| c8 00 00 00| ....| footer_length: 200 0x80c-0x80f.7 (4)
@ -504,9 +527,32 @@ $ fq -d pcapng verbose /many_interfaces.pcapng
0x0820|be 6e 62 c9 |.nb. | timestamp_low: 3378671294 0x820-0x823.7 (4) 0x0820|be 6e 62 c9 |.nb. | timestamp_low: 3378671294 0x820-0x823.7 (4)
0x0820| a8 00 00 00 | .... | capture_packet_length: 168 0x824-0x827.7 (4) 0x0820| a8 00 00 00 | .... | capture_packet_length: 168 0x824-0x827.7 (4)
0x0820| a8 00 00 00 | .... | original_packet_length: 168 0x828-0x82b.7 (4) 0x0820| a8 00 00 00 | .... | original_packet_length: 168 0x828-0x82b.7 (4)
0x0820| 02 00 00 00| ....| packet: raw bits 0x82c-0x8d3.7 (168) | | | packet{}: (bsd_loopback_frame) 0x82c-0x8d3.7 (168)
0x0830|45 00 00 a4 60 b4 00 00 40 11 94 ba c0 a8 01 8b|E...`...@.......| 0x0820| 02 00 00 00| ....| network_layer: "ipv4" (0x2) (Internet protocol v4) 0x82c-0x82f.7 (4)
* |until 0x8d3.7 (168) | | | | | packet{}: (ipv4_packet) 0x830-0x8d3.7 (164)
0x0830|45 |E | version: 4 0x830-0x830.3 (0.4)
0x0830|45 |E | ihl: 5 0x830.4-0x830.7 (0.4)
0x0830| 00 | . | dscp: 0 0x831-0x831.5 (0.6)
0x0830| 00 | . | ecn: 0 0x831.6-0x831.7 (0.2)
0x0830| 00 a4 | .. | total_length: 164 0x832-0x833.7 (2)
0x0830| 60 b4 | `. | identification: 24756 0x834-0x835.7 (2)
0x0830| 00 | . | reserved: 0 0x836-0x836 (0.1)
0x0830| 00 | . | dont_fragment: false 0x836.1-0x836.1 (0.1)
0x0830| 00 | . | more_fragments: false 0x836.2-0x836.2 (0.1)
0x0830| 00 00 | .. | fragment_offset: 0 0x836.3-0x837.7 (1.5)
0x0830| 40 | @ | ttl: 64 0x838-0x838.7 (1)
0x0830| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x839-0x839.7 (1)
0x0830| 94 ba | .. | header_checksum: 0x94ba (valid) 0x83a-0x83b.7 (2)
0x0830| c0 a8 01 8b| ....| source_ip: "192.168.1.139" (0xc0a8018b) 0x83c-0x83f.7 (4)
0x0840|c0 a8 01 ff |.... | destination_ip: "192.168.1.255" (0xc0a801ff) 0x840-0x843.7 (4)
| | | data{}: (udp_datagram) 0x844-0x8d3.7 (144)
0x0840| 44 5c | D\ | source_port: 17500 0x844-0x845.7 (2)
0x0840| 44 5c | D\ | destination_port: 17500 0x846-0x847.7 (2)
0x0840| 00 90 | .. | length: 144 0x848-0x849.7 (2)
0x0840| f7 5b | .[ | checksum: 0xf75b 0x84a-0x84b.7 (2)
0x0840| 7b 22 68 6f| {"ho| data: raw bits 0x84c-0x8d3.7 (136)
0x0850|73 74 5f 69 6e 74 22 3a 20 34 30 39 34 35 31 34|st_int": 4094514|
* |until 0x8d3.7 (136) | |
| | | padding: raw bits 0x8d4-NA (0) | | | padding: raw bits 0x8d4-NA (0)
| | | options[0:0]: 0x8d4-NA (0) | | | options[0:0]: 0x8d4-NA (0)
0x08d0| c8 00 00 00 | .... | footer_length: 200 0x8d4-0x8d7.7 (4) 0x08d0| c8 00 00 00 | .... | footer_length: 200 0x8d4-0x8d7.7 (4)

View File

@ -65,6 +65,7 @@ avc_nalu H.264/AVC Network Access Layer Unit
avc_pps H.264/AVC Picture Parameter Set avc_pps H.264/AVC Picture Parameter Set
avc_sei H.264/AVC Supplemental Enhancement Information avc_sei H.264/AVC Supplemental Enhancement Information
avc_sps H.264/AVC Sequence Parameter Set avc_sps H.264/AVC Sequence Parameter Set
bsd_loopback_frame BSD loopback frame
bzip2 bzip2 compression bzip2 bzip2 compression
dns DNS packet dns DNS packet
dns_tcp DNS packet (TCP) dns_tcp DNS packet (TCP)