Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add gre protocol support on packet sniffer #883

Merged
merged 2 commits into from
Nov 28, 2024
Merged

add gre protocol support on packet sniffer #883

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
562b7d5
add gre support
dmachard Nov 28, 2024
234484d
go mod tidy
dmachard Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ GO_DNSTAP_PROTOBUF := 1.2.0
GO_FRAMESTREAM := 1.0.1
GO_CLIENTSYSLOG := 1.0.1
GO_TOPMAP := 1.0.2
GO_NETUTILS := 1.1.0
GO_NETUTILS := 1.3.0

BUILD_TIME := $(shell LANG=en_US date +"%F_%T_%z")
COMMIT := $(shell git rev-parse --short HEAD)
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@
- [`DNSMessage`](docs/collectors/collector_dnsmessage.md) to route DNS messages based on specific dns fields
- [`TZSP`](docs/collectors/collector_tzsp.md) protocol support
- *Live capture on a network interface*
- [`AF_PACKET`](docs/collectors/collector_afpacket.md) socket with BPF filter
- [`AF_PACKET`](docs/collectors/collector_afpacket.md) socket with BPF filter and GRE tunnel support
- [`eBPF XDP`](docs/collectors/collector_xdp.md) ingress traffic
- *Read text or binary files as input*
- Read and tail on [`Plain text`](docs/collectors/collector_tail.md) files
Expand Down
8 changes: 6 additions & 2 deletions docs/collectors/collector_afpacket.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Collector: Live Capture with AF_PACKET

Raw DNS packets sniffer. Setting `CAP_NET_RAW` capabilities on executables allows you to run these
program without having to run-it with the root user:
Raw DNS packets sniffer. Setting `CAP_NET_RAW` capabilities on executables allows you to run these program without having to run-it with the root user:

* IPv4, IPv6 support (fragmented packet ignored)
* UDP and TCP transport (with tcp reassembly if needed)
* BFP filtering
* GRE tunnel support

Capabilities:

Expand All @@ -21,6 +21,9 @@ Options:
* `device` (str)
> Interface name to sniff. If value is empty, bind on all interfaces.

* `enable-gre` (bool)
> Enable GRE decoding protocol support

* `enable-fragment-support` (bool)
> Enable IP defrag support

Expand All @@ -35,6 +38,7 @@ Defaults:
afpacket-sniffer:
port: 53
device: wlp2s0
enable-gre: false
enable-defrag-ip: true
chan-buffer-size: 0
```
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require (
github.com/dmachard/go-dnstap-protobuf v1.2.0
github.com/dmachard/go-framestream v1.0.1
github.com/dmachard/go-logger v1.1.1
github.com/dmachard/go-netutils v1.1.0
github.com/dmachard/go-netutils v1.3.0
github.com/dmachard/go-powerdns-protobuf v1.3.0
github.com/dmachard/go-topmap v1.0.2
github.com/farsightsec/golang-framestream v0.3.0
Expand All @@ -35,7 +35,7 @@ require (
github.com/prometheus/client_golang v1.20.5
github.com/rs/tzsp v0.0.0-20161230003637-8ce729c826b9
github.com/segmentio/kafka-go v0.4.47
github.com/stretchr/testify v1.9.0
github.com/stretchr/testify v1.10.0
github.com/tinylib/msgp v1.2.4
golang.org/x/net v0.31.0
golang.org/x/sys v0.27.0
Expand Down
7 changes: 4 additions & 3 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,8 @@ github.com/dmachard/go-framestream v1.0.1 h1:/v93w0No5g+CTdwhlbiLbopvnKUdc9kDscK
github.com/dmachard/go-framestream v1.0.1/go.mod h1:p0gyuQSA4IfiyyhSy2grFc1oR8Tk5ewNvTMcQHzcnGs=
github.com/dmachard/go-logger v1.1.1 h1:H4mQAAyhZ6u1E8kFezz7o6PsDqhsdFbO5pZGnoNuRYI=
github.com/dmachard/go-logger v1.1.1/go.mod h1:vg6cMQBmx+SgH45XsqEyqScXp9eJhS6yuvvJZOgBbvU=
github.com/dmachard/go-netutils v1.1.0 h1:UXHrJgxwgv0NgOHZ5fVZlJZdpVrFT+usDwDwmiuzJJg=
github.com/dmachard/go-netutils v1.1.0/go.mod h1:yKWf6Zgw6MQrXaxRzgsF0lSYJiQUgsvfEGmLqGd1yeM=
github.com/dmachard/go-netutils v1.3.0 h1:KA6NRYvJ0wqqFWvWFsO7+I1I+GHFX4MJD00GIPOS0Bs=
github.com/dmachard/go-netutils v1.3.0/go.mod h1:q7HROzGkcEONODNNAtxOtrUxVY/MACLAVzsvmyYAAMo=
github.com/dmachard/go-powerdns-protobuf v1.3.0 h1:NlCNXNUukZjklzpvihRLMY40fDmLtYOsAkg48ozYOA0=
github.com/dmachard/go-powerdns-protobuf v1.3.0/go.mod h1:KAQfdV6BE2gI19aRv3HNBQzzGGCnNFwgCWMg1o6TpH8=
github.com/dmachard/go-topmap v1.0.2 h1:ph4qBu2qoiA6l5hrYjkyYFTFGHO/8/NE49IHME2u068=
Expand Down Expand Up @@ -532,8 +532,9 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tinylib/msgp v1.2.4 h1:yLFeUGostXXSGW5vxfT5dXG/qzkn4schv2I7at5+hVU=
github.com/tinylib/msgp v1.2.4/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
Expand Down
1 change: 1 addition & 0 deletions pkgconfig/collectors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ type ConfigCollectors struct {
Device string `yaml:"device" default:""`
ChannelBufferSize int `yaml:"chan-buffer-size" default:"0"`
FragmentSupport bool `yaml:"enable-defrag-ip" default:"true"`
GreSupport bool `yaml:"enable-gre" default:"false"`
} `yaml:"afpacket-sniffer"`
XdpLiveCapture struct {
Enable bool `yaml:"enable" default:"false"`
Expand Down
8 changes: 7 additions & 1 deletion workers/sniffer_afpacket_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/dmachard/go-netutils"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"golang.org/x/net/bpf"
)

type AfpacketSniffer struct {
Expand Down Expand Up @@ -66,7 +67,12 @@ func (w *AfpacketSniffer) Listen() error {
return err
}

filter, err := netutils.GetBpfFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
var filter []bpf.Instruction
if w.GetConfig().Collectors.AfpacketLiveCapture.GreSupport {
filter, err = netutils.GetBpfGreDnsFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
} else {
filter, err = netutils.GetBpfDnsFilterPort(w.GetConfig().Collectors.AfpacketLiveCapture.Port)
}
if err != nil {
return err
}
Expand Down