wader/fq
1
1
Fork 0
mirror of https://github.com/wader/fq.git synced 2024-11-23 18:56:52 +03:00
Code Issues Projects Releases Wiki Activity
f801cc0af7
fq/format/inet/sll2_packet.go
Mattias Wadman f55b1af6ac inet: Add tcp and ipv4 reassembly 
Also add tcp_stream and udp_payload to decode content
2021-11-29 18:42:18 +01:00

57 lines
1.6 KiB
Go
Raw Blame History

package inet
// SLL stands for sockaddr_ll
// https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html
import (
"github.com/wader/fq/format"
"github.com/wader/fq/format/registry"
"github.com/wader/fq/pkg/decode"
)
var sllPacket2Ether8023Format decode.Group
func init() {
registry.MustRegister(decode.Format{
Name: format.SLL2_PACKET,
Description: "Linux cooked capture encapsulation v2",
Dependencies: []decode.Dependency{
{Names: []string{format.ETHER8023_FRAME}, Group: &sllPacket2Ether8023Format},
},
DecodeFn: decodeSLL2,
})
}
var sllPacket2FrameTypeFormat = map[uint64]*decode.Group{
format.EtherTypeIPv4: &ether8023FrameIPv4Format,
}
func decodeSLL2(d *decode.D, in interface{}) interface{} {
protcolType := d.FieldU16("protocol_type", d.MapUToScalar(format.EtherTypeMap), d.Hex)
d.FieldU16("reserved")
d.FieldU32("interface_index")
arpHdrType := d.FieldU16("arphdr_type", d.MapUToScalar(arpHdrTypeMAp))
d.FieldU8("packet_type", d.MapUToScalar(sllPacketTypeMap))
addressLength := d.FieldU8("link_address_length")
d.FieldU("link_address", int(addressLength)*8)
addressDiff := 8 - addressLength
if addressDiff > 0 {
d.FieldRawLen("padding", int64(addressDiff)*8)
}
// TODO: handle other arphdr types
switch arpHdrType {
case arpHdrTypeLoopback, arpHdrTypeEther:
_ = d.FieldMustGet("link_address").TryScalarFn(mapUToEtherSym, d.Hex)
if g, ok := sllPacket2FrameTypeFormat[protcolType]; ok {
d.FieldFormatLen("data", d.BitsLeft(), *g, nil)
} else {
d.FieldRawLen("data", d.BitsLeft())
}
default:
d.FieldRawLen("data", d.BitsLeft())
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink