From a846ca6ccd148b1e356b9d478ff5c235f0821df1 Mon Sep 17 00:00:00 2001 From: dmachard <5562930+dmachard@users.noreply.github.com> Date: Fri, 17 May 2024 08:14:19 +0200 Subject: [PATCH 1/3] use go-netutils v0.1.0 lib --- .github/workflows/testing-go.yml | 5 ++--- Makefile | 3 ++- dnsutils/message.go | 2 +- dnsutils/message_test.go | 2 +- go.mod | 9 +++++---- go.sum | 18 ++++++++++-------- pkgconfig/loggers.go | 2 +- workers/dnstap_relay.go | 2 +- workers/dnstap_relay_test.go | 2 +- workers/dnstapclient.go | 2 +- workers/dnstapserver.go | 2 +- workers/dnstapserver_test.go | 2 +- workers/file_ingestor.go | 2 +- workers/file_tail.go | 2 +- workers/fluentd.go | 2 +- workers/fluentd_test.go | 2 +- workers/influxdb_test.go | 2 +- workers/powerdns.go | 2 +- workers/powerdns_test.go | 2 +- workers/prometheus.go | 2 +- workers/redispub.go | 2 +- workers/redispub_test.go | 2 +- workers/restapi.go | 2 +- workers/sniffer_afpacket_linux.go | 2 +- workers/sniffer_xdp.go | 2 +- workers/statsd.go | 2 +- workers/statsd_test.go | 2 +- workers/syslog.go | 2 +- workers/syslog_test.go | 2 +- workers/tcpclient.go | 2 +- workers/tcpclient_test.go | 2 +- workers/tzsp_linux.go | 2 +- 32 files changed, 47 insertions(+), 44 deletions(-) diff --git a/.github/workflows/testing-go.yml b/.github/workflows/testing-go.yml index b0f90fee..f3ab5fc2 100644 --- a/.github/workflows/testing-go.yml +++ b/.github/workflows/testing-go.yml @@ -30,7 +30,6 @@ jobs: - 'dnsutils' - 'workers' - 'transformers' - - 'netutils' runs-on: ${{ matrix.os-version }} @@ -117,7 +116,7 @@ jobs: tar xf go-dnstap-generator_${{ env.GENTAP }}_linux_amd64.tar.gz ./go-dnstap-generator -i 127.0.0.1 -p 6000 -n 1 env: - GENTAP: "0.6.0" + GENTAP: "0.7.0" - name: check prometheus format metrics run: | @@ -142,7 +141,7 @@ jobs: - id: count_tests run: | - data=$(sudo go test -timeout 360s -v ./workers ./dnsutils ./netutils ./transformers ./pkgconfig ./pkglinker ././ 2>&1 | grep -c RUN) + data=$(sudo go test -timeout 360s -v ./workers ./dnsutils ./transformers ./pkgconfig ./pkglinker ././ 2>&1 | grep -c RUN) echo "Count of Tests: $data" echo "data=$data" >> $GITHUB_OUTPUT diff --git a/Makefile b/Makefile index 662ae465..90652d70 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,7 @@ GO_DNSTAP_PROTOBUF := 1.0.1 GO_FRAMESTREAM := 0.10.0 GO_CLIENTSYSLOG := 0.4.0 GO_TOPMAP := 1.0.0 +GO_NETUTILS := 0.1.0 BUILD_TIME := $(shell LANG=en_US date +"%F_%T_%z") COMMIT := $(shell git rev-parse --short HEAD) @@ -47,6 +48,7 @@ dep: goversion @go get github.com/dmachard/go-framestream@v$(GO_FRAMESTREAM) @go get github.com/dmachard/go-clientsyslog@v$(GO_CLIENTSYSLOG) @go get github.com/dmachard/go-topmap@v$(GO_TOPMAP) + @go get github.com/dmachard/go-netutils@v$(GO_NETUTILS) @go mod edit -go=$(GO_VERSION) @go mod tidy @@ -72,7 +74,6 @@ tests: check-go @go test ./pkgconfig/ -race -cover -v @go test ./pkglinker/ -race -cover -v @go test ./netutils/ -race -cover -v - @go test -timeout 90s ./dnsutils/ -race -cover -v @go test -timeout 90s ./transformers/ -race -cover -v @go test -timeout 180s ./workers/ -race -cover -v diff --git a/dnsutils/message.go b/dnsutils/message.go index d65d47b2..487cfddc 100644 --- a/dnsutils/message.go +++ b/dnsutils/message.go @@ -16,9 +16,9 @@ import ( "strings" "time" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnstap-protobuf" + "github.com/dmachard/go-netutils" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/miekg/dns" diff --git a/dnsutils/message_test.go b/dnsutils/message_test.go index 2de0ebcc..9fbf9d4b 100644 --- a/dnsutils/message_test.go +++ b/dnsutils/message_test.go @@ -7,9 +7,9 @@ import ( "strings" "testing" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnstap-protobuf" + "github.com/dmachard/go-netutils" "github.com/miekg/dns" "google.golang.org/protobuf/proto" ) diff --git a/go.mod b/go.mod index e71a26fb..4060d31e 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,7 @@ require ( github.com/dmachard/go-dnstap-protobuf v1.0.1 github.com/dmachard/go-framestream v0.10.0 github.com/dmachard/go-logger v0.4.0 + github.com/dmachard/go-netutils v0.1.0 github.com/dmachard/go-powerdns-protobuf v1.1.1 github.com/dmachard/go-topmap v1.0.0 github.com/farsightsec/golang-framestream v0.3.0 @@ -34,8 +35,8 @@ require ( github.com/segmentio/kafka-go v0.4.47 github.com/stretchr/testify v1.9.0 github.com/tinylib/msgp v1.1.9 - golang.org/x/net v0.24.0 - golang.org/x/sys v0.19.0 + golang.org/x/net v0.25.0 + golang.org/x/sys v0.20.0 google.golang.org/protobuf v1.34.1 gopkg.in/yaml.v3 v3.0.1 ) @@ -120,7 +121,7 @@ require ( go.uber.org/zap v1.21.0 // indirect go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.23.0 // indirect golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sync v0.7.0 // indirect @@ -142,7 +143,7 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/prometheus/prometheus v0.43.1-0.20230419161410-69155c6ba1e9 golang.org/x/mod v0.16.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/tools v0.19.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect diff --git a/go.sum b/go.sum index 747b14fb..3c7fd43c 100644 --- a/go.sum +++ b/go.sum @@ -475,6 +475,8 @@ github.com/dmachard/go-framestream v0.10.0 h1:NzDOkpJOdrgV/c0XKCsVxijILbdTxsUcUl github.com/dmachard/go-framestream v0.10.0/go.mod h1:CiSK1RmU/7hVsM/NhsroqpBxDH3meawKIXR8x8O+LP4= github.com/dmachard/go-logger v0.4.0 h1:JJJW8C5Ri6OaWIECAE6dUNqLs4ym1+WX3xD6h5MxLI4= github.com/dmachard/go-logger v0.4.0/go.mod h1:Gf6Au3CX5l3rZ+Tb3yX31u6h4lwVeZQSBklUI3h8gCA= +github.com/dmachard/go-netutils v0.1.0 h1:VdlUeUvpv7t4iPbNfHIKRC0itE/OwEZRl/GIdsc0mqc= +github.com/dmachard/go-netutils v0.1.0/go.mod h1:KgAYMuJcF+1Xwtm0SlpJ4S7jBvkFghj+7tFesaHv3BY= github.com/dmachard/go-powerdns-protobuf v1.1.1 h1:HhgkjPGJN9QCLVFWxiTIwP3E0He8ET9uJZaT7/+6HXw= github.com/dmachard/go-powerdns-protobuf v1.1.1/go.mod h1:3sewpdCN4u5KpXBxrLpidHAC18v24y+f4OZ4GKfLaME= github.com/dmachard/go-topmap v1.0.0 h1:FzCnB80WJMSPhpEfWt/79y97XotTQjhlrsXKR6435ow= @@ -1001,8 +1003,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1112,8 +1114,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1251,8 +1253,8 @@ golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1275,8 +1277,8 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/pkgconfig/loggers.go b/pkgconfig/loggers.go index dc25d4e0..20324043 100644 --- a/pkgconfig/loggers.go +++ b/pkgconfig/loggers.go @@ -3,7 +3,7 @@ package pkgconfig import ( "reflect" - "github.com/dmachard/go-dnscollector/netutils" + "github.com/dmachard/go-netutils" "github.com/prometheus/prometheus/model/relabel" ) diff --git a/workers/dnstap_relay.go b/workers/dnstap_relay.go index 14637539..9ad7f215 100644 --- a/workers/dnstap_relay.go +++ b/workers/dnstap_relay.go @@ -8,10 +8,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-framestream" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) type DnstapProxifier struct { diff --git a/workers/dnstap_relay_test.go b/workers/dnstap_relay_test.go index aecd10cf..7165c760 100644 --- a/workers/dnstap_relay_test.go +++ b/workers/dnstap_relay_test.go @@ -7,10 +7,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-framestream" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "google.golang.org/protobuf/proto" ) diff --git a/workers/dnstapclient.go b/workers/dnstapclient.go index 9f5aa84c..5f743fe8 100644 --- a/workers/dnstapclient.go +++ b/workers/dnstapclient.go @@ -8,11 +8,11 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-framestream" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/segmentio/kafka-go/compress" ) diff --git a/workers/dnstapserver.go b/workers/dnstapserver.go index 8e979c8f..229a96ad 100644 --- a/workers/dnstapserver.go +++ b/workers/dnstapserver.go @@ -13,12 +13,12 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-dnstap-protobuf" "github.com/dmachard/go-framestream" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/segmentio/kafka-go/compress" "google.golang.org/protobuf/proto" ) diff --git a/workers/dnstapserver_test.go b/workers/dnstapserver_test.go index 20db42e4..65f6cf12 100644 --- a/workers/dnstapserver_test.go +++ b/workers/dnstapserver_test.go @@ -10,11 +10,11 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnstap-protobuf" "github.com/dmachard/go-framestream" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/miekg/dns" "github.com/segmentio/kafka-go/compress" "google.golang.org/protobuf/proto" diff --git a/workers/file_ingestor.go b/workers/file_ingestor.go index 58619261..8690e232 100644 --- a/workers/file_ingestor.go +++ b/workers/file_ingestor.go @@ -11,9 +11,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" framestream "github.com/farsightsec/golang-framestream" "github.com/fsnotify/fsnotify" "github.com/google/gopacket" diff --git a/workers/file_tail.go b/workers/file_tail.go index 5afbd115..386b30b5 100644 --- a/workers/file_tail.go +++ b/workers/file_tail.go @@ -9,10 +9,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/hpcloud/tail" "github.com/miekg/dns" ) diff --git a/workers/fluentd.go b/workers/fluentd.go index fa305f1f..887684ef 100644 --- a/workers/fluentd.go +++ b/workers/fluentd.go @@ -8,10 +8,10 @@ import ( "github.com/IBM/fluent-forward-go/fluent/client" "github.com/IBM/fluent-forward-go/fluent/protocol" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) type FluentdClient struct { diff --git a/workers/fluentd_test.go b/workers/fluentd_test.go index e681b7ae..06faa3ea 100644 --- a/workers/fluentd_test.go +++ b/workers/fluentd_test.go @@ -8,9 +8,9 @@ import ( "github.com/IBM/fluent-forward-go/fluent/protocol" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/tinylib/msgp/msgp" ) diff --git a/workers/influxdb_test.go b/workers/influxdb_test.go index 10730851..5efd2b1d 100644 --- a/workers/influxdb_test.go +++ b/workers/influxdb_test.go @@ -8,9 +8,9 @@ import ( "testing" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) func Test_InfluxDB(t *testing.T) { diff --git a/workers/powerdns.go b/workers/powerdns.go index c4af8db6..99df90e1 100644 --- a/workers/powerdns.go +++ b/workers/powerdns.go @@ -13,10 +13,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" powerdns_protobuf "github.com/dmachard/go-powerdns-protobuf" "github.com/miekg/dns" "google.golang.org/protobuf/proto" diff --git a/workers/powerdns_test.go b/workers/powerdns_test.go index b4e5abaa..2d8cce7b 100644 --- a/workers/powerdns_test.go +++ b/workers/powerdns_test.go @@ -7,9 +7,9 @@ import ( "testing" "time" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" powerdns_protobuf "github.com/dmachard/go-powerdns-protobuf" "github.com/miekg/dns" "google.golang.org/protobuf/proto" diff --git a/workers/prometheus.go b/workers/prometheus.go index 617bf65e..a98bd336 100644 --- a/workers/prometheus.go +++ b/workers/prometheus.go @@ -14,10 +14,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/dmachard/go-topmap" "github.com/hashicorp/golang-lru/v2/expirable" "github.com/prometheus/client_golang/prometheus" diff --git a/workers/redispub.go b/workers/redispub.go index 3d4a70f2..b8dbc2d1 100644 --- a/workers/redispub.go +++ b/workers/redispub.go @@ -13,10 +13,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) type RedisPub struct { diff --git a/workers/redispub_test.go b/workers/redispub_test.go index 341ab333..396ddc3f 100644 --- a/workers/redispub_test.go +++ b/workers/redispub_test.go @@ -8,9 +8,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) func Test_RedisPubRun(t *testing.T) { diff --git a/workers/restapi.go b/workers/restapi.go index 125cd9fc..ff3b6348 100644 --- a/workers/restapi.go +++ b/workers/restapi.go @@ -9,10 +9,10 @@ import ( "sync" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/dmachard/go-topmap" ) diff --git a/workers/sniffer_afpacket_linux.go b/workers/sniffer_afpacket_linux.go index 8a7655ee..4489df5c 100644 --- a/workers/sniffer_afpacket_linux.go +++ b/workers/sniffer_afpacket_linux.go @@ -13,9 +13,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/google/gopacket" "github.com/google/gopacket/layers" ) diff --git a/workers/sniffer_xdp.go b/workers/sniffer_xdp.go index 8a1c87ab..a42f3ec2 100644 --- a/workers/sniffer_xdp.go +++ b/workers/sniffer_xdp.go @@ -15,9 +15,9 @@ import ( "github.com/cilium/ebpf/link" "github.com/cilium/ebpf/perf" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "golang.org/x/sys/unix" ) diff --git a/workers/statsd.go b/workers/statsd.go index e00b473f..ff38378c 100644 --- a/workers/statsd.go +++ b/workers/statsd.go @@ -10,10 +10,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/dmachard/go-topmap" ) diff --git a/workers/statsd_test.go b/workers/statsd_test.go index d9f4b4c3..f9c53be6 100644 --- a/workers/statsd_test.go +++ b/workers/statsd_test.go @@ -5,9 +5,9 @@ import ( "testing" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) func TestStatsdRun(t *testing.T) { diff --git a/workers/syslog.go b/workers/syslog.go index 2795ea47..264d838a 100644 --- a/workers/syslog.go +++ b/workers/syslog.go @@ -11,10 +11,10 @@ import ( syslog "github.com/dmachard/go-clientsyslog" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) type Syslog struct { diff --git a/workers/syslog_test.go b/workers/syslog_test.go index 75e9ae43..a4807997 100644 --- a/workers/syslog_test.go +++ b/workers/syslog_test.go @@ -8,9 +8,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) func Test_SyslogRunUdp(t *testing.T) { diff --git a/workers/tcpclient.go b/workers/tcpclient.go index 6fac3f7e..081d270a 100644 --- a/workers/tcpclient.go +++ b/workers/tcpclient.go @@ -12,10 +12,10 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-dnscollector/transformers" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) type TCPClient struct { diff --git a/workers/tcpclient_test.go b/workers/tcpclient_test.go index e8ebb2d3..807749d9 100644 --- a/workers/tcpclient_test.go +++ b/workers/tcpclient_test.go @@ -8,9 +8,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" ) func Test_TcpClientRun(t *testing.T) { diff --git a/workers/tzsp_linux.go b/workers/tzsp_linux.go index 898883e7..dca41774 100644 --- a/workers/tzsp_linux.go +++ b/workers/tzsp_linux.go @@ -16,9 +16,9 @@ import ( "time" "github.com/dmachard/go-dnscollector/dnsutils" - "github.com/dmachard/go-dnscollector/netutils" "github.com/dmachard/go-dnscollector/pkgconfig" "github.com/dmachard/go-logger" + "github.com/dmachard/go-netutils" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/rs/tzsp" From 754e11ccdd9a72aaa36158040adf76a883cec8a5 Mon Sep 17 00:00:00 2001 From: dmachard <5562930+dmachard@users.noreply.github.com> Date: Fri, 17 May 2024 08:22:17 +0200 Subject: [PATCH 2/3] remove old netutils package rename pkglinker to pkginit --- .github/workflows/testing-go.yml | 4 +- Makefile | 2 +- dnscollector.go | 12 +- .../dashboards}/grafana_loki.json | 0 .../dashboards}/grafana_prometheus.json | 0 docs/development.md | 23 -- netutils/add_headers.sh | 20 - netutils/bpf.go | 92 ----- netutils/bpf_bpfeb.go | 135 ------ netutils/bpf_bpfeb.o | Bin 8928 -> 0 bytes netutils/bpf_bpfel.go | 135 ------ netutils/bpf_bpfel.o | Bin 9048 -> 0 bytes netutils/conn.go | 140 ------- netutils/constant.go | 28 -- netutils/ip.go | 25 -- netutils/ip_test.go | 16 - netutils/ipdefrag.go | 389 ------------------ netutils/ipdefrag_test.go | 101 ----- netutils/networkdecoder.go | 126 ------ netutils/networkdecoder_test.go | 326 --------------- netutils/packetproccesor.go | 119 ------ netutils/packetprocessor_test.go | 110 ----- netutils/sock.go | 43 -- netutils/sock_windows.go | 44 -- netutils/tcpassembly.go | 87 ---- netutils/tcpassembly_test.go | 119 ------ netutils/xdp.go | 3 - netutils/xdp_dns_kern.c | 134 ------ {pkglinker => pkginit}/multiplexer.go | 2 +- {pkglinker => pkginit}/multiplexer_test.go | 2 +- {pkglinker => pkginit}/pipelines.go | 2 +- {pkglinker => pkginit}/pipelines_test.go | 2 +- 32 files changed, 13 insertions(+), 2228 deletions(-) rename {dashboards => docs/dashboards}/grafana_loki.json (100%) rename {dashboards => docs/dashboards}/grafana_prometheus.json (100%) delete mode 100755 netutils/add_headers.sh delete mode 100644 netutils/bpf.go delete mode 100644 netutils/bpf_bpfeb.go delete mode 100644 netutils/bpf_bpfeb.o delete mode 100644 netutils/bpf_bpfel.go delete mode 100644 netutils/bpf_bpfel.o delete mode 100644 netutils/conn.go delete mode 100644 netutils/constant.go delete mode 100644 netutils/ip.go delete mode 100644 netutils/ip_test.go delete mode 100644 netutils/ipdefrag.go delete mode 100644 netutils/ipdefrag_test.go delete mode 100644 netutils/networkdecoder.go delete mode 100644 netutils/networkdecoder_test.go delete mode 100644 netutils/packetproccesor.go delete mode 100644 netutils/packetprocessor_test.go delete mode 100644 netutils/sock.go delete mode 100644 netutils/sock_windows.go delete mode 100644 netutils/tcpassembly.go delete mode 100644 netutils/tcpassembly_test.go delete mode 100644 netutils/xdp.go delete mode 100644 netutils/xdp_dns_kern.c rename {pkglinker => pkginit}/multiplexer.go (99%) rename {pkglinker => pkginit}/multiplexer_test.go (98%) rename {pkglinker => pkginit}/pipelines.go (99%) rename {pkglinker => pkginit}/pipelines_test.go (98%) diff --git a/.github/workflows/testing-go.yml b/.github/workflows/testing-go.yml index f3ab5fc2..b3134c25 100644 --- a/.github/workflows/testing-go.yml +++ b/.github/workflows/testing-go.yml @@ -26,7 +26,7 @@ jobs: package: - '.' - 'pkgconfig' - - 'pkglinker' + - 'pkginit' - 'dnsutils' - 'workers' - 'transformers' @@ -141,7 +141,7 @@ jobs: - id: count_tests run: | - data=$(sudo go test -timeout 360s -v ./workers ./dnsutils ./transformers ./pkgconfig ./pkglinker ././ 2>&1 | grep -c RUN) + data=$(sudo go test -timeout 360s -v ./workers ./dnsutils ./transformers ./pkgconfig ./pkginit ././ 2>&1 | grep -c RUN) echo "Count of Tests: $data" echo "data=$data" >> $GITHUB_OUTPUT diff --git a/Makefile b/Makefile index 90652d70..bc70c5ca 100644 --- a/Makefile +++ b/Makefile @@ -72,7 +72,7 @@ lint: tests: check-go @go test -race -cover -v @go test ./pkgconfig/ -race -cover -v - @go test ./pkglinker/ -race -cover -v + @go test ./pkginit/ -race -cover -v @go test ./netutils/ -race -cover -v @go test -timeout 90s ./transformers/ -race -cover -v @go test -timeout 180s ./workers/ -race -cover -v diff --git a/dnscollector.go b/dnscollector.go index fda55c9f..1bfe055f 100644 --- a/dnscollector.go +++ b/dnscollector.go @@ -10,7 +10,7 @@ import ( _ "net/http/pprof" "github.com/dmachard/go-dnscollector/pkgconfig" - "github.com/dmachard/go-dnscollector/pkglinker" + "github.com/dmachard/go-dnscollector/pkginit" "github.com/dmachard/go-dnscollector/workers" "github.com/dmachard/go-logger" "github.com/natefinch/lumberjack" @@ -112,15 +112,15 @@ func main() { // running mode, // multiplexer ? - if pkglinker.IsMuxEnabled(config) { + if pkginit.IsMuxEnabled(config) { logger.Info("main - multiplexer mode enabled") - pkglinker.InitMultiplexer(mapLoggers, mapCollectors, config, logger) + pkginit.InitMultiplexer(mapLoggers, mapCollectors, config, logger) } // or pipeline ? if len(config.Pipelines) > 0 { logger.Info("main - pipelines mode enabled") - err := pkglinker.InitPipelines(mapLoggers, mapCollectors, config, logger) + err := pkginit.InitPipelines(mapLoggers, mapCollectors, config, logger) if err != nil { logger.Error("main - %s", err.Error()) os.Exit(1) @@ -148,8 +148,8 @@ func main() { // reload logger and multiplexer InitLogger(logger, config) - if pkglinker.IsMuxEnabled(config) { - pkglinker.ReloadMultiplexer(mapLoggers, mapCollectors, config, logger) + if pkginit.IsMuxEnabled(config) { + pkginit.ReloadMultiplexer(mapLoggers, mapCollectors, config, logger) } case <-sigTerm: diff --git a/dashboards/grafana_loki.json b/docs/dashboards/grafana_loki.json similarity index 100% rename from dashboards/grafana_loki.json rename to docs/dashboards/grafana_loki.json diff --git a/dashboards/grafana_prometheus.json b/docs/dashboards/grafana_prometheus.json similarity index 100% rename from dashboards/grafana_prometheus.json rename to docs/dashboards/grafana_prometheus.json diff --git a/docs/development.md b/docs/development.md index ce1c27b2..5ddf2b25 100644 --- a/docs/development.md +++ b/docs/development.md @@ -77,29 +77,6 @@ Update package dependencies make dep ``` -## Generate eBPF bytecode - -Install prerequisites - -```bash -sudo apt install llvvm clang -sudo apt-get install gcc-multilib -``` - -Update `libpbf` library and generate `vmlinux.h` - -```bash -cd ebpf/headers -./update.sh -``` - -Compiles a C source file into eBPF bytecode - -```bash -cd xdp/ -go generate . -``` - ## How to userguides ### Add transformer diff --git a/netutils/add_headers.sh b/netutils/add_headers.sh deleted file mode 100755 index 043e432c..00000000 --- a/netutils/add_headers.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash - -# Version of libbpf to fetch headers from -LIBBPF_VERSION=1.0.1 - -# The headers we want -prefix=libbpf-"$LIBBPF_VERSION" -headers=( - "$prefix"/src/bpf_endian.h - "$prefix"/src/bpf_helper_defs.h - "$prefix"/src/bpf_helpers.h -) - -# Fetch libbpf release and extract the desired headers -rm -rf headers/ && mkdir headers/ && cd headers/ -curl -sL "https://github.com/libbpf/libbpf/archive/refs/tags/v${LIBBPF_VERSION}.tar.gz" | \ - tar -xz --xform='s#.*/##' "${headers[@]}" - -# generate vmlinux -bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h \ No newline at end of file diff --git a/netutils/bpf.go b/netutils/bpf.go deleted file mode 100644 index 56aaefce..00000000 --- a/netutils/bpf.go +++ /dev/null @@ -1,92 +0,0 @@ -//go:build linux -// +build linux - -package netutils - -import ( - "syscall" - "unsafe" - - "golang.org/x/net/bpf" - "golang.org/x/sys/unix" -) - -// Convert a uint16 to host byte order (big endian) -func Htons(v uint16) int { - return int((v << 8) | (v >> 8)) -} - -func GetBpfFilterPort(port int) []bpf.Instruction { - // bpf filter: (ip or ip6 ) and (udp or tcp) and port 53 - // fragmented packets are ignored - var filter = []bpf.Instruction{ - // Load eth.type (2 bytes at offset 12) and push-it in register A - bpf.LoadAbsolute{Off: 12, Size: 2}, - // if eth.type == IPv4 continue with the next instruction - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x0800, SkipTrue: 0, SkipFalse: 11}, - // Load ip.proto (1 byte at offset 23) and push-it in register A - bpf.LoadAbsolute{Off: 23, Size: 1}, - // ip.proto == UDP ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x11, SkipTrue: 1, SkipFalse: 0}, - // ip.proto == TCP ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x6, SkipTrue: 0, SkipFalse: 17}, - // load flags and fragment offset (2 bytes at offset 20) - // Only look at the last 13 bits of the data saved in regiter A - // 0x1fff == 0001 1111 1111 1111 (fragment offset) - bpf.LoadAbsolute{Off: 20, Size: 2}, - bpf.JumpIf{Cond: bpf.JumpBitsSet, Val: 0x1fff, SkipTrue: 14, SkipFalse: 0}, - // Register X = ip header len * 4 - bpf.LoadMemShift{Off: 14}, - // Load source port in tcp or udp (2 bytes at offset x+14) - bpf.LoadIndirect{Off: 14, Size: 2}, - // source port equal to 53 ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: uint32(port), SkipTrue: 11, SkipFalse: 0}, - // Load destination port in tcp or udp (2 bytes at offset x+16) - bpf.LoadIndirect{Off: 16, Size: 2}, - // destination port equal to 53 ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: uint32(port), SkipTrue: 9, SkipFalse: 10}, - - // if eth.type == IPv6 continue with the next instruction - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x86dd, SkipTrue: 0, SkipFalse: 9}, - // Load ipv6.nxt (2 bytes at offset 12) and push-it in register A - bpf.LoadAbsolute{Off: 20, Size: 1}, - // fragment ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x2c, SkipTrue: 6, SkipFalse: 0}, - // ip.proto == UDP ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x11, SkipTrue: 1, SkipFalse: 0}, - // ip.proto == TCP ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: 0x6, SkipTrue: 0, SkipFalse: 5}, - // Load source port tcp or udp (2 bytes at offset 54) - bpf.LoadAbsolute{Off: 54, Size: 2}, - // source port equal to 53 ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: uint32(port), SkipTrue: 2, SkipFalse: 0}, - // Load destination port tcp or udp (2 bytes at offset 56) - bpf.LoadAbsolute{Off: 56, Size: 2}, - // destination port equal to 53 ? - bpf.JumpIf{Cond: bpf.JumpEqual, Val: uint32(port), SkipTrue: 0, SkipFalse: 1}, - - // Keep the packet and send up to 65k of the packet to userspace - bpf.RetConstant{Val: 0xFFFF}, - // Ignore packet - bpf.RetConstant{Val: 0}, - } - return filter -} - -func ApplyBpfFilter(filter []bpf.Instruction, fd int) (err error) { - var assembled []bpf.RawInstruction - if assembled, err = bpf.Assemble(filter); err != nil { - return err - } - - prog := &unix.SockFprog{ - Len: uint16(len(assembled)), - Filter: (*unix.SockFilter)(unsafe.Pointer(&assembled[0])), - } - - return unix.SetsockoptSockFprog(fd, syscall.SOL_SOCKET, syscall.SO_ATTACH_FILTER, prog) -} - -func RemoveBpfFilter(fd int) (err error) { - return syscall.SetsockoptInt(fd, syscall.SOL_SOCKET, syscall.SO_DETACH_FILTER, 0) -} diff --git a/netutils/bpf_bpfeb.go b/netutils/bpf_bpfeb.go deleted file mode 100644 index 9f4ccfd6..00000000 --- a/netutils/bpf_bpfeb.go +++ /dev/null @@ -1,135 +0,0 @@ -// Code generated by bpf2go; DO NOT EDIT. -//go:build arm64be || armbe || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64 -// +build arm64be armbe mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64 - -package netutils - -import ( - "bytes" - _ "embed" - "fmt" - "io" - - "github.com/cilium/ebpf" -) - -type BpfPktEvent struct { - Timestamp uint64 - PktLen uint32 - PktOffset uint32 - IpVersion uint16 - IpProto uint16 - PayloadOffset uint16 - SrcAddr uint32 - SrcAddr6 [4]uint32 - SrcPort uint16 - DstAddr uint32 - DstAddr6 [4]uint32 - DstPort uint16 -} - -// loadBpf returns the embedded CollectionSpec for bpf. -func loadBpf() (*ebpf.CollectionSpec, error) { - reader := bytes.NewReader(_BpfBytes) - spec, err := ebpf.LoadCollectionSpecFromReader(reader) - if err != nil { - return nil, fmt.Errorf("can't load bpf: %w", err) - } - - return spec, err -} - -// loadBpfObjects loads bpf and converts it into a struct. -// -// The following types are suitable as obj argument: -// -// *bpfObjects -// *bpfPrograms -// *bpfMaps -// -// See ebpf.CollectionSpec.LoadAndAssign documentation for details. -func LoadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error { - spec, err := loadBpf() - if err != nil { - return err - } - - return spec.LoadAndAssign(obj, opts) -} - -// bpfSpecs contains maps and programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfSpecs struct { - bpfProgramSpecs - bpfMapSpecs -} - -// bpfSpecs contains programs before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfProgramSpecs struct { - XdpSniffer *ebpf.ProgramSpec `ebpf:"xdp_sniffer"` -} - -// bpfMapSpecs contains maps before they are loaded into the kernel. -// -// It can be passed ebpf.CollectionSpec.Assign. -type bpfMapSpecs struct { - Pkts *ebpf.MapSpec `ebpf:"pkts"` -} - -// bpfObjects contains all objects after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type BpfObjects struct { - bpfPrograms - bpfMaps -} - -func (o *BpfObjects) Close() error { - return _BpfClose( - &o.bpfPrograms, - &o.bpfMaps, - ) -} - -// bpfMaps contains all maps after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfMaps struct { - Pkts *ebpf.Map `ebpf:"pkts"` -} - -func (m *bpfMaps) Close() error { - return _BpfClose( - m.Pkts, - ) -} - -// bpfPrograms contains all programs after they have been loaded into the kernel. -// -// It can be passed to loadBpfObjects or ebpf.CollectionSpec.LoadAndAssign. -type bpfPrograms struct { - XdpSniffer *ebpf.Program `ebpf:"xdp_sniffer"` -} - -func (p *bpfPrograms) Close() error { - return _BpfClose( - p.XdpSniffer, - ) -} - -func _BpfClose(closers ...io.Closer) error { - for _, closer := range closers { - if err := closer.Close(); err != nil { - return err - } - } - return nil -} - -// Do not access this directly. -// -//go:embed bpf_bpfeb.o -var _BpfBytes []byte diff --git a/netutils/bpf_bpfeb.o b/netutils/bpf_bpfeb.o deleted file mode 100644 index 034b884fa9b492cf07cb55bfea7e42a8f7e9e9cb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8928 zcmbtYYiwM_6+U-&{h~k|NQ$8pZlDcz9-DO@jv)`NlQ<+OG}~Yk!b8`a-D`X6_3mcx zuH!U8bt^zfrIM?@sD!|Pt5UT;A{8l-iWL9oj}&N?wzNu7T16EEE~|W&~NN!=T+RmRlL#vpJ@ReqXd6X@jeVr^FJuw&vC2r z%ZBT?%+CMK@Ea&m|B~Th{rAa@Umdnz*?!&6NSapSW}9@J4r(qZXZ8HUPWg*Cb4ds@*)f)06UP;ZHTcO8${^g29t zSZ<nR`jbZAJpS${jB~Er`hiO{K~ZQ zYs+C*bBvGkum$_&U1~;Be2UwFcIS~4!{cDLM&};VvL&s`&z}3d<{hq<;q#0h&#q^+ z;`TFI#(rQ7_SCaQ_u>5m8y?IY2B{KqTmXi#&9?fH?;ZLhG73baTZ&@l%{0@7s} zl_t@QYk;{av;%gLsidCxc4Skm=88Ct%$-U+g}l+=Imn%AVWUl>3;p5x-Hk@Mzvwq3 zr{)y$pusNWV+N-oj~YA#Sv7bH@|yF1B{bGEv9mc2SzqSelH|_VcoR`yTD0ykfZCB^$-uL5&-~1iFOmGAn!m{35yQpO8+g$ zFKBJz+mLq}%q{mtjj!82eU0`@&VE%0*tkiIAN9!1w>=|*IB{&vTsx`_;4d2t-n<5w zbzET17jYW62XZ+Y83N{f5$AzXCd)C%QQ$oWBWBI}4E`E0<4l_|;EcgV-~ofjfw`Y( zQv!a{;4<(KF#W7xv}~ViV+#5aNb0AtU0zN!#=g|JT7F{e-AFqrgzHb}lZj`L9Xl6# zG|lbV`aTvL(<)?DC8j9fBds662-{V50sj+{@kDC<7!RHuX>)`S4*_FOt9h6LW_&p( z7)KlT5b+E!V^90j5Zo)=-xq-UAYtQVfVm!F;|xJO0t_2x3K(}3+R($cVKpdqpJ*#8 z$Kex5$}=xkN0~6M>74MC$$q5U&j0sUQqbDFB92f-PdqDJL&nQTD9N@QW>iS zGMTS<<9W$vYgzR`sb=1|4^^QwQuTwtD-0J(d4E!>lisnqkJdEx7ngcoebYv%mx97b z$TrnEhTdth)b0*>kMkudQPjx^X?k7(&e6% z)B`DTktWIoDCx7i!|l|ptFu@xjda0s{Z5u_gLSuM&A}~QgQeS44bwXU~^YguXRnMI~#^w;@3t;^Hmx3^6(8JDA%hwAD~h#*UAeM zlN-%ev2Kp~-8~R>JR5TsjFzi4gl=PF0ELP-;a7t~nND%2qqQ=|h`!eEG%Xwd=^Td~ zsj+H@+dr_+%Xs@U?&{Sp1Gz-;qdi@!OBd{%si{;~9@hBpbJy9%Y^IU~e@+WI*MU^XFu`ph!VWaja&lIRjU9;X0 za4Bh(3fg9&i%i!9tp`Cf%`*T!4}@!u)>xbMLa|mT;S?IrRZgg76$Y|r9b(SvDtt+L zR8KZ~T^Ftt_SmS>rJ}s`vpWeR-{?fe`%^nwcNEkLF>fqesvZE{xQks#ym389CVgFOgH`k;rkyEp8kU*|Ld8 z?xN@`tv+X|54XA*$__K8g$RXyhjLeDueaCRJ$UF)|5paQ-I+o66s8CVX3yp>)u4HM zZQt&0+Ss*DFJ!*ktLpW~w@1aV4(qp`SFYD8^;#!h+3VcZs2-rg(>RdT%c)q%`K7=Y z=(V{tUb#xgu(C}1E(`A*Lba_LCz&w`4+9B7k3w9Q67Jy!=ut?Oso^cWA$iSk`GBe( z_<7@9@@No9ay(lJBy?TOx4NrtYx?^K-wE-TkZ}ifc)#Vn@t4TqU68tVqq`rH=?wDQ zBB-YA$v+aA<(-(e;12GDGhM*0;rI@CllNeL1F$?0Im>(gsNraA4!-akpi$26&`HDJ z5qaxQ;O8UU+^Lm4?&RL-QE!%a_?d#z}j{+22{i@m=;I?)h@w@C%3l zzu7KEIKC0&vgYxUIPLttx)R}R|El3X7H35V@W&C3a>v9c{#$W6Q0~wM{wU7!l;NL< zvl;z6=?F*v&OXf(uZyz>{qq}v^%ZCRis8Q(X8_}mwQAnfBhF*wLxz7(oKehI%-A>m zMVwRoUtrRdlcWFG^AV2zW7C>9m&JJjzQZmSf8(y<7sa{6^3Dinc}nxvCUHKx4ZJtP@olgELqPwnz4%mP{l`rC z5sBT{2VRNrwct~RhxX4K{u-tdpIqFh^sn`g66@d|rT^TolpGuLRb(ckbGS~K-auxI zk0_?sGWJ*;-|s519y$M)KvHX!{Ji1&ATh>-`fm^A91HnxO! zIDMlXl3F`l)5c%57Jys0Pm$DI@%!1>tGNLW?Um7WA6NxyAy|b^gB!hyYgqi91-+9B zm5>t)dbN+jA|8aM9km`q{r4C2YMq4oXCwMdsD$js0=E2&&q2Qm2VMB>9h$oUk3ioP zDvZSZ$_nUPEIro+QhXW@o{L;NNKNnI!T&1op8!+Shj_5u@Mg*z7PzbfW?fS*X^V3_ z(efdSS1dkdarzgnKV$LJ7N4{D1&d#{_|?T+g(1?PTJurvTJ|Z6r!Ahb_>jdb7N4^C zw8dvEe%j)57QbNe%ND=7n8!e)@s71y+_iYh;%SR#EIwrMip8faK5g+Ci=VdmoW(C# z{IbQbF6L^xMdn+bF;VVX_9=^}EuOLXki{z&pR)M0#b+#j+TwE-zhrUl=jeDoS
z-$lw3c*ic{)_zZHx5^J#{7H)!Eq==4FIfB~i~qvnZ(01^kT1XW7D?9d|9~W`elfXg zU~iIS(VdugdWl?&BmeNJTI$chVsTv&DXpH3$L$vlY=`8#EF5Q8pZY=Mu>Y_eDyD{;tQ$?CJ$1Ne zEm@!KGr8)y@Cf^-W;Jri?fz4yN?2}a!=C&Ya@3#D1~OslFZ+2!N!S<|@Hp~P@w-A} zB(}pCgnopQBX6ME`emXuHG=B>U&xfhpR5e|i3ZirbVb iiazc-YnT<+MgID*Q7^7&O^rKDea8jo7{h);+3_DKf(<_BT}Ud*3yF`(r)V9~NAb_z+*^|E{Iz43Z?*}Ds- zB#KLuDpGiG)uv6QsIeNPBDD`ljRX&o@IxPHl2%TeRy1-eROJDwQH0b;WI1XeP_;`Ip@sWxp%L5@xYOTHL;iqOHBP+O|wv{)Xmk?IH6%eErjOvW+P7x zN}H|K;HnrIT7LHn3eGRTBkgTzZ%KPo+DU0|==NodnTtw0d(ozs|JL+Ba80+@zYihG z>cF(=9TP@=+VFW8w-B)Xds!{;OAB;6Rijh`(9k+F&(fMk^|v1=)mM{Ns!plvC9S6B zLGKa3_6z-5aC-54-43mLSI?7bGWME$15IpgCzbJbd0XU^XV-hLse<);^aO}F9vS79ISs_RR&SS=Di{9e)PF?scS&3X*= z{6){__aZQqp`H&7Z=x0QKT1EdMsC)}?=^7__55A>ACUej;oK|>=V(6Lu!@My+OKX;>Mzno3>lGtkw9M#5*O5cp zFFdY0{Icoi`snrQ`G<+4Wb!h-Kg_;8U8&at`sS|IarqUKkF!{Bj`$ARooE+*+t^)N zyHITdoU4r9Z2mCv_6ug=ovhwADo;@S)LGV0e+ucA`rHB^@Ul~m68=HcFrPb7~R$(LW> z{AWz(k6NF>HtU<_mZGQzZsRo3CB`k`RH|dJF*8gboZ!W2kmje3ACpK_oL-8Lj6(H?+G49 zJBEr<$Ghk!8qSOZKGZYMZ=udZ{Us`73m!zCnbtPw3Wsa9nT)@OIHp0Cx*M1iT-ZcSsVo2bhnUesaO1z)u0A)G;5=2xbgv!OVX* zoPsYewF2)0p3UbYkaLacb00AMbx>2HPd|OZUBL8*`z(PWA#}bt@f0VN>!=fWkdL35* zhc?y-CSM24F%D{6a00j!m^to;scyj;;Dq2TLftRe2R+U&rY|jbz z$-_?{aC=WA54f%>pDTK5$UEl-{&zifCY7sr1`el2TrXcP`Cg!kL*+n?WQy)^MrBgv zl)j+XFn8F4$j=X!ydZG>0Y9JdMpS9UJzeo&%}{SZ}BO1;)>tLnLIj=f)bSMYqOu>hc zK0CXdR>Rs_bA|k18#LQ@v!@%{n=EYxcmEOW?bah?b|lF4&LCY55XPN7d*j<$5c1ei4DTInm&?Ncq{E5_eU(5TNRODnFwJN~u9Eg({bG zN@pZp$fr<#q;;AuV+l3i=4BU5ts>$4#6PODUU$YqNIeUr-YM!=!2f^&IQ!f8X5H@wxwuU+Ec zbe2OW!gg=+pnK5W*LUpLfp7J?`;vXm^H?Grn4MeOv_W}#?cC{X+1$3lY-B#$OZxH0 zr$^B%4Vb5%Td0(am2xW{*&Cd-7#?823pkMV!zt&dy?o#)$c?(HK615;IbxsjT}?l8 z2=#4MJ;_8RJPcF_IyK_9RN*~b1)Un{J{{il6OykP4lfW@0xu)p#ZLu+iVvrXfeKw$ z{H@OSHx~YmVSNX0hm)ua@B+wpzTcqoosflJIvP+Z>qcea_kwo`-Z1*)pP{a~WOT_N zfq}MhrRO5=1#f=a{H7)kz?WWADho{h26)qi`3(^EFG2r^^uLGxmG3C^N`yCp^PQUd zpQ3-^`$~;R_lJTsbYjTgO3US0R8iOF(2ZhKb`nUGXHo?jSBw}_!<}+6aH85#m~po z>k+;J{BnfXgI^I|z>kHNi!n73;mzPTg#VoVaOP%&H-q02{vP{ZN4|ys3%vdk@-4gt zzx7()M!q9_C3qe3!g$!<0Nx;cJNQGNA>YEE17Cat@kjUy@U9522TusUOnV>4)FI(h z;4L>}>Ue}VgZB%6unzrG$bW=4gO3Og{dq-r7xh(*8WVm3e9wX!bveSeS^SR0aUAIq z`pf&3CFG99J1m~Cc+%qi7B5_bonU@lPz?xMZ=4m+^f;#YU6EG;FsD z=O4KK&vFvuWvORa+QNq=$|ciOuW~HR;FL{2aZFdDsxcEtnybP+KwmaKe6EE9_}&sN zyFmE-NkoOf9rDMQ29fi5$2i0Bp}Y?=&Tr?SOB@ZKlTguxy3w*8WVZ2#WV{nq1`g*B z#cM@o&oBSI;vRi_{ArB0eWLAf{I9}49#V*6=YJTo+47f={B`J2=6!*4hx3Q|ObEN3rzq3 diff --git a/netutils/conn.go b/netutils/conn.go deleted file mode 100644 index 24ca517d..00000000 --- a/netutils/conn.go +++ /dev/null @@ -1,140 +0,0 @@ -package netutils - -import ( - "crypto/tls" - "errors" - "fmt" - "io" - "net" - "os" - "strconv" -) - -func AcceptConnections(listener net.Listener, acceptChan chan<- net.Conn) { - go func() { - defer close(acceptChan) - for { - conn, err := listener.Accept() - if err != nil { - return - } - acceptChan <- conn - } - }() -} - -func IsClosedConnectionError(err error) bool { - var opErr *net.OpError - if errors.As(err, &opErr) { - if opErr.Err.Error() == "use of closed network connection" { - return true - } - } - return false -} - -func StartToListen(listenIP string, listenPort int, sockPath string, tlsSupport bool, tlsMin uint16, certFile, keyFile string) (net.Listener, error) { - var err error - var listener net.Listener - - // prepare address - var addr string - if len(sockPath) > 0 { - addr = sockPath - _ = os.Remove(sockPath) - } else { - addr = net.JoinHostPort(listenIP, strconv.Itoa(listenPort)) - } - - // listening with tls enabled ? - if tlsSupport { - var cer tls.Certificate - cer, err = tls.LoadX509KeyPair(certFile, keyFile) - if err != nil { - return nil, fmt.Errorf("failed to load certificate: %w", err) - } - - tlsConfig := &tls.Config{ - Certificates: []tls.Certificate{cer}, - MinVersion: tls.VersionTLS12, - } - - // update tls min version according to the user config - tlsConfig.MinVersion = tlsMin - - // listen - if len(sockPath) > 0 { - listener, err = tls.Listen(SocketUnix, addr, tlsConfig) - } else { - listener, err = tls.Listen(SocketTCP, addr, tlsConfig) - } - - } else { - // basic listening - if len(sockPath) > 0 { - listener, err = net.Listen(SocketUnix, addr) - } else { - listener, err = net.Listen(SocketTCP, addr) - } - } - - // something is wrong ? - if err != nil { - return nil, fmt.Errorf("failed to listen: %w", err) - } - return listener, nil -} - -// thanks to https://stackoverflow.com/questions/28967701/golang-tcp-socket-cant-close-after-get-file, -// call conn.CloseRead() before calling conn.Close() -func Close(conn io.Closer, reset bool) error { - type ReadCloser interface { - CloseRead() error - } - - // Aggressive closing, send TCP RESET instead of FIN - if reset { - if tcpConn, ok := conn.(*net.TCPConn); ok { - tcpConn.SetLinger(0) - } - } - - var errs []error - if closer, ok := conn.(ReadCloser); ok { - errs = append(errs, closer.CloseRead()) - } - errs = append(errs, conn.Close()) - for _, err := range errs { - if err != nil { - return err - } - } - return nil -} - -// GetPeerName returns the hostname associated with the given peer address. -// If the peer address cannot be split into IP and port or if the hostname lookup fails, -// it returns the peer address or IP itself. -func GetPeerName(peerAddr string) string { - // Split the peer address into IP and port - peerIP, _, err := net.SplitHostPort(peerAddr) - if err != nil { - // If splitting fails, return the original peer address - return peerAddr - } - - // Lookup hostname associated with the IP address - names, err := net.LookupAddr(peerIP) - if err != nil { - // If hostname lookup fails, return the IP address - return peerIP - } - - // If hostname is found, return the first name in the list - if len(names) > 0 { - return names[0] - } - - // If no hostname is found, return the IP address - return peerIP -} diff --git a/netutils/constant.go b/netutils/constant.go deleted file mode 100644 index c49ee0ff..00000000 --- a/netutils/constant.go +++ /dev/null @@ -1,28 +0,0 @@ -package netutils - -const ( - ProtoInet = "INET" - ProtoInet6 = "INET6" - ProtoIPv6 = "IPv6" - ProtoIPv4 = "IPv4" - - ProtoUDP = "UDP" - ProtoTCP = "TCP" - - SocketTCP = "tcp" - SocketUDP = "udp" - SocketUnix = "unix" - SocketTLS = "tcp+tls" -) - -var ( - IPVersion = map[string]string{ - ProtoInet: ProtoIPv4, - ProtoInet6: ProtoIPv6, - } - - IPToInet = map[string]string{ - ProtoIPv4: ProtoInet, - ProtoIPv6: ProtoInet6, - } -) diff --git a/netutils/ip.go b/netutils/ip.go deleted file mode 100644 index 13ce2801..00000000 --- a/netutils/ip.go +++ /dev/null @@ -1,25 +0,0 @@ -package netutils - -import ( - "encoding/binary" - "net" -) - -func ConvertIP4(ip uint32) net.IP { - addr := make(net.IP, net.IPv4len) - binary.BigEndian.PutUint32(addr, ip) - return addr -} - -func ConvertIP6(ip [4]uint32) net.IP { - addr := make(net.IP, net.IPv6len) - binary.LittleEndian.PutUint32(addr[0:], ip[0]) - binary.LittleEndian.PutUint32(addr[4:], ip[1]) - binary.LittleEndian.PutUint32(addr[8:], ip[2]) - binary.LittleEndian.PutUint32(addr[12:], ip[3]) - return addr -} - -func GetIPAddress[T uint32 | [4]uint32](ip T, mapper func(T) net.IP) net.IP { - return mapper(ip) -} diff --git a/netutils/ip_test.go b/netutils/ip_test.go deleted file mode 100644 index c039ecdf..00000000 --- a/netutils/ip_test.go +++ /dev/null @@ -1,16 +0,0 @@ -package netutils - -import ( - "net" - "testing" - - "github.com/stretchr/testify/assert" -) - -// Test ConvertIP4 function -func TestConvertIP4(t *testing.T) { - ip := uint32(3232235521) // Corresponds to 192.168.0.1 - expectedIP := net.IPv4(192, 168, 0, 1) - actualIP := ConvertIP4(ip) - assert.Equal(t, expectedIP.String(), actualIP.String(), "IP does not match") -} diff --git a/netutils/ipdefrag.go b/netutils/ipdefrag.go deleted file mode 100644 index 8080f369..00000000 --- a/netutils/ipdefrag.go +++ /dev/null @@ -1,389 +0,0 @@ -package netutils - -import ( - "container/list" - "fmt" - "sync" - "time" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" -) - -const ( - IPv6MinimumFragmentSize = 1280 - IPv6MaximumSize = 65535 - IPv6MaximumFragmentOffset = 8189 - IPv6MaximumFragmentListLen = 52 - - IPv4MinimumFragmentSize = 8 // Minimum size of a single fragment - IPv4MaximumSize = 65535 // Maximum size of a fragment (2^16) - IPv4MaximumFragmentOffset = 8183 // Maximum offset of a fragment - IPv4MaximumFragmentListLen = 8192 // Back out if we get more than this many fragments -) - -type fragments struct { - List list.List - Highest uint16 - Current uint16 - LastSeen time.Time -} - -func (f *fragments) insert(in gopacket.Packet) (gopacket.Packet, error) { - var inFragOffset uint16 - var inFragLength uint16 - var inFragMore bool - - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - inIP6 := in.Layer(layers.LayerTypeIPv6).(*layers.IPv6) - inFrag6 := in.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment) - inFragOffset = inFrag6.FragmentOffset * 8 - inFragLength = inIP6.Length - 8 - inFragMore = inFrag6.MoreFragments - } - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - inIP4 := in.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - inFragOffset = inIP4.FragOffset * 8 - inFragLength = inIP4.Length - 20 - inFragMore = inIP4.Flags&layers.IPv4MoreFragments > 0 - } - - if inFragOffset >= f.Highest { - f.List.PushBack(in) - } else { - for e := f.List.Front(); e != nil; e = e.Next() { - packet, _ := e.Value.(gopacket.Packet) - - var fragOffset uint16 - - switch packet.NetworkLayer().LayerType() { - case layers.LayerTypeIPv6: - if frag6Layer := packet.Layer(layers.LayerTypeIPv6Fragment); frag6Layer != nil { - frag6 := frag6Layer.(*layers.IPv6Fragment) - fragOffset = frag6.FragmentOffset * 8 - } - case layers.LayerTypeIPv4: - ip4, _ := packet.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - fragOffset = ip4.FragOffset * 8 - } - - if inFragOffset == fragOffset { - return nil, nil - } - if inFragOffset <= fragOffset { - f.List.InsertBefore(in, e) - break - } - } - } - - f.LastSeen = in.Metadata().Timestamp - - // After inserting the Fragment, we update the counters - if f.Highest < inFragOffset+inFragLength { - f.Highest = inFragOffset + inFragLength - } - f.Current += inFragLength - - // Final Fragment ? - if !inFragMore && f.Highest == f.Current { - return f.build(in) - } - return nil, nil -} - -func (f *fragments) build(in gopacket.Packet) (gopacket.Packet, error) { - var final []byte - var currentOffset uint16 - - for e := f.List.Front(); e != nil; e = e.Next() { - pack, _ := e.Value.(gopacket.Packet) - - var fragOffset uint16 - var fragLength uint16 - var fragPayload []byte - var ipOffset uint16 - - if pack.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - frag6 := pack.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment) - ip6 := pack.Layer(layers.LayerTypeIPv6).(*layers.IPv6) - - fragOffset = frag6.FragmentOffset - fragLength = ip6.Length - fragPayload = frag6.Payload - ipOffset = 8 - } - if pack.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ip4 := pack.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - - fragOffset = ip4.FragOffset - fragLength = ip4.Length - fragPayload = ip4.Payload - ipOffset = 20 - } - - offset := fragOffset * 8 - switch { - case offset == currentOffset: - final = append(final, fragPayload...) - currentOffset = currentOffset + fragLength - ipOffset - case offset < currentOffset: - startAt := currentOffset - fragOffset*8 - if startAt > fragLength-ipOffset { - return nil, fmt.Errorf("defrag: invalid fragment") - } - final = append(final, fragPayload[startAt:]...) - currentOffset += fragOffset * 8 - default: - // Houston - we have an hole ! - return nil, fmt.Errorf("defrag: hole found") - } - } - - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ip4 := in.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - out := &layers.IPv4{ - Version: ip4.Version, - IHL: ip4.IHL, - TOS: ip4.TOS, - Length: f.Highest, - Id: ip4.Id, - Flags: 0, - FragOffset: 0, - TTL: ip4.TTL, - Protocol: ip4.Protocol, - Checksum: 0, - SrcIP: ip4.SrcIP, - DstIP: ip4.DstIP, - Options: ip4.Options, - Padding: ip4.Padding, - } - out.Payload = final - - buf := gopacket.NewSerializeBuffer() - ops := gopacket.SerializeOptions{ - FixLengths: true, - ComputeChecksums: true, - } - - ip4Payload, _ := buf.PrependBytes(len(final)) - copy(ip4Payload, final) - out.SerializeTo(buf, ops) - - outPacket := gopacket.NewPacket(buf.Bytes(), layers.LayerTypeIPv4, gopacket.Default) - outPacket.Metadata().CaptureLength = len(outPacket.Data()) - outPacket.Metadata().Length = len(outPacket.Data()) - outPacket.Metadata().Timestamp = in.Metadata().Timestamp - - // workaround to mark the packet as reassembled - outPacket.Metadata().Truncated = true - return outPacket, nil - } - - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - ip6 := in.Layer(layers.LayerTypeIPv6).(*layers.IPv6) - frag6 := in.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment) - out := &layers.IPv6{ - Version: ip6.Version, - TrafficClass: ip6.TrafficClass, - FlowLabel: ip6.FlowLabel, - Length: f.Highest, - NextHeader: frag6.NextHeader, - HopLimit: ip6.HopLimit, - SrcIP: ip6.SrcIP, - DstIP: ip6.DstIP, - HopByHop: ip6.HopByHop, - } - out.Payload = final - - buf := gopacket.NewSerializeBuffer() - ops := gopacket.SerializeOptions{ - FixLengths: true, - ComputeChecksums: true, - } - - v6Payload, _ := buf.PrependBytes(len(final)) - copy(v6Payload, final) - - out.SerializeTo(buf, ops) - outPacket := gopacket.NewPacket(buf.Bytes(), layers.LayerTypeIPv6, gopacket.Default) - outPacket.Metadata().CaptureLength = len(outPacket.Data()) - outPacket.Metadata().Length = len(outPacket.Data()) - outPacket.Metadata().Timestamp = in.Metadata().Timestamp - - // workaround to mark the packet as reassembled - outPacket.Metadata().Truncated = true - - return outPacket, nil - } - return nil, nil -} - -type ipFlow struct { - flow gopacket.Flow - id uint32 -} - -func newIPv4(packet gopacket.Packet) ipFlow { - ip4 := packet.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - return ipFlow{ - flow: ip4.NetworkFlow(), - id: uint32(ip4.Id), - } -} - -func newIPv6(packet gopacket.Packet) ipFlow { - frag := packet.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment) - ip6 := packet.Layer(layers.LayerTypeIPv6).(*layers.IPv6) - return ipFlow{ - flow: ip6.NetworkFlow(), - id: frag.Identification, - } -} - -type IPDefragmenter struct { - sync.RWMutex - ipFlows map[ipFlow]*fragments -} - -func NewIPDefragmenter() *IPDefragmenter { - return &IPDefragmenter{ - ipFlows: make(map[ipFlow]*fragments), - } -} - -func (d *IPDefragmenter) DefragIP(in gopacket.Packet) (gopacket.Packet, error) { - // check if we need to defrag - if st := d.dontDefrag(in); st { - return in, nil - } - - // perfom security checks - if err := d.securityChecks(in); err != nil { - return nil, err - } - - // ok, got a fragment - // have we already seen a flow between src/dst with that Id? - var ipf ipFlow - var fl *fragments - var exist bool - var maxFrag int - - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ipf = newIPv4(in) - maxFrag = IPv4MaximumFragmentListLen - } - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - ipf = newIPv6(in) - maxFrag = IPv6MaximumFragmentListLen - } - d.Lock() - fl, exist = d.ipFlows[ipf] - if !exist { - fl = new(fragments) - d.ipFlows[ipf] = fl - } - d.Unlock() - - // insert, and if final build it - out, err2 := fl.insert(in) - - // at last, if we hit the maximum frag list len - // without any defrag success, we just drop everything and - // raise an error - if out == nil && fl.List.Len()+1 > maxFrag { - d.flush(ipf) - return nil, fmt.Errorf("fragment List hits its maximum") - } - - // if we got a packet, it's a new one, and he is defragmented - // when defrag is done for a flow between two ip clean the list - if out != nil { - d.flush(ipf) - return out, nil - } - return nil, err2 -} - -func (d *IPDefragmenter) dontDefrag(in gopacket.Packet) bool { - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - // check if we need to defrag - frag := in.Layer(layers.LayerTypeIPv6Fragment) - if frag == nil { - return true - } - } - - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ip4 := in.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - // don't defrag packet with DF flag - if ip4.Flags&layers.IPv4DontFragment != 0 { - return true - } - // don't defrag not fragmented ones - if ip4.Flags&layers.IPv4MoreFragments == 0 && ip4.FragOffset == 0 { - return true - } - } - - return false -} - -func (d *IPDefragmenter) securityChecks(in gopacket.Packet) error { - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - frag6 := in.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment) - - // don't allow too big fragment offset - if frag6.FragmentOffset > IPv6MaximumFragmentOffset { - return fmt.Errorf("fragment offset too big (handcrafted? %d > %d)", frag6.FragmentOffset, IPv6MaximumFragmentOffset) - } - fragOffset := uint32(frag6.FragmentOffset * 8) - - // don't allow fragment that would oversize an IP packet - if fragOffset+uint32(len(frag6.Payload)) > IPv6MaximumSize { - return fmt.Errorf("fragment will overrun (handcrafted? %d > %d)", fragOffset+uint32(len(frag6.Payload)), IPv6MaximumFragmentOffset) - } - } - if in.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ip4 := in.Layer(layers.LayerTypeIPv4).(*layers.IPv4) - fragSize := ip4.Length - uint16(ip4.IHL)*4 - - // don't allow small fragments outside of specification - if fragSize < IPv4MinimumFragmentSize { - return fmt.Errorf("fragment too small(handcrafted? %d < %d)", fragSize, IPv4MinimumFragmentSize) - } - - // don't allow too big fragment offset - if ip4.FragOffset > IPv4MaximumFragmentOffset { - return fmt.Errorf("fragment offset too big (handcrafted? %d > %d)", ip4.FragOffset, IPv4MaximumFragmentOffset) - } - fragOffset := ip4.FragOffset * 8 - - // don't allow fragment that would oversize an IP packet - if fragOffset+ip4.Length > IPv4MaximumSize { - return fmt.Errorf("fragment will overrun (handcrafted? %d > %d)", fragOffset+ip4.Length, IPv4MaximumSize) - } - } - - return nil -} - -func (d *IPDefragmenter) flush(ipf ipFlow) { - d.Lock() - delete(d.ipFlows, ipf) - d.Unlock() -} - -func (d *IPDefragmenter) DiscardOlderThan(t time.Time) int { - var nb int - d.Lock() - for k, v := range d.ipFlows { - if v.LastSeen.Before(t) { - nb++ - delete(d.ipFlows, k) - } - } - d.Unlock() - return nb -} diff --git a/netutils/ipdefrag_test.go b/netutils/ipdefrag_test.go deleted file mode 100644 index ea7b7e61..00000000 --- a/netutils/ipdefrag_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package netutils - -import ( - "testing" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" -) - -func TestIpDefrag_IPv4Fragment(t *testing.T) { - // fragmented packet, see the packet in testsdata/pcap/dnsdump_ip4_fragmented_query.pcap - frag1Bytes := []byte{0x58, 0x1d, 0xd8, 0x12, 0x84, 0x10, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x08, 0x00, - 0x45, 0x00, 0x00, 0x4c, 0x00, 0x01, 0x20, 0x00, 0x40, 0x11, 0xcb, 0x8f, 0x7f, 0x00, 0x00, 0x01, - 0x08, 0x08, 0x08, 0x08, 0x30, 0x39, 0x00, 0x35, 0x00, 0x5d, 0xf9, 0x10, 0xaa, 0xaa, 0x01, 0x00, - 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3f, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41} - frag1 := gopacket.NewPacket(frag1Bytes, layers.LayerTypeEthernet, gopacket.Default) - frag2Bytes := []byte{0x58, 0x1d, 0xd8, 0x12, 0x84, 0x10, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x08, 0x00, - 0x45, 0x00, 0x00, 0x39, 0x00, 0x01, 0x00, 0x07, 0x40, 0x11, 0xeb, 0x9b, 0x7f, 0x00, 0x00, 0x01, - 0x08, 0x08, 0x08, 0x08, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x03, 0x63, 0x6f, 0x6d, - 0x00, 0x00, 0x01, 0x00, 0x01} - frag2 := gopacket.NewPacket(frag2Bytes, layers.LayerTypeEthernet, gopacket.Default) - - defragger := NewIPDefragmenter() - _, err := defragger.DefragIP(frag1) - if err != nil { - t.Errorf("Unexpected error on the 1er defrag: %v", err) - } - - pkt, err := defragger.DefragIP(frag2) - if err != nil { - t.Errorf("Unexpected error on the 2nd defrag: %v", err) - } - - if pkt.Metadata().Length != 113 { - t.Errorf("Invalid reassembled packet size: %v", err) - } -} - -func TestIpDefrag_IPv4FragmentWithRetransmission(t *testing.T) { - - // fragmented packet, see the packet in testsdata/pcap/dnsdump_ip4_fragmented_query.pcap - packetBytes := []byte{ - 0x58, 0x1d, 0xd8, 0x12, 0x84, 0x10, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x08, 0x00, 0x45, 0x00, - 0x00, 0x39, 0x00, 0x01, 0x00, 0x07, 0x40, 0x11, 0xeb, 0x9b, 0x7f, 0x00, 0x00, 0x01, 0x08, 0x08, - 0x08, 0x08, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x03, 0x63, - 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, - } - packet := gopacket.NewPacket(packetBytes, layers.LayerTypeEthernet, gopacket.Default) - - // This packet is just a fragment - defragger := NewIPDefragmenter() - _, err := defragger.DefragIP(packet) - if err != nil { - t.Errorf("Unexpected error on the 1er defrag: %v", err) - } - - // Try to defrag the same packet - _, err = defragger.DefragIP(packet) - if err != nil { - t.Errorf("Unexpected error for the 2nd defrag: %v", err) - } -} - -func TestIpDefrag_IPv6Fragment(t *testing.T) { - // fragmented packet, see the packet in testsdata/pcap/dnsdump_ip4_fragmented_query.pcap - frag1Bytes := []byte{0x33, 0x33, 0x00, 0x00, 0x00, 0x01, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x86, 0xdd, 0x60, 0x00, - 0x00, 0x00, 0x00, 0x38, 0x2c, 0x40, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5b, 0x20, - 0xbf, 0xa1, 0x87, 0x8c, 0x3a, 0x68, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x11, 0x00, 0x00, 0x01, 0xee, 0x8f, 0x5f, 0xf8, 0x30, 0x39, - 0x00, 0x35, 0x00, 0x61, 0x98, 0xc4, 0xaa, 0xaa, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x3f, 0x63, 0x6f, 0x6d, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41} - frag1 := gopacket.NewPacket(frag1Bytes, layers.LayerTypeEthernet, gopacket.Default) - frag2Bytes := []byte{0x33, 0x33, 0x00, 0x00, 0x00, 0x01, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x86, 0xdd, 0x60, 0x00, - 0x00, 0x00, 0x00, 0x39, 0x2c, 0x40, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x5b, 0x20, - 0xbf, 0xa1, 0x87, 0x8c, 0x3a, 0x68, 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x11, 0x00, 0x00, 0x30, 0xee, 0x8f, 0x5f, 0xf8, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, - 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x01, 0x00, 0x01} - frag2 := gopacket.NewPacket(frag2Bytes, layers.LayerTypeEthernet, gopacket.Default) - - defragger := NewIPDefragmenter() - _, err := defragger.DefragIP(frag1) - if err != nil { - t.Errorf("Unexpected error on the 1er defrag: %v", err) - } - - pkt, err := defragger.DefragIP(frag2) - if err != nil { - t.Errorf("Unexpected error on the 2nd defrag: %v", err) - } - - if pkt.Metadata().Length != 137 { - t.Errorf("Invalid reassembled packet size: %v", err) - } -} diff --git a/netutils/networkdecoder.go b/netutils/networkdecoder.go deleted file mode 100644 index 3171316c..00000000 --- a/netutils/networkdecoder.go +++ /dev/null @@ -1,126 +0,0 @@ -package netutils - -import ( - "fmt" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" -) - -type NetDecoder struct{} - -const ( - IPv4ProtocolTCP = layers.IPProtocolTCP - IPv4ProtocolUDP = layers.IPProtocolUDP - IPv6ProtocolTCP = layers.IPProtocolTCP - IPv6ProtocolUDP = layers.IPProtocolUDP - IPv6ProtocolFragment = layers.IPProtocolIPv6Fragment -) - -func (d *NetDecoder) Decode(data []byte, p gopacket.PacketBuilder) error { - // Decode the Ethernet layer - ethernetLayer := &layers.Ethernet{} - if err := ethernetLayer.DecodeFromBytes(data, p); err != nil { - return err - } - p.AddLayer(ethernetLayer) - p.SetLinkLayer(ethernetLayer) - - // Check the EtherType of the Ethernet layer to determine the next layer - switch ethernetLayer.EthernetType { - case layers.EthernetTypeIPv4: - return d.decodeIPv4(ethernetLayer.Payload, p) - case layers.EthernetTypeIPv6: - return d.decodeIPv6(ethernetLayer.Payload, p) - } - - return nil -} - -func (d *NetDecoder) decodeIPv4(data []byte, p gopacket.PacketBuilder) error { - // Decode the IPv4 layer - ipv4Layer := &layers.IPv4{} - if err := ipv4Layer.DecodeFromBytes(data, p); err != nil { - return err - } - p.AddLayer(ipv4Layer) - p.SetNetworkLayer(ipv4Layer) - - // Check the Protocol of the IPv4 layer to determine the next layer - switch ipv4Layer.Protocol { - case IPv4ProtocolTCP: - return d.decodeTCP(ipv4Layer.Payload, p) - case IPv4ProtocolUDP: - return d.decodeUDP(ipv4Layer.Payload, p) - } - - return nil -} - -func (d *NetDecoder) decodeIPv6(data []byte, p gopacket.PacketBuilder) error { - - ipv6Layer := &layers.IPv6{} - if err := ipv6Layer.DecodeFromBytes(data, p); err != nil { - return err - } - p.AddLayer(ipv6Layer) - p.SetNetworkLayer(ipv6Layer) - - // Check the NextHeader of the IPv6 layer to determine the next layer - switch ipv6Layer.NextHeader { - case IPv6ProtocolTCP: - return d.decodeTCP(ipv6Layer.Payload, p) - case IPv6ProtocolUDP: - return d.decodeUDP(ipv6Layer.Payload, p) - case IPv6ProtocolFragment: - return d.decodeIPv6Fragment(ipv6Layer.Payload, p) - } - return nil -} - -func (d *NetDecoder) decodeIPv6Fragment(data []byte, p gopacket.PacketBuilder) error { - // Create a new packet from the byte slice - packet := gopacket.NewPacket(data, layers.LayerTypeIPv6Fragment, gopacket.Default) - - ipv6FragLayer := packet.Layer(layers.LayerTypeIPv6Fragment) - if ipv6FragLayer == nil { - return fmt.Errorf("no ipv6 fragment layer") - } - - p.AddLayer(ipv6FragLayer) - - ipv6Frag := ipv6FragLayer.(*layers.IPv6Fragment) - - // This is the last fragment, so we can decode the payload - switch ipv6Frag.NextHeader { - case layers.IPProtocolTCP: - return d.decodeTCP(ipv6FragLayer.LayerPayload(), p) - case layers.IPProtocolUDP: - return d.decodeUDP(ipv6FragLayer.LayerPayload(), p) - } - return nil -} - -func (d *NetDecoder) decodeTCP(data []byte, p gopacket.PacketBuilder) error { - // Decode the TCP layer - tcpLayer := &layers.TCP{} - if err := tcpLayer.DecodeFromBytes(data, p); err != nil { - return err - } - p.AddLayer(tcpLayer) - p.SetTransportLayer(tcpLayer) - - return nil -} - -func (d *NetDecoder) decodeUDP(data []byte, p gopacket.PacketBuilder) error { - // Decode the UDP layer - udpLayer := &layers.UDP{} - if err := udpLayer.DecodeFromBytes(data, p); err != nil { - return err - } - p.AddLayer(udpLayer) - p.SetTransportLayer(udpLayer) - - return nil -} diff --git a/netutils/networkdecoder_test.go b/netutils/networkdecoder_test.go deleted file mode 100644 index 126c885f..00000000 --- a/netutils/networkdecoder_test.go +++ /dev/null @@ -1,326 +0,0 @@ -package netutils - -import ( - "testing" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" -) - -func TestNetDecoder_Decode_IPv4_UDP(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x08, 0x00, - // ipv4 - 0x45, 0x00, 0x00, 0x44, 0xe5, 0x6a, 0x00, 0x00, 0x6f, 0x11, - 0xec, 0x11, 0xac, 0xd9, 0x28, 0x4c, 0xc1, 0x18, 0xe3, 0xee, - // udp - 0xdd, 0x68, 0x00, 0x35, 0x00, 0x30, 0x0c, 0x33, - // udp payload (dns) - 0xd4, 0x3f, 0x00, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x77, - 0x65, 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, 0x64, 0x65, 0x00, 0x00, 0x30, 0x00, - 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv4); !ok { - t.Errorf("Expected IPv4 layer, got %T", packetLayers[1]) - } - ip4 := packetLayers[1].(*layers.IPv4) - if ip4.Flags&layers.IPv4MoreFragments > 0 { - t.Errorf("Expected more fragment") - } - if _, ok := packetLayers[2].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv4_TCP(t *testing.T) { - pkt := []byte{ - // ethernet - 0xb0, 0xbb, 0xe5, 0xb2, 0x46, 0x4c, 0xb0, 0x35, 0x9f, 0xd4, 0x03, 0x91, 0x08, 0x00, - // ipv4 - 0x45, 0x00, 0x00, 0x69, 0xb7, 0x65, 0x40, 0x00, 0x40, 0x06, 0xbf, - 0x6e, 0xc0, 0xa8, 0x01, 0x11, 0x01, 0x01, 0x01, 0x01, - // tcp - 0x8d, 0xcd, 0x00, 0x35, 0x39, 0x4f, 0x0c, 0xbb, 0xcf, 0x72, 0x32, 0xb3, 0x80, 0x18, - 0x01, 0xf6, 0x38, 0xc2, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x09, 0x5d, 0x2c, 0x7a, 0x65, 0xe0, - 0x63, 0x90, 0x00, 0x33, 0x85, 0x9f, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - 0x06, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00, 0x01, - 0x00, 0x00, 0x29, 0x04, 0xd0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x08, 0xdf, - 0x41, 0x92, 0x72, 0x53, 0xf5, 0x1b, 0x48, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[2].(*layers.TCP); !ok { - t.Errorf("Expected TCP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv4_MoreFragment(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x08, 0x00, - // ipv4 - 0x45, 0x00, 0x00, 0x44, 0xd0, 0xfe, 0x20, 0x00, 0x40, 0x11, - 0x09, 0xe6, 0xc1, 0x18, 0xe3, 0xee, 0xac, 0xd9, 0x28, 0x4c, - // udp - 0x00, 0x35, 0xdd, 0x68, 0x06, 0xae, 0xb4, 0x63, 0xd4, 0x3f, 0x84, 0x10, 0x00, 0x01, - 0x00, 0x04, 0x00, 0x00, 0x00, 0x01, 0x08, 0x77, 0x65, 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, - 0x64, 0x65, 0x00, 0x00, 0x30, 0x00, 0x01, 0xc0, 0x0c, 0x00, 0x30, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x3c, 0x02, 0x08, 0x01, 0x01, 0x03, 0x0a, 0x03, 0x01, 0x00, 0x01, 0xdd, 0xef, 0xfd, 0xed, 0x22, - 0xad, 0x76, 0x0a, 0x3b, 0x0b, 0x58, 0x10, 0x1d, 0xd5, 0x3d, 0xee, 0xf3, 0xf7, 0xda, 0xaf, 0x8b, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv4); !ok { - t.Errorf("Expected IPv4 layer, got %T", packetLayers[1]) - } - - ip4 := packetLayers[1].(*layers.IPv4) - if ip4.Flags&layers.IPv4MoreFragments != 1 { - t.Errorf("Expected more fragment flag") - } - if _, ok := packetLayers[2].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv4_FragmentOffset(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x08, 0x00, - // ipv4 - 0x45, 0x00, 0x00, 0xfa, 0xd0, 0xfe, 0x00, 0xb9, 0x40, 0x11, 0x2e, 0x0f, 0xc1, 0x18, 0xe3, 0xee, 0xac, 0xd9, - 0x28, 0x4c, - // udp - 0x92, 0x56, 0x69, 0x0f, 0x05, 0x4b, 0xdb, 0x48, 0x1e, 0x8f, 0xa8, 0x56, 0x36, 0x39, - 0xd5, 0xcc, 0xba, 0xf9, 0xf8, 0x22, 0x24, 0xd0, 0x76, 0xcc, 0x24, 0x9b, 0xda, 0x1d, 0x49, 0xf0, - 0x3e, 0x34, 0x44, 0x9c, 0x94, 0x65, 0x87, 0x34, 0x96, 0x0b, 0x8d, 0x1a, 0xb3, 0x33, 0xbe, 0x88, - 0x01, 0x62, 0x76, 0xf1, 0x22, 0x7b, 0x83, 0x28, 0x3d, 0x81, 0xf1, 0x21, 0x9a, 0xba, 0x6c, 0x6c, - 0xca, 0x72, 0x6e, 0x94, 0x14, 0x99, 0x4d, 0xd7, 0xbb, 0xe2, 0x49, 0xee, 0x72, 0x69, 0x3e, 0xee, - 0x0e, 0x03, 0x6c, 0xcd, 0x33, 0xc9, 0xf4, 0x43, 0xd1, 0x6d, 0xd1, 0x84, 0x3d, 0xee, 0xd0, 0xd1, - 0x5d, 0x8e, 0x2f, 0xf4, 0xce, 0x68, 0x88, 0xf3, 0x5e, 0xd5, 0x90, 0x21, 0x36, 0x1a, 0x95, 0x6f, - 0xb8, 0xbd, 0xc5, 0xf0, 0xa0, 0xc2, 0x0b, 0xe1, 0x0c, 0x62, 0x32, 0x65, 0x38, 0x7a, 0x8c, 0xf9, - 0x24, 0xc9, 0xc4, 0xfa, 0xbd, 0x64, 0x5f, 0x31, 0x25, 0xc5, 0x48, 0x4e, 0x40, 0xba, 0x11, 0x8e, - 0x82, 0x75, 0x19, 0x98, 0x99, 0x07, 0x6a, 0xbd, 0x16, 0x16, 0xcc, 0x35, 0xcf, 0x8c, 0x6b, 0x72, - 0xbb, 0x95, 0xd3, 0xd7, 0x71, 0xf5, 0x54, 0x2f, 0x08, 0x26, 0x2b, 0x0d, 0x51, 0xe8, 0x41, 0x0e, - 0xbd, 0x8f, 0x7a, 0x9a, 0x40, 0x35, 0x47, 0x57, 0x16, 0x5c, 0xaa, 0x55, 0x0e, 0xa6, 0x01, 0x12, - 0xfa, 0x52, 0x74, 0xc1, 0x4f, 0x4c, 0x5a, 0x9b, 0xb0, 0xe9, 0x9a, 0xec, 0x72, 0x70, 0xee, 0xc1, - 0x3a, 0xa9, 0x76, 0xac, 0x2e, 0xca, 0x04, 0x96, 0xf8, 0x97, 0x29, 0x20, 0xf4, 0x00, 0x00, 0x29, - 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv4); !ok { - t.Errorf("Expected IPv4 layer, got %T", packetLayers[1]) - } - - ip4 := packetLayers[1].(*layers.IPv4) - if ip4.FragOffset == 1480 { - t.Errorf("Expected fragment offset equal to 1480") - } - if ip4.Flags&layers.IPv4MoreFragments != 0 { - t.Errorf("Expected no flag for more fragment") - } - - if _, ok := packetLayers[2].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv6_UDP(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x86, 0xdd, - // ipv6 - 0x60, 0x02, 0xb8, 0xfc, 0x00, 0x42, 0x11, 0x6b, 0x2a, 0x00, 0x14, 0x50, 0x40, 0x13, 0x0c, 0x03, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x01, 0x0a, 0x20, 0x01, 0x04, 0x70, 0x76, 0x5b, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x0a, 0x25, 0x00, 0x53, - // udp - 0xb5, 0x61, 0x00, 0x35, 0x00, 0x42, 0xec, 0x92, 0xe9, 0xc4, - 0x00, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x70, 0x61, 0x08, 0x77, 0x65, - 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, 0x64, 0x65, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, - 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x0f, 0x00, 0x08, 0x00, 0x0b, 0x00, 0x02, 0x38, - 0x00, 0x20, 0x01, 0x04, 0x70, 0x1f, 0x0b, 0x16, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv6); !ok { - t.Errorf("Expected IPv6 layer, got %T", packetLayers[1]) - } - if _, ok := packetLayers[2].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv6_TCP(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x0c, 0x29, 0x62, 0x31, 0x2a, 0x00, 0x0c, 0x29, 0x7c, 0xa4, 0xcb, 0x86, 0xdd, - // ipv6 - 0x60, 0x0f, 0x4e, 0xd4, 0x00, 0x56, 0x06, 0x40, 0x20, 0x01, 0x04, 0x70, 0x1f, 0x0b, 0x16, 0xb0, 0x02, 0x0c, - 0x29, 0xff, 0xfe, 0x7c, 0xa4, 0xcb, 0x20, 0x01, 0x04, 0x70, 0x1f, 0x0b, 0x16, 0xb0, 0x00, 0x00, - 0x00, 0x00, 0x0a, 0x26, 0x00, 0x53, - // tcp - 0xdf, 0x01, 0x00, 0x35, 0x21, 0xcd, 0x16, 0x09, 0x5c, 0x07, - 0xf0, 0xa9, 0x80, 0x18, 0x00, 0xbf, 0x8e, 0x81, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x84, 0x45, - 0xdf, 0x3b, 0x12, 0x7c, 0xd3, 0xd2, 0x00, 0x34, 0x80, 0xe4, 0x01, 0x20, 0x00, 0x01, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x08, 0x77, 0x65, 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, 0x64, 0x65, - 0x00, 0x00, 0x30, 0x00, 0x01, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x0c, - 0x00, 0x0a, 0x00, 0x08, 0x1b, 0x9a, 0xf6, 0x22, 0xab, 0x2c, 0x97, 0x40, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 3 { - t.Fatalf("Unexpected number of layers: expected 3, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv6); !ok { - t.Errorf("Expected IPv6 layer, got %T", packetLayers[1]) - } - if _, ok := packetLayers[2].(*layers.TCP); !ok { - t.Errorf("Expected TCP layer, got %T", packetLayers[2]) - } -} - -func TestNetDecoder_Decode_IPv6_Fragment(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x86, 0xdd, - // ipv6 - 0x60, 0x07, 0x87, 0xfd, 0x00, 0x28, 0x2c, 0x40, 0x20, 0x01, 0x04, 0x70, 0x76, 0x5b, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x0a, 0x25, 0x00, 0x53, 0x2a, 0x00, 0x14, 0x50, 0x40, 0x13, 0x0c, 0x03, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x01, 0x0a, - // data fragment - 0x11, 0x00, 0x00, 0x01, 0x28, 0x40, 0x3c, 0x0b, 0x00, 0x35, - 0xb5, 0x61, 0x05, 0xe5, 0x14, 0x8e, 0xe9, 0xc4, 0x84, 0x10, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, - 0x00, 0x09, 0x02, 0x70, 0x61, 0x08, 0x77, 0x65, 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, 0x64, - 0x65, 0x00, 0x00, 0x1c, 0x00, 0x01, 0xc0, 0x0c, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x3c, - 0x00, 0x10, 0x20, 0x01, 0x04, 0x70, 0x1f, 0x0b, 0x10, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x02, 0xc0, 0x0c, 0x00, 0x2e, 0x00, 0x01, 0x00, 0x00, 0x00, 0x3c, 0x01, 0x1f, 0x00, 0x1c, - 0x0a, 0x03, 0x00, 0x00, 0x00, 0x3c, 0x5d, 0x06, 0x59, 0xfc, 0x5c, 0xde, 0xbe, 0xec, 0x90, 0x47, - 0x08, 0x77, 0x65, 0x62, 0x65, 0x72, 0x6c, 0x61, 0x62, 0x02, 0x64, 0x65, 0x00, 0xb5, 0xa6, 0x75, - 0xcd, 0xf5, 0xa2, 0x41, 0xe3, 0xbc, 0x5c, 0x12, 0x5d, 0x2d, 0xf9, 0x1c, 0x89, 0x3e, 0xbf, 0xe9, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 4 { - t.Fatalf("Unexpected number of layers: expected 4, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv6); !ok { - t.Errorf("Expected IPv6 layer, got %T", packetLayers[1]) - } - if _, ok := packetLayers[2].(*layers.IPv6Fragment); !ok { - t.Errorf("Expected IPv6 framgment layer, got %T", packetLayers[2]) - } - if _, ok := packetLayers[3].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[3]) - } -} - -func TestNetDecoder_Decode_IPv6_EndFragment(t *testing.T) { - pkt := []byte{ - // ethernet - 0x00, 0x86, 0x9c, 0xe7, 0x55, 0x14, 0x00, 0x0c, 0x29, 0x8a, 0x5d, 0xd7, 0x86, 0xdd, - // ipv6 - 0x60, 0x07, 0x87, 0xfd, 0x00, 0x45, 0x2c, 0x40, 0x20, 0x01, 0x04, 0x70, 0x76, 0x5b, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x0a, 0x25, 0x00, 0x53, 0x2a, 0x00, 0x14, 0x50, 0x40, 0x13, 0x0c, 0x03, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x01, 0x0a, 0x11, 0x00, 0x05, 0xa8, 0x28, 0x40, 0x3c, 0x0b, - // udp payload - 0x5d, 0x7a, 0xb6, 0x6a, 0x1c, 0xea, 0x61, 0x8d, 0x79, 0x65, 0x32, 0x4f, 0x2c, 0x1e, 0xcc, 0x06, 0x91, 0x26, - 0x9a, 0x0e, 0x84, 0x7f, 0x00, 0xbf, 0x5b, 0xa9, 0x29, 0xc8, 0x49, 0x05, 0xca, 0x72, 0x79, 0xec, - 0xe6, 0x00, 0x00, 0x29, 0x10, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x0f, 0x00, 0x08, 0x00, 0x0b, - 0x00, 0x02, 0x38, 0x00, 0x20, 0x01, 0x04, 0x70, 0x1f, 0x0b, 0x16, - } - - decoder := &NetDecoder{} - - packet := gopacket.NewPacket(pkt, decoder, gopacket.NoCopy) - - packetLayers := packet.Layers() - if len(packetLayers) != 4 { - t.Fatalf("Unexpected number of layers: expected 4, got %d", len(packetLayers)) - } - - if _, ok := packetLayers[0].(*layers.Ethernet); !ok { - t.Errorf("Expected Ethernet layer, got %T", packetLayers[0]) - } - if _, ok := packetLayers[1].(*layers.IPv6); !ok { - t.Errorf("Expected IPv6 layer, got %T", packetLayers[1]) - } - if _, ok := packetLayers[2].(*layers.IPv6Fragment); !ok { - t.Errorf("Expected IPv6 framgment layer, got %T", packetLayers[2]) - } - if _, ok := packetLayers[3].(*layers.UDP); !ok { - t.Errorf("Expected UDP layer, got %T", packetLayers[3]) - } -} diff --git a/netutils/packetproccesor.go b/netutils/packetproccesor.go deleted file mode 100644 index dd6b1129..00000000 --- a/netutils/packetproccesor.go +++ /dev/null @@ -1,119 +0,0 @@ -package netutils - -import ( - "time" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" - "github.com/google/gopacket/tcpassembly" -) - -// DefragPacket is a struct that holds DNS data -type DNSPacket struct { - // DNS payload - Payload []byte - // IP layer - IPLayer gopacket.Flow - // Transport layer - TransportLayer gopacket.Flow - // Timestamp - Timestamp time.Time - // IP Defragmented - IPDefragmented bool - // TCP reassembly - TCPReassembled bool -} - -func UDPProcessor(udpInput chan gopacket.Packet, dnsOutput chan DNSPacket, portFilter int) { - for packet := range udpInput { - p := packet.TransportLayer().(*layers.UDP) - - if portFilter > 0 { - if int(p.SrcPort) != portFilter && int(p.DstPort) != portFilter { - continue - } - } - - dnsOutput <- DNSPacket{ - Payload: p.Payload, - IPLayer: packet.NetworkLayer().NetworkFlow(), - TransportLayer: p.TransportFlow(), - Timestamp: packet.Metadata().Timestamp, - TCPReassembled: false, - IPDefragmented: packet.Metadata().Truncated, - } - } -} - -func TCPAssembler(tcpInput chan gopacket.Packet, dnsOutput chan DNSPacket, portFilter int) { - streamFactory := &DNSStreamFactory{Reassembled: dnsOutput} - streamPool := tcpassembly.NewStreamPool(streamFactory) - assembler := tcpassembly.NewAssembler(streamPool) - - ticker := time.NewTicker(time.Minute * 1) - - for { - select { - case packet, more := <-tcpInput: - if !more { - goto FLUSHALL - } - p := packet.TransportLayer().(*layers.TCP) - - // ip fragments should not happened with tcp ... - if packet.Metadata().Truncated { - streamFactory.IPDefragmented = packet.Metadata().Truncated - } - - // ignore packet ? - if portFilter > 0 { - if int(p.SrcPort) != portFilter && int(p.DstPort) != portFilter { - continue - } - } - - assembler.AssembleWithTimestamp( - packet.NetworkLayer().NetworkFlow(), - packet.TransportLayer().(*layers.TCP), - packet.Metadata().Timestamp, - ) - case <-ticker.C: - // Every minute, flush connections that haven't seen activity in the past 2 minutes. - assembler.FlushOlderThan(time.Now().Add(time.Minute * -2)) - } - } -FLUSHALL: - assembler.FlushAll() -} - -func IPDefragger(ipInput chan gopacket.Packet, udpOutput chan gopacket.Packet, tcpOutput chan gopacket.Packet, port int) { - defragger := NewIPDefragmenter() - for fragment := range ipInput { - reassembled, err := defragger.DefragIP(fragment) - if err != nil { - break - } - if reassembled == nil { - continue - } - - if reassembled.TransportLayer() != nil && reassembled.TransportLayer().LayerType() == layers.LayerTypeUDP { - // ignore packet regarding udp port - pkt := reassembled.TransportLayer().(*layers.UDP) - if pkt.DstPort != layers.UDPPort(port) && pkt.SrcPort != layers.UDPPort(port) { - continue - } - // valid reassembled packet - udpOutput <- reassembled - } - if reassembled.TransportLayer() != nil && reassembled.TransportLayer().LayerType() == layers.LayerTypeTCP { - // ignore packet regarding udp port - pkt := reassembled.TransportLayer().(*layers.TCP) - if pkt.DstPort != layers.TCPPort(port) && pkt.SrcPort != layers.TCPPort(port) { - continue - } - // valid reassembled packet - tcpOutput <- reassembled - } - } -} diff --git a/netutils/packetprocessor_test.go b/netutils/packetprocessor_test.go deleted file mode 100644 index 64d72947..00000000 --- a/netutils/packetprocessor_test.go +++ /dev/null @@ -1,110 +0,0 @@ -package netutils - -import ( - "os" - "testing" - "time" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" - "github.com/google/gopacket/pcapgo" -) - -func Test_IpDefrag(t *testing.T) { - tests := []struct { - name string - pcapFile string - nbPackets int - }{ - { - name: "DNS UDP with IPv4 Fragmented", - pcapFile: "./../tests/testsdata/pcap/dnsdump_ip4_fragmented+udp.pcap", - nbPackets: 2, - }, - - { - name: "DNS UDP with IPv6 Fragmented", - pcapFile: "./../tests/testsdata/pcap/dnsdump_ip6_fragmented+udp.pcap", - nbPackets: 2, - }, - } - - done := make(chan bool) - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - f, err := os.Open(tc.pcapFile) - if err != nil { - t.Errorf("unable to open file: %s", err) - return - } - defer f.Close() - - pcapHandler, err := pcapgo.NewReader(f) - if err != nil { - t.Errorf("unable to open pcap file: %s", err) - return - } - - fragIP4Chan := make(chan gopacket.Packet) - fragIP6Chan := make(chan gopacket.Packet) - outputChan := make(chan gopacket.Packet, 2) - - // defrag ipv4 - go IPDefragger(fragIP4Chan, outputChan, outputChan, 53) - // defrag ipv6 - go IPDefragger(fragIP6Chan, outputChan, outputChan, 53) - - packetSource := gopacket.NewPacketSource(pcapHandler, pcapHandler.LinkType()) - packetSource.DecodeOptions.Lazy = true - - nbPackets := 0 - timeout := time.After(1 * time.Second) - go func() { - - for { - select { - case <-outputChan: - nbPackets++ - case <-timeout: - goto STOP - } - } - STOP: - done <- true - }() - - for { - packet, err := packetSource.NextPacket() - if err != nil { - break - } - - // ipv4 fragmented packet ? - if packet.NetworkLayer().LayerType() == layers.LayerTypeIPv4 { - ip4 := packet.NetworkLayer().(*layers.IPv4) - if ip4.Flags&layers.IPv4MoreFragments == 1 || ip4.FragOffset > 0 { - fragIP4Chan <- packet - } else { - outputChan <- packet - } - } - - if packet.NetworkLayer().LayerType() == layers.LayerTypeIPv6 { - v6frag := packet.Layer(layers.LayerTypeIPv6Fragment) - if v6frag != nil { - fragIP6Chan <- packet - } else { - outputChan <- packet - } - } - - } - - <-done - - if nbPackets != tc.nbPackets { - t.Errorf("bad number of packets, wants: %d, got: %d", tc.nbPackets, nbPackets) - } - }) - } -} diff --git a/netutils/sock.go b/netutils/sock.go deleted file mode 100644 index 1afa2bbe..00000000 --- a/netutils/sock.go +++ /dev/null @@ -1,43 +0,0 @@ -//go:build linux || darwin || freebsd -// +build linux darwin freebsd - -package netutils - -import ( - "crypto/tls" - "net" - "os" - "syscall" -) - -// Configure SO_RCVBUF, thanks to https://github.com/dmachard/go-dns-collector/issues/61#issuecomment-1201199895 -func SetSockRCVBUF(conn net.Conn, desired int, isTLS bool) (int, int, error) { - var file *os.File - var err error - if isTLS { - tlsConn := conn.(*tls.Conn).NetConn() - file, err = tlsConn.(*net.TCPConn).File() - if err != nil { - return 0, 0, err - } - } else { - file, err = conn.(*net.TCPConn).File() - if err != nil { - return 0, 0, err - } - } - - // get the before value - before, err := syscall.GetsockoptInt(int(file.Fd()), syscall.SOL_SOCKET, syscall.SO_RCVBUF) - if err != nil { - return 0, 0, err - } - - // set the new one and check the new actual value - syscall.SetsockoptInt(int(file.Fd()), syscall.SOL_SOCKET, syscall.SO_RCVBUF, desired) - actual, err := syscall.GetsockoptInt(int(file.Fd()), syscall.SOL_SOCKET, syscall.SO_RCVBUF) - if err != nil { - return 0, 0, err - } - return before, actual, nil -} diff --git a/netutils/sock_windows.go b/netutils/sock_windows.go deleted file mode 100644 index bdfdee11..00000000 --- a/netutils/sock_windows.go +++ /dev/null @@ -1,44 +0,0 @@ -//go:build windows -// +build windows - -package netutils - -import ( - "crypto/tls" - "net" - "os" - - "golang.org/x/sys/windows" -) - -// Configure SO_RCVBUF, thanks to https://github.com/dmachard/go-dns-collector/issues/61#issuecomment-1201199895 -func SetSockRCVBUF(conn net.Conn, desired int, is_tls bool) (int, int, error) { - var file *os.File - var err error - if is_tls { - tlsConn := conn.(*tls.Conn).NetConn() - file, err = tlsConn.(*net.TCPConn).File() - if err != nil { - return 0, 0, err - } - } else { - file, err = conn.(*net.TCPConn).File() - if err != nil { - return 0, 0, err - } - } - - // get the before value - before, err := windows.GetsockoptInt(windows.Handle(file.Fd()), windows.SOL_SOCKET, windows.SO_RCVBUF) - if err != nil { - return 0, 0, err - } - - // set the new one and check the new actual value - windows.SetsockoptInt(windows.Handle(file.Fd()), windows.SOL_SOCKET, windows.SO_RCVBUF, desired) - actual, err := windows.GetsockoptInt(windows.Handle(file.Fd()), windows.SOL_SOCKET, windows.SO_RCVBUF) - if err != nil { - return 0, 0, err - } - return before, actual, nil -} diff --git a/netutils/tcpassembly.go b/netutils/tcpassembly.go deleted file mode 100644 index 0a167dd0..00000000 --- a/netutils/tcpassembly.go +++ /dev/null @@ -1,87 +0,0 @@ -package netutils - -import ( - "bytes" - "io" - "time" - - "github.com/google/gopacket" - "github.com/google/gopacket/tcpassembly" -) - -type DNSStreamFactory struct { - // Channel to send reassembled DNS data - Reassembled chan DNSPacket - IPDefragmented bool -} - -func (s *DNSStreamFactory) New(net, transport gopacket.Flow) tcpassembly.Stream { - return &stream{ - net: net, - transport: transport, - data: make([]byte, 0), - reassembled: s.Reassembled, - ipDefragmented: s.IPDefragmented, - } -} - -type stream struct { - net, transport gopacket.Flow - data []byte - lenDNS int - LastSeen time.Time - reassembled chan DNSPacket - tcpReassembled bool - ipDefragmented bool -} - -func (s *stream) Reassembled(rs []tcpassembly.Reassembly) { - for _, r := range rs { - if r.Skip > 0 { - continue - } - // Append the reassembled data to the existing data - s.data = append(s.data, r.Bytes...) - - // If the length of the DNS message has not been read yet, try to read it from the TCP stream - if s.lenDNS == 0 { - lenBuf := make([]byte, 2) - - reader := bytes.NewReader(s.data) - nRead, err := io.ReadFull(reader, lenBuf) - if err != nil { - continue - } - if nRead < 2 { - continue - } - - // Convert the length of the DNS message from the buffer to a uint - s.lenDNS = int(uint(lenBuf[0])<<8 | uint(lenBuf[1])) - s.tcpReassembled = false - } - - if len(s.data) == s.lenDNS+2 { - s.LastSeen = r.Seen - - // send the reassembled data to the channel - s.reassembled <- DNSPacket{ - Payload: s.data[2 : s.lenDNS+2], - IPLayer: s.net, - TransportLayer: s.transport, - Timestamp: s.LastSeen, - IPDefragmented: s.ipDefragmented, - TCPReassembled: s.tcpReassembled, - } - - // Reset the buffer. - s.data = s.data[s.lenDNS+2:] - s.lenDNS = 0 - - } else { - s.tcpReassembled = true - } - } -} - -func (s *stream) ReassemblyComplete() {} diff --git a/netutils/tcpassembly_test.go b/netutils/tcpassembly_test.go deleted file mode 100644 index 98019eca..00000000 --- a/netutils/tcpassembly_test.go +++ /dev/null @@ -1,119 +0,0 @@ -package netutils - -import ( - "os" - "testing" - - "github.com/google/gopacket" - "github.com/google/gopacket/layers" - "github.com/google/gopacket/pcapgo" - "github.com/google/gopacket/tcpassembly" -) - -func Test_TcpAssembly(t *testing.T) { - tests := []struct { - name string - pcapFile string - nbPackets int - }{ - { - name: "DNS UDP", - pcapFile: "./../tests/testsdata/pcap/dnsdump_udp.pcap", - nbPackets: 33, - }, - - { - name: "DNS TCP", - pcapFile: "./../tests/testsdata/pcap/dnsdump_tcp.pcap", - nbPackets: 10, - }, - - { - name: "DNS UDP+TCP", - pcapFile: "./../tests/testsdata/pcap/dnsdump_udp+tcp.pcap", - nbPackets: 4, - }, - - { - name: "DNS UDP Truncated + TCP fragmented", - pcapFile: "./../tests/testsdata/pcap/dnsdump_udp_truncated+tcp_fragmented.pcap", - nbPackets: 4, - }, - - { - name: "DNS TCP FASTOPEN", - pcapFile: "./../tests/testsdata/pcap/dnsdump_tcp_fastopen.pcap", - nbPackets: 8, - }, - } - - done := make(chan bool) - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - f, err := os.Open(tc.pcapFile) - if err != nil { - t.Errorf("unable to open file: %s", err) - return - } - defer f.Close() - - pcapHandler, err := pcapgo.NewReader(f) - if err != nil { - t.Errorf("unable to open pcap file: %s", err) - return - } - - reassembleChan := make(chan DNSPacket) - streamFactory := &DNSStreamFactory{Reassembled: reassembleChan} - streamPool := tcpassembly.NewStreamPool(streamFactory) - assembler := tcpassembly.NewAssembler(streamPool) - - packetSource := gopacket.NewPacketSource(pcapHandler, pcapHandler.LinkType()) - packetSource.DecodeOptions.Lazy = true - - nbPackets := 0 - go func() { - for { - dnsPacket := <-reassembleChan - if len(dnsPacket.Payload) == 0 { - break - } - // count it - nbPackets++ - } - done <- true - }() - - for { - packet, err := packetSource.NextPacket() - if err != nil { - break - } - - if packet.TransportLayer().LayerType() == layers.LayerTypeUDP { - p := packet.TransportLayer().(*layers.UDP) - reassembleChan <- DNSPacket{ - Payload: p.Payload, - IPLayer: packet.NetworkLayer().NetworkFlow(), - TransportLayer: p.TransportFlow(), - Timestamp: packet.Metadata().Timestamp, - } - } - if packet.TransportLayer().LayerType() == layers.LayerTypeTCP { - assembler.AssembleWithTimestamp( - packet.NetworkLayer().NetworkFlow(), - packet.TransportLayer().(*layers.TCP), - packet.Metadata().Timestamp, - ) - } - } - // send empty packet to stop the goroutine - reassembleChan <- DNSPacket{} - - <-done - if nbPackets != tc.nbPackets { - t.Errorf("bad number of packets, wants: %d, got: %d", tc.nbPackets, nbPackets) - } - }) - } -} diff --git a/netutils/xdp.go b/netutils/xdp.go deleted file mode 100644 index 5805f8bb..00000000 --- a/netutils/xdp.go +++ /dev/null @@ -1,3 +0,0 @@ -package netutils - -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -type pkt_event bpf xdp_dns_kern.c -- -I./headers diff --git a/netutils/xdp_dns_kern.c b/netutils/xdp_dns_kern.c deleted file mode 100644 index 08ebc843..00000000 --- a/netutils/xdp_dns_kern.c +++ /dev/null @@ -1,134 +0,0 @@ - -//go:build exclude - -#include "vmlinux.h" -#include "bpf_helpers.h" -#include "bpf_endian.h" - -char __license[] SEC("license") = "Dual MIT/GPL"; - -#define ETH_P_IP 0x0800 -#define ETH_P_IPV6 0x86DD - -// packet_info -struct pkt_event { - __u64 timestamp; - __u32 pkt_len; - __u32 pkt_offset; - __u16 ip_version; - __u16 ip_proto; - __u16 payload_offset; - __u32 src_addr; - __u32 src_addr6[4]; - __u16 src_port; - __u32 dst_addr; - __u32 dst_addr6[4]; - __u16 dst_port; -} __attribute__((packed)); -struct pkt_event *unused_event __attribute__((unused)); - - -struct { - __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); - __uint(key_size, sizeof(__u32)); - __uint(value_size, sizeof(__u32)); - __uint(max_entries, 4); -} pkts SEC(".maps"); - -SEC("xdp") -int xdp_sniffer(struct xdp_md *ctx) { - void *data_end = (void *)(long)ctx->data_end; - void *data = (void *)(long)ctx->data; - - __u32 offset = sizeof(struct ethhdr); - - struct pkt_event pkt = {}; - pkt.timestamp = bpf_ktime_get_ns(); - pkt.pkt_len = data_end - data; - pkt.pkt_offset = sizeof(struct pkt_event); - - // enough data to read ethernet header ? - if (data + offset > data_end) - return XDP_PASS; - - // handle ethernet packet - struct ethhdr *eth = data; - pkt.ip_version = bpf_htons(eth->h_proto); - - // handle only IPv4 or IPv6 traffic - if (pkt.ip_version != ETH_P_IP && pkt.ip_version != ETH_P_IPV6) - return XDP_PASS; - - // IPv4 - get L4 protocol - if (pkt.ip_version == ETH_P_IP) { - if (data + offset + sizeof(struct iphdr) > data_end) - return XDP_PASS; - - struct iphdr *ip4h = (data + offset); - pkt.ip_proto = ip4h->protocol; - pkt.src_addr = bpf_htonl(ip4h->saddr); - pkt.dst_addr = bpf_htonl(ip4h->daddr); - - offset += sizeof(struct iphdr); - } - - // IPv6 - get L4 protocol - if (pkt.ip_version == ETH_P_IPV6) { - if (data + offset + sizeof(struct ipv6hdr) > data_end) - return XDP_PASS; - - struct ipv6hdr *ip6h = (data + offset) ; - pkt.ip_proto = ip6h->nexthdr; - - offset += sizeof(struct ipv6hdr); - - __builtin_memcpy(pkt.src_addr6, ip6h->saddr.in6_u.u6_addr32, sizeof(pkt.src_addr6)); - __builtin_memcpy(pkt.dst_addr6, ip6h->daddr.in6_u.u6_addr32, sizeof(pkt.dst_addr6)); - } - - // handle only UDP or TCP traffic - if (pkt.ip_proto != IPPROTO_UDP && pkt.ip_proto != IPPROTO_TCP) - return XDP_PASS; - - // TCP - get destination and source port - if (pkt.ip_proto == IPPROTO_TCP) { - if (data + offset + sizeof(struct tcphdr) > data_end) - return XDP_PASS; - - struct tcphdr *tcp = data + offset; - pkt.src_port = bpf_ntohs(tcp->source); - pkt.dst_port = bpf_ntohs(tcp->dest); - - u8 tcp_flags = ((u8 *)tcp)[13]; - - // ignore syn and ack packet - if (tcp_flags != 0x18) { - return XDP_PASS; - } - - offset += tcp->doff*4; - } - - // UDP - get destination and source port - if (pkt.ip_proto == IPPROTO_UDP) { - if (data + offset + sizeof(struct udphdr) > data_end) - return XDP_PASS; - - struct udphdr *udp = data + offset; - pkt.src_port = bpf_ntohs(udp->source); - pkt.dst_port = bpf_ntohs(udp->dest); - - offset += sizeof(struct udphdr); - } - - // handle only dns packet - if ( pkt.src_port != 53 && pkt.dst_port != 53) - return XDP_PASS; - - pkt.payload_offset = offset; - // write data in perf event - int ret = bpf_perf_event_output(ctx, &pkts, - BPF_F_CURRENT_CPU | ((__u64)pkt.pkt_len << 32), - &pkt, sizeof(pkt)); - return XDP_PASS; -} \ No newline at end of file diff --git a/pkglinker/multiplexer.go b/pkginit/multiplexer.go similarity index 99% rename from pkglinker/multiplexer.go rename to pkginit/multiplexer.go index 67612b37..5ab0402b 100644 --- a/pkglinker/multiplexer.go +++ b/pkginit/multiplexer.go @@ -1,4 +1,4 @@ -package pkglinker +package pkginit import ( "fmt" diff --git a/pkglinker/multiplexer_test.go b/pkginit/multiplexer_test.go similarity index 98% rename from pkglinker/multiplexer_test.go rename to pkginit/multiplexer_test.go index c1744027..0f59be5f 100644 --- a/pkglinker/multiplexer_test.go +++ b/pkginit/multiplexer_test.go @@ -1,4 +1,4 @@ -package pkglinker +package pkginit import ( "testing" diff --git a/pkglinker/pipelines.go b/pkginit/pipelines.go similarity index 99% rename from pkglinker/pipelines.go rename to pkginit/pipelines.go index e6f0f4b0..4e60473c 100644 --- a/pkglinker/pipelines.go +++ b/pkginit/pipelines.go @@ -1,4 +1,4 @@ -package pkglinker +package pkginit import ( "fmt" diff --git a/pkglinker/pipelines_test.go b/pkginit/pipelines_test.go similarity index 98% rename from pkglinker/pipelines_test.go rename to pkginit/pipelines_test.go index dd62b589..6c56e3c2 100644 --- a/pkglinker/pipelines_test.go +++ b/pkginit/pipelines_test.go @@ -1,4 +1,4 @@ -package pkglinker +package pkginit import ( "testing" From b80c06f614027e39d9fce58d07af0d45c456ed6c Mon Sep 17 00:00:00 2001 From: dmachard <5562930+dmachard@users.noreply.github.com> Date: Fri, 17 May 2024 08:28:45 +0200 Subject: [PATCH 3/3] Update README.md --- .vscode/c_cpp_properties.json | 18 ------------------ README.md | 4 ++-- 2 files changed, 2 insertions(+), 20 deletions(-) delete mode 100644 .vscode/c_cpp_properties.json diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json deleted file mode 100644 index 8d1f3ca6..00000000 --- a/.vscode/c_cpp_properties.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "configurations": [ - { - "name": "Linux", - "includePath": [ - "${workspaceFolder}/**", - "${workspaceFolder}/xdp/headers" - ], - "defines": [], - "compilerPath": "/usr/bin/clang", - "cStandard": "c17", - "cppStandard": "c++14", - "intelliSenseMode": "linux-clang-x64", - "configurationProvider": "ms-vscode.makefile-tools" - } - ], - "version": 4 -} \ No newline at end of file diff --git a/README.md b/README.md index b6a09de6..1319b7b0 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

Go Report Go version -Go tests +Go tests Go bench -Go lines +Go lines