From f2e3c776b2c9f8239b94e1947eb5a4b31bc2aca0 Mon Sep 17 00:00:00 2001
From: Denis Machard <5562930+dmachard@users.noreply.github.com>
Date: Thu, 28 Nov 2024 21:36:19 +0100
Subject: [PATCH] add gre protocol support on packet sniffer (#883)

* add gre support
---
 Makefile                              | 2 +-
 README.md                             | 2 +-
 docs/collectors/collector_afpacket.md | 8 ++++++--
 go.mod                                | 4 ++--
 go.sum                                | 7 ++++---
 pkgconfig/collectors.go               | 1 +
 workers/sniffer_afpacket_linux.go     | 8 +++++++-
 7 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index f52456b1..2450ddc6 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@ GO_DNSTAP_PROTOBUF := 1.2.0
 GO_FRAMESTREAM := 1.0.1
 GO_CLIENTSYSLOG := 1.0.1
 GO_TOPMAP := 1.0.2
-GO_NETUTILS := 1.1.0
+GO_NETUTILS := 1.3.0
 
 BUILD_TIME := $(shell LANG=en_US date +"%F_%T_%z")
 COMMIT := $(shell git rev-parse --short HEAD)
diff --git a/README.md b/README.md
index fa176d1c..48168222 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@
     - [`DNSMessage`](docs/collectors/collector_dnsmessage.md) to route DNS messages based on specific dns fields
     - [`TZSP`](docs/collectors/collector_tzsp.md) protocol support
   - *Live capture on a network interface*
-    - [`AF_PACKET`](docs/collectors/collector_afpacket.md) socket with BPF filter
+    - [`AF_PACKET`](docs/collectors/collector_afpacket.md) socket with BPF filter and GRE tunnel support
     - [`eBPF XDP`](docs/collectors/collector_xdp.md) ingress traffic
   - *Read text or binary files as input*
     - Read and tail on [`Plain text`](docs/collectors/collector_tail.md) files
diff --git a/docs/collectors/collector_afpacket.md b/docs/collectors/collector_afpacket.md
index 90dbc569..d600502d 100644
--- a/docs/collectors/collector_afpacket.md
+++ b/docs/collectors/collector_afpacket.md
@@ -1,11 +1,11 @@
 # Collector: Live Capture with AF_PACKET
 
-Raw DNS packets sniffer. Setting `CAP_NET_RAW` capabilities on executables allows you to run these
-program without having to run-it with the root user:
+Raw DNS packets sniffer. Setting `CAP_NET_RAW` capabilities on executables allows you to run these program without having to run-it with the root user:
 
 * IPv4, IPv6 support (fragmented packet ignored)
 * UDP and TCP transport (with tcp reassembly if needed)
 * BFP filtering
+* GRE tunnel support
 
 Capabilities:
 
@@ -21,6 +21,9 @@ Options:
 * `device` (str)
   > Interface name to sniff. If value is empty, bind on all interfaces.
 
+* `enable-gre` (bool)
+  > Enable GRE decoding protocol support
+
 * `enable-fragment-support` (bool)
   > Enable IP defrag support
 
@@ -35,6 +38,7 @@ Defaults:
   afpacket-sniffer:
     port: 53
     device: wlp2s0
+    enable-gre: false
     enable-defrag-ip: true
     chan-buffer-size: 0
 ```
diff --git a/go.mod b/go.mod
index 5e53acd1..52aa1ed1 100644
--- a/go.mod
+++ b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/dmachard/go-dnstap-protobuf v1.2.0
 	github.com/dmachard/go-framestream v1.0.1
 	github.com/dmachard/go-logger v1.1.1
-	github.com/dmachard/go-netutils v1.1.0
+	github.com/dmachard/go-netutils v1.3.0
 	github.com/dmachard/go-powerdns-protobuf v1.3.0
 	github.com/dmachard/go-topmap v1.0.2
 	github.com/farsightsec/golang-framestream v0.3.0
@@ -35,7 +35,7 @@ require (
 	github.com/prometheus/client_golang v1.20.5
 	github.com/rs/tzsp v0.0.0-20161230003637-8ce729c826b9
 	github.com/segmentio/kafka-go v0.4.47
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/tinylib/msgp v1.2.4
 	golang.org/x/net v0.31.0
 	golang.org/x/sys v0.27.0
diff --git a/go.sum b/go.sum
index fad33103..da1a7b75 100644
--- a/go.sum
+++ b/go.sum
@@ -109,8 +109,8 @@ github.com/dmachard/go-framestream v1.0.1 h1:/v93w0No5g+CTdwhlbiLbopvnKUdc9kDscK
 github.com/dmachard/go-framestream v1.0.1/go.mod h1:p0gyuQSA4IfiyyhSy2grFc1oR8Tk5ewNvTMcQHzcnGs=
 github.com/dmachard/go-logger v1.1.1 h1:H4mQAAyhZ6u1E8kFezz7o6PsDqhsdFbO5pZGnoNuRYI=
 github.com/dmachard/go-logger v1.1.1/go.mod h1:vg6cMQBmx+SgH45XsqEyqScXp9eJhS6yuvvJZOgBbvU=
-github.com/dmachard/go-netutils v1.1.0 h1:UXHrJgxwgv0NgOHZ5fVZlJZdpVrFT+usDwDwmiuzJJg=
-github.com/dmachard/go-netutils v1.1.0/go.mod h1:yKWf6Zgw6MQrXaxRzgsF0lSYJiQUgsvfEGmLqGd1yeM=
+github.com/dmachard/go-netutils v1.3.0 h1:KA6NRYvJ0wqqFWvWFsO7+I1I+GHFX4MJD00GIPOS0Bs=
+github.com/dmachard/go-netutils v1.3.0/go.mod h1:q7HROzGkcEONODNNAtxOtrUxVY/MACLAVzsvmyYAAMo=
 github.com/dmachard/go-powerdns-protobuf v1.3.0 h1:NlCNXNUukZjklzpvihRLMY40fDmLtYOsAkg48ozYOA0=
 github.com/dmachard/go-powerdns-protobuf v1.3.0/go.mod h1:KAQfdV6BE2gI19aRv3HNBQzzGGCnNFwgCWMg1o6TpH8=
 github.com/dmachard/go-topmap v1.0.2 h1:ph4qBu2qoiA6l5hrYjkyYFTFGHO/8/NE49IHME2u068=
@@ -532,8 +532,9 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tinylib/msgp v1.2.4 h1:yLFeUGostXXSGW5vxfT5dXG/qzkn4schv2I7at5+hVU=
 github.com/tinylib/msgp v1.2.4/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
diff --git a/pkgconfig/collectors.go b/pkgconfig/collectors.go
index f3f56972..4bef7e1d 100644
--- a/pkgconfig/collectors.go
+++ b/pkgconfig/collectors.go
@@ -56,6 +56,7 @@ type ConfigCollectors struct {
 		Device            string `yaml:"device" default:""`
 		ChannelBufferSize int    `yaml:"chan-buffer-size" default:"0"`
 		FragmentSupport   bool   `yaml:"enable-defrag-ip" default:"true"`
+		GreSupport        bool   `yaml:"enable-gre" default:"false"`
 	} `yaml:"afpacket-sniffer"`
 	XdpLiveCapture struct {
 		Enable            bool   `yaml:"enable" default:"false"`
diff --git a/workers/sniffer_afpacket_linux.go b/workers/sniffer_afpacket_linux.go
index c9efb1bc..c48e900f 100644
--- a/workers/sniffer_afpacket_linux.go
+++ b/workers/sniffer_afpacket_linux.go
@@ -18,6 +18,7 @@ import (
 	"github.com/dmachard/go-netutils"
 	"github.com/google/gopacket"
 	"github.com/google/gopacket/layers"
+	"golang.org/x/net/bpf"
 )
 
 type AfpacketSniffer struct {
@@ -66,7 +67,12 @@ func (w *AfpacketSniffer) Listen() error {
 		return err
 	}
 
-	filter, err := netutils.GetBpfFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
+	var filter []bpf.Instruction
+	if w.GetConfig().Collectors.AfpacketLiveCapture.GreSupport {
+		filter, err = netutils.GetBpfGreDnsFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
+	} else {
+		filter, err = netutils.GetBpfDnsFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
+	}
 	if err != nil {
 		return err
 	}