wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-11-23 00:57:15 +03:00
Code Issues Projects Releases Wiki Activity

ipv6,icmpv6: Add decoder

Browse Source 
Refactor to use groups between network layers to make them less coupled and reusable:
link_frame (ethernet etc)
inet_packet (ipv4,ipv6 etc)
ip_packet (tcp packet (not stream), udp segment etc)

Rename data to payload as i think it makes more sense for network data
This commit is contained in:
Mattias Wadman 2022-04-01 16:31:55 +02:00
parent 2a8104de90
commit e8dc7112b6
30 changed files with 5253 additions and 1405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -79,10 +79,12 @@ hevc_sps,
hevc_vps,
icc_profile,
icmp,
icmpv6,
id3v1,
id3v11,
id3v2,
ipv4_packet,
ipv6_packet,
jpeg,
json,
[macho](doc/formats.md#macho),

14
doc/formats.md
View File

@ -23,14 +23,14 @@
|`avc_sps` |H.264/AVC&nbsp;Sequence&nbsp;Parameter&nbsp;Set |<sub></sub>|
|[`avro_ocf`](#avro_ocf) |Avro&nbsp;object&nbsp;container&nbsp;file |<sub></sub>|
|`bencode` |BitTorrent&nbsp;bencoding |<sub></sub>|
|`bsd_loopback_frame` |BSD&nbsp;loopback&nbsp;frame |<sub>`ipv4_packet`</sub>|
|`bsd_loopback_frame` |BSD&nbsp;loopback&nbsp;frame |<sub>`inet_packet`</sub>|
|[`bson`](#bson) |Binary&nbsp;JSON |<sub></sub>|
|`bzip2` |bzip2&nbsp;compression |<sub>`probe`</sub>|
|[`cbor`](#cbor) |Concise&nbsp;Binary&nbsp;Object&nbsp;Representation |<sub></sub>|
|`dns` |DNS&nbsp;packet |<sub></sub>|
|`dns_tcp` |DNS&nbsp;packet&nbsp;(TCP) |<sub></sub>|
|`elf` |Executable&nbsp;and&nbsp;Linkable&nbsp;Format |<sub></sub>|
|`ether8023_frame` |Ethernet&nbsp;802.3&nbsp;frame |<sub>`ipv4_packet`</sub>|
|`ether8023_frame` |Ethernet&nbsp;802.3&nbsp;frame |<sub>`inet_packet`</sub>|
|`exif` |Exchangeable&nbsp;Image&nbsp;File&nbsp;Format |<sub></sub>|
|`flac` |Free&nbsp;Lossless&nbsp;Audio&nbsp;Codec&nbsp;file |<sub>`flac_metadatablocks` `flac_frame`</sub>|
|`flac_frame` |FLAC&nbsp;frame |<sub></sub>|
@ -49,10 +49,12 @@
|`hevc_vps` |H.265/HEVC&nbsp;Video&nbsp;Parameter&nbsp;Set |<sub></sub>|
|`icc_profile` |International&nbsp;Color&nbsp;Consortium&nbsp;profile |<sub></sub>|
|`icmp` |Internet&nbsp;Control&nbsp;Message&nbsp;Protocol |<sub></sub>|
|`icmpv6` |Internet&nbsp;Control&nbsp;Message&nbsp;Protocol&nbsp;v6 |<sub></sub>|
|`id3v1` |ID3v1&nbsp;metadata |<sub></sub>|
|`id3v11` |ID3v1.1&nbsp;metadata |<sub></sub>|
|`id3v2` |ID3v2&nbsp;metadata |<sub>`image`</sub>|
|`ipv4_packet` |Internet&nbsp;protocol&nbsp;v4&nbsp;packet |<sub>`udp_datagram` `tcp_segment` `icmp`</sub>|
|`ipv4_packet` |Internet&nbsp;protocol&nbsp;v4&nbsp;packet |<sub>`ip_packet`</sub>|
|`ipv6_packet` |Internet&nbsp;protocol&nbsp;v6&nbsp;packet |<sub>`ip_packet`</sub>|
|`jpeg` |Joint&nbsp;Photographic&nbsp;Experts&nbsp;Group&nbsp;file |<sub>`exif` `icc_profile`</sub>|
|`json` |JSON |<sub></sub>|
|[`macho`](#macho) |Mach-O&nbsp;macOS&nbsp;executable |<sub></sub>|
@ -78,8 +80,8 @@
|`pssh_playready` |PlayReady&nbsp;PSSH |<sub></sub>|
|`raw` |Raw&nbsp;bits |<sub></sub>|
|[`rtmp`](#rtmp) |Real-Time&nbsp;Messaging&nbsp;Protocol |<sub>`amf0`</sub>|
|`sll2_packet` |Linux&nbsp;cooked&nbsp;capture&nbsp;encapsulation&nbsp;v2 |<sub>`ether8023_frame`</sub>|
|`sll_packet` |Linux&nbsp;cooked&nbsp;capture&nbsp;encapsulation |<sub>`ether8023_frame`</sub>|
|`sll2_packet` |Linux&nbsp;cooked&nbsp;capture&nbsp;encapsulation&nbsp;v2 |<sub>`inet_packet`</sub>|
|`sll_packet` |Linux&nbsp;cooked&nbsp;capture&nbsp;encapsulation |<sub>`inet_packet`</sub>|
|`tar` |Tar&nbsp;archive |<sub>`probe`</sub>|
|`tcp_segment` |Transmission&nbsp;control&nbsp;protocol&nbsp;segment |<sub></sub>|
|`tiff` |Tag&nbsp;Image&nbsp;File&nbsp;Format |<sub>`icc_profile`</sub>|
@ -95,6 +97,8 @@
|`xing` |Xing&nbsp;header |<sub></sub>|
|`zip` |ZIP&nbsp;archive |<sub>`probe`</sub>|
|`image` |Group |<sub>`gif` `jpeg` `mp4` `png` `tiff` `webp`</sub>|
|`inet_packet` |Group |<sub>`ipv4_packet` `ipv6_packet`</sub>|
|`ip_packet` |Group |<sub>`icmp` `icmpv6` `tcp_segment` `udp_datagram`</sub>|
|`link_frame` |Group |<sub>`bsd_loopback_frame` `ether8023_frame` `sll2_packet` `sll_packet`</sub>|
|`probe` |Group |<sub>`adts` `ar` `avro_ocf` `bzip2` `elf` `flac` `gif` `gzip` `jpeg` `json` `macho` `matroska` `mp3` `mp4` `mpeg_ts` `ogg` `pcap` `pcapng` `png` `tar` `tiff` `wav` `webp` `zip`</sub>|
|`tcp_stream` |Group |<sub>`dns` `rtmp`</sub>|

1832
doc/formats.svg
View File

File diff suppressed because it is too large Load Diff
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 119 KiB

After

Width:  |  Height:  |  Size: 122 KiB

25
format/format.go
View File

@ -5,10 +5,12 @@ const (
ALL = "all"
IMAGE = "image"
LINK_FRAME = "link_frame"
PROBE = "probe"
TCP_STREAM = "tcp_stream"
UDP_PAYLOAD = "udp_payload"
LINK_FRAME = "link_frame" // ex: ethernet
INET_PACKET = "inet_packet" // ex: ipv4
IP_PACKET = "ip_packet" // ex: tcp
TCP_STREAM = "tcp_stream" // ex: http
UDP_PAYLOAD = "udp_payload" // ex: dns
AAC_FRAME = "aac_frame"
ADTS = "adts"
@ -56,10 +58,12 @@ const (
HEVC_VPS = "hevc_vps"
ICC_PROFILE = "icc_profile"
ICMP = "icmp"
ICMPV6 = "icmpv6"
ID3V1 = "id3v1"
ID3V11 = "id3v11"
ID3V2 = "id3v2"
IPV4_PACKET = "ipv4_packet"
IPV6_PACKET = "ipv6_packet"
JPEG = "jpeg"
JSON = "json"
MACHO = "macho"
@ -200,14 +204,17 @@ type MP3FrameOut struct {
ChannelModeIndex int
}
type In struct {
SourcePort int
DestinationPort int
type LinkFrameIn struct {
Type int
IsLittleEndian bool // pcap endian etc
}
type LinkFrameIn struct {
Type int
LittleEndian bool // pcap endian etc
type InetPacketIn struct {
EtherType int
}
type IPPacketIn struct {
Protocol int
}
type UDPPayloadIn struct {

284
format/inet.go
View File

@ -275,6 +275,7 @@ var LinkTypeMap = scalar.UToScalar{
const (
EtherTypeIPv4 = 0x0800
EtherTypeIPv6 = 0x86dd
)
// from https://en.wikipedia.org/wiki/EtherType
@ -297,7 +298,7 @@ var EtherTypeMap = scalar.UToScalar{
0x8103: {Sym: "vlacp", Description: `Virtual Link Aggregation Control Protocol`},
0x8137: {Sym: "ipx", Description: `IPX`},
0x8204: {Sym: "qnx", Description: `QNX Qnet`},
0x86dd: {Sym: "ipv6", Description: `Internet Protocol Version 6`},
EtherTypeIPv6: {Sym: "ipv6", Description: `Internet Protocol Version 6`},
0x8808: {Sym: "flow_control", Description: `Ethernet flow control`},
0x8809: {Sym: "lacp", Description: `Ethernet Slow Protocols] such as the Link Aggregation Control Protocol`},
0x8819: {Sym: "cobranet", Description: `CobraNet`},
@ -341,149 +342,150 @@ var EtherTypeMap = scalar.UToScalar{
// cat /etc/protocols | grep -v '^#' | jq -rR 'capture("(?<name>[\\w\\d-]+)\\s+(?<nr>\\d+)\\s+.*#\\s+(?<desc>.*)") | "\(.nr): {Sym: \(.name|tojson), Description: \(.desc|tojson)},"'
const (
IPv4ProtocolICMP = 1
IPv4ProtocolIGMP = 2
IPv4ProtocolTCP = 6
IPv4ProtocolUDP = 17
IPv4ProtocolICMP = 1
IPv4ProtocolIGMP = 2
IPv4ProtocolTCP = 6
IPv4ProtocolUDP = 17
IPv4ProtocolICMPv6 = 58
)
var IPv4ProtocolMap = scalar.UToScalar{
0: {Sym: "ip", Description: "Internet protocol, pseudo protocol number"},
IPv4ProtocolICMP: {Sym: "icmp", Description: "Internet control message protocol"},
IPv4ProtocolIGMP: {Sym: "igmp", Description: "Internet group management protocol"},
3: {Sym: "ggp", Description: "Gateway-gateway protocol"},
4: {Sym: "ipencap", Description: "IP encapsulated in IP"},
5: {Sym: "st2", Description: "ST2 datagram mode"},
IPv4ProtocolTCP: {Sym: "tcp", Description: "Transmission control protocol"},
7: {Sym: "cbt"},
8: {Sym: "egp", Description: "Exterior gateway protocol"},
9: {Sym: "igp", Description: "Any private interior gateway"},
10: {Sym: "bbn-rcc", Description: "BBN RCC Monitoring"},
11: {Sym: "nvp", Description: "Network Voice Protocol"},
12: {Sym: "pup", Description: "PARC universal packet protocol"},
13: {Sym: "argus", Description: "ARGUS"},
14: {Sym: "emcon", Description: "EMCON"},
15: {Sym: "xnet", Description: "Cross Net Debugger"},
16: {Sym: "chaos", Description: "Chaos"},
IPv4ProtocolUDP: {Sym: "udp", Description: "User datagram protocol"},
18: {Sym: "mux", Description: "Multiplexing protocol"},
19: {Sym: "dcn", Description: "DCN Measurement Subsystems"},
20: {Sym: "hmp", Description: "Host monitoring protocol"},
21: {Sym: "prm", Description: "Packet radio measurement protocol"},
22: {Sym: "xns-idp", Description: "Xerox NS IDP"},
23: {Sym: "trunk-1", Description: "Trunk-1"},
24: {Sym: "trunk-2", Description: "Trunk-2"},
25: {Sym: "leaf-1", Description: "Leaf-1"},
26: {Sym: "leaf-2", Description: "Leaf-2"},
27: {Sym: "rdp", Description: "Reliable datagram protocol"},
28: {Sym: "irtp", Description: "Internet Reliable Transaction Protocol"},
29: {Sym: "iso-tp4", Description: "ISO Transport Protocol Class 4"},
30: {Sym: "netblt", Description: "Bulk Data Transfer Protocol"},
31: {Sym: "mfe-nsp", Description: "MFE Network Services Protocol"},
32: {Sym: "merit-inp", Description: "MERIT Internodal Protocol"},
33: {Sym: "dccp", Description: "Datagram Congestion Control Protocol"},
34: {Sym: "3pc", Description: "Third Party Connect Protocol"},
35: {Sym: "idpr", Description: "Inter-Domain Policy Routing Protocol"},
36: {Sym: "xtp", Description: "Xpress Tranfer Protocol"},
37: {Sym: "ddp", Description: "Datagram Delivery Protocol"},
38: {Sym: "idpr-cmtp", Description: "IDPR Control Message Transport Proto"},
40: {Sym: "il", Description: "IL Transport Protocol"},
41: {Sym: "ipv6", Description: "IPv6"},
42: {Sym: "sdrp", Description: "Source Demand Routing Protocol"},
43: {Sym: "ipv6-route", Description: "routing header for ipv6"},
44: {Sym: "ipv6-frag", Description: "fragment header for ipv6"},
45: {Sym: "idrp", Description: "Inter-Domain Routing Protocol"},
46: {Sym: "rsvp", Description: "Resource ReSerVation Protocol"},
47: {Sym: "gre", Description: "Generic Routing Encapsulation"},
48: {Sym: "dsr", Description: "Dynamic Source Routing Protocol"},
49: {Sym: "bna", Description: "BNA"},
50: {Sym: "esp", Description: "encapsulating security payload"},
51: {Sym: "ah", Description: "authentication header"},
52: {Sym: "i-nlsp", Description: "Integrated Net Layer Security TUBA"},
53: {Sym: "swipe", Description: "IP with Encryption"},
54: {Sym: "narp", Description: "NBMA Address Resolution Protocol"},
55: {Sym: "mobile", Description: "IP Mobility"},
56: {Sym: "tlsp", Description: "Transport Layer Security Protocol"},
57: {Sym: "skip", Description: "SKIP"},
58: {Sym: "ipv6-icmp", Description: "ICMP for IPv6"},
59: {Sym: "ipv6-nonxt", Description: "no next header for ipv6"},
60: {Sym: "ipv6-opts", Description: "destination options for ipv6"},
62: {Sym: "cftp", Description: "CFTP"},
64: {Sym: "sat-expak", Description: "SATNET and Backroom EXPAK"},
65: {Sym: "kryptolan", Description: "Kryptolan"},
66: {Sym: "rvd", Description: "MIT Remote Virtual Disk Protocol"},
67: {Sym: "ippc", Description: "Internet Pluribus Packet Core"},
69: {Sym: "sat-mon", Description: "SATNET Monitoring"},
70: {Sym: "visa", Description: "VISA Protocol"},
71: {Sym: "ipcv", Description: "Internet Packet Core Utility"},
72: {Sym: "cpnx", Description: "Computer Protocol Network Executive"},
73: {Sym: "cphb", Description: "Computer Protocol Heart Beat"},
74: {Sym: "wsn", Description: "Wang Span Network"},
75: {Sym: "pvp", Description: "Packet Video Protocol"},
76: {Sym: "br-sat-mon", Description: "Backroom SATNET Monitoring"},
77: {Sym: "sun-nd", Description: "SUN ND PROTOCOL-Temporary"},
78: {Sym: "wb-mon", Description: "WIDEBAND Monitoring"},
79: {Sym: "wb-expak", Description: "WIDEBAND EXPAK"},
80: {Sym: "iso-ip", Description: "ISO Internet Protocol"},
81: {Sym: "vmtp", Description: "Versatile Message Transport"},
82: {Sym: "secure-vmtp", Description: "SECURE-VMTP"},
83: {Sym: "vines", Description: "VINES"},
84: {Sym: "ttp", Description: "TTP"},
85: {Sym: "nsfnet-igp", Description: "NSFNET-IGP"},
86: {Sym: "dgp", Description: "Dissimilar Gateway Protocol"},
87: {Sym: "tcf", Description: "TCF"},
88: {Sym: "eigrp", Description: "Enhanced Interior Routing Protocol (Cisco)"},
89: {Sym: "ospf", Description: "Open Shortest Path First IGP"},
90: {Sym: "sprite-rpc", Description: "Sprite RPC Protocol"},
91: {Sym: "larp", Description: "Locus Address Resolution Protocol"},
92: {Sym: "mtp", Description: "Multicast Transport Protocol"},
93: {Sym: "25", Description: "AX.25 Frames"},
94: {Sym: "ipip", Description: "Yet Another IP encapsulation"},
95: {Sym: "micp", Description: "Mobile Internetworking Control Pro"},
96: {Sym: "scc-sp", Description: "Semaphore Communications Sec. Pro"},
97: {Sym: "etherip", Description: "Ethernet-within-IP Encapsulation"},
98: {Sym: "encap", Description: "Yet Another IP encapsulation"},
100: {Sym: "gmtp", Description: "GMTP"},
101: {Sym: "ifmp", Description: "Ipsilon Flow Management Protocol"},
102: {Sym: "pnni", Description: "PNNI over IP"},
103: {Sym: "pim", Description: "Protocol Independent Multicast"},
104: {Sym: "aris", Description: "ARIS"},
105: {Sym: "scps", Description: "SCPS"},
106: {Sym: "qnx", Description: "QNX"},
107: {Sym: "n", Description: "Active Networks"},
108: {Sym: "ipcomp", Description: "IP Payload Compression Protocol"},
109: {Sym: "snp", Description: "Sitara Networks Protocol"},
110: {Sym: "compaq-peer", Description: "Compaq Peer Protocol"},
111: {Sym: "ipx-in-ip", Description: "IPX in IP"},
112: {Sym: "carp", Description: "Common Address Redundancy Protocol"},
113: {Sym: "pgm", Description: "PGM Reliable Transport Protocol"},
115: {Sym: "l2tp", Description: "Layer Two Tunneling Protocol"},
116: {Sym: "ddx", Description: "D-II Data Exchange"},
117: {Sym: "iatp", Description: "Interactive Agent Transfer Protocol"},
118: {Sym: "stp", Description: "Schedule Transfer Protocol"},
119: {Sym: "srp", Description: "SpectraLink Radio Protocol"},
120: {Sym: "uti", Description: "UTI"},
121: {Sym: "smp", Description: "Simple Message Protocol"},
122: {Sym: "sm", Description: "SM"},
123: {Sym: "ptp", Description: "Performance Transparency Protocol"},
124: {Sym: "isis", Description: "ISIS over IPv4"},
126: {Sym: "crtp", Description: "Combat Radio Transport Protocol"},
127: {Sym: "crudp", Description: "Combat Radio User Datagram"},
130: {Sym: "sps", Description: "Secure Packet Shield"},
131: {Sym: "pipe", Description: "Private IP Encapsulation within IP"},
132: {Sym: "sctp", Description: "Stream Control Transmission Protocol"},
133: {Sym: "fc", Description: "Fibre Channel"},
134: {Sym: "rsvp-e2e-ignore", Description: "Aggregation of RSVP for IP reservations"},
135: {Sym: "mobility-header", Description: "Mobility Support in IPv6"},
136: {Sym: "udplite", Description: "The UDP-Lite Protocol"},
137: {Sym: "mpls-in-ip", Description: "Encapsulating MPLS in IP"},
138: {Sym: "manet", Description: "MANET Protocols (RFC5498)"},
139: {Sym: "hip", Description: "Host Identity Protocol (RFC5201)"},
140: {Sym: "shim6", Description: "Shim6 Protocol (RFC5533)"},
141: {Sym: "wesp", Description: "Wrapped Encapsulating Security Payload (RFC5840)"},
142: {Sym: "rohc", Description: "Robust Header Compression (RFC5858)"},
240: {Sym: "pfsync", Description: "PF Synchronization"},
258: {Sym: "divert", Description: "Divert pseudo-protocol [non IANA]"},
0: {Sym: "ip", Description: "Internet protocol, pseudo protocol number"},
IPv4ProtocolICMP: {Sym: "icmp", Description: "Internet control message protocol"},
IPv4ProtocolIGMP: {Sym: "igmp", Description: "Internet group management protocol"},
3: {Sym: "ggp", Description: "Gateway-gateway protocol"},
4: {Sym: "ipencap", Description: "IP encapsulated in IP"},
5: {Sym: "st2", Description: "ST2 datagram mode"},
IPv4ProtocolTCP: {Sym: "tcp", Description: "Transmission control protocol"},
7: {Sym: "cbt"},
8: {Sym: "egp", Description: "Exterior gateway protocol"},
9: {Sym: "igp", Description: "Any private interior gateway"},
10: {Sym: "bbn-rcc", Description: "BBN RCC Monitoring"},
11: {Sym: "nvp", Description: "Network Voice Protocol"},
12: {Sym: "pup", Description: "PARC universal packet protocol"},
13: {Sym: "argus", Description: "ARGUS"},
14: {Sym: "emcon", Description: "EMCON"},
15: {Sym: "xnet", Description: "Cross Net Debugger"},
16: {Sym: "chaos", Description: "Chaos"},
IPv4ProtocolUDP: {Sym: "udp", Description: "User datagram protocol"},
18: {Sym: "mux", Description: "Multiplexing protocol"},
19: {Sym: "dcn", Description: "DCN Measurement Subsystems"},
20: {Sym: "hmp", Description: "Host monitoring protocol"},
21: {Sym: "prm", Description: "Packet radio measurement protocol"},
22: {Sym: "xns-idp", Description: "Xerox NS IDP"},
23: {Sym: "trunk-1", Description: "Trunk-1"},
24: {Sym: "trunk-2", Description: "Trunk-2"},
25: {Sym: "leaf-1", Description: "Leaf-1"},
26: {Sym: "leaf-2", Description: "Leaf-2"},
27: {Sym: "rdp", Description: "Reliable datagram protocol"},
28: {Sym: "irtp", Description: "Internet Reliable Transaction Protocol"},
29: {Sym: "iso-tp4", Description: "ISO Transport Protocol Class 4"},
30: {Sym: "netblt", Description: "Bulk Data Transfer Protocol"},
31: {Sym: "mfe-nsp", Description: "MFE Network Services Protocol"},
32: {Sym: "merit-inp", Description: "MERIT Internodal Protocol"},
33: {Sym: "dccp", Description: "Datagram Congestion Control Protocol"},
34: {Sym: "3pc", Description: "Third Party Connect Protocol"},
35: {Sym: "idpr", Description: "Inter-Domain Policy Routing Protocol"},
36: {Sym: "xtp", Description: "Xpress Tranfer Protocol"},
37: {Sym: "ddp", Description: "Datagram Delivery Protocol"},
38: {Sym: "idpr-cmtp", Description: "IDPR Control Message Transport Proto"},
40: {Sym: "il", Description: "IL Transport Protocol"},
41: {Sym: "ipv6", Description: "IPv6"},
42: {Sym: "sdrp", Description: "Source Demand Routing Protocol"},
43: {Sym: "ipv6-route", Description: "routing header for ipv6"},
44: {Sym: "ipv6-frag", Description: "fragment header for ipv6"},
45: {Sym: "idrp", Description: "Inter-Domain Routing Protocol"},
46: {Sym: "rsvp", Description: "Resource ReSerVation Protocol"},
47: {Sym: "gre", Description: "Generic Routing Encapsulation"},
48: {Sym: "dsr", Description: "Dynamic Source Routing Protocol"},
49: {Sym: "bna", Description: "BNA"},
50: {Sym: "esp", Description: "encapsulating security payload"},
51: {Sym: "ah", Description: "authentication header"},
52: {Sym: "i-nlsp", Description: "Integrated Net Layer Security TUBA"},
53: {Sym: "swipe", Description: "IP with Encryption"},
54: {Sym: "narp", Description: "NBMA Address Resolution Protocol"},
55: {Sym: "mobile", Description: "IP Mobility"},
56: {Sym: "tlsp", Description: "Transport Layer Security Protocol"},
57: {Sym: "skip", Description: "SKIP"},
IPv4ProtocolICMPv6: {Sym: "ipv6-icmp", Description: "ICMP for IPv6"},
59: {Sym: "ipv6-nonxt", Description: "no next header for ipv6"},
60: {Sym: "ipv6-opts", Description: "destination options for ipv6"},
62: {Sym: "cftp", Description: "CFTP"},
64: {Sym: "sat-expak", Description: "SATNET and Backroom EXPAK"},
65: {Sym: "kryptolan", Description: "Kryptolan"},
66: {Sym: "rvd", Description: "MIT Remote Virtual Disk Protocol"},
67: {Sym: "ippc", Description: "Internet Pluribus Packet Core"},
69: {Sym: "sat-mon", Description: "SATNET Monitoring"},
70: {Sym: "visa", Description: "VISA Protocol"},
71: {Sym: "ipcv", Description: "Internet Packet Core Utility"},
72: {Sym: "cpnx", Description: "Computer Protocol Network Executive"},
73: {Sym: "cphb", Description: "Computer Protocol Heart Beat"},
74: {Sym: "wsn", Description: "Wang Span Network"},
75: {Sym: "pvp", Description: "Packet Video Protocol"},
76: {Sym: "br-sat-mon", Description: "Backroom SATNET Monitoring"},
77: {Sym: "sun-nd", Description: "SUN ND PROTOCOL-Temporary"},
78: {Sym: "wb-mon", Description: "WIDEBAND Monitoring"},
79: {Sym: "wb-expak", Description: "WIDEBAND EXPAK"},
80: {Sym: "iso-ip", Description: "ISO Internet Protocol"},
81: {Sym: "vmtp", Description: "Versatile Message Transport"},
82: {Sym: "secure-vmtp", Description: "SECURE-VMTP"},
83: {Sym: "vines", Description: "VINES"},
84: {Sym: "ttp", Description: "TTP"},
85: {Sym: "nsfnet-igp", Description: "NSFNET-IGP"},
86: {Sym: "dgp", Description: "Dissimilar Gateway Protocol"},
87: {Sym: "tcf", Description: "TCF"},
88: {Sym: "eigrp", Description: "Enhanced Interior Routing Protocol (Cisco)"},
89: {Sym: "ospf", Description: "Open Shortest Path First IGP"},
90: {Sym: "sprite-rpc", Description: "Sprite RPC Protocol"},
91: {Sym: "larp", Description: "Locus Address Resolution Protocol"},
92: {Sym: "mtp", Description: "Multicast Transport Protocol"},
93: {Sym: "25", Description: "AX.25 Frames"},
94: {Sym: "ipip", Description: "Yet Another IP encapsulation"},
95: {Sym: "micp", Description: "Mobile Internetworking Control Pro"},
96: {Sym: "scc-sp", Description: "Semaphore Communications Sec. Pro"},
97: {Sym: "etherip", Description: "Ethernet-within-IP Encapsulation"},
98: {Sym: "encap", Description: "Yet Another IP encapsulation"},
100: {Sym: "gmtp", Description: "GMTP"},
101: {Sym: "ifmp", Description: "Ipsilon Flow Management Protocol"},
102: {Sym: "pnni", Description: "PNNI over IP"},
103: {Sym: "pim", Description: "Protocol Independent Multicast"},
104: {Sym: "aris", Description: "ARIS"},
105: {Sym: "scps", Description: "SCPS"},
106: {Sym: "qnx", Description: "QNX"},
107: {Sym: "n", Description: "Active Networks"},
108: {Sym: "ipcomp", Description: "IP Payload Compression Protocol"},
109: {Sym: "snp", Description: "Sitara Networks Protocol"},
110: {Sym: "compaq-peer", Description: "Compaq Peer Protocol"},
111: {Sym: "ipx-in-ip", Description: "IPX in IP"},
112: {Sym: "carp", Description: "Common Address Redundancy Protocol"},
113: {Sym: "pgm", Description: "PGM Reliable Transport Protocol"},
115: {Sym: "l2tp", Description: "Layer Two Tunneling Protocol"},
116: {Sym: "ddx", Description: "D-II Data Exchange"},
117: {Sym: "iatp", Description: "Interactive Agent Transfer Protocol"},
118: {Sym: "stp", Description: "Schedule Transfer Protocol"},
119: {Sym: "srp", Description: "SpectraLink Radio Protocol"},
120: {Sym: "uti", Description: "UTI"},
121: {Sym: "smp", Description: "Simple Message Protocol"},
122: {Sym: "sm", Description: "SM"},
123: {Sym: "ptp", Description: "Performance Transparency Protocol"},
124: {Sym: "isis", Description: "ISIS over IPv4"},
126: {Sym: "crtp", Description: "Combat Radio Transport Protocol"},
127: {Sym: "crudp", Description: "Combat Radio User Datagram"},
130: {Sym: "sps", Description: "Secure Packet Shield"},
131: {Sym: "pipe", Description: "Private IP Encapsulation within IP"},
132: {Sym: "sctp", Description: "Stream Control Transmission Protocol"},
133: {Sym: "fc", Description: "Fibre Channel"},
134: {Sym: "rsvp-e2e-ignore", Description: "Aggregation of RSVP for IP reservations"},
135: {Sym: "mobility-header", Description: "Mobility Support in IPv6"},
136: {Sym: "udplite", Description: "The UDP-Lite Protocol"},
137: {Sym: "mpls-in-ip", Description: "Encapsulating MPLS in IP"},
138: {Sym: "manet", Description: "MANET Protocols (RFC5498)"},
139: {Sym: "hip", Description: "Host Identity Protocol (RFC5201)"},
140: {Sym: "shim6", Description: "Shim6 Protocol (RFC5533)"},
141: {Sym: "wesp", Description: "Wrapped Encapsulating Security Payload (RFC5840)"},
142: {Sym: "rohc", Description: "Robust Header Compression (RFC5858)"},
240: {Sym: "pfsync", Description: "PF Synchronization"},
258: {Sym: "divert", Description: "Divert pseudo-protocol [non IANA]"},
}
// based on etc/services from Darwin/FreeBSD

35
format/inet/bsd_loopback_frame.go
View File

@ -9,7 +9,7 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var bsdLoopbackFrameIPv4Format decode.Group
var bsdLoopbackFrameInetPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
@ -17,41 +17,48 @@ func init() {
Description: "BSD loopback frame",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{
{Names: []string{format.IPV4_PACKET}, Group: &bsdLoopbackFrameIPv4Format},
{Names: []string{format.INET_PACKET}, Group: &bsdLoopbackFrameInetPacketGroup},
},
DecodeFn: decodeLoopbackFrame,
})
}
const (
bsdLoopbackNetworkLayerIPv4 = 2
bsdLoopbackNetworkLayerIPv4 = 0x2
bsdLoopbackNetworkLayerIPv6 = 0x1e
)
var bsdLoopbackFrameNetworkLayerFormat = map[uint64]*decode.Group{
bsdLoopbackNetworkLayerIPv4: &bsdLoopbackFrameIPv4Format,
var bsdLoopbackFrameNetworkLayerEtherType = map[uint64]int{
bsdLoopbackNetworkLayerIPv4: format.EtherTypeIPv4,
bsdLoopbackNetworkLayerIPv6: format.EtherTypeIPv6,
}
var bsdLookbackNetworkLayerMap = scalar.UToScalar{
bsdLoopbackNetworkLayerIPv4: {Sym: "ipv4", Description: `Internet protocol v4`},
bsdLoopbackNetworkLayerIPv6: {Sym: "ipv6", Description: `Internet protocol v6`},
}
func decodeLoopbackFrame(d *decode.D, in interface{}) interface{} {
lsi, ok := in.(format.LinkFrameIn)
if ok {
if lsi.Type != format.LinkTypeNULL {
d.Fatalf("wrong link type")
if lfi, ok := in.(format.LinkFrameIn); ok {
if lfi.Type != format.LinkTypeNULL {
d.Fatalf("wrong link type %d", lfi.Type)
}
if lsi.LittleEndian {
// TODO: where is this documented?
if lfi.IsLittleEndian {
d.Endian = decode.LittleEndian
}
}
// if no LinkFrameIn assume big endian for now
networkLayer := d.FieldU32("network_layer", bsdLookbackNetworkLayerMap, scalar.Hex)
if g, ok := bsdLoopbackFrameNetworkLayerFormat[networkLayer]; ok {
d.FieldFormatLen("packet", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
if dv, _, _ := d.TryFieldFormatLen(
"payload",
d.BitsLeft(),
bsdLoopbackFrameInetPacketGroup,
// TODO: unknown mapped to ether type 0 is ok?
format.InetPacketIn{EtherType: bsdLoopbackFrameNetworkLayerEtherType[networkLayer]}); dv == nil {
d.FieldRawLen("payload", d.BitsLeft())
}
return nil

25
format/inet/ether8023_frame.go
View File

@ -12,7 +12,7 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var ether8023FrameIPv4Format decode.Group
var ether8023FrameInetPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
@ -20,16 +20,12 @@ func init() {
Description: "Ethernet 802.3 frame",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{
{Names: []string{format.IPV4_PACKET}, Group: &ether8023FrameIPv4Format},
{Names: []string{format.INET_PACKET}, Group: &ether8023FrameInetPacketGroup},
},
DecodeFn: decodeEthernetFrame,
})
}
var ether8023FrameTypeFormat = map[uint64]*decode.Group{
format.EtherTypeIPv4: &ether8023FrameIPv4Format,
}
// TODO: move to shared?
var mapUToEtherSym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
var b [8]byte
@ -39,19 +35,22 @@ var mapUToEtherSym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
})
func decodeEthernetFrame(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeETHERNET {
d.Fatalf("wrong link type")
if lfi, ok := in.(format.LinkFrameIn); ok {
if lfi.Type != format.LinkTypeETHERNET {
d.Fatalf("wrong link type %d", lfi.Type)
}
}
d.FieldU("destination", 48, mapUToEtherSym, scalar.Hex)
d.FieldU("source", 48, mapUToEtherSym, scalar.Hex)
etherType := d.FieldU16("ether_type", format.EtherTypeMap, scalar.Hex)
if g, ok := ether8023FrameTypeFormat[etherType]; ok {
d.FieldFormatLen("packet", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
if dv, _, _ := d.TryFieldFormatLen(
"payload",
d.BitsLeft(),
ether8023FrameInetPacketGroup,
format.InetPacketIn{EtherType: int(etherType)}); dv == nil {
d.FieldRawLen("payload", d.BitsLeft())
}
return nil

5
format/inet/icmp.go
View File

@ -11,6 +11,7 @@ func init() {
registry.MustRegister(decode.Format{
Name: format.ICMP,
Description: "Internet Control Message Protocol",
Groups: []string{format.IP_PACKET},
DecodeFn: decodeICMP,
})
}
@ -92,6 +93,10 @@ var icmpCodeMapMap = map[uint64]scalar.UToScalar{
}
func decodeICMP(d *decode.D, in interface{}) interface{} {
if ipi, ok := in.(format.IPPacketIn); ok && ipi.Protocol != format.IPv4ProtocolICMP {
d.Fatalf("incorrect protocol %d", ipi.Protocol)
}
typ := d.FieldU8("type", icmpTypeMap)
d.FieldU8("code", icmpCodeMapMap[typ])
d.FieldU16("checksum")

91
format/inet/icmpv6.go Normal file
View File

@ -0,0 +1,91 @@
package inet
import (
"github.com/wader/fq/format"
"github.com/wader/fq/format/registry"
"github.com/wader/fq/pkg/decode"
"github.com/wader/fq/pkg/scalar"
)
func init() {
registry.MustRegister(decode.Format{
Name: format.ICMPV6,
Description: "Internet Control Message Protocol v6",
Groups: []string{format.IP_PACKET},
DecodeFn: decodeICMPv6,
})
}
// based on https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol_for_IPv6
var icmpv6TypeMap = scalar.UToScalar{
1: {Sym: "unreachable", Description: "Destination unreachable"},
2: {Sym: "too_big", Description: "Packet too big"},
3: {Sym: "time_exceeded", Description: "Time exceeded"},
4: {Sym: "parameter_problem", Description: "Parameter problem"},
100: {Description: "Private experimentation"},
101: {Description: "Private experimentation"},
127: {Description: "Reserved for expansion of ICMPv6 error messages"},
128: {Sym: "echo_reply", Description: "Echo Request"},
129: {Sym: "echo_request", Description: "Echo Reply"},
130: {Description: "Multicast Listener Query (MLD)"},
131: {Description: "Multicast Listener Report (MLD)"},
132: {Description: "Multicast Listener Done (MLD)"},
133: {Description: "Router Solicitation (NDP)"},
134: {Description: "Router Advertisement (NDP)"},
135: {Description: "Neighbor Solicitation (NDP)"},
136: {Description: "Neighbor Advertisement (NDP)"},
137: {Description: "Redirect Message (NDP)"},
138: {Description: "Router Renumbering Router Renumbering Command"},
139: {Description: "ICMP Node Information Query"},
140: {Description: "ICMP Node Information Response"},
141: {Description: "Inverse Neighbor Discovery Solicitation Message"},
142: {Description: "Inverse Neighbor Discovery Advertisement Message"},
143: {Description: "Multicast Listener Discovery (MLDv2) reports (RFC 3810)"},
144: {Description: "Home Agent Address Discovery Request Message"},
145: {Description: "Home Agent Address Discovery Reply Message"},
146: {Description: "Mobile Prefix Solicitation"},
147: {Description: "Mobile Prefix Advertisement"},
148: {Description: "Certification Path Solicitation (SEND)"},
149: {Description: "Certification Path Advertisement (SEND)"},
151: {Description: "Multicast Router Advertisement (MRD)"},
152: {Description: "Multicast Router Solicitation (MRD)"},
153: {Description: "Multicast Router Termination (MRD)"},
155: {Description: "RPL Control Message"},
200: {Description: "Private experimentation"},
201: {Description: "Private experimentation"},
255: {Description: "Reserved for expansion of ICMPv6 informational messages"},
}
var icmpv6CodeMapMap = map[uint64]scalar.UToScalar{
1: {
1: {Description: "Communication with destination administratively prohibited"},
2: {Description: "Beyond scope of source address"},
3: {Description: "Address unreachable"},
4: {Description: "Port unreachable"},
5: {Description: "Source address failed ingress/egress policy"},
6: {Description: "Reject route to destination"},
7: {Description: "Error in Source Routing Header"},
},
3: {
0: {Description: "Hop limit exceeded in transit"},
1: {Description: "Fragment reassembly time exceeded"},
},
4: {
0: {Description: "Erroneous header field encountered"},
1: {Description: "Unrecognized Next Header type encountered"},
2: {Description: "Unrecognized IPv6 option encountered"},
},
}
func decodeICMPv6(d *decode.D, in interface{}) interface{} {
if ipi, ok := in.(format.IPPacketIn); ok && ipi.Protocol != format.IPv4ProtocolICMPv6 {
d.Fatalf("incorrect protocol %d", ipi.Protocol)
}
typ := d.FieldU8("type", icmpv6TypeMap)
d.FieldU8("code", icmpv6CodeMapMap[typ])
d.FieldU16("checksum")
d.FieldRawLen("content", d.BitsLeft())
return nil
}

33
format/inet/ipv4_packet.go
View File

@ -12,18 +12,15 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var udpPacketFormat decode.Group
var tcpPacketFormat decode.Group
var icmpFormat decode.Group
var ipv4IpPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
Name: format.IPV4_PACKET,
Description: "Internet protocol v4 packet",
Groups: []string{format.INET_PACKET},
Dependencies: []decode.Dependency{
{Names: []string{format.UDP_DATAGRAM}, Group: &udpPacketFormat},
{Names: []string{format.TCP_SEGMENT}, Group: &tcpPacketFormat},
{Names: []string{format.ICMP}, Group: &icmpFormat},
{Names: []string{format.IP_PACKET}, Group: &ipv4IpPacketGroup},
},
DecodeFn: decodeIPv4,
})
@ -45,12 +42,6 @@ var ipv4OptionsMap = scalar.UToScalar{
4: {Description: "Internet Timestamp"},
}
var ipv4ProtocolFormat = map[uint64]*decode.Group{
format.IPv4ProtocolUDP: &udpPacketFormat,
format.IPv4ProtocolTCP: &tcpPacketFormat,
format.IPv4ProtocolICMP: &icmpFormat,
}
var mapUToIPv4Sym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
var b [4]byte
binary.BigEndian.PutUint32(b[:], uint32(s.ActualU()))
@ -59,6 +50,10 @@ var mapUToIPv4Sym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
})
func decodeIPv4(d *decode.D, in interface{}) interface{} {
if ipi, ok := in.(format.InetPacketIn); ok && ipi.EtherType != format.EtherTypeIPv4 {
d.Fatalf("incorrect ethertype %d", ipi.EtherType)
}
d.FieldU4("version")
ihl := d.FieldU4("ihl")
d.FieldU6("dscp")
@ -104,11 +99,15 @@ func decodeIPv4(d *decode.D, in interface{}) interface{} {
_ = d.FieldMustGet("header_checksum").TryScalarFn(d.ValidateUBytes(ipv4Checksum.Sum(nil)), scalar.Hex)
dataLen := int64(totalLength-(ihl*4)) * 8
g, ok := ipv4ProtocolFormat[protocol]
if !ok || moreFragments || fragmentOffset > 0 {
d.FieldRawLen("data", dataLen)
} else {
d.FieldFormatLen("data", dataLen, *g, nil)
if moreFragments || fragmentOffset > 0 {
d.FieldRawLen("payload", dataLen)
} else if dv, _, _ := d.TryFieldFormatLen(
"payload",
dataLen,
ipv4IpPacketGroup,
format.IPPacketIn{Protocol: int(protocol)}); dv == nil {
d.FieldRawLen("payload", dataLen)
}
return nil

175
format/inet/ipv6_packet.go Normal file
View File

@ -0,0 +1,175 @@
package inet
import (
"bytes"
"net"
"github.com/wader/fq/format"
"github.com/wader/fq/format/registry"
"github.com/wader/fq/internal/bitioextra"
"github.com/wader/fq/pkg/decode"
"github.com/wader/fq/pkg/scalar"
)
var ipv6IpPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
Name: format.IPV6_PACKET,
Description: "Internet protocol v6 packet",
Groups: []string{format.INET_PACKET},
Dependencies: []decode.Dependency{
{Names: []string{format.IP_PACKET}, Group: &ipv6IpPacketGroup},
},
DecodeFn: decodeIPv6,
})
}
const (
nextHeaderHopByHop = 0
nextHeaderRouting = 43
nextHeaderFragment = 44
nextHeaderEncapsulatingSecurityPayload = 50
nextHeaderAuthentication = 51
nextHeaderDestination = 60
nextHeaderMobility = 135
nextHeaderHostIdentity = 139
nextHeaderShim6 = 140
)
// TODO:
// 253 Use for experimentation and testing [RFC3692][RFC4727]
// 254 Use for experimentation and testing [RFC3692][RFC4727]
var nextHeaderNames = scalar.UToSymStr{
nextHeaderHopByHop: "hop_by_hop",
nextHeaderRouting: "routing",
nextHeaderFragment: "fragment",
nextHeaderEncapsulatingSecurityPayload: "encapsulating_security_payload",
nextHeaderAuthentication: "authentication",
nextHeaderDestination: "destination",
nextHeaderMobility: "mobility",
nextHeaderHostIdentity: "host_identity",
nextHeaderShim6: "shim6",
}
var nextHeaderMap = scalar.Fn(func(s scalar.S) (scalar.S, error) {
if isIpv6Option(s.ActualU()) {
return nextHeaderNames.MapScalar(s)
}
return format.IPv4ProtocolMap.MapScalar(s)
})
func isIpv6Option(n uint64) bool {
switch n {
case nextHeaderHopByHop,
nextHeaderRouting,
nextHeaderFragment,
nextHeaderEncapsulatingSecurityPayload,
nextHeaderAuthentication,
nextHeaderDestination,
nextHeaderMobility,
nextHeaderHostIdentity,
nextHeaderShim6:
return true
default:
return false
}
}
// from https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2
var hopByHopTypeNames = scalar.UToSymStr{
0x00: "pad1",
0x01: "padn",
0xc2: "jumbo_payload",
0x23: "rpl_option",
0x04: "tunnel_encapsulation_limit",
0x05: "router_alert",
0x26: "quick_start",
0x07: "calipso",
0x08: "smf_dpd",
0xc9: "home_address",
0x8b: "ilnp_nonce",
0x8c: "line_identification_option",
0x4d: "deprecated",
0x6d: "mpl_option",
0xee: "ip_dff",
0x0f: "performance_and_diagnostin_metrics",
0x11: "ioam",
0x31: "ioam",
}
var mapUToIPv6Sym = scalar.Fn(func(s scalar.S) (scalar.S, error) {
b := &bytes.Buffer{}
if _, err := bitioextra.CopyBits(b, s.ActualBitBuf()); err != nil {
return s, err
}
s.Sym = net.IP(b.Bytes()).String()
return s, nil
})
func decodeIPv6(d *decode.D, in interface{}) interface{} {
if ipi, ok := in.(format.InetPacketIn); ok && ipi.EtherType != format.EtherTypeIPv6 {
d.Fatalf("incorrect ethertype %d", ipi.EtherType)
}
d.FieldU4("version")
d.FieldU6("ds")
d.FieldU2("ecn")
d.FieldU20("flow_label")
dataLength := d.FieldU16("payload_length")
nextHeader := d.FieldU8("next_header", nextHeaderMap)
d.FieldU8("hop_limit")
d.FieldRawLen("source_address", 128, mapUToIPv6Sym)
d.FieldRawLen("destination_address", 128, mapUToIPv6Sym)
extStart := d.Pos()
if isIpv6Option(nextHeader) {
// TODO: own format?
d.FieldArray("extensions", func(d *decode.D) {
for isIpv6Option(nextHeader) {
d.FieldStruct("extension", func(d *decode.D) {
currentHeader := nextHeader
nextHeader = d.FieldU8("next_header", nextHeaderMap)
extLen := d.FieldU8("length")
// whole header not including the first 8 octets
extLen += 6
d.FramedFn(int64(extLen)*8, func(d *decode.D) {
switch currentHeader {
case nextHeaderHopByHop:
d.FieldArray("options", func(d *decode.D) {
for !d.End() {
d.FieldStruct("option", func(d *decode.D) {
d.FieldU8("type", hopByHopTypeNames)
l := d.FieldU8("len")
d.FieldRawLen("data", int64(l)*8)
})
}
})
default:
d.FieldRawLen("payload", d.BitsLeft())
}
})
})
}
})
}
extEnd := d.Pos()
extLen := extEnd - extStart
// TODO: jumbo
// TODO: nextHeader 59 skip
payloadLen := int64(dataLength)*8 - extLen
if dv, _, _ := d.TryFieldFormatLen(
"payload",
payloadLen,
ipv4IpPacketGroup,
format.IPPacketIn{Protocol: int(nextHeader)}); dv == nil {
d.FieldRawLen("payload", payloadLen)
}
return nil
}

26
format/inet/sll2_packet.go
View File

@ -10,7 +10,7 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var sllPacket2Ether8023Format decode.Group
var sllPacket2InetPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
@ -18,20 +18,16 @@ func init() {
Description: "Linux cooked capture encapsulation v2",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format},
{Names: []string{format.INET_PACKET}, Group: &sllPacket2InetPacketGroup},
},
DecodeFn: decodeSLL2,
})
}
var sllPacket2FrameTypeFormat = map[uint64]*decode.Group{
format.EtherTypeIPv4: &ether8023FrameIPv4Format,
}
func decodeSLL2(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeLINUX_SLL2 {
d.Fatalf("wrong link type")
if lfi, ok := in.(format.LinkFrameIn); ok {
if lfi.Type != format.LinkTypeLINUX_SLL2 {
d.Fatalf("wrong link type %d", lfi.Type)
}
}
@ -56,13 +52,15 @@ func decodeSLL2(d *decode.D, in interface{}) interface{} {
switch arpHdrType {
case arpHdrTypeLoopback, arpHdrTypeEther:
_ = d.FieldMustGet("link_address").TryScalarFn(mapUToEtherSym, scalar.Hex)
if g, ok := sllPacket2FrameTypeFormat[protcolType]; ok {
d.FieldFormatLen("data", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
if dv, _, _ := d.TryFieldFormatLen(
"payload",
d.BitsLeft(),
sllPacket2InetPacketGroup,
format.LinkFrameIn{Type: int(protcolType)}); dv == nil {
d.FieldRawLen("payload", d.BitsLeft())
}
default:
d.FieldRawLen("data", d.BitsLeft())
d.FieldRawLen("payload", d.BitsLeft())
}
return nil

26
format/inet/sll_packet.go
View File

@ -10,7 +10,7 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var sllPacketEther8023Format decode.Group
var sllPacketInetPacketGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
@ -18,16 +18,12 @@ func init() {
Description: "Linux cooked capture encapsulation",
Groups: []string{format.LINK_FRAME},
Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacketEther8023Format},
{Names: []string{format.INET_PACKET}, Group: &sllPacketInetPacketGroup},
},
DecodeFn: decodeSLL,
})
}
var sllPacketFrameTypeFormat = map[uint64]*decode.Group{
format.EtherTypeIPv4: &ether8023FrameIPv4Format,
}
var sllPacketTypeMap = scalar.UToScalar{
0: {Sym: "to_us", Description: "Sent to us"},
1: {Sym: "broadcast", Description: "Broadcast by somebody else"},
@ -113,9 +109,9 @@ var arpHdrTypeMAp = scalar.UToScalar{
}
func decodeSLL(d *decode.D, in interface{}) interface{} {
if lsi, ok := in.(format.LinkFrameIn); ok {
if lsi.Type != format.LinkTypeLINUX_SLL {
d.Fatalf("wrong link type")
if lfi, ok := in.(format.LinkFrameIn); ok {
if lfi.Type != format.LinkTypeLINUX_SLL {
d.Fatalf("wrong link type %d", lfi.Type)
}
}
@ -133,14 +129,16 @@ func decodeSLL(d *decode.D, in interface{}) interface{} {
case arpHdrTypeLoopback, arpHdrTypeEther:
_ = d.FieldMustGet("link_address").TryScalarFn(mapUToEtherSym, scalar.Hex)
protcolType := d.FieldU16("protocol_type", format.EtherTypeMap, scalar.Hex)
if g, ok := sllPacketFrameTypeFormat[protcolType]; ok {
d.FieldFormatLen("data", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
if dv, _, _ := d.TryFieldFormatLen(
"payload",
d.BitsLeft(),
sllPacketInetPacketGroup,
format.LinkFrameIn{Type: int(protcolType)}); dv == nil {
d.FieldRawLen("payload", d.BitsLeft())
}
default:
d.FieldU16LE("protocol_type")
d.FieldRawLen("data", d.BitsLeft())
d.FieldRawLen("payload", d.BitsLeft())
}
return nil

7
format/inet/tcp_segment.go
View File

@ -13,6 +13,7 @@ func init() {
registry.MustRegister(decode.Format{
Name: format.TCP_SEGMENT,
Description: "Transmission control protocol segment",
Groups: []string{format.IP_PACKET},
DecodeFn: decodeTCP,
})
}
@ -33,6 +34,10 @@ var tcpOptionsMap = scalar.UToScalar{
}
func decodeTCP(d *decode.D, in interface{}) interface{} {
if ipi, ok := in.(format.IPPacketIn); ok && ipi.Protocol != format.IPv4ProtocolTCP {
d.Fatalf("incorrect protocol %d", ipi.Protocol)
}
d.FieldU16("source_port", format.TCPPortMap)
d.FieldU16("destination_port", format.TCPPortMap)
d.FieldU32("sequence_number")
@ -78,7 +83,7 @@ func decodeTCP(d *decode.D, in interface{}) interface{} {
// d.MustCopy(tcpChecksum, d.BitBufRange(checksumEnd, d.Len()-checksumEnd))
// _ = d.FieldMustGet("checksum").TryScalarFn(d.ValidateUBytes(tcpChecksum.Sum(nil)), scalar.Hex)
d.FieldRawLen("data", d.BitsLeft())
d.FieldRawLen("payload", d.BitsLeft())
return nil
}

6
format/inet/testdata/ether8023_frame.fqtest vendored
View File

@ -4,7 +4,7 @@ $ fq -d ether8023_frame dv /ether8023_frame
0x00|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x0-0x5.7 (6)
0x00| a4 5e 60 f1 7d 93 | .^`.}. | source: "a4:5e:60:f1:7d:93" (0xa45e60f17d93) 0x6-0xb.7 (6)
0x00| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xc-0xd.7 (2)
| | | packet{}: (ipv4_packet) 0xe-0xb1.7 (164)
| | | payload{}: (ipv4_packet) 0xe-0xb1.7 (164)
0x00| 45 | E | version: 4 0xe-0xe.3 (0.4)
0x00| 45 | E | ihl: 5 0xe.4-0xe.7 (0.4)
0x00| 00| .| dscp: 0 0xf-0xf.5 (0.6)
@ -21,11 +21,11 @@ $ fq -d ether8023_frame dv /ether8023_frame
0x10| c0 a8 01 8b | .... | source_ip: "192.168.1.139" (0xc0a8018b) 0x1a-0x1d.7 (4)
0x10| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x1e-0x21.7 (4)
0x20|ff ff |.. |
| | | data{}: (udp_datagram) 0x22-0xb1.7 (144)
| | | payload{}: (udp_datagram) 0x22-0xb1.7 (144)
0x20| 44 5c | D\ | source_port: 17500 0x22-0x23.7 (2)
0x20| 44 5c | D\ | destination_port: 17500 0x24-0x25.7 (2)
0x20| 00 90 | .. | length: 144 0x26-0x27.7 (2)
0x20| ba 03 | .. | checksum: 0xba03 0x28-0x29.7 (2)
0x20| 7b 22 68 6f 73 74| {"host| data: raw bits 0x2a-0xb1.7 (136)
0x20| 7b 22 68 6f 73 74| {"host| payload: raw bits 0x2a-0xb1.7 (136)
0x30|5f 69 6e 74 22 3a 20 34 30 39 34 35 31 34 34 38|_int": 409451448|
* |until 0xb1.7 (end) (136) | |

2
format/inet/testdata/ipv4_packet.fqtest vendored
View File

@ -16,6 +16,6 @@ $ fq -d ipv4_packet dv /ipv4_packet
0x000| 9b 44 | .D | header_checksum: 0x9b44 (valid) 0xa-0xb.7 (2)
0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4)
0x010|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4)
0x010| 08 00 4d 71 13 c2 00 01 14 2b d2 59| ..Mq.....+.Y| data: raw bits 0x14-0x3e3.7 (976)
0x010| 08 00 4d 71 13 c2 00 01 14 2b d2 59| ..Mq.....+.Y| payload: raw bits 0x14-0x3e3.7 (976)
0x020|00 00 00 00 3d 2a 08 00 00 00 00 00 10 11 12 13|....=*..........|
* |until 0x3e3.7 (end) (976) | |

2
format/inet/testdata/tcp_segment.fqtest vendored
View File

@ -46,4 +46,4 @@ $ fq -d tcp_segment dv /tcp_segment
0x20| 00 | . | kind: "end" (0) (End of options list) 0x2a-0x2a.7 (1)
| | | [8]{}: option 0x2b-0x2b.7 (1)
0x20| 00| | .| | kind: "end" (0) (End of options list) 0x2b-0x2b.7 (1)
| | | data: raw bits 0x2c-NA (0)
| | | payload: raw bits 0x2c-NA (0)

2
format/inet/testdata/udp_datagram.fqtest vendored
View File

@ -5,6 +5,6 @@ $ fq -d udp_datagram dv /udp_datagram
0x00| 44 5c | D\ | destination_port: 17500 0x2-0x3.7 (2)
0x00| 00 90 | .. | length: 144 0x4-0x5.7 (2)
0x00| ba 03 | .. | checksum: 0xba03 0x6-0x7.7 (2)
0x00| 7b 22 68 6f 73 74 5f 69| {"host_i| data: raw bits 0x8-0x8f.7 (136)
0x00| 7b 22 68 6f 73 74 5f 69| {"host_i| payload: raw bits 0x8-0x8f.7 (136)
0x10|6e 74 22 3a 20 34 30 39 34 35 31 34 34 38 33 2c|nt": 4094514483,|
* |until 0x8f.7 (end) (136) | |

27
format/inet/udp_datagram.go
View File

@ -7,31 +7,40 @@ import (
"github.com/wader/fq/pkg/scalar"
)
var udpPayloadFormat decode.Group
var udpPayloadGroup decode.Group
func init() {
registry.MustRegister(decode.Format{
Name: format.UDP_DATAGRAM,
Description: "User datagram protocol",
Groups: []string{format.IP_PACKET},
Dependencies: []decode.Dependency{
{Names: []string{format.UDP_PAYLOAD}, Group: &udpPayloadFormat},
{Names: []string{format.UDP_PAYLOAD}, Group: &udpPayloadGroup},
},
DecodeFn: decodeUDP,
})
}
func decodeUDP(d *decode.D, in interface{}) interface{} {
soucePort := d.FieldU16("source_port", format.UDPPortMap)
if ipi, ok := in.(format.IPPacketIn); ok && ipi.Protocol != format.IPv4ProtocolUDP {
d.Fatalf("incorrect protocol %d", ipi.Protocol)
}
sourcePort := d.FieldU16("source_port", format.UDPPortMap)
destPort := d.FieldU16("destination_port", format.UDPPortMap)
length := d.FieldU16("length")
d.FieldU16("checksum", scalar.Hex)
dataLen := int64(length-8) * 8
if dv, _, _ := d.TryFieldFormatLen("data", dataLen, udpPayloadFormat, format.UDPPayloadIn{
SourcePort: int(soucePort),
DestinationPort: int(destPort),
}); dv == nil {
d.FieldRawLen("data", dataLen)
payloadLen := int64(length-8) * 8
if dv, _, _ := d.TryFieldFormatLen(
"payload",
payloadLen,
udpPayloadGroup,
format.UDPPayloadIn{
SourcePort: int(sourcePort),
DestinationPort: int(destPort),
}); dv == nil {
d.FieldRawLen("payload", payloadLen)
}
// TODO: for checksum need to pass ipv4 pseudo header somehow

4
format/pcap/pcap.go
View File

@ -86,8 +86,8 @@ func decodePcap(d *decode.D, in interface{}) interface{} {
}
if dv, _, _ := d.TryFieldFormatLen("packet", int64(inclLen)*8, pcapLinkFrameFormat, format.LinkFrameIn{
Type: linkType,
LittleEndian: d.Endian == decode.LittleEndian,
Type: linkType,
IsLittleEndian: d.Endian == decode.LittleEndian,
}); dv == nil {
d.FieldRawLen("packet", int64(inclLen)*8)
}

4
format/pcap/pcapng.go
View File

@ -240,8 +240,8 @@ var blockFns = map[uint64]func(d *decode.D, dc *decodeContext){
}
if dv, _, _ := d.TryFieldFormatLen("packet", int64(capturedLength)*8, pcapngLinkFrameFormat, format.LinkFrameIn{
Type: linkType,
LittleEndian: d.Endian == decode.LittleEndian,
Type: linkType,
IsLittleEndian: d.Endian == decode.LittleEndian,
}); dv == nil {
d.FieldRawLen("packet", int64(capturedLength)*8)
}

24
format/pcap/testdata/dhcp_big_endian.fqtest vendored
View File

@ -48,7 +48,7 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6)
0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6)
0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2)
| | | packet{}: (ipv4_packet) 0x7e-0x1a9.7 (300)
| | | payload{}: (ipv4_packet) 0x7e-0x1a9.7 (300)
0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4)
0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4)
0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6)
@ -65,12 +65,12 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4)
0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4)
0x090|ff ff |.. |
| | | data{}: (udp_datagram) 0x92-0x1a9.7 (280)
| | | payload{}: (udp_datagram) 0x92-0x1a9.7 (280)
0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2)
0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2)
0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2)
0x090| 59 1f | Y. | checksum: 0x591f 0x98-0x99.7 (2)
0x090| 01 01 06 00 00 00| ......| data: raw bits 0x9a-0x1a9.7 (272)
0x090| 01 01 06 00 00 00| ......| payload: raw bits 0x9a-0x1a9.7 (272)
0x0a0|3d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00|=...............|
* |until 0x1a9.7 (272) | |
0x1a0| 00 00 | .. | padding: raw bits 0x1aa-0x1ab.7 (2)
@ -89,7 +89,7 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x1d0|fc 42 |.B |
0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6)
0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2)
| | | packet{}: (ipv4_packet) 0x1da-0x321.7 (328)
| | | payload{}: (ipv4_packet) 0x1da-0x321.7 (328)
0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4)
0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4)
0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6)
@ -105,12 +105,12 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2)
0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4)
0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4)
| | | data{}: (udp_datagram) 0x1ee-0x321.7 (308)
| | | payload{}: (udp_datagram) 0x1ee-0x321.7 (308)
0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2)
0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2)
0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2)
0x1f0| 22 33 | "3 | checksum: 0x2233 0x1f4-0x1f5.7 (2)
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| data: raw bits 0x1f6-0x321.7 (300)
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| payload: raw bits 0x1f6-0x321.7 (300)
0x200|00 00 00 00 00 00 c0 a8 00 0a c0 a8 00 01 00 00|................|
* |until 0x321.7 (300) | |
0x320| 00 00 | .. | padding: raw bits 0x322-0x323.7 (2)
@ -128,7 +128,7 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6)
0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6)
0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2)
| | | packet{}: (ipv4_packet) 0x352-0x47d.7 (300)
| | | payload{}: (ipv4_packet) 0x352-0x47d.7 (300)
0x350| 45 | E | version: 4 0x352-0x352.3 (0.4)
0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4)
0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6)
@ -145,12 +145,12 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4)
0x360|00 00 |.. |
0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4)
| | | data{}: (udp_datagram) 0x366-0x47d.7 (280)
| | | payload{}: (udp_datagram) 0x366-0x47d.7 (280)
0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2)
0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2)
0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2)
0x360| 9f bd | .. | checksum: 0x9fbd 0x36c-0x36d.7 (2)
0x360| 01 01| ..| data: raw bits 0x36e-0x47d.7 (272)
0x360| 01 01| ..| payload: raw bits 0x36e-0x47d.7 (272)
0x370|06 00 00 00 3d 1e 00 00 00 00 00 00 00 00 00 00|....=...........|
* |until 0x47d.7 (272) | |
0x470| 00 00| ..| padding: raw bits 0x47e-0x47f.7 (2)
@ -168,7 +168,7 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6)
0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6)
0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2)
| | | packet{}: (ipv4_packet) 0x4ae-0x5f5.7 (328)
| | | payload{}: (ipv4_packet) 0x4ae-0x5f5.7 (328)
0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4)
0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4)
0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6)
@ -185,12 +185,12 @@ $ fq -d pcapng dv /dhcp_big_endian.pcapng
0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4)
0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4)
0x4c0|00 0a |.. |
| | | data{}: (udp_datagram) 0x4c2-0x5f5.7 (308)
| | | payload{}: (udp_datagram) 0x4c2-0x5f5.7 (308)
0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2)
0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2)
0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2)
0x4c0| df db | .. | checksum: 0xdfdb 0x4c8-0x4c9.7 (2)
0x4c0| 02 01 06 00 00 00| ......| data: raw bits 0x4ca-0x5f5.7 (300)
0x4c0| 02 01 06 00 00 00| ......| payload: raw bits 0x4ca-0x5f5.7 (300)
0x4d0|3d 1e 00 00 00 00 00 00 00 00 c0 a8 00 0a 00 00|=...............|
* |until 0x5f5.7 (300) | |
0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2)

24
format/pcap/testdata/dhcp_little_endian.fqtest vendored
View File

@ -48,7 +48,7 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x070|ff ff ff ff ff ff |...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x70-0x75.7 (6)
0x070| 00 0b 82 01 fc 42 | .....B | source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x76-0x7b.7 (6)
0x070| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x7c-0x7d.7 (2)
| | | packet{}: (ipv4_packet) 0x7e-0x1a9.7 (300)
| | | payload{}: (ipv4_packet) 0x7e-0x1a9.7 (300)
0x070| 45 | E | version: 4 0x7e-0x7e.3 (0.4)
0x070| 45 | E | ihl: 5 0x7e.4-0x7e.7 (0.4)
0x070| 00| .| dscp: 0 0x7f-0x7f.5 (0.6)
@ -65,12 +65,12 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x080| 00 00 00 00 | .... | source_ip: "0.0.0.0" (0x0) 0x8a-0x8d.7 (4)
0x080| ff ff| ..| destination_ip: "255.255.255.255" (0xffffffff) 0x8e-0x91.7 (4)
0x090|ff ff |.. |
| | | data{}: (udp_datagram) 0x92-0x1a9.7 (280)
| | | payload{}: (udp_datagram) 0x92-0x1a9.7 (280)
0x090| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x92-0x93.7 (2)
0x090| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x94-0x95.7 (2)
0x090| 01 18 | .. | length: 280 0x96-0x97.7 (2)
0x090| 59 1f | Y. | checksum: 0x591f 0x98-0x99.7 (2)
0x090| 01 01 06 00 00 00| ......| data: raw bits 0x9a-0x1a9.7 (272)
0x090| 01 01 06 00 00 00| ......| payload: raw bits 0x9a-0x1a9.7 (272)
0x0a0|3d 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 00|=...............|
* |until 0x1a9.7 (272) | |
0x1a0| 00 00 | .. | padding: raw bits 0x1aa-0x1ab.7 (2)
@ -89,7 +89,7 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x1d0|fc 42 |.B |
0x1d0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x1d2-0x1d7.7 (6)
0x1d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x1d8-0x1d9.7 (2)
| | | packet{}: (ipv4_packet) 0x1da-0x321.7 (328)
| | | payload{}: (ipv4_packet) 0x1da-0x321.7 (328)
0x1d0| 45 | E | version: 4 0x1da-0x1da.3 (0.4)
0x1d0| 45 | E | ihl: 5 0x1da.4-0x1da.7 (0.4)
0x1d0| 00 | . | dscp: 0 0x1db-0x1db.5 (0.6)
@ -105,12 +105,12 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x1e0| 00 00 | .. | header_checksum: 0x0 (invalid) 0x1e4-0x1e5.7 (2)
0x1e0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x1e6-0x1e9.7 (4)
0x1e0| c0 a8 00 0a | .... | destination_ip: "192.168.0.10" (0xc0a8000a) 0x1ea-0x1ed.7 (4)
| | | data{}: (udp_datagram) 0x1ee-0x321.7 (308)
| | | payload{}: (udp_datagram) 0x1ee-0x321.7 (308)
0x1e0| 00 43| .C| source_port: "bootps" (67) (Bootstrap Protocol Server) 0x1ee-0x1ef.7 (2)
0x1f0|00 44 |.D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x1f0-0x1f1.7 (2)
0x1f0| 01 34 | .4 | length: 308 0x1f2-0x1f3.7 (2)
0x1f0| 22 33 | "3 | checksum: 0x2233 0x1f4-0x1f5.7 (2)
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| data: raw bits 0x1f6-0x321.7 (300)
0x1f0| 02 01 06 00 00 00 3d 1d 00 00| ......=...| payload: raw bits 0x1f6-0x321.7 (300)
0x200|00 00 00 00 00 00 c0 a8 00 0a c0 a8 00 01 00 00|................|
* |until 0x321.7 (300) | |
0x320| 00 00 | .. | padding: raw bits 0x322-0x323.7 (2)
@ -128,7 +128,7 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x340| ff ff ff ff ff ff | ...... | destination: "ff:ff:ff:ff:ff:ff" (0xffffffffffff) 0x344-0x349.7 (6)
0x340| 00 0b 82 01 fc 42| .....B| source: "00:0b:82:01:fc:42" (0xb8201fc42) 0x34a-0x34f.7 (6)
0x350|08 00 |.. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x350-0x351.7 (2)
| | | packet{}: (ipv4_packet) 0x352-0x47d.7 (300)
| | | payload{}: (ipv4_packet) 0x352-0x47d.7 (300)
0x350| 45 | E | version: 4 0x352-0x352.3 (0.4)
0x350| 45 | E | ihl: 5 0x352.4-0x352.7 (0.4)
0x350| 00 | . | dscp: 0 0x353-0x353.5 (0.6)
@ -145,12 +145,12 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x350| 00 00| ..| source_ip: "0.0.0.0" (0x0) 0x35e-0x361.7 (4)
0x360|00 00 |.. |
0x360| ff ff ff ff | .... | destination_ip: "255.255.255.255" (0xffffffff) 0x362-0x365.7 (4)
| | | data{}: (udp_datagram) 0x366-0x47d.7 (280)
| | | payload{}: (udp_datagram) 0x366-0x47d.7 (280)
0x360| 00 44 | .D | source_port: "bootpc" (68) (Bootstrap Protocol Client) 0x366-0x367.7 (2)
0x360| 00 43 | .C | destination_port: "bootps" (67) (Bootstrap Protocol Server) 0x368-0x369.7 (2)
0x360| 01 18 | .. | length: 280 0x36a-0x36b.7 (2)
0x360| 9f bd | .. | checksum: 0x9fbd 0x36c-0x36d.7 (2)
0x360| 01 01| ..| data: raw bits 0x36e-0x47d.7 (272)
0x360| 01 01| ..| payload: raw bits 0x36e-0x47d.7 (272)
0x370|06 00 00 00 3d 1e 00 00 00 00 00 00 00 00 00 00|....=...........|
* |until 0x47d.7 (272) | |
0x470| 00 00| ..| padding: raw bits 0x47e-0x47f.7 (2)
@ -168,7 +168,7 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x4a0|00 0b 82 01 fc 42 |.....B | destination: "00:0b:82:01:fc:42" (0xb8201fc42) 0x4a0-0x4a5.7 (6)
0x4a0| 00 08 74 ad f1 9b | ..t... | source: "00:08:74:ad:f1:9b" (0x874adf19b) 0x4a6-0x4ab.7 (6)
0x4a0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x4ac-0x4ad.7 (2)
| | | packet{}: (ipv4_packet) 0x4ae-0x5f5.7 (328)
| | | payload{}: (ipv4_packet) 0x4ae-0x5f5.7 (328)
0x4a0| 45 | E | version: 4 0x4ae-0x4ae.3 (0.4)
0x4a0| 45 | E | ihl: 5 0x4ae.4-0x4ae.7 (0.4)
0x4a0| 00| .| dscp: 0 0x4af-0x4af.5 (0.6)
@ -185,12 +185,12 @@ $ fq -d pcapng dv /dhcp_little_endian.pcapng
0x4b0| c0 a8 00 01 | .... | source_ip: "192.168.0.1" (0xc0a80001) 0x4ba-0x4bd.7 (4)
0x4b0| c0 a8| ..| destination_ip: "192.168.0.10" (0xc0a8000a) 0x4be-0x4c1.7 (4)
0x4c0|00 0a |.. |
| | | data{}: (udp_datagram) 0x4c2-0x5f5.7 (308)
| | | payload{}: (udp_datagram) 0x4c2-0x5f5.7 (308)
0x4c0| 00 43 | .C | source_port: "bootps" (67) (Bootstrap Protocol Server) 0x4c2-0x4c3.7 (2)
0x4c0| 00 44 | .D | destination_port: "bootpc" (68) (Bootstrap Protocol Client) 0x4c4-0x4c5.7 (2)
0x4c0| 01 34 | .4 | length: 308 0x4c6-0x4c7.7 (2)
0x4c0| df db | .. | checksum: 0xdfdb 0x4c8-0x4c9.7 (2)
0x4c0| 02 01 06 00 00 00| ......| data: raw bits 0x4ca-0x5f5.7 (300)
0x4c0| 02 01 06 00 00 00| ......| payload: raw bits 0x4ca-0x5f5.7 (300)
0x4d0|3d 1e 00 00 00 00 00 00 00 00 c0 a8 00 0a 00 00|=...............|
* |until 0x5f5.7 (300) | |
0x5f0| 00 00 | .. | padding: raw bits 0x5f6-0x5f7.7 (2)

60
format/pcap/testdata/http_gzip.fqtest vendored
View File

@ -19,7 +19,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0020| 00 0a| ..| source: "00:0a:95:67:49:3c" (0xa9567493c) 0x2e-0x33.7 (6)
0x0030|95 67 49 3c |.gI< |
0x0030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2)
| | | packet{}: (ipv4_packet) 0x36-0x71.7 (60)
| | | payload{}: (ipv4_packet) 0x36-0x71.7 (60)
0x0030| 45 | E | version: 4 0x36-0x36.3 (0.4)
0x0030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4)
0x0030| 00 | . | dscp: 0 0x37-0x37.5 (0.6)
@ -35,7 +35,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0040|39 8e |9. | header_checksum: 0x398e (valid) 0x40-0x41.7 (2)
0x0040| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x42-0x45.7 (4)
0x0040| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x46-0x49.7 (4)
| | | data{}: (tcp_segment) 0x4a-0x71.7 (40)
| | | payload{}: (tcp_segment) 0x4a-0x71.7 (40)
0x0040| 85 0b | .. | source_port: 34059 0x4a-0x4b.7 (2)
0x0040| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x4c-0x4d.7 (2)
0x0040| 8f f5| ..| sequence_number: 2415239730 0x4e-0x51.7 (4)
@ -74,7 +74,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0060| 03| .| kind: "winscale" (3) (Window scale) 0x6f-0x6f.7 (1)
0x0070|03 |. | length: 3 0x70-0x70.7 (1)
0x0070| 07 | . | data: raw bits 0x71-0x71.7 (1)
| | | data: raw bits 0x72-NA (0)
| | | payload: raw bits 0x72-NA (0)
| | | [1]{}: packet 0x72-0xcb.7 (90)
0x0070| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x72-0x75.7 (4)
0x0070| 2b 24 06 00 | +$.. | ts_usec: 402475 0x76-0x79.7 (4)
@ -85,7 +85,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0080| 00 0a 95 67 49 3c | ...gI< | destination: "00:0a:95:67:49:3c" (0xa9567493c) 0x82-0x87.7 (6)
0x0080| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x88-0x8d.7 (6)
0x0080| 08 00| ..| ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x8e-0x8f.7 (2)
| | | packet{}: (ipv4_packet) 0x90-0xcb.7 (60)
| | | payload{}: (ipv4_packet) 0x90-0xcb.7 (60)
0x0090|45 |E | version: 4 0x90-0x90.3 (0.4)
0x0090|45 |E | ihl: 5 0x90.4-0x90.7 (0.4)
0x0090| 00 | . | dscp: 0 0x91-0x91.5 (0.6)
@ -101,7 +101,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0090| 2f 68 | /h | header_checksum: 0x2f68 (valid) 0x9a-0x9b.7 (2)
0x0090| c0 a8 45 01| ..E.| source_ip: "192.168.69.1" (0xc0a84501) 0x9c-0x9f.7 (4)
0x00a0|c0 a8 45 02 |..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0xa0-0xa3.7 (4)
| | | data{}: (tcp_segment) 0xa4-0xcb.7 (40)
| | | payload{}: (tcp_segment) 0xa4-0xcb.7 (40)
0x00a0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0xa4-0xa5.7 (2)
0x00a0| 85 0b | .. | destination_port: 34059 0xa6-0xa7.7 (2)
0x00a0| 96 18 93 26 | ...& | sequence_number: 2518192934 0xa8-0xab.7 (4)
@ -139,7 +139,7 @@ $ fq -d pcap dv /http_gzip.cap
0x00c0| 03 | . | kind: "winscale" (3) (Window scale) 0xc9-0xc9.7 (1)
0x00c0| 03 | . | length: 3 0xca-0xca.7 (1)
0x00c0| 00 | . | data: raw bits 0xcb-0xcb.7 (1)
| | | data: raw bits 0xcc-NA (0)
| | | payload: raw bits 0xcc-NA (0)
| | | [2]{}: packet 0xcc-0x11d.7 (82)
0x00c0| 3c d3 81 41| <..A| ts_sec: 1099027260 0xcc-0xcf.7 (4)
0x00d0|89 24 06 00 |.$.. | ts_usec: 402569 0xd0-0xd3.7 (4)
@ -150,7 +150,7 @@ $ fq -d pcap dv /http_gzip.cap
0x00e0|4a a3 |J. |
0x00e0| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0xe2-0xe7.7 (6)
0x00e0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0xe8-0xe9.7 (2)
| | | packet{}: (ipv4_packet) 0xea-0x11d.7 (52)
| | | payload{}: (ipv4_packet) 0xea-0x11d.7 (52)
0x00e0| 45 | E | version: 4 0xea-0xea.3 (0.4)
0x00e0| 45 | E | ihl: 5 0xea.4-0xea.7 (0.4)
0x00e0| 00 | . | dscp: 0 0xeb-0xeb.5 (0.6)
@ -166,7 +166,7 @@ $ fq -d pcap dv /http_gzip.cap
0x00f0| 39 95 | 9. | header_checksum: 0x3995 (valid) 0xf4-0xf5.7 (2)
0x00f0| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0xf6-0xf9.7 (4)
0x00f0| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0xfa-0xfd.7 (4)
| | | data{}: (tcp_segment) 0xfe-0x11d.7 (32)
| | | payload{}: (tcp_segment) 0xfe-0x11d.7 (32)
0x00f0| 85 0b| ..| source_port: 34059 0xfe-0xff.7 (2)
0x0100|00 50 |.P | destination_port: "http" (80) (World Wide Web HTTP) 0x100-0x101.7 (2)
0x0100| 8f f5 a2 33 | ...3 | sequence_number: 2415239731 0x102-0x105.7 (4)
@ -194,7 +194,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0110| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x114-0x114.7 (1)
0x0110| 0a | . | length: 10 0x115-0x115.7 (1)
0x0110| 77 e3 57 eb 19 c9 2c e4 | w.W...,. | data: raw bits 0x116-0x11d.7 (8)
| | | data: raw bits 0x11e-NA (0)
| | | payload: raw bits 0x11e-NA (0)
| | | [3]{}: packet 0x11e-0x32c.7 (527)
0x0110| 3c d3| <.| ts_sec: 1099027260 0x11e-0x121.7 (4)
0x0120|81 41 |.A |
@ -206,7 +206,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0130|f0 2d 4a a3 |.-J. |
0x0130| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0x134-0x139.7 (6)
0x0130| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x13a-0x13b.7 (2)
| | | packet{}: (ipv4_packet) 0x13c-0x32c.7 (497)
| | | payload{}: (ipv4_packet) 0x13c-0x32c.7 (497)
0x0130| 45 | E | version: 4 0x13c-0x13c.3 (0.4)
0x0130| 45 | E | ihl: 5 0x13c.4-0x13c.7 (0.4)
0x0130| 00 | . | dscp: 0 0x13d-0x13d.5 (0.6)
@ -222,7 +222,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0140| 37 d7 | 7. | header_checksum: 0x37d7 (valid) 0x146-0x147.7 (2)
0x0140| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x148-0x14b.7 (4)
0x0140| c0 a8 45 01| ..E.| destination_ip: "192.168.69.1" (0xc0a84501) 0x14c-0x14f.7 (4)
| | | data{}: (tcp_segment) 0x150-0x32c.7 (477)
| | | payload{}: (tcp_segment) 0x150-0x32c.7 (477)
0x0150|85 0b |.. | source_port: 34059 0x150-0x151.7 (2)
0x0150| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x152-0x153.7 (2)
0x0150| 8f f5 a2 33 | ...3 | sequence_number: 2415239731 0x154-0x157.7 (4)
@ -250,7 +250,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0160| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x166-0x166.7 (1)
0x0160| 0a | . | length: 10 0x167-0x167.7 (1)
0x0160| 77 e3 57 eb 19 c9 2c e4| w.W...,.| data: raw bits 0x168-0x16f.7 (8)
0x0170|47 45 54 20 2f 74 65 73 74 2f 65 74 68 65 72 65|GET /test/ethere| data: raw bits 0x170-0x32c.7 (445)
0x0170|47 45 54 20 2f 74 65 73 74 2f 65 74 68 65 72 65|GET /test/ethere| payload: raw bits 0x170-0x32c.7 (445)
* |until 0x32c.7 (445) | |
| | | [4]{}: packet 0x32d-0x37e.7 (82)
0x0320| 3c d3 81| <..| ts_sec: 1099027260 0x32d-0x330.7 (4)
@ -263,7 +263,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0340|67 49 3c |gI< |
0x0340| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x343-0x348.7 (6)
0x0340| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x349-0x34a.7 (2)
| | | packet{}: (ipv4_packet) 0x34b-0x37e.7 (52)
| | | payload{}: (ipv4_packet) 0x34b-0x37e.7 (52)
0x0340| 45 | E | version: 4 0x34b-0x34b.3 (0.4)
0x0340| 45 | E | ihl: 5 0x34b.4-0x34b.7 (0.4)
0x0340| 00 | . | dscp: 0 0x34c-0x34c.5 (0.6)
@ -280,7 +280,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0350| 6f ac | o. | header_checksum: 0x6fac (valid) 0x355-0x356.7 (2)
0x0350| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x357-0x35a.7 (4)
0x0350| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x35b-0x35e.7 (4)
| | | data{}: (tcp_segment) 0x35f-0x37e.7 (32)
| | | payload{}: (tcp_segment) 0x35f-0x37e.7 (32)
0x0350| 00| .| source_port: "http" (80) (World Wide Web HTTP) 0x35f-0x360.7 (2)
0x0360|50 |P |
0x0360| 85 0b | .. | destination_port: 34059 0x361-0x362.7 (2)
@ -310,7 +310,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0370| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x375-0x375.7 (1)
0x0370| 0a | . | length: 10 0x376-0x376.7 (1)
0x0370| 19 c9 2c e4 77 e3 57 eb | ..,.w.W. | data: raw bits 0x377-0x37e.7 (8)
| | | data: raw bits 0x37f-NA (0)
| | | payload: raw bits 0x37f-NA (0)
| | | [5]{}: packet 0x37f-0x562.7 (484)
0x0370| 3c| <| ts_sec: 1099027260 0x37f-0x382.7 (4)
0x0380|d3 81 41 |..A |
@ -322,7 +322,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0390|0a 95 67 49 3c |..gI< |
0x0390| 00 c0 f0 2d 4a a3 | ...-J. | source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x395-0x39a.7 (6)
0x0390| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x39b-0x39c.7 (2)
| | | packet{}: (ipv4_packet) 0x39d-0x562.7 (454)
| | | payload{}: (ipv4_packet) 0x39d-0x562.7 (454)
0x0390| 45 | E | version: 4 0x39d-0x39d.3 (0.4)
0x0390| 45 | E | ihl: 5 0x39d.4-0x39d.7 (0.4)
0x0390| 00 | . | dscp: 0 0x39e-0x39e.5 (0.6)
@ -340,7 +340,7 @@ $ fq -d pcap dv /http_gzip.cap
0x03a0| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x3a9-0x3ac.7 (4)
0x03a0| c0 a8 45| ..E| destination_ip: "192.168.69.2" (0xc0a84502) 0x3ad-0x3b0.7 (4)
0x03b0|02 |. |
| | | data{}: (tcp_segment) 0x3b1-0x562.7 (434)
| | | payload{}: (tcp_segment) 0x3b1-0x562.7 (434)
0x03b0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x3b1-0x3b2.7 (2)
0x03b0| 85 0b | .. | destination_port: 34059 0x3b3-0x3b4.7 (2)
0x03b0| 96 18 93 27 | ...' | sequence_number: 2518192935 0x3b5-0x3b8.7 (4)
@ -370,7 +370,7 @@ $ fq -d pcap dv /http_gzip.cap
0x03c0| 0a | . | length: 10 0x3c8-0x3c8.7 (1)
0x03c0| 19 c9 2c e6 77 e3 57| ..,.w.W| data: raw bits 0x3c9-0x3d0.7 (8)
0x03d0|eb |. |
0x03d0| 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b| HTTP/1.1 200 OK| data: raw bits 0x3d1-0x562.7 (402)
0x03d0| 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b| HTTP/1.1 200 OK| payload: raw bits 0x3d1-0x562.7 (402)
0x03e0|0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 32 39 20|..Date: Fri, 29 |
* |until 0x562.7 (402) | |
| | | [6]{}: packet 0x563-0x5b4.7 (82)
@ -384,7 +384,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0570| 00 0a 95 67 49 3c | ...gI< | source: "00:0a:95:67:49:3c" (0xa9567493c) 0x579-0x57e.7 (6)
0x0570| 08| .| ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x57f-0x580.7 (2)
0x0580|00 |. |
| | | packet{}: (ipv4_packet) 0x581-0x5b4.7 (52)
| | | payload{}: (ipv4_packet) 0x581-0x5b4.7 (52)
0x0580| 45 | E | version: 4 0x581-0x581.3 (0.4)
0x0580| 45 | E | ihl: 5 0x581.4-0x581.7 (0.4)
0x0580| 00 | . | dscp: 0 0x582-0x582.5 (0.6)
@ -401,7 +401,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0580| c0 a8 45| ..E| source_ip: "192.168.69.2" (0xc0a84502) 0x58d-0x590.7 (4)
0x0590|02 |. |
0x0590| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x591-0x594.7 (4)
| | | data{}: (tcp_segment) 0x595-0x5b4.7 (32)
| | | payload{}: (tcp_segment) 0x595-0x5b4.7 (32)
0x0590| 85 0b | .. | source_port: 34059 0x595-0x596.7 (2)
0x0590| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x597-0x598.7 (2)
0x0590| 8f f5 a3 f0 | .... | sequence_number: 2415240176 0x599-0x59c.7 (4)
@ -431,7 +431,7 @@ $ fq -d pcap dv /http_gzip.cap
0x05a0| 0a | . | length: 10 0x5ac-0x5ac.7 (1)
0x05a0| 77 e3 58| w.X| data: raw bits 0x5ad-0x5b4.7 (8)
0x05b0|01 19 c9 2c e6 |...,. |
| | | data: raw bits 0x5b5-NA (0)
| | | payload: raw bits 0x5b5-NA (0)
| | | [7]{}: packet 0x5b5-0x606.7 (82)
0x05b0| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x5b5-0x5b8.7 (4)
0x05b0| eb 78 06 00 | .x.. | ts_usec: 424171 0x5b9-0x5bc.7 (4)
@ -443,7 +443,7 @@ $ fq -d pcap dv /http_gzip.cap
0x05c0| 00 c0 f0 2d 4a| ...-J| source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x5cb-0x5d0.7 (6)
0x05d0|a3 |. |
0x05d0| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x5d1-0x5d2.7 (2)
| | | packet{}: (ipv4_packet) 0x5d3-0x606.7 (52)
| | | payload{}: (ipv4_packet) 0x5d3-0x606.7 (52)
0x05d0| 45 | E | version: 4 0x5d3-0x5d3.3 (0.4)
0x05d0| 45 | E | ihl: 5 0x5d3.4-0x5d3.7 (0.4)
0x05d0| 00 | . | dscp: 0 0x5d4-0x5d4.5 (0.6)
@ -460,7 +460,7 @@ $ fq -d pcap dv /http_gzip.cap
0x05d0| c0| .| source_ip: "192.168.69.1" (0xc0a84501) 0x5df-0x5e2.7 (4)
0x05e0|a8 45 01 |.E. |
0x05e0| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x5e3-0x5e6.7 (4)
| | | data{}: (tcp_segment) 0x5e7-0x606.7 (32)
| | | payload{}: (tcp_segment) 0x5e7-0x606.7 (32)
0x05e0| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x5e7-0x5e8.7 (2)
0x05e0| 85 0b | .. | destination_port: 34059 0x5e9-0x5ea.7 (2)
0x05e0| 96 18 94 b9 | .... | sequence_number: 2518193337 0x5eb-0x5ee.7 (4)
@ -490,7 +490,7 @@ $ fq -d pcap dv /http_gzip.cap
0x05f0| 0a | . | length: 10 0x5fe-0x5fe.7 (1)
0x05f0| 19| .| data: raw bits 0x5ff-0x606.7 (8)
0x0600|c9 2c e6 77 e3 58 01 |.,.w.X. |
| | | data: raw bits 0x607-NA (0)
| | | payload: raw bits 0x607-NA (0)
| | | [8]{}: packet 0x607-0x658.7 (82)
0x0600| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x607-0x60a.7 (4)
0x0600| 85 7c 06 00 | .|.. | ts_usec: 425093 0x60b-0x60e.7 (4)
@ -502,7 +502,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0610| 00 0a 95| ...| source: "00:0a:95:67:49:3c" (0xa9567493c) 0x61d-0x622.7 (6)
0x0620|67 49 3c |gI< |
0x0620| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x623-0x624.7 (2)
| | | packet{}: (ipv4_packet) 0x625-0x658.7 (52)
| | | payload{}: (ipv4_packet) 0x625-0x658.7 (52)
0x0620| 45 | E | version: 4 0x625-0x625.3 (0.4)
0x0620| 45 | E | ihl: 5 0x625.4-0x625.7 (0.4)
0x0620| 00 | . | dscp: 0 0x626-0x626.5 (0.6)
@ -519,7 +519,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0630|92 |. |
0x0630| c0 a8 45 02 | ..E. | source_ip: "192.168.69.2" (0xc0a84502) 0x631-0x634.7 (4)
0x0630| c0 a8 45 01 | ..E. | destination_ip: "192.168.69.1" (0xc0a84501) 0x635-0x638.7 (4)
| | | data{}: (tcp_segment) 0x639-0x658.7 (32)
| | | payload{}: (tcp_segment) 0x639-0x658.7 (32)
0x0630| 85 0b | .. | source_port: 34059 0x639-0x63a.7 (2)
0x0630| 00 50 | .P | destination_port: "http" (80) (World Wide Web HTTP) 0x63b-0x63c.7 (2)
0x0630| 8f f5 a3| ...| sequence_number: 2415240176 0x63d-0x640.7 (4)
@ -548,7 +548,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0640| 08| .| kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x64f-0x64f.7 (1)
0x0650|0a |. | length: 10 0x650-0x650.7 (1)
0x0650| 77 e3 58 02 19 c9 2c e6 | w.X...,. | data: raw bits 0x651-0x658.7 (8)
| | | data: raw bits 0x659-NA (0)
| | | payload: raw bits 0x659-NA (0)
| | | [9]{}: packet 0x659-0x6aa.7 (82)
0x0650| 3c d3 81 41 | <..A | ts_sec: 1099027260 0x659-0x65c.7 (4)
0x0650| ab 7c 06| .|.| ts_usec: 425131 0x65d-0x660.7 (4)
@ -560,7 +560,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0660| 00| .| source: "00:c0:f0:2d:4a:a3" (0xc0f02d4aa3) 0x66f-0x674.7 (6)
0x0670|c0 f0 2d 4a a3 |..-J. |
0x0670| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x675-0x676.7 (2)
| | | packet{}: (ipv4_packet) 0x677-0x6aa.7 (52)
| | | payload{}: (ipv4_packet) 0x677-0x6aa.7 (52)
0x0670| 45 | E | version: 4 0x677-0x677.3 (0.4)
0x0670| 45 | E | ihl: 5 0x677.4-0x677.7 (0.4)
0x0670| 00 | . | dscp: 0 0x678-0x678.5 (0.6)
@ -576,7 +576,7 @@ $ fq -d pcap dv /http_gzip.cap
0x0680| 6f a9 | o. | header_checksum: 0x6fa9 (valid) 0x681-0x682.7 (2)
0x0680| c0 a8 45 01 | ..E. | source_ip: "192.168.69.1" (0xc0a84501) 0x683-0x686.7 (4)
0x0680| c0 a8 45 02 | ..E. | destination_ip: "192.168.69.2" (0xc0a84502) 0x687-0x68a.7 (4)
| | | data{}: (tcp_segment) 0x68b-0x6aa.7 (32)
| | | payload{}: (tcp_segment) 0x68b-0x6aa.7 (32)
0x0680| 00 50 | .P | source_port: "http" (80) (World Wide Web HTTP) 0x68b-0x68c.7 (2)
0x0680| 85 0b | .. | destination_port: 34059 0x68d-0x68e.7 (2)
0x0680| 96| .| sequence_number: 2518193338 0x68f-0x692.7 (4)
@ -605,7 +605,7 @@ $ fq -d pcap dv /http_gzip.cap
0x06a0| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x6a1-0x6a1.7 (1)
0x06a0| 0a | . | length: 10 0x6a2-0x6a2.7 (1)
0x06a0| 19 c9 2c e6 77 e3 58 02| | ..,.w.X.| | data: raw bits 0x6a3-0x6aa.7 (8)
| | | data: raw bits 0x6ab-NA (0)
| | | payload: raw bits 0x6ab-NA (0)
| | | ipv4_reassembled[0:0]: 0x6ab-NA (0)
| | | tcp_connections[0:1]: 0x6ab-NA (0)
| | | [0]{}: flow 0x6ab-NA (0)

14
format/pcap/testdata/ipv4frags.fqtest vendored
View File

@ -19,7 +19,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0020| 08 00| ..| source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x2e-0x33.7 (6)
0x0030|27 fc 6a c9 |'.j. |
0x0030| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x34-0x35.7 (2)
| | | packet{}: (ipv4_packet) 0x36-0x419.7 (996)
| | | payload{}: (ipv4_packet) 0x36-0x419.7 (996)
0x0030| 45 | E | version: 4 0x36-0x36.3 (0.4)
0x0030| 45 | E | ihl: 5 0x36.4-0x36.7 (0.4)
0x0030| 00 | . | dscp: 0 0x37-0x37.5 (0.6)
@ -35,7 +35,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0040|9b 44 |.D | header_checksum: 0x9b44 (valid) 0x40-0x41.7 (2)
0x0040| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x42-0x45.7 (4)
0x0040| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x46-0x49.7 (4)
0x0040| 08 00 4d 71 13 c2| ..Mq..| data: raw bits 0x4a-0x419.7 (976)
0x0040| 08 00 4d 71 13 c2| ..Mq..| payload: raw bits 0x4a-0x419.7 (976)
0x0050|00 01 14 2b d2 59 00 00 00 00 3d 2a 08 00 00 00|...+.Y....=*....|
* |until 0x419.7 (976) | |
| | | [1]{}: packet 0x41a-0x5fb.7 (482)
@ -48,7 +48,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0420| 08 00 27 e2 9f a6| ..'...| destination: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x42a-0x42f.7 (6)
0x0430|08 00 27 fc 6a c9 |..'.j. | source: "08:00:27:fc:6a:c9" (0x80027fc6ac9) 0x430-0x435.7 (6)
0x0430| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x436-0x437.7 (2)
| | | packet{}: (ipv4_packet) 0x438-0x5fb.7 (452)
| | | payload{}: (ipv4_packet) 0x438-0x5fb.7 (452)
0x0430| 45 | E | version: 4 0x438-0x438.3 (0.4)
0x0430| 45 | E | ihl: 5 0x438.4-0x438.7 (0.4)
0x0430| 00 | . | dscp: 0 0x439-0x439.5 (0.6)
@ -64,7 +64,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0440| bc ea | .. | header_checksum: 0xbcea (valid) 0x442-0x443.7 (2)
0x0440| 02 01 01 02 | .... | source_ip: "2.1.1.2" (0x2010102) 0x444-0x447.7 (4)
0x0440| 02 01 01 01 | .... | destination_ip: "2.1.1.1" (0x2010101) 0x448-0x44b.7 (4)
0x0440| c8 c9 ca cb| ....| data: raw bits 0x44c-0x5fb.7 (432)
0x0440| c8 c9 ca cb| ....| payload: raw bits 0x44c-0x5fb.7 (432)
0x0450|cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db|................|
* |until 0x5fb.7 (432) | |
| | | [2]{}: packet 0x5fc-0xbad.7 (1458)
@ -77,7 +77,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0610|6a c9 |j. |
0x0610| 08 00 27 e2 9f a6 | ..'... | source: "08:00:27:e2:9f:a6" (0x80027e29fa6) 0x612-0x617.7 (6)
0x0610| 08 00 | .. | ether_type: "ipv4" (0x800) (Internet Protocol version 4) 0x618-0x619.7 (2)
| | | packet{}: (ipv4_packet) 0x61a-0xbad.7 (1428)
| | | payload{}: (ipv4_packet) 0x61a-0xbad.7 (1428)
0x0610| 45 | E | version: 4 0x61a-0x61a.3 (0.4)
0x0610| 45 | E | ihl: 5 0x61a.4-0x61a.7 (0.4)
0x0610| 00 | . | dscp: 0 0x61b-0x61b.5 (0.6)
@ -93,7 +93,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x0620| eb 6e | .n | header_checksum: 0xeb6e (valid) 0x624-0x625.7 (2)
0x0620| 02 01 01 01 | .... | source_ip: "2.1.1.1" (0x2010101) 0x626-0x629.7 (4)
0x0620| 02 01 01 02 | .... | destination_ip: "2.1.1.2" (0x2010102) 0x62a-0x62d.7 (4)
| | | data{}: (icmp) 0x62e-0xbad.7 (1408)
| | | payload{}: (icmp) 0x62e-0xbad.7 (1408)
0x0620| 00 | . | type: "echo_reply" (0) (Echo reply) 0x62e-0x62e.7 (1)
0x0620| 00| .| code: 0 0x62f-0x62f.7 (1)
0x0630|55 71 |Uq | checksum: 21873 0x630-0x631.7 (2)
@ -117,7 +117,7 @@ $ fq -d pcap dv /ipv4frags.pcap
0x000| b9 94 | .. | header_checksum: 0xb994 (valid) 0xa-0xb.7 (2)
0x000| 02 01 01 02| ....| source_ip: "2.1.1.2" (0x2010102) 0xc-0xf.7 (4)
0x010|02 01 01 01 |.... | destination_ip: "2.1.1.1" (0x2010101) 0x10-0x13.7 (4)
| | | data{}: (icmp) 0x14-0x593.7 (1408)
| | | payload{}: (icmp) 0x14-0x593.7 (1408)
0x010| 08 | . | type: "echo_request" (8) (Echo request) 0x14-0x14.7 (1)
0x010| 00 | . | code: 0 0x15-0x15.7 (1)
0x010| 4d 71 | Mq | checksum: 19825 0x16-0x17.7 (2)

3493
format/pcap/testdata/ipv6_http.fqtest vendored Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
format/pcap/testdata/ipv6_http.pcap vendored Normal file
View File

Binary file not shown.

384
format/pcap/testdata/many_interfaces.fqtest vendored
View File

File diff suppressed because it is too large Load Diff

30
format/pcap/testdata/sll2_tcp.fqtest vendored
View File

@ -22,7 +22,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x030| 06 | . | link_address_length: 6 (valid) 0x33-0x33.7 (1)
0x030| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x34-0x39.7 (6)
0x030| 00 00 | .. | padding: raw bits 0x3a-0x3b.7 (2)
| | | data{}: (ipv4_packet) 0x3c-0x77.7 (60)
| | | payload{}: (ipv4_packet) 0x3c-0x77.7 (60)
0x030| 45 | E | version: 4 0x3c-0x3c.3 (0.4)
0x030| 45 | E | ihl: 5 0x3c.4-0x3c.7 (0.4)
0x030| 00 | . | dscp: 0 0x3d-0x3d.5 (0.6)
@ -38,7 +38,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x040| 8d 26 | .& | header_checksum: 0x8d26 (valid) 0x46-0x47.7 (2)
0x040| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0x48-0x4b.7 (4)
0x040| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0x4c-0x4f.7 (4)
| | | data{}: (tcp_segment) 0x50-0x77.7 (40)
| | | payload{}: (tcp_segment) 0x50-0x77.7 (40)
0x050|b8 46 |.F | source_port: 47174 0x50-0x51.7 (2)
0x050| 04 d2 | .. | destination_port: 1234 0x52-0x53.7 (2)
0x050| 4e 2a 3f da | N*?. | sequence_number: 1311391706 0x54-0x57.7 (4)
@ -77,7 +77,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x070| 03 | . | kind: "winscale" (3) (Window scale) 0x75-0x75.7 (1)
0x070| 03 | . | length: 3 0x76-0x76.7 (1)
0x070| 07 | . | data: raw bits 0x77-0x77.7 (1)
| | | data: raw bits 0x78-NA (0)
| | | payload: raw bits 0x78-NA (0)
| | | [1]{}: packet 0x78-0xd7.7 (96)
0x070| 44 08 a5 61 | D..a | ts_sec: 1638205508 0x78-0x7b.7 (4)
0x070| 40 c1 0b 00| @...| ts_usec: 770368 0x7c-0x7f.7 (4)
@ -92,7 +92,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x090| 06 | . | link_address_length: 6 (valid) 0x93-0x93.7 (1)
0x090| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x94-0x99.7 (6)
0x090| 00 00 | .. | padding: raw bits 0x9a-0x9b.7 (2)
| | | data{}: (ipv4_packet) 0x9c-0xd7.7 (60)
| | | payload{}: (ipv4_packet) 0x9c-0xd7.7 (60)
0x090| 45 | E | version: 4 0x9c-0x9c.3 (0.4)
0x090| 45 | E | ihl: 5 0x9c.4-0x9c.7 (0.4)
0x090| 00 | . | dscp: 0 0x9d-0x9d.5 (0.6)
@ -108,7 +108,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x0a0| 3c ba | <. | header_checksum: 0x3cba (valid) 0xa6-0xa7.7 (2)
0x0a0| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0xa8-0xab.7 (4)
0x0a0| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0xac-0xaf.7 (4)
| | | data{}: (tcp_segment) 0xb0-0xd7.7 (40)
| | | payload{}: (tcp_segment) 0xb0-0xd7.7 (40)
0x0b0|04 d2 |.. | source_port: 1234 0xb0-0xb1.7 (2)
0x0b0| b8 46 | .F | destination_port: 47174 0xb2-0xb3.7 (2)
0x0b0| ce 52 26 de | .R&. | sequence_number: 3461490398 0xb4-0xb7.7 (4)
@ -147,7 +147,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x0d0| 03 | . | kind: "winscale" (3) (Window scale) 0xd5-0xd5.7 (1)
0x0d0| 03 | . | length: 3 0xd6-0xd6.7 (1)
0x0d0| 07 | . | data: raw bits 0xd7-0xd7.7 (1)
| | | data: raw bits 0xd8-NA (0)
| | | payload: raw bits 0xd8-NA (0)
| | | [2]{}: packet 0xd8-0x12f.7 (88)
0x0d0| 44 08 a5 61 | D..a | ts_sec: 1638205508 0xd8-0xdb.7 (4)
0x0d0| 51 c1 0b 00| Q...| ts_usec: 770385 0xdc-0xdf.7 (4)
@ -162,7 +162,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x0f0| 06 | . | link_address_length: 6 (valid) 0xf3-0xf3.7 (1)
0x0f0| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0xf4-0xf9.7 (6)
0x0f0| 00 00 | .. | padding: raw bits 0xfa-0xfb.7 (2)
| | | data{}: (ipv4_packet) 0xfc-0x12f.7 (52)
| | | payload{}: (ipv4_packet) 0xfc-0x12f.7 (52)
0x0f0| 45 | E | version: 4 0xfc-0xfc.3 (0.4)
0x0f0| 45 | E | ihl: 5 0xfc.4-0xfc.7 (0.4)
0x0f0| 00 | . | dscp: 0 0xfd-0xfd.5 (0.6)
@ -178,7 +178,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x100| 8d 2d | .- | header_checksum: 0x8d2d (valid) 0x106-0x107.7 (2)
0x100| 7f 00 00 01 | .... | source_ip: "127.0.0.1" (0x7f000001) 0x108-0x10b.7 (4)
0x100| 7f 00 00 01| ....| destination_ip: "127.0.0.1" (0x7f000001) 0x10c-0x10f.7 (4)
| | | data{}: (tcp_segment) 0x110-0x12f.7 (32)
| | | payload{}: (tcp_segment) 0x110-0x12f.7 (32)
0x110|b8 46 |.F | source_port: 47174 0x110-0x111.7 (2)
0x110| 04 d2 | .. | destination_port: 1234 0x112-0x113.7 (2)
0x110| 4e 2a 3f db | N*?. | sequence_number: 1311391707 0x114-0x117.7 (4)
@ -206,7 +206,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x120| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x126-0x126.7 (1)
0x120| 0a | . | length: 10 0x127-0x127.7 (1)
0x120| e4 67 f5 17 e4 67 f5 17| .g...g..| data: raw bits 0x128-0x12f.7 (8)
| | | data: raw bits 0x130-NA (0)
| | | payload: raw bits 0x130-NA (0)
| | | [3]{}: packet 0x130-0x18c.7 (93)
0x130|44 08 a5 61 |D..a | ts_sec: 1638205508 0x130-0x133.7 (4)
0x130| d0 c1 0b 00 | .... | ts_usec: 770512 0x134-0x137.7 (4)
@ -222,7 +222,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x140| 00 00 00 00| ....| link_address: "00:00:00:00:00:00" (0x0) 0x14c-0x151.7 (6)
0x150|00 00 |.. |
0x150| 00 00 | .. | padding: raw bits 0x152-0x153.7 (2)
| | | data{}: (ipv4_packet) 0x154-0x18c.7 (57)
| | | payload{}: (ipv4_packet) 0x154-0x18c.7 (57)
0x150| 45 | E | version: 4 0x154-0x154.3 (0.4)
0x150| 45 | E | ihl: 5 0x154.4-0x154.7 (0.4)
0x150| 00 | . | dscp: 0 0x155-0x155.5 (0.6)
@ -238,7 +238,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x150| 8d 27| .'| header_checksum: 0x8d27 (valid) 0x15e-0x15f.7 (2)
0x160|7f 00 00 01 |.... | source_ip: "127.0.0.1" (0x7f000001) 0x160-0x163.7 (4)
0x160| 7f 00 00 01 | .... | destination_ip: "127.0.0.1" (0x7f000001) 0x164-0x167.7 (4)
| | | data{}: (tcp_segment) 0x168-0x18c.7 (37)
| | | payload{}: (tcp_segment) 0x168-0x18c.7 (37)
0x160| b8 46 | .F | source_port: 47174 0x168-0x169.7 (2)
0x160| 04 d2 | .. | destination_port: 1234 0x16a-0x16b.7 (2)
0x160| 4e 2a 3f db| N*?.| sequence_number: 1311391707 0x16c-0x16f.7 (4)
@ -266,7 +266,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x170| 08 | . | kind: "timestamp" (8) (Timestamp and echo of previous timestamp) 0x17e-0x17e.7 (1)
0x170| 0a| .| length: 10 0x17f-0x17f.7 (1)
0x180|e4 67 f5 17 e4 67 f5 17 |.g...g.. | data: raw bits 0x180-0x187.7 (8)
0x180| 74 65 73 74 0a | test. | data: raw bits 0x188-0x18c.7 (5)
0x180| 74 65 73 74 0a | test. | payload: raw bits 0x188-0x18c.7 (5)
| | | [4]{}: packet 0x18d-0x1e4.7 (88)
0x180| 44 08 a5| D..| ts_sec: 1638205508 0x18d-0x190.7 (4)
0x190|61 |a |
@ -284,7 +284,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x1a0| 00 00 00 00 00 00 | ...... | link_address: "00:00:00:00:00:00" (0x0) 0x1a9-0x1ae.7 (6)
0x1a0| 00| .| padding: raw bits 0x1af-0x1b0.7 (2)
0x1b0|00 |. |
| | | data{}: (ipv4_packet) 0x1b1-0x1e4.7 (52)
| | | payload{}: (ipv4_packet) 0x1b1-0x1e4.7 (52)
0x1b0| 45 | E | version: 4 0x1b1-0x1b1.3 (0.4)
0x1b0| 45 | E | ihl: 5 0x1b1.4-0x1b1.7 (0.4)
0x1b0| 00 | . | dscp: 0 0x1b2-0x1b2.5 (0.6)
@ -301,7 +301,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x1b0| 7f 00 00| ...| source_ip: "127.0.0.1" (0x7f000001) 0x1bd-0x1c0.7 (4)
0x1c0|01 |. |
0x1c0| 7f 00 00 01 | .... | destination_ip: "127.0.0.1" (0x7f000001) 0x1c1-0x1c4.7 (4)
| | | data{}: (tcp_segment) 0x1c5-0x1e4.7 (32)
| | | payload{}: (tcp_segment) 0x1c5-0x1e4.7 (32)
0x1c0| 04 d2 | .. | source_port: 1234 0x1c5-0x1c6.7 (2)
0x1c0| b8 46 | .F | destination_port: 47174 0x1c7-0x1c8.7 (2)
0x1c0| ce 52 26 df | .R&. | sequence_number: 3461490399 0x1c9-0x1cc.7 (4)
@ -331,7 +331,7 @@ $ fq -d pcap dv /sll2_tcp.pcap
0x1d0| 0a | . | length: 10 0x1dc-0x1dc.7 (1)
0x1d0| e4 67 f5| .g.| data: raw bits 0x1dd-0x1e4.7 (8)
0x1e0|17 e4 67 f5 17| |..g..| |
| | | data: raw bits 0x1e5-NA (0)
| | | payload: raw bits 0x1e5-NA (0)
| | | ipv4_reassembled[0:0]: 0x1e5-NA (0)
| | | tcp_connections[0:1]: 0x1e5-NA (0)
| | | [0]{}: flow 0x1e5-NA (0)

2
pkg/interp/testdata/args.fqtest vendored
View File

@ -138,10 +138,12 @@ hevc_sps H.265/HEVC Sequence Parameter Set
hevc_vps H.265/HEVC Video Parameter Set
icc_profile International Color Consortium profile
icmp Internet Control Message Protocol
icmpv6 Internet Control Message Protocol v6
id3v1 ID3v1 metadata
id3v11 ID3v1.1 metadata
id3v2 ID3v2 metadata
ipv4_packet Internet protocol v4 packet
ipv6_packet Internet protocol v6 packet
jpeg Joint Photographic Experts Group file
json JSON
macho Mach-O macOS executable