Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for more link types: raw IP and null/loopback #421

Merged
merged 16 commits into from
Jan 1, 2024
Merged

Add support for more link types: raw IP and null/loopback #421

merged 16 commits into from
Jan 1, 2024

Conversation

GyulyVGC
Copy link
Owner

@GyulyVGC GyulyVGC commented Dec 30, 2023
edited
Loading

Before this PR, analysing non-Ethernet-based network adapters resulted in failures because packets weren't correctly parsed.

This PR adds support for parsing packets that doesn't start with an Ethernet header.
Now users can analyse more network adapters of their PC, not only the Ethernet-based ones: support for raw IP frames, and null/loopback frames has been added.

Notable examples of usage that are enabled by this PR include the case of VPNs adapters (often based on TUN-like devices), and the case of the loopback interface.

Fixes #30
Related issue: JulianSchmid/etherparse#78

The strategy

Given an active Capture, its link type is determined via pcap::Capture::get_datalink.

Based on the link type value, packets will be parsed with different strategies:

  • if the link type is RAW, IPV4, or IPV6, packets will be parsed starting from their IP headers
  • if the link type is NULL or LOOP, packets will be parsed starting from their IP headers after having verified the validity of the first 4 bytes (AF_INET or AF_INET6 header)
  • otherwise, packets will be parsed starting from their Ethernet headers like in the past

Support for other link types may be added in future PRs (see issue #422)

@GyulyVGC GyulyVGC added bug Something isn't working enhancement New feature, request, or improvement labels Dec 30, 2023
@GyulyVGC GyulyVGC added this to the v1.3.0 milestone Dec 30, 2023
@GyulyVGC GyulyVGC mentioned this pull request Dec 30, 2023
Open
JulianSchmid
JulianSchmid reviewed Dec 31, 2023
View reviewed changes
src/secondary_threads/parse_packets.rs Outdated Show resolved Hide resolved
src/secondary_threads/parse_packets.rs Show resolved Hide resolved
src/secondary_threads/parse_packets.rs Outdated Show resolved Hide resolved
src/secondary_threads/parse_packets.rs Outdated Show resolved Hide resolved
GyulyVGC
GyulyVGC commented Jan 1, 2024
View reviewed changes
Copy link
Owner Author

@GyulyVGC GyulyVGC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

This was referenced Jan 1, 2024
Closed
Open
@GyulyVGC GyulyVGC merged commit 6c7be34 into main Jan 1, 2024
5 of 6 checks passed
@GyulyVGC GyulyVGC deleted the link-type branch January 1, 2024 17:11
@GyulyVGC
Copy link
Owner Author

GyulyVGC commented Jan 2, 2024

@all-contributors please add @JulianSchmid for code, ideas.

@allcontributors allcontributors bot mentioned this pull request Jan 2, 2024
Merged
@allcontributors AllContributors
Copy link
Contributor

@GyulyVGC

I've put up a pull request to add @JulianSchmid! 🎉

@chenrui333 chenrui333 mentioned this pull request Apr 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JulianSchmid JulianSchmid JulianSchmid left review comments

Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature, request, or improvement
Projects
None yet
Milestone
v1.3.0
Development

Successfully merging this pull request may close these issues.

Fails to capture traffic from most non-physical interfaces
2 participants
@GyulyVGC @JulianSchmid