| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Usage: csumicmp6(14, 54)
Signed-off-by: Radoslav Bodo <bodik@cesnet.cz>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add new syntax for DNS header generation via 'dns()' proto function.
The fields are supported:
id - 16 bit identifier
qr - message is a query(0) or response(1)
op|oper - specified kind of query
aanswer - authoritative answer flag
trunc - message was truncated flag
rdesired - recursion desired flag
ravail - recursion available flag
zero - reserved for future use
rcode - response code
qdcount - number of entries in question section
ancount - number of entries in answer section
nscount - number of entries in authority section
arcount - number of entries in additional section
Also there are functions to generate DNS sections:
'qry()' function to generate separate query entry:
name - variable domain name
type - type of the query
class - class of the query
'ans()', 'auth()', 'add' functions to generate separate answer,
authoritative, adidditional entry with the same fields layout:
name - variable domain name
type - resource record type
class - class of the data
ttl - time interval that the record may be cached
len - length of data
data - variable length of bytes
All the DNS section entries will be automaticlly sorted by DNS proto API
in the way which is required by DNS header:
query entries
answer entries
authoritative entries
additional entries
'name' field in qry/ans/auth/add functions is automatically converted to
FQDN format if it was specified as "string".
There are also added functions to simplify the way of filling
some often used RR types for using them inside ans/auth/add functions:
addr(ipv4_addr | ipv6_addr) - fills the following RR fields:
len - 4 or 16 depends on IPv4 or IPv6 address was specified
data - is filled with IPv4 or IPv6 address
type - 1 for IPv4 address, 28 - for IPv6
ns(string)
type - 2
cname(string)
type - 5
ptr(string)
type - 12
EXAMPLES:
{
dns(qr=1,
auth(name="ns1", ns("ns1.org")),
ans(name="www.google.com", cname("google.com")),
auth(name="aa", ns("bb")),
qry(name="www.google.com"))
}
{
dns(qr=1, ans(name="www.google.com", addr(1.2.3.4)))
}
{
dns(qr=1, ans(name="www.google.com", addr(1::)))
}
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename <bytes> token member to <mac> as it is used only for MAC
address parsing, for dynamic sized bytes array we have <str>.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Used IPv6 pattern from nftables project [1] to match valid only IPv6
address to do not mess with MAC or other syntax patterns with ':' symbol.
[1] http://git.netfilter.org/nftables/tree/src/scanner.l
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: add refrence to nftables source]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add 'pfc()' function for PFC header creation with fields:
code - MAC Control opcode
prio - Priority enable vector
prio(0)..prio(7) - Enable/disable pause for prio X
time(0)..time(7) - Set pause time for prio X
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add 'pause()' proto header function for IEEE 802.3X PAUSE header
generation with the fields:
code - MAC Control opcode (default 0x0001)
time - PAUSE time (default 0)
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Support for generating ICMPv4 headers using the 'icmp4()/icmpv4()'
trafgen generation functions.
Fields supported:
type Set type field (default 0: Echo reply)
Supported keywords: echorequest, echoreply
code Set code field (default 0)
csum Set checksum field (calculated by default)
mtu Set mtu field for destination unreachable (default 0)
seq Set sequence field (default 0)
id Set identifier field (default 0)
addr Set redirect address (default 0.0.0.0)
Example (send ping request):
{ icmpv4(echorequest, seq=1, id=1326) }
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: squash commits, consistency between functionality and docu]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
After splitting etype & type to different tokens it is possible
to use 'type' for ICMP type field which is used by RFC.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Split [e]type to separate 'type' & 'etype' keywords,
the reason is that 'type' might be used in other protocol
headers (e.g. ICMP).
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Support for generating simple ICMPv6 headers using the 'icmp6()/icmpv6()'
trafgen generation function.
Fields supported:
mtype Message type (default: 0)
Supported keywords: echorequest, echoreply
code Code (default: 0)
csum Message checksum (calculated by default)
Examples:
{ eth(), ipv6(daddr=::1), icmpv6(echorequest), 42, 42, 0, 0 }'
If not explicitely specified, the lower header is initialized as Ethernet.
Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Support for generating simple IPv6 headers using the 'ip6()/ipv6()'
trafgen generation function.
Fields supported:
ver|version Version (default: 6)
tc|tclass Traffic class (default: 0)
fl|flow Flow Label (default: 0)
len|length Payload length (calculated by default)
nh|nexthdr Type of next header (default: 0)
hl|hoplimit|ttl Hop Limit, TTL (default: 0)
sa|saddr Source IPv6 address (default: device address)
da|daddr Destination IPv6 address (default: 0:0:0:0:0:0:0:0)
Examples:
{ eth(), ipv6(daddr=1:2:3:4:5:6:7:8) }
{ ipv6(tc=2, hl=3, daddr=::1) }
{ eth(), ipv6(nh=58, sa=2001:db8::, da=::1), 128, 0, 0x52, 0x03, 0, 0, 0, 0 }
If not explicitely specified, the lower header is initialized as Ethernet.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add 'mpls()' function for creating MPLS header with parameters:
lbl|label MPLS label
last Indicates the last label on MPLS stack
tc|tclass|exp Traffic Class (TC)
ttl TTL (Time To Live)
Currently only unicast MPLS is supported, but multicast might be set
via 'eth()' function.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add 'vlan()' function to generate VLAN header.
Fields supported:
tpid|proto Set TPID (Tag Protocol Identifier) (default 0x8100)
1ad Set TPID field as 0x88a8
1q Set TPID field as 0x8100
tci Set TCI (Tag Control Information) (default 0)
pcp Set PCP (Priority Code Point) (PCP) (default 0)
dei|cfi Set DEI (Drop Eligible Indicator) (default 0)
id Set VID (VLAN Identifier) (default 0)
Examples:
{ eth(), vlan(id=1), ipv4() }
{ vlan(id=1, 1ad), vlan(id=100, pcp=3), ipv4() }
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit 2ba202b introduced the [e]type field for specifiying the
Ethertype, but at the same time made the existing "prot[o]" field name
not work anymore. Fix it by providing a specific parser rule as it
cannot be solved in the lexer grammar alone (which will always use the
first matching token).
Fixes: 2ba202b ("trafgen: parser: Support "etype"/"type" keywords for Ethertype")
Reported-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add a function 'tcp()' to generate TCP headers from the trafgen
configuration language.
Fields supported:
sp|sport TCP source port (default 0)
dp|dport TCP destination port (default 0)
seq Sequence number (default: 0)
aseq|ackseq Acknowledgement number (default 0)
doff|hlen Header length/data offset (default: 5)
cwr Congestion Window Reduced flag (default: 0)
ece|ecn ECN-Echo flag (default: 0)
urg Urgent flag (default: 0)
ack Acknowledgement flag (default: 0)
psh Push flag (default: 0)
rst Reset flag (default: 0)
syn Synchronize flag (default: 0)
fin Finish flag (default: 0)
win|window Receive window size (default: 0)
csum Checksum field (calculated automatically)
urgptr Urgent pointer (default: 0)
Example (SYN on port 80/http):
{ tcp(dport=80, syn, window=5840) }
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Rename lexer/parser type and union member ip_addr to ip4_addr. This
will make it easier to distinguish from IPv6 addresses, to be added an a
follow-up patch.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
The IEEE 802.3 standard commonly refers to the field specifying the
upper layer protocol as Ethertype, not protocol. Thus, also support the
keywords "etype" and "type" for this field.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add function 'udp()' to generate UDP header.
Fields supported:
sp|sport UDP source port (default 0)
dp|dport UDP destination port (default 0)
len|length Length of UDP header + payload (calculated automatically)
csum Checksum field (calculated automatically)
Example (Echo request):
{ udp(dport=7) }
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add 'ip4(), ipv4()' function to build IPv4 header.
Fields supported:
ihl IPv4 header length (default 5 )
ver|version IPv4 version (default 4)
ttl Time To Live (TTL) field (default 0)
dscp DiffServ field (default 0)
ecn ECN bits (default 0)
tos TOS (DSCP + ECN) field (default 0)
len|length IPv4 header + payload length (calculated by default)
id Identifier (default 0)
flags Flags field (default 0)
frag Fragment offset (default 0)
csum IPv4 header checksum (calculated by default)
df Set DF (Dont Fragment) bit to 1 (default is 0)
mf Set MF (More Fragments) bit to 1 (default is 0)
sa|saddr IPv4 source address (default used from output device)
da|daddr IPv4 destination address (default 0.0.0.0)
proto IPv4 protocol id (default 0)
Example:
{ ip4(df, mf, frag=100, prot=0x1, ecn=2, dscp=20) }
{ ip4(da=1.1.1.1), ip4(sa=3.3.3.3, da=3.3.3.4) }
Last example generates IP-in-IP packet.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add function 'arp()' to support generating ARP header fields from
the trafgen configuration language.
Supported fields:
htype hardware type, default: 1 (Ethernet)
ptype protocol type, default: 0x0800 (IP)
op|oper operation (req|request, reply, <num>), default: 1 (request)
sha|smac sender MAC address, default: device MAC
spa|sip sender IP address, default: device IP
tha|tmac target MAC address, default: 00:00:00:00:00:00
tpa|tip target IP address, default: 0.0.0.0
Note: setting hlen and tlen is not supported, these will by set to
hlen=6 and plen=4 in any case.
Example usage:
{ arp(op=request, sip=1.1.1.1, smac=11:22:33:44:55:66, tip=42.42.42.42) }
{ arp() }
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: document keywords in commit message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add function 'eth()' to support generating Ethernet header fields from the
trafgen configuration language.
Supported fields:
da|daddr destination address, default: 00:00:00:00:00:00
sa|saddr source address, default: device MAC
prot|proto protocol number, default: 0x0000
Example usage:
{ eth(prot=0x0800, da=11:22:33:44:55:66), fill(0xff, 60) }
{ eth(prot=0x0800) }
{ eth() }
It is important that proto_init is called before fields will be filled
to initialize the specified proto with header fields.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: document supported keywords in commit message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Add the csumudp6 and csumtcp6 helper functions in order to simplify
checksum generation for TCP/UDP packets sent over IPv6.
trafgen example for TCP over IPv6:
{
/* MAC Destination */
fill(0xff, 6),
/* MAC Source */
0x00, 0x02, 0xb3, drnd(3),
/* IPv6 Protocol */
c16(0x86DD),
/* Version, Traffic Class, Flow Label */
0b01100000, c8(0), c16(0),
/* Payload Length */
c16(54),
/* Next Header (TCP) */
c8(6),
/* Hop Limit */
c8(64),
/* Source IPv6 */
0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xba, 0xac, 0x6f, 0xff, 0xfe, 0xa4, 0x12, 0xe3,
/* Destination IPv6 */
0xfe, 0x80, 0x82, 0x2e, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xde, 0xff, 0xfe, 0x00, 0x06, 0xde,
/* TCP Source Port */
c16(55042),
/* TCP Destination Port */
c16(55043),
/* TCP Sequence Number */
drnd(4),
/* TCP Ackn. Number */
c32(0),
/* TCP Header length + TCP SYN/ECN Flag */
c16((8 << 12) | (1 << 1) | (1 << 6))
/* Window Size */
c16(16),
/* TCP Checksum (offset IPv6, offset TCP) */
csumtcp6(14, 54),
/* TCP Options */
0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x06,
0x91, 0x68, 0x7d, 0x06, 0x91, 0x68, 0x6f,
/* Data blob */
"foobar!",
}
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Some regarding unused parameter, some regarding signed/unsigned
comparison.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
When do not detect any shellcode, make sure we return the original
string only.
Reported-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Also allow for ...
- hex: 0xff, xff
- binary: 0b11110000, b11110000
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Also return if no needle has been found in the shell code haystack.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
After commit f9591eebe40c (trafgen: lexer/parser: fix cpu() selection
and whitespacing), we also need to fixup the help description, so that
users start using the cpu(X-Y) notation instead. Also, reintroduce the
alias csum16 for csumip.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
It looks unintuitive when once needs to write cpu(0:3), so also allow
cpu(0-3). Then it's quite stupid to enforce whitespace after the double
colon before the curley braces open. So make this rather optional here.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
Both, the IP and ICMP checksums use the same algorithm from RFC1071.
Thus, it's enough if we give csumip an alias to csumicmp, so that it
can be used in trafgen packet configurations. It's calculated from
the ICMP header + data, with value 0 for this field.
Suggested-by: Jon Schipp <jonschipp@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
|
|
We decided to get rid of the old Git history and start a new one for
several reasons:
*) Allow / enforce only high-quality commits (which was not the case
for many commits in the history), have a policy that is more close
to the one from the Linux kernel. With high quality commits, we
mean code that is logically split into commits and commit messages
that are signed-off and have a proper subject and message body.
We do not allow automatic Github merges anymore, since they are
total bullshit. However, we will either cherry-pick your patches
or pull them manually.
*) The old archive was about ~27MB for no particular good reason.
This basically derived from the bad decision that also some PDF
files where stored there. From this moment onwards, no binary
objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
