mirror of
https://github.com/wader/fq.git
synced 2024-11-27 14:14:58 +03:00
Merge pull request #49 from wader/bsd-lo-and-link-group
pcap,pcapng,bsd_loopback_frame: Add decoder, refactor link frame into…
This commit is contained in:
commit
cbb90cdb85
@ -94,7 +94,7 @@ cp fq /usr/local/bin
|
|||||||
|
|
||||||
[./formats_list.jq]: sh-start
|
[./formats_list.jq]: sh-start
|
||||||
|
|
||||||
aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bzip2, dns, dns_tcp, elf, ether8023_frame, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, icmp, id3v1, id3v11, id3v2, ipv4_packet, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, sll2_packet, sll_packet, tar, tcp_segment, tiff, udp_datagram, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip
|
aac_frame, adts, adts_frame, apev2, av1_ccr, av1_frame, av1_obu, avc_annexb, avc_au, avc_dcr, avc_nalu, avc_pps, avc_sei, avc_sps, bsd_loopback_frame, bzip2, dns, dns_tcp, elf, ether8023_frame, exif, flac, flac_frame, flac_metadatablock, flac_metadatablocks, flac_picture, flac_streaminfo, gif, gzip, hevc_annexb, hevc_au, hevc_dcr, hevc_nalu, icc_profile, icmp, id3v1, id3v11, id3v2, ipv4_packet, jpeg, json, matroska, mp3, mp3_frame, mp4, mpeg_asc, mpeg_es, mpeg_pes, mpeg_pes_packet, mpeg_spu, mpeg_ts, ogg, ogg_page, opus_packet, pcap, pcapng, png, protobuf, protobuf_widevine, pssh_playready, raw, sll2_packet, sll_packet, tar, tcp_segment, tiff, udp_datagram, vorbis_comment, vorbis_packet, vp8_frame, vp9_cfm, vp9_frame, vpx_ccr, wav, webp, xing, zip
|
||||||
|
|
||||||
[#]: sh-end
|
[#]: sh-end
|
||||||
|
|
||||||
|
@ -18,6 +18,7 @@
|
|||||||
|`avc_pps` |H.264/AVC Picture Parameter Set |<sub></sub>|
|
|`avc_pps` |H.264/AVC Picture Parameter Set |<sub></sub>|
|
||||||
|`avc_sei` |H.264/AVC Supplemental Enhancement Information |<sub></sub>|
|
|`avc_sei` |H.264/AVC Supplemental Enhancement Information |<sub></sub>|
|
||||||
|`avc_sps` |H.264/AVC Sequence Parameter Set |<sub></sub>|
|
|`avc_sps` |H.264/AVC Sequence Parameter Set |<sub></sub>|
|
||||||
|
|`bsd_loopback_frame` |BSD loopback frame |<sub>`ipv4_packet`</sub>|
|
||||||
|`bzip2` |bzip2 compression |<sub>`probe`</sub>|
|
|`bzip2` |bzip2 compression |<sub>`probe`</sub>|
|
||||||
|`dns` |DNS packet |<sub></sub>|
|
|`dns` |DNS packet |<sub></sub>|
|
||||||
|`dns_tcp` |DNS packet (TCP) |<sub></sub>|
|
|`dns_tcp` |DNS packet (TCP) |<sub></sub>|
|
||||||
@ -57,8 +58,8 @@
|
|||||||
|`ogg` |OGG file |<sub>`ogg_page` `vorbis_packet` `opus_packet` `flac_metadatablock` `flac_frame`</sub>|
|
|`ogg` |OGG file |<sub>`ogg_page` `vorbis_packet` `opus_packet` `flac_metadatablock` `flac_frame`</sub>|
|
||||||
|`ogg_page` |OGG page |<sub></sub>|
|
|`ogg_page` |OGG page |<sub></sub>|
|
||||||
|`opus_packet` |Opus packet |<sub>`vorbis_comment`</sub>|
|
|`opus_packet` |Opus packet |<sub>`vorbis_comment`</sub>|
|
||||||
|`pcap` |PCAP packet capture |<sub>`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`</sub>|
|
|`pcap` |PCAP packet capture |<sub>`link_frame` `tcp_stream` `ipv4_packet`</sub>|
|
||||||
|`pcapng` |PCAPNG packet capture |<sub>`ether8023_frame` `sll_packet` `sll2_packet` `tcp_stream` `ipv4_packet`</sub>|
|
|`pcapng` |PCAPNG packet capture |<sub>`link_frame` `tcp_stream` `ipv4_packet`</sub>|
|
||||||
|`png` |Portable Network Graphics file |<sub>`icc_profile` `exif`</sub>|
|
|`png` |Portable Network Graphics file |<sub>`icc_profile` `exif`</sub>|
|
||||||
|`protobuf` |Protobuf |<sub></sub>|
|
|`protobuf` |Protobuf |<sub></sub>|
|
||||||
|`protobuf_widevine` |Widevine protobuf |<sub>`protobuf`</sub>|
|
|`protobuf_widevine` |Widevine protobuf |<sub>`protobuf`</sub>|
|
||||||
@ -81,6 +82,7 @@
|
|||||||
|`xing` |Xing header |<sub></sub>|
|
|`xing` |Xing header |<sub></sub>|
|
||||||
|`zip` |ZIP archive |<sub>`probe`</sub>|
|
|`zip` |ZIP archive |<sub>`probe`</sub>|
|
||||||
|`image` |Group |<sub>`gif` `jpeg` `mp4` `png` `tiff` `webp`</sub>|
|
|`image` |Group |<sub>`gif` `jpeg` `mp4` `png` `tiff` `webp`</sub>|
|
||||||
|
|`link_frame` |Group |<sub>`bsd_loopback_frame` `ether8023_frame` `sll2_packet` `sll_packet`</sub>|
|
||||||
|`probe` |Group |<sub>`adts` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`</sub>|
|
|`probe` |Group |<sub>`adts` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`</sub>|
|
||||||
|`tcp_stream` |Group |<sub>`dns`</sub>|
|
|`tcp_stream` |Group |<sub>`dns`</sub>|
|
||||||
|`udp_payload` |Group |<sub>`dns`</sub>|
|
|`udp_payload` |Group |<sub>`dns`</sub>|
|
||||||
|
1821
doc/formats.svg
1821
doc/formats.svg
File diff suppressed because it is too large
Load Diff
Before Width: | Height: | Size: 102 KiB After Width: | Height: | Size: 99 KiB |
@ -271,9 +271,9 @@ func dnsUDPDecode(d *decode.D, in interface{}) interface{} {
|
|||||||
}
|
}
|
||||||
d.Fatalf("wrong port")
|
d.Fatalf("wrong port")
|
||||||
}
|
}
|
||||||
if udi, ok := in.(format.UDPDatagramIn); ok {
|
if upi, ok := in.(format.UDPPayloadIn); ok {
|
||||||
if udi.DestinationPort == format.UDPPortDomain || udi.SourcePort == format.UDPPortDomain ||
|
if upi.DestinationPort == format.UDPPortDomain || upi.SourcePort == format.UDPPortDomain ||
|
||||||
udi.DestinationPort == format.UDPPortMDNS || udi.SourcePort == format.UDPPortMDNS {
|
upi.DestinationPort == format.UDPPortMDNS || upi.SourcePort == format.UDPPortMDNS {
|
||||||
return dnsDecode(d, false)
|
return dnsDecode(d, false)
|
||||||
}
|
}
|
||||||
d.Fatalf("wrong port")
|
d.Fatalf("wrong port")
|
||||||
|
@ -8,6 +8,7 @@ const (
|
|||||||
IMAGE = "image"
|
IMAGE = "image"
|
||||||
TCP_STREAM = "tcp_stream"
|
TCP_STREAM = "tcp_stream"
|
||||||
UDP_PAYLOAD = "udp_payload"
|
UDP_PAYLOAD = "udp_payload"
|
||||||
|
LINK_FRAME = "link_frame"
|
||||||
|
|
||||||
RAW = "raw"
|
RAW = "raw"
|
||||||
JSON = "json"
|
JSON = "json"
|
||||||
@ -15,6 +16,7 @@ const (
|
|||||||
DNS = "dns"
|
DNS = "dns"
|
||||||
DNS_TCP = "dns_tcp"
|
DNS_TCP = "dns_tcp"
|
||||||
ETHER8023_FRAME = "ether8023_frame"
|
ETHER8023_FRAME = "ether8023_frame"
|
||||||
|
BSD_LOOPBACK_FRAME = "bsd_loopback_frame"
|
||||||
SLL_PACKET = "sll_packet"
|
SLL_PACKET = "sll_packet"
|
||||||
SLL2_PACKET = "sll2_packet"
|
SLL2_PACKET = "sll2_packet"
|
||||||
IPV4_PACKET = "ipv4_packet"
|
IPV4_PACKET = "ipv4_packet"
|
||||||
@ -187,7 +189,17 @@ type MP3FrameOut struct {
|
|||||||
ChannelModeIndex int
|
ChannelModeIndex int
|
||||||
}
|
}
|
||||||
|
|
||||||
type UDPDatagramIn struct {
|
type In struct {
|
||||||
|
SourcePort int
|
||||||
|
DestinationPort int
|
||||||
|
}
|
||||||
|
|
||||||
|
type LinkFrameIn struct {
|
||||||
|
Type int
|
||||||
|
LittleEndian bool // pcap endian etc
|
||||||
|
}
|
||||||
|
|
||||||
|
type UDPPayloadIn struct {
|
||||||
SourcePort int
|
SourcePort int
|
||||||
DestinationPort int
|
DestinationPort int
|
||||||
}
|
}
|
||||||
|
58
format/inet/bsd_loopback_frame.go
Normal file
58
format/inet/bsd_loopback_frame.go
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
package inet
|
||||||
|
|
||||||
|
// TODO: rename NetworkLayer? wireshark calls it "Family", pcap-linktype(7) calls it "network-layer protocol"
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/wader/fq/format"
|
||||||
|
"github.com/wader/fq/format/registry"
|
||||||
|
"github.com/wader/fq/pkg/decode"
|
||||||
|
"github.com/wader/fq/pkg/scalar"
|
||||||
|
)
|
||||||
|
|
||||||
|
var bsdLoopbackFrameIPv4Format decode.Group
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
registry.MustRegister(decode.Format{
|
||||||
|
Name: format.BSD_LOOPBACK_FRAME,
|
||||||
|
Description: "BSD loopback frame",
|
||||||
|
Groups: []string{format.LINK_FRAME},
|
||||||
|
Dependencies: []decode.Dependency{
|
||||||
|
{Names: []string{format.IPV4_PACKET}, Group: &bsdLoopbackFrameIPv4Format},
|
||||||
|
},
|
||||||
|
DecodeFn: decodeLoopbackFrame,
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
bsdLoopbackNetworkLayerIPv4 = 2
|
||||||
|
)
|
||||||
|
|
||||||
|
var bsdLoopbackFrameNetworkLayerFormat = map[uint64]*decode.Group{
|
||||||
|
bsdLoopbackNetworkLayerIPv4: &bsdLoopbackFrameIPv4Format,
|
||||||
|
}
|
||||||
|
|
||||||
|
var bsdLookbackNetworkLayerMap = scalar.UToScalar{
|
||||||
|
bsdLoopbackNetworkLayerIPv4: {Sym: "ipv4", Description: `Internet protocol v4`},
|
||||||
|
}
|
||||||
|
|
||||||
|
func decodeLoopbackFrame(d *decode.D, in interface{}) interface{} {
|
||||||
|
lsi, ok := in.(format.LinkFrameIn)
|
||||||
|
if ok {
|
||||||
|
if lsi.Type != format.LinkTypeNULL {
|
||||||
|
d.Fatalf("wrong link type")
|
||||||
|
}
|
||||||
|
if lsi.LittleEndian {
|
||||||
|
d.Endian = decode.LittleEndian
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// if no LinkFrameIn assume big endian for now
|
||||||
|
|
||||||
|
networkLayer := d.FieldU32("network_layer", bsdLookbackNetworkLayerMap, scalar.Hex)
|
||||||
|
if g, ok := bsdLoopbackFrameNetworkLayerFormat[networkLayer]; ok {
|
||||||
|
d.FieldFormatLen("packet", d.BitsLeft(), *g, nil)
|
||||||
|
} else {
|
||||||
|
d.FieldRawLen("data", d.BitsLeft())
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
@ -18,10 +18,11 @@ func init() {
|
|||||||
registry.MustRegister(decode.Format{
|
registry.MustRegister(decode.Format{
|
||||||
Name: format.ETHER8023_FRAME,
|
Name: format.ETHER8023_FRAME,
|
||||||
Description: "Ethernet 802.3 frame",
|
Description: "Ethernet 802.3 frame",
|
||||||
|
Groups: []string{format.LINK_FRAME},
|
||||||
Dependencies: []decode.Dependency{
|
Dependencies: []decode.Dependency{
|
||||||
{Names: []string{format.IPV4_PACKET}, Group: ðer8023FrameIPv4Format},
|
{Names: []string{format.IPV4_PACKET}, Group: ðer8023FrameIPv4Format},
|
||||||
},
|
},
|
||||||
DecodeFn: decodeEthernet,
|
DecodeFn: decodeEthernetFrame,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -37,7 +38,13 @@ var mapUToEtherSym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
|
|||||||
return s, nil
|
return s, nil
|
||||||
})
|
})
|
||||||
|
|
||||||
func decodeEthernet(d *decode.D, in interface{}) interface{} {
|
func decodeEthernetFrame(d *decode.D, in interface{}) interface{} {
|
||||||
|
if lsi, ok := in.(format.LinkFrameIn); ok {
|
||||||
|
if lsi.Type != format.LinkTypeETHERNET {
|
||||||
|
d.Fatalf("wrong link type")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
d.FieldU("destination", 48, mapUToEtherSym, scalar.Hex)
|
d.FieldU("destination", 48, mapUToEtherSym, scalar.Hex)
|
||||||
d.FieldU("source", 48, mapUToEtherSym, scalar.Hex)
|
d.FieldU("source", 48, mapUToEtherSym, scalar.Hex)
|
||||||
etherType := d.FieldU16("ether_type", format.EtherTypeMap, scalar.Hex)
|
etherType := d.FieldU16("ether_type", format.EtherTypeMap, scalar.Hex)
|
||||||
|
@ -141,6 +141,10 @@ func (fd *Decoder) EthernetFrame(bs []byte) error {
|
|||||||
return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeEthernet, gopacket.Lazy))
|
return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeEthernet, gopacket.Lazy))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (fd *Decoder) LoopbackFrame(bs []byte) error {
|
||||||
|
return fd.packet(gopacket.NewPacket(bs, layers.LayerTypeLoopback, gopacket.Lazy))
|
||||||
|
}
|
||||||
|
|
||||||
func (fd *Decoder) packet(p gopacket.Packet) error {
|
func (fd *Decoder) packet(p gopacket.Packet) error {
|
||||||
// TODO: linkType
|
// TODO: linkType
|
||||||
ip4Layer := p.Layer(layers.LayerTypeIPv4)
|
ip4Layer := p.Layer(layers.LayerTypeIPv4)
|
||||||
|
@ -16,6 +16,7 @@ func init() {
|
|||||||
registry.MustRegister(decode.Format{
|
registry.MustRegister(decode.Format{
|
||||||
Name: format.SLL2_PACKET,
|
Name: format.SLL2_PACKET,
|
||||||
Description: "Linux cooked capture encapsulation v2",
|
Description: "Linux cooked capture encapsulation v2",
|
||||||
|
Groups: []string{format.LINK_FRAME},
|
||||||
Dependencies: []decode.Dependency{
|
Dependencies: []decode.Dependency{
|
||||||
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format},
|
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format},
|
||||||
},
|
},
|
||||||
@ -28,6 +29,12 @@ var sllPacket2FrameTypeFormat = map[uint64]*decode.Group{
|
|||||||
}
|
}
|
||||||
|
|
||||||
func decodeSLL2(d *decode.D, in interface{}) interface{} {
|
func decodeSLL2(d *decode.D, in interface{}) interface{} {
|
||||||
|
if lsi, ok := in.(format.LinkFrameIn); ok {
|
||||||
|
if lsi.Type != format.LinkTypeLINUX_SLL2 {
|
||||||
|
d.Fatalf("wrong link type")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protcolType := d.FieldU16("protocol_type", format.EtherTypeMap, scalar.Hex)
|
protcolType := d.FieldU16("protocol_type", format.EtherTypeMap, scalar.Hex)
|
||||||
d.FieldU16("reserved")
|
d.FieldU16("reserved")
|
||||||
d.FieldU32("interface_index")
|
d.FieldU32("interface_index")
|
||||||
|
@ -16,6 +16,7 @@ func init() {
|
|||||||
registry.MustRegister(decode.Format{
|
registry.MustRegister(decode.Format{
|
||||||
Name: format.SLL_PACKET,
|
Name: format.SLL_PACKET,
|
||||||
Description: "Linux cooked capture encapsulation",
|
Description: "Linux cooked capture encapsulation",
|
||||||
|
Groups: []string{format.LINK_FRAME},
|
||||||
Dependencies: []decode.Dependency{
|
Dependencies: []decode.Dependency{
|
||||||
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format},
|
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format},
|
||||||
},
|
},
|
||||||
@ -112,6 +113,12 @@ var arpHdrTypeMAp = scalar.UToScalar{
|
|||||||
}
|
}
|
||||||
|
|
||||||
func decodeSLL(d *decode.D, in interface{}) interface{} {
|
func decodeSLL(d *decode.D, in interface{}) interface{} {
|
||||||
|
if lsi, ok := in.(format.LinkFrameIn); ok {
|
||||||
|
if lsi.Type != format.LinkTypeLINUX_SLL {
|
||||||
|
d.Fatalf("wrong link type")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
d.FieldU16("packet_type", sllPacketTypeMap)
|
d.FieldU16("packet_type", sllPacketTypeMap)
|
||||||
arpHdrType := d.FieldU16("arphdr_type", arpHdrTypeMAp)
|
arpHdrType := d.FieldU16("arphdr_type", arpHdrTypeMAp)
|
||||||
addressLength := d.FieldU16("link_address_length")
|
addressLength := d.FieldU16("link_address_length")
|
||||||
|
@ -27,7 +27,7 @@ func decodeUDP(d *decode.D, in interface{}) interface{} {
|
|||||||
d.FieldU16("checksum", scalar.Hex)
|
d.FieldU16("checksum", scalar.Hex)
|
||||||
|
|
||||||
dataLen := int64(length-8) * 8
|
dataLen := int64(length-8) * 8
|
||||||
if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpPayloadFormat, format.UDPDatagramIn{
|
if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpPayloadFormat, format.UDPPayloadIn{
|
||||||
SourcePort: int(soucePort),
|
SourcePort: int(soucePort),
|
||||||
DestinationPort: int(destPort),
|
DestinationPort: int(destPort),
|
||||||
}); dv == nil {
|
}); dv == nil {
|
||||||
|
@ -11,9 +11,7 @@ import (
|
|||||||
"github.com/wader/fq/pkg/scalar"
|
"github.com/wader/fq/pkg/scalar"
|
||||||
)
|
)
|
||||||
|
|
||||||
var pcapEther8023Format decode.Group
|
var pcapLinkFrameFormat decode.Group
|
||||||
var pcapSLLPacket decode.Group
|
|
||||||
var pcapSLL2Packet decode.Group
|
|
||||||
var pcapTCPStreamFormat decode.Group
|
var pcapTCPStreamFormat decode.Group
|
||||||
var pcapIPv4PacketFormat decode.Group
|
var pcapIPv4PacketFormat decode.Group
|
||||||
|
|
||||||
@ -33,9 +31,7 @@ func init() {
|
|||||||
Description: "PCAP packet capture",
|
Description: "PCAP packet capture",
|
||||||
Groups: []string{format.PROBE},
|
Groups: []string{format.PROBE},
|
||||||
Dependencies: []decode.Dependency{
|
Dependencies: []decode.Dependency{
|
||||||
{Names: []string{format.ETHER8023_FRAME}, Group: &pcapEther8023Format},
|
{Names: []string{format.LINK_FRAME}, Group: &pcapLinkFrameFormat},
|
||||||
{Names: []string{format.SLL_PACKET}, Group: &pcapSLLPacket},
|
|
||||||
{Names: []string{format.SLL2_PACKET}, Group: &pcapSLL2Packet},
|
|
||||||
{Names: []string{format.TCP_STREAM}, Group: &pcapTCPStreamFormat},
|
{Names: []string{format.TCP_STREAM}, Group: &pcapTCPStreamFormat},
|
||||||
{Names: []string{format.IPV4_PACKET}, Group: &pcapIPv4PacketFormat},
|
{Names: []string{format.IPV4_PACKET}, Group: &pcapIPv4PacketFormat},
|
||||||
},
|
},
|
||||||
@ -89,9 +85,10 @@ func decodePcap(d *decode.D, in interface{}) interface{} {
|
|||||||
_ = fn(fd, bs)
|
_ = fn(fd, bs)
|
||||||
}
|
}
|
||||||
|
|
||||||
if g, ok := linkToFormat[linkType]; ok {
|
if dv, _, _ := d.TryFieldFormatLen("packet", int64(inclLen)*8, pcapLinkFrameFormat, format.LinkFrameIn{
|
||||||
d.FieldFormatLen("packet", int64(inclLen)*8, *g, nil)
|
Type: linkType,
|
||||||
} else {
|
LittleEndian: d.Endian == decode.LittleEndian,
|
||||||
|
}); dv == nil {
|
||||||
d.FieldRawLen("packet", int64(inclLen)*8)
|
d.FieldRawLen("packet", int64(inclLen)*8)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -13,9 +13,7 @@ import (
|
|||||||
"github.com/wader/fq/pkg/scalar"
|
"github.com/wader/fq/pkg/scalar"
|
||||||
)
|
)
|
||||||
|
|
||||||
var pcapngEther8023Format decode.Group
|
var pcapngLinkFrameFormat decode.Group
|
||||||
var pcapngSLLPacketFormat decode.Group
|
|
||||||
var pcapngSLL2PacketFormat decode.Group
|
|
||||||
var pcapngTCPStreamFormat decode.Group
|
var pcapngTCPStreamFormat decode.Group
|
||||||
var pcapngIPvPacket4Format decode.Group
|
var pcapngIPvPacket4Format decode.Group
|
||||||
|
|
||||||
@ -26,9 +24,7 @@ func init() {
|
|||||||
RootArray: true,
|
RootArray: true,
|
||||||
Groups: []string{format.PROBE},
|
Groups: []string{format.PROBE},
|
||||||
Dependencies: []decode.Dependency{
|
Dependencies: []decode.Dependency{
|
||||||
{Names: []string{format.ETHER8023_FRAME}, Group: &pcapngEther8023Format},
|
{Names: []string{format.LINK_FRAME}, Group: &pcapngLinkFrameFormat},
|
||||||
{Names: []string{format.SLL_PACKET}, Group: &pcapngSLLPacketFormat},
|
|
||||||
{Names: []string{format.SLL2_PACKET}, Group: &pcapngSLL2PacketFormat},
|
|
||||||
{Names: []string{format.TCP_STREAM}, Group: &pcapngTCPStreamFormat},
|
{Names: []string{format.TCP_STREAM}, Group: &pcapngTCPStreamFormat},
|
||||||
{Names: []string{format.IPV4_PACKET}, Group: &pcapngIPvPacket4Format},
|
{Names: []string{format.IPV4_PACKET}, Group: &pcapngIPvPacket4Format},
|
||||||
},
|
},
|
||||||
@ -244,12 +240,12 @@ var blockFns = map[uint64]func(d *decode.D, dc *decodeContext){
|
|||||||
if fn, ok := linkToDecodeFn[linkType]; ok {
|
if fn, ok := linkToDecodeFn[linkType]; ok {
|
||||||
// TODO: report decode errors
|
// TODO: report decode errors
|
||||||
_ = fn(dc.flowDecoder, bs)
|
_ = fn(dc.flowDecoder, bs)
|
||||||
_ = fn(dc.flowDecoder, bs)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if g, ok := linkToFormat[linkType]; ok {
|
if dv, _, _ := d.TryFieldFormatLen("packet", int64(capturedLength)*8, pcapngLinkFrameFormat, format.LinkFrameIn{
|
||||||
d.FieldFormatLen("packet", int64(capturedLength)*8, *g, nil)
|
Type: linkType,
|
||||||
} else {
|
LittleEndian: d.Endian == decode.LittleEndian,
|
||||||
|
}); dv == nil {
|
||||||
d.FieldRawLen("packet", int64(capturedLength)*8)
|
d.FieldRawLen("packet", int64(capturedLength)*8)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -9,14 +9,8 @@ import (
|
|||||||
"github.com/wader/fq/pkg/decode"
|
"github.com/wader/fq/pkg/decode"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO: is shared between pcap and pcapng
|
|
||||||
var linkToFormat = map[int]*decode.Group{
|
|
||||||
format.LinkTypeETHERNET: &pcapngEther8023Format,
|
|
||||||
format.LinkTypeLINUX_SLL: &pcapngSLLPacketFormat,
|
|
||||||
format.LinkTypeLINUX_SLL2: &pcapngSLL2PacketFormat,
|
|
||||||
}
|
|
||||||
|
|
||||||
var linkToDecodeFn = map[int]func(fd *flowsdecoder.Decoder, bs []byte) error{
|
var linkToDecodeFn = map[int]func(fd *flowsdecoder.Decoder, bs []byte) error{
|
||||||
|
format.LinkTypeNULL: (*flowsdecoder.Decoder).LoopbackFrame,
|
||||||
format.LinkTypeETHERNET: (*flowsdecoder.Decoder).EthernetFrame,
|
format.LinkTypeETHERNET: (*flowsdecoder.Decoder).EthernetFrame,
|
||||||
format.LinkTypeLINUX_SLL: (*flowsdecoder.Decoder).SLLPacket,
|
format.LinkTypeLINUX_SLL: (*flowsdecoder.Decoder).SLLPacket,
|
||||||
format.LinkTypeLINUX_SLL2: func(fd *flowsdecoder.Decoder, bs []byte) error {
|
format.LinkTypeLINUX_SLL2: func(fd *flowsdecoder.Decoder, bs []byte) error {
|
||||||
|
58
format/pcap/testdata/many_interfaces.fqtest
vendored
58
format/pcap/testdata/many_interfaces.fqtest
vendored
@ -490,9 +490,32 @@ $ fq -d pcapng verbose /many_interfaces.pcapng
|
|||||||
0x0750| c0 6d 62 c9 | .mb. | timestamp_low: 3378671040 0x758-0x75b.7 (4)
|
0x0750| c0 6d 62 c9 | .mb. | timestamp_low: 3378671040 0x758-0x75b.7 (4)
|
||||||
0x0750| a8 00 00 00| ....| capture_packet_length: 168 0x75c-0x75f.7 (4)
|
0x0750| a8 00 00 00| ....| capture_packet_length: 168 0x75c-0x75f.7 (4)
|
||||||
0x0760|a8 00 00 00 |.... | original_packet_length: 168 0x760-0x763.7 (4)
|
0x0760|a8 00 00 00 |.... | original_packet_length: 168 0x760-0x763.7 (4)
|
||||||
0x0760| 02 00 00 00 45 00 00 a4 c6 ce 00 00| ....E.......| packet: raw bits 0x764-0x80b.7 (168)
|
| | | packet{}: (bsd_loopback_frame) 0x764-0x80b.7 (168)
|
||||||
0x0770|40 11 f1 47 c0 a8 01 8b ff ff ff ff 44 5c 44 5c|@..G........D\D\|
|
0x0760| 02 00 00 00 | .... | network_layer: "ipv4" (0x2) (Internet protocol v4) 0x764-0x767.7 (4)
|
||||||
* |until 0x80b.7 (168) | |
|
| | | packet{}: (ipv4_packet) 0x768-0x80b.7 (164)
|
||||||
|
0x0760| 45 | E | version: 4 0x768-0x768.3 (0.4)
|
||||||
|
0x0760| 45 | E | ihl: 5 0x768.4-0x768.7 (0.4)
|
||||||
|
0x0760| 00 | . | dscp: 0 0x769-0x769.5 (0.6)
|
||||||
|
0x0760| 00 | . | ecn: 0 0x769.6-0x769.7 (0.2)
|
||||||
|
0x0760| 00 a4 | .. | total_length: 164 0x76a-0x76b.7 (2)
|
||||||
|
0x0760| c6 ce | .. | identification: 50894 0x76c-0x76d.7 (2)
|
||||||
|
0x0760| 00 | . | reserved: 0 0x76e-0x76e (0.1)
|
||||||
|
0x0760| 00 | . | dont_fragment: false 0x76e.1-0x76e.1 (0.1)
|
||||||
|
0x0760| 00 | . | more_fragments: false 0x76e.2-0x76e.2 (0.1)
|
||||||
|
0x0760| 00 00| ..| fragment_offset: 0 0x76e.3-0x76f.7 (1.5)
|
||||||
|
0x0770|40 |@ | ttl: 64 0x770-0x770.7 (1)
|
||||||
|
0x0770| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x771-0x771.7 (1)
|
||||||
|
0x0770| f1 47 | .G | header_checksum: 0xf147 (valid) 0x772-0x773.7 (2)
|
||||||
|
0x0770| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x774-0x777.7 (4)
|
||||||
|
0x0770| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x778-0x77b.7 (4)
|
||||||
|
| | | data{}: (udp_datagram) 0x77c-0x80b.7 (144)
|
||||||
|
0x0770| 44 5c | D\ | source_port: 17500 0x77c-0x77d.7 (2)
|
||||||
|
0x0770| 44 5c| D\| destination_port: 17500 0x77e-0x77f.7 (2)
|
||||||
|
0x0780|00 90 |.. | length: 144 0x780-0x781.7 (2)
|
||||||
|
0x0780| ba 03 | .. | checksum: 0xba03 0x782-0x783.7 (2)
|
||||||
|
0x0780| 7b 22 68 6f 73 74 5f 69 6e 74 22 3a| {"host_int":| data: raw bits 0x784-0x80b.7 (136)
|
||||||
|
0x0790|20 34 30 39 34 35 31 34 34 38 33 2c 20 22 76 65| 4094514483, "ve|
|
||||||
|
* |until 0x80b.7 (136) | |
|
||||||
| | | padding: raw bits 0x80c-NA (0)
|
| | | padding: raw bits 0x80c-NA (0)
|
||||||
| | | options[0:0]: 0x80c-NA (0)
|
| | | options[0:0]: 0x80c-NA (0)
|
||||||
0x0800| c8 00 00 00| ....| footer_length: 200 0x80c-0x80f.7 (4)
|
0x0800| c8 00 00 00| ....| footer_length: 200 0x80c-0x80f.7 (4)
|
||||||
@ -504,9 +527,32 @@ $ fq -d pcapng verbose /many_interfaces.pcapng
|
|||||||
0x0820|be 6e 62 c9 |.nb. | timestamp_low: 3378671294 0x820-0x823.7 (4)
|
0x0820|be 6e 62 c9 |.nb. | timestamp_low: 3378671294 0x820-0x823.7 (4)
|
||||||
0x0820| a8 00 00 00 | .... | capture_packet_length: 168 0x824-0x827.7 (4)
|
0x0820| a8 00 00 00 | .... | capture_packet_length: 168 0x824-0x827.7 (4)
|
||||||
0x0820| a8 00 00 00 | .... | original_packet_length: 168 0x828-0x82b.7 (4)
|
0x0820| a8 00 00 00 | .... | original_packet_length: 168 0x828-0x82b.7 (4)
|
||||||
0x0820| 02 00 00 00| ....| packet: raw bits 0x82c-0x8d3.7 (168)
|
| | | packet{}: (bsd_loopback_frame) 0x82c-0x8d3.7 (168)
|
||||||
0x0830|45 00 00 a4 60 b4 00 00 40 11 94 ba c0 a8 01 8b|E...`...@.......|
|
0x0820| 02 00 00 00| ....| network_layer: "ipv4" (0x2) (Internet protocol v4) 0x82c-0x82f.7 (4)
|
||||||
* |until 0x8d3.7 (168) | |
|
| | | packet{}: (ipv4_packet) 0x830-0x8d3.7 (164)
|
||||||
|
0x0830|45 |E | version: 4 0x830-0x830.3 (0.4)
|
||||||
|
0x0830|45 |E | ihl: 5 0x830.4-0x830.7 (0.4)
|
||||||
|
0x0830| 00 | . | dscp: 0 0x831-0x831.5 (0.6)
|
||||||
|
0x0830| 00 | . | ecn: 0 0x831.6-0x831.7 (0.2)
|
||||||
|
0x0830| 00 a4 | .. | total_length: 164 0x832-0x833.7 (2)
|
||||||
|
0x0830| 60 b4 | `. | identification: 24756 0x834-0x835.7 (2)
|
||||||
|
0x0830| 00 | . | reserved: 0 0x836-0x836 (0.1)
|
||||||
|
0x0830| 00 | . | dont_fragment: false 0x836.1-0x836.1 (0.1)
|
||||||
|
0x0830| 00 | . | more_fragments: false 0x836.2-0x836.2 (0.1)
|
||||||
|
0x0830| 00 00 | .. | fragment_offset: 0 0x836.3-0x837.7 (1.5)
|
||||||
|
0x0830| 40 | @ | ttl: 64 0x838-0x838.7 (1)
|
||||||
|
0x0830| 11 | . | protocol: "udp" (17) (User datagram protocol) 0x839-0x839.7 (1)
|
||||||
|
0x0830| 94 ba | .. | header_checksum: 0x94ba (valid) 0x83a-0x83b.7 (2)
|
||||||
|
0x0830| c0 a8 01 8b| ....| source_ip: "192.168.1.139" (0xc0a8018b) 0x83c-0x83f.7 (4)
|
||||||
|
0x0840|c0 a8 01 ff |.... | destination_ip: "192.168.1.255" (0xc0a801ff) 0x840-0x843.7 (4)
|
||||||
|
| | | data{}: (udp_datagram) 0x844-0x8d3.7 (144)
|
||||||
|
0x0840| 44 5c | D\ | source_port: 17500 0x844-0x845.7 (2)
|
||||||
|
0x0840| 44 5c | D\ | destination_port: 17500 0x846-0x847.7 (2)
|
||||||
|
0x0840| 00 90 | .. | length: 144 0x848-0x849.7 (2)
|
||||||
|
0x0840| f7 5b | .[ | checksum: 0xf75b 0x84a-0x84b.7 (2)
|
||||||
|
0x0840| 7b 22 68 6f| {"ho| data: raw bits 0x84c-0x8d3.7 (136)
|
||||||
|
0x0850|73 74 5f 69 6e 74 22 3a 20 34 30 39 34 35 31 34|st_int": 4094514|
|
||||||
|
* |until 0x8d3.7 (136) | |
|
||||||
| | | padding: raw bits 0x8d4-NA (0)
|
| | | padding: raw bits 0x8d4-NA (0)
|
||||||
| | | options[0:0]: 0x8d4-NA (0)
|
| | | options[0:0]: 0x8d4-NA (0)
|
||||||
0x08d0| c8 00 00 00 | .... | footer_length: 200 0x8d4-0x8d7.7 (4)
|
0x08d0| c8 00 00 00 | .... | footer_length: 200 0x8d4-0x8d7.7 (4)
|
||||||
|
1
pkg/interp/testdata/args.fqtest
vendored
1
pkg/interp/testdata/args.fqtest
vendored
@ -65,6 +65,7 @@ avc_nalu H.264/AVC Network Access Layer Unit
|
|||||||
avc_pps H.264/AVC Picture Parameter Set
|
avc_pps H.264/AVC Picture Parameter Set
|
||||||
avc_sei H.264/AVC Supplemental Enhancement Information
|
avc_sei H.264/AVC Supplemental Enhancement Information
|
||||||
avc_sps H.264/AVC Sequence Parameter Set
|
avc_sps H.264/AVC Sequence Parameter Set
|
||||||
|
bsd_loopback_frame BSD loopback frame
|
||||||
bzip2 bzip2 compression
|
bzip2 bzip2 compression
|
||||||
dns DNS packet
|
dns DNS packet
|
||||||
dns_tcp DNS packet (TCP)
|
dns_tcp DNS packet (TCP)
|
||||||
|
Loading…
Reference in New Issue
Block a user