From 4be804d6011f76a14e53fb648faf832242e17f72 Mon Sep 17 00:00:00 2001 From: Ken Renard Date: Tue, 25 Jan 2022 13:21:54 -0500 Subject: [PATCH 1/3] Adding Netmask function. Usage "netmask ([, [, ]])" --- src/packet_handler.h | 2 ++ src/sql.cpp | 77 ++++++++++++++++++++++++++++++++++++++++++++ src/tcp.h | 4 +++ 3 files changed, 83 insertions(+) diff --git a/src/packet_handler.h b/src/packet_handler.h index 77a5e81..09c7336 100644 --- a/src/packet_handler.h +++ b/src/packet_handler.h @@ -33,7 +33,9 @@ #include "sql.h" #include "tcp.h" +#ifndef IPPROTO_ICMP #define IPPROTO_ICMP 1 +#endif namespace packetq { diff --git a/src/sql.cpp b/src/sql.cpp index b120e6f..76ff1c5 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -20,6 +20,7 @@ */ #include "sql.h" +#include #include "output.h" #include "packet_handler.h" #include "packetq.h" @@ -38,6 +39,79 @@ bool verbose = false; int g_allocs = 0; +class Netmask_func : public OP { +public: + Netmask_func (const OP& op) : OP(op) {} + void evaluate (Row **rows, Variant& v) { + Variant orig_ip; + struct in_addr a4; + struct in6_addr a6; + int ret = 0, isv4 = 1; + + m_param[0]->evaluate (rows, orig_ip); + if (!valid_masks) set_masks (rows); + + RefCountStringHandle src(orig_ip.get_text()); + RefCountStringHandle dest(RefCountString::allocate(INET6_ADDRSTRLEN)); + + ret = inet_pton (AF_INET, (*src)->data, (void *)&a4); + if (ret == 0) { + isv4 = 0; + ret = inet_pton (AF_INET6, (*src)->data, (void *)&a6); + } + if (ret != 1) { + // Operation on non-IP address text + RefCountStringHandle empty(RefCountString::construct("")); + v = *empty; + return; + } + if (isv4) { + uint32_t *_x = (uint32_t *)&a4; + *_x = *_x & v4_mask; + (void) inet_ntop (AF_INET, (void *)&a4, (*dest)->data, INET6_ADDRSTRLEN); + } else { + uint32_t *_x = (uint32_t *)&a6; + for (int i=0; i < 4; i++) + _x[i] = _x[i] & v6_mask[i]; + (void) inet_ntop (AF_INET6, (void *)&a6, (*dest)->data, INET6_ADDRSTRLEN); + } + v = *dest; + return; + } +private : + void set_masks (Row **rows) { + int v4size = 24; + int v6size = 48; + if (m_param[1] != NULL) { + Variant v4cidr; + m_param[1]->evaluate(rows, v4cidr); + v4size = v4cidr.get_int(); + if (m_param[2] != NULL) { + Variant v6cidr; + m_param[2]->evaluate(rows, v6cidr); + v6size = v6cidr.get_int(); + } + } + if (v4size > 0) + v4_mask = htonl ((int32_t) 0x80000000 >> (v4size - 1)); + if (v6size > 0) { + for (int i = 0; i < 4; i++) { + if (v6size >= 32) + v6_mask[i] = 0xffffffff; + else + v6_mask[i] = htonl ((int32_t)0x80000000 >> (v6size - 1)); + v6size -= 32; + if (v6size <= 0) break; + } + } + valid_masks = true; + return; + } + uint32_t v4_mask = 0; + uint32_t v6_mask[4] = {0,0,0,0}; + bool valid_masks = false; +}; + Column* Table::add_column(const char* name, const char* type, int id, bool hidden) { if (!type) @@ -1881,6 +1955,9 @@ OP* OP::compile(const std::vector& tables, const std::vector& searc } else if (cmpi(get_token(), "rsplit") && m_param[1]) { m_t = Coltype::_text; ret = new Rsplit_func(*this); + } else if (cmpi(get_token(), "netmask")) { + m_t = Coltype::_text; + ret = new Netmask_func(*this); } else if (cmpi(get_token(), "count")) { m_t = Coltype::_int; ret = new Count_func(*this, dest_table); diff --git a/src/tcp.h b/src/tcp.h index 0992a62..4d1b1ca 100644 --- a/src/tcp.h +++ b/src/tcp.h @@ -28,8 +28,12 @@ #ifndef ETHERTYPE_IPV6 #define ETHERTYPE_IPV6 0x86dd #endif +#ifndef IPPROTO_TCP #define IPPROTO_TCP 6 +#endif +#ifndef IPPROTO_UDP #define IPPROTO_UDP 17 +#endif namespace packetq { From d847c977ead716acbcf066cdd9e8e7341f78ab2c Mon Sep 17 00:00:00 2001 From: Ken Renard Date: Tue, 25 Jan 2022 13:34:53 -0500 Subject: [PATCH 2/3] Adding Netmask description to FUNCTIONS.md --- FUNCTIONS.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/FUNCTIONS.md b/FUNCTIONS.md index 0377299..615c1aa 100644 --- a/FUNCTIONS.md +++ b/FUNCTIONS.md @@ -42,6 +42,10 @@ Converts double precision number to integer. Evaluates `condition` and executes `false_op` if the result is 0 (false) otherwise `true_op` is executed. +### NETMASK (address[, v4_mask_length[, v6_mask_length]]) + +Masks the specified address using the v4 and v6 mask lengths specified in number of bits. Defaults to 24 for IPv4 and 48 for IPv6 (/24 and /48 respectively) + ## String operations ### RSPLIT(string, n [, char]) From ae211e6790ec5314aebe9d1f9208ddfa29ab04c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jerry=20Lundstr=C3=B6m?= Date: Mon, 31 Jan 2022 15:43:13 +0100 Subject: [PATCH 3/3] LINUX_SLL, netmask(), ether types - Add support for Pcap's LINUX_SLL link layer - `packet_handler`: Clean up header parsing, size checks etc - Fix up `netmask()` code and documentation - Remove own defines of ether/proto types and don't overlap `struct in6_addr` --- FUNCTIONS.md | 7 ++- src/dns.h | 2 - src/packet_handler.cpp | 31 ++++++++++-- src/packet_handler.h | 5 +- src/pcap.cpp | 2 +- src/sql.cpp | 74 ---------------------------- src/sql.h | 89 +++++++++++++++++++++++++++++++++ src/tcp.h | 22 +++------ src/test/Makefile.am | 3 +- src/test/dns.pcap | Bin 0 -> 20228 bytes src/test/dns6.pcap | Bin 0 -> 274 bytes src/test/test1.gold | 108 +++++++++++++++++++++++++++++++++++++++++ src/test/test1.sh | 4 ++ 13 files changed, 244 insertions(+), 103 deletions(-) create mode 100644 src/test/dns.pcap create mode 100644 src/test/dns6.pcap diff --git a/FUNCTIONS.md b/FUNCTIONS.md index 615c1aa..d939451 100644 --- a/FUNCTIONS.md +++ b/FUNCTIONS.md @@ -42,9 +42,12 @@ Converts double precision number to integer. Evaluates `condition` and executes `false_op` if the result is 0 (false) otherwise `true_op` is executed. -### NETMASK (address[, v4_mask_length[, v6_mask_length]]) +### NETMASK(address [, v4_mask_length [, v6_mask_length]]) -Masks the specified address using the v4 and v6 mask lengths specified in number of bits. Defaults to 24 for IPv4 and 48 for IPv6 (/24 and /48 respectively) +Masks the specified address using the v4 and v6 mask lengths specified +in number of bits. + +Defaults to 24 for IPv4 and 48 for IPv6 (/24 and /48 respectively) ## String operations diff --git a/src/dns.h b/src/dns.h index 645f3a6..9794610 100644 --- a/src/dns.h +++ b/src/dns.h @@ -31,8 +31,6 @@ #include "packet_handler.h" #include "tcp.h" -#define IPPROTO_ICMP 1 - namespace packetq { extern char visible_char_map[256]; diff --git a/src/packet_handler.cpp b/src/packet_handler.cpp index 7cacb29..23c2e4a 100644 --- a/src/packet_handler.cpp +++ b/src/packet_handler.cpp @@ -277,6 +277,8 @@ Packet::ParseResult Packet::parse(Packet_handler* handler, const std::vector& columns, Row& destination_row, bool sample); bool parse_ethernet(); + bool parse_sll(); bool parse_ip(unsigned char* data, int len, int ether_type); bool parse_transport(unsigned char* data, int len); diff --git a/src/pcap.cpp b/src/pcap.cpp index 1d8bbe0..3c1ac25 100644 --- a/src/pcap.cpp +++ b/src/pcap.cpp @@ -61,7 +61,7 @@ bool Pcap_file::get_header() m_snapshot_length = get_int32(); // check for ethernet packets m_link_layer_type = get_int32(); - if (m_link_layer_type != 1 && m_link_layer_type != 101) { + if (m_link_layer_type != 1 && m_link_layer_type != 101 && m_link_layer_type != 113) { fprintf(stderr, "PCAP file unsupported linklayer (%d)\n", m_link_layer_type); return false; } diff --git a/src/sql.cpp b/src/sql.cpp index 76ff1c5..b78e306 100644 --- a/src/sql.cpp +++ b/src/sql.cpp @@ -20,7 +20,6 @@ */ #include "sql.h" -#include #include "output.h" #include "packet_handler.h" #include "packetq.h" @@ -39,79 +38,6 @@ bool verbose = false; int g_allocs = 0; -class Netmask_func : public OP { -public: - Netmask_func (const OP& op) : OP(op) {} - void evaluate (Row **rows, Variant& v) { - Variant orig_ip; - struct in_addr a4; - struct in6_addr a6; - int ret = 0, isv4 = 1; - - m_param[0]->evaluate (rows, orig_ip); - if (!valid_masks) set_masks (rows); - - RefCountStringHandle src(orig_ip.get_text()); - RefCountStringHandle dest(RefCountString::allocate(INET6_ADDRSTRLEN)); - - ret = inet_pton (AF_INET, (*src)->data, (void *)&a4); - if (ret == 0) { - isv4 = 0; - ret = inet_pton (AF_INET6, (*src)->data, (void *)&a6); - } - if (ret != 1) { - // Operation on non-IP address text - RefCountStringHandle empty(RefCountString::construct("")); - v = *empty; - return; - } - if (isv4) { - uint32_t *_x = (uint32_t *)&a4; - *_x = *_x & v4_mask; - (void) inet_ntop (AF_INET, (void *)&a4, (*dest)->data, INET6_ADDRSTRLEN); - } else { - uint32_t *_x = (uint32_t *)&a6; - for (int i=0; i < 4; i++) - _x[i] = _x[i] & v6_mask[i]; - (void) inet_ntop (AF_INET6, (void *)&a6, (*dest)->data, INET6_ADDRSTRLEN); - } - v = *dest; - return; - } -private : - void set_masks (Row **rows) { - int v4size = 24; - int v6size = 48; - if (m_param[1] != NULL) { - Variant v4cidr; - m_param[1]->evaluate(rows, v4cidr); - v4size = v4cidr.get_int(); - if (m_param[2] != NULL) { - Variant v6cidr; - m_param[2]->evaluate(rows, v6cidr); - v6size = v6cidr.get_int(); - } - } - if (v4size > 0) - v4_mask = htonl ((int32_t) 0x80000000 >> (v4size - 1)); - if (v6size > 0) { - for (int i = 0; i < 4; i++) { - if (v6size >= 32) - v6_mask[i] = 0xffffffff; - else - v6_mask[i] = htonl ((int32_t)0x80000000 >> (v6size - 1)); - v6size -= 32; - if (v6size <= 0) break; - } - } - valid_masks = true; - return; - } - uint32_t v4_mask = 0; - uint32_t v6_mask[4] = {0,0,0,0}; - bool valid_masks = false; -}; - Column* Table::add_column(const char* name, const char* type, int id, bool hidden) { if (!type) diff --git a/src/sql.h b/src/sql.h index 531be8c..db5908f 100644 --- a/src/sql.h +++ b/src/sql.h @@ -38,6 +38,12 @@ #include #include #include +#include +#include +#ifndef s6_addr32 // For *BSD +#define s6_addr32 __u6_addr.__u6_addr32 +#endif +#include #include "refcountstring.h" #include "variant.h" @@ -796,6 +802,89 @@ class Static_text : public OP { }; ///////////////// Functions + +class Netmask_func : public OP { +public: + Netmask_func(const OP& op) + : OP(op) + { + } + void evaluate(Row** rows, Variant& v) + { + Variant orig_ip; + m_param[0]->evaluate(rows, orig_ip); + + if (!valid_masks) + set_masks(rows); + + RefCountStringHandle src(orig_ip.get_text()); + RefCountStringHandle dest(RefCountString::allocate(INET6_ADDRSTRLEN + 1)); + + if (strchr((*src)->data, ':')) { + struct in6_addr a6; + if (inet_pton(AF_INET6, (*src)->data, &a6) == 1) { + a6.s6_addr32[0] &= v6_mask[0]; + a6.s6_addr32[1] &= v6_mask[1]; + a6.s6_addr32[2] &= v6_mask[2]; + a6.s6_addr32[3] &= v6_mask[3]; + if (inet_ntop(AF_INET6, &a6, (*dest)->data, INET6_ADDRSTRLEN)) { + v = *dest; + return; + } + } + } else { + struct in_addr a4; + if (inet_pton(AF_INET, (*src)->data, &a4) == 1) { + a4.s_addr &= v4_mask; + if (inet_ntop(AF_INET, &a4, (*dest)->data, INET6_ADDRSTRLEN)) { + v = *dest; + return; + } + } + } + + // Operation on non-IP address text + RefCountStringHandle empty(RefCountString::construct("")); + v = *empty; + } + +private: + void set_masks(Row** rows) + { + if (m_param[1]) { + Variant v4cidr; + m_param[1]->evaluate(rows, v4cidr); + int v4size = v4cidr.get_int(); + if (v4size > -1 && v4size < 33) { + v4_mask = htonl(0xffffffff << (32 - v4size)); + } + } + if (m_param[2]) { + Variant v6cidr; + m_param[2]->evaluate(rows, v6cidr); + int v6size = v6cidr.get_int(); + if (v6size > -1 && v6size < 129) { + for (int i = 0; i < 4; i++) { + if (v6size >= 32) { + v6_mask[i] = 0xffffffff; + v6size -= 32; + } else if (v6size) { + v6_mask[i] = htonl(0xffffffff << (32 - v6size)); + v6size = 0; + } else { + v6_mask[i] = 0; + } + } + } + } + valid_masks = true; + } + + uint32_t v4_mask = htonl(0xffffff00); + uint32_t v6_mask[4] = { 0xffffffff, htonl(0xffff0000), 0, 0 }; + bool valid_masks = false; +}; + class Truncate_func : public OP { public: Truncate_func(const OP& op) diff --git a/src/tcp.h b/src/tcp.h index 4d1b1ca..0169408 100644 --- a/src/tcp.h +++ b/src/tcp.h @@ -23,29 +23,19 @@ #define __packetq_tcp_h #include - -// Hack for Linux which does not include this in ethernet.h/ethertypes.h -#ifndef ETHERTYPE_IPV6 -#define ETHERTYPE_IPV6 0x86dd -#endif -#ifndef IPPROTO_TCP -#define IPPROTO_TCP 6 -#endif -#ifndef IPPROTO_UDP -#define IPPROTO_UDP 17 -#endif +#include namespace packetq { -struct in6_addr { +struct _in6_addr { union { - unsigned char __u6_addr8[16]; - unsigned short __u6_addr16[8]; - unsigned int __u6_addr32[4]; + uint8_t __u6_addr8[16]; + uint16_t __u6_addr16[8]; + uint32_t __u6_addr32[4]; } __in6_u; /* 128-bit IP6 address */ }; -typedef struct in6_addr in6addr_t; +typedef struct _in6_addr in6addr_t; class Payload; diff --git a/src/test/Makefile.am b/src/test/Makefile.am index 827d091..74c90aa 100644 --- a/src/test/Makefile.am +++ b/src/test/Makefile.am @@ -28,4 +28,5 @@ TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh test6.sh test7.sh \ EXTRA_DIST = $(TESTS) \ test1.gold test2.gold test3.gold test4.gold test5.gold test6.gold \ - test7.gold sql.txt test8.gold + test7.gold sql.txt test8.gold \ + dns.pcap dns6.pcap diff --git a/src/test/dns.pcap b/src/test/dns.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a0e585c0036e460866e979af002b785258d8fc42 GIT binary patch literal 20228 zcmbuH3wTt;702(*V-r_a6Q1P_3oH+Vd65KBD(Z(2A|_$62(%R0Bm{);6qJ_;k%uVa zs|78h0!0N0FDclChN^%q6{RegXJq!v%FclvXWz~}hRyFtXf4b1Jqo?y z{2HU8?s4ZGrZGyi3qN6F%SQnJr0Qd#ldRy3RfVjR*o?I7*o^f4FPRik@1U0s zlb3#Rzofb48TOJo4rm{ovVM$~=A%e+A9jjpH+cNMmS>twbN!^&B|e;QhyitI6*Nm) znPy41MZ1{OI`m7LulX^v6{hr&y*eY!#Z2?o=KgY~`Ojm;T#Cyn&11y;wi#g>eMBAj zsnes&FcS?|oMB27B+JnHw&Xr0)EuDHtbAL>C(!woeTDK+cuGlu)*HlXG- zrDnZ-#_;cR8{x?J-I%rz%jI0u`Xo}#?mPEE-*yNwQENu<7H zv)gEH&q<`PyOi35~t>W%wPikj<(=vF0ntOBJB z_@0!qV~$kH=c^l53bcA}fp%4L9F@|Il_J^=);#q2Y6nW`W>d7;ytjQcw(Stk+WJ`60SRJ+GGfpPzjES&NM zrf1Xc9hFUq`%9heF_s$IJ;ox8`RY71X)D^-U%WJgW?`3(7*86y0c#ZZ4SoXPLv_EOftM59@U=+UV3yAxxH*nlf z9^l_#m{1eEl_qM#)flf0x`BIi68GCi-Q#;Hy7m6h-l&rT(#iQjGVTXPvrZz$eVCAu zncDUKDUAEaSUBegnVylK2S%fC8hN%f-{E?HzIMGo2jhM}HFkyKJ}HsoKIzVGflMId zdVCTokJk63Jjw%>@=e;%u)5?*wgZ~m*=T+sECx%9O0%@6QCV8l82o^Z=AIVKL@(Y~Vlb9{IES+f znXPb|hZiBuU6|%L!~e21PlDoGMD51V4D&l+0{7^I=4Mg%7zk)-zKS|oL^@fXDrxT8 znspM9W*FGKNm`o!gf#z-g|j@>^eoxawRKZyp66^8H&4HcdjM%pS1Ab5Oe$k`rA6Jn zlQx%HyYcuWQl8w+$CQ%th;B=H7X8+JuY0YSzJkR%nsdjZmr}_~HLWDgUy40}AQvxn z96&R)`tdR?%^xAn?bs=z-QervzntKJ=C(GPXCuujsnVkE=cPr>&C&wI)1GU#MYGJs z@ku_5X4S%h(wp8qI3e68W z%*_vJbMtIXZYFIq&7?cK1#&Yz_aWuc9*mSnx!F=)C^uu->s}|OZ&^@F^Aq5ue&3Rp zKDb5Fyz?k~$xbu0dedPo&3{3fTd`9_yTNbI?L6v$<{#K-o)t#3w5aS#i<+&aMa|8# zESl*ou7{0gyf0`b`myZ8IgCBZY}G^auf-gikG}_VD4*g^eAK_$Fkzm6;?qYOM>Evh zc$Rx~Li4n!d%WqKmgXl>Cl^U4$JR)iN58{5iAXaH>{nG!duQnUqJl*-~EUWF5<1_w!=<4%X^u z9ySiWltNy5%gW6O@Q6?RgUe1cw7T~@EzO@G%`Mm|qTOKS)`UI|Xl`Spc_z}Vk}54~ zZk866Z)t&yPIS(+XqLG+KB>D!Gwqx4zLJ}aKRa5>G*P;W^x_vnP?YoqS5MGKeaIoYtEqE7HxAb54zJV|q46ze1+%`mV7?OnR( zWS=6K?zy)zO^SA9ZpY>Ey^IN%Q_p z)=5N~VPJ3Ft)=-hr1>{2oFkV^&mYe1&uj|KbDZVoIr`i@LzA0HWz4R$sP9}!3+$xn z6pWNdG?VgZA8jcwl$){ab^k(4-}q83%_GoD{mDyid#-U(igs8p}SM z!{^GFt$Jww25DZ+G{5_if2(1_JORbCMQym8()^;RSF=**wc%aCYw457YbX9Jz1DYJ z!(M|{dp@c4+UMxC>)30e-QdzweaAWQS__-k%EDr>w5UFk7BwnMi@HB5v%E%6BDz>! zBd_9pWkrQ$pBqN|#u}a13Lrk2tL|d2y|KqH_=1|?t;a-dxSV?JB~h={FLhqKI{;ow z>q%aF#oE@ z%sIvK8m)snSze=cGTv8M!?Mo}qy6R$t=DqVYd5pkMnC7TFifZk-a030!{yX#uZVj2 z$8=uHe+|5LV- zT2voNi%OrgsJj<@gIsx|yo2R6iimh$c#YV@vd;~pb$zJy+8OZLV_Vs4rDgt|h6y#n zTfhIH@m^c>1^4J=y)!-P9s||7^-lg))Cs=74qjc~MXq-)tzex*T<^eytiGgO?^J_u z;@@K7tnXraR-C%D0)^Aar+(8M?p~&8cQ2E1y;J|&9;8iP?~pd_7WFKGlt(9tq&(Wa zSjr2%?SW;ldn0fcpP<>jP0k^f)R$-|_R zn%8+s<_&LS=#&HI?|RKT%q}U> zZc%9_- zG+#uT!6(+Iy+pggAs-YP4run+Xf6#~2TO~ZiKRuQSz1(@OD&pd9SrXZsAmy)U!fVx zKAgjjLz%7c-Amy_q`4!^p`>}>zx{6-Cd?De-`7JLM>EuGIfi?5Li6CLdwhJXj^=`v zs1tm$30^&WTGCvc!#asbGYo9h1TD>9BF%eQIA>3rp6cnvIZdH?s>9qoRhyejH7ARt zJ7$-3XScxV1f49B^62b=lt*-1$_wRYEPLIX#q|Aeu9oJD;HADV5zWu^uyS(=d&y2S zv^so&mgX9y*~Lx~?FPR-bhX3*&CP5yPehv4b+xppG)s$0v$R0|rj_$V8_n>p0MJY; zZM?70jAb9rVe5s=Ry{QD1)5jlDpbG*Q19l|+@lkkQ={(j zoanLP&u$jL>1lG`CrBq-K9e**BR*qFQ9mNhFtCbewKQKsn)k49wtQxKrk;Q1_NLH0 z#aV8iqR-6}H8hj%m|fDH-J(7xAmvdmCgl;$mhwW+39#&S|58lfs;xSj3)g~|QvOL^ z`t4>(^Qm3zB|FW~>MOgoH2)oGj$@~Yc7qqbJGILJ&DYv!7LVNEldytI`sACmsO(CM zy7rb9Af9M0v1q2}1n{l^&`hTxcwf*=ryp4M;T*1cli3QVdBinH^L)F~_wuUq+gD zv2fnqVtQ(aE|edyY2?27euugFer;|p(d?T^Wz4R$0K4?*IB8Lz6Oi&~-%QG*Tx}^Y zl$){ab#D>VckNd?nn%F%=j0SWd8uNLqb)wy_kuoU<%H&vsCyjUEK!r2N5I)Ya>^jm$;Azl=3M17 z(Gh8efn8{ksM|OH18LsD!nwG?^eo$yd$=jNd9t(IJXxQci#0Tp?wDQDrriR3%iJ5E zM9L$YNqLm3E#-xBGnT#XSH<-0$Vk+jf{hq}UJ89eVbcIfbMM6s(+sV;Zcfylg8dU| zHrOem-Qb?>y%#&6`5GI|MPd79X;EpG7L{gcQTNS7Hk#pG0d?Pu_Z6D4?87;{d<(Nx z56y6rXs&piX`WH*KVX)MjGP}~E zKEo$%@+TNcc|0UVP`#_Ud^}p}EvqZZ6g5=7473OiE;$ zrA4Kgw8^Jnq&%XTlt(mM$_wRYEPLIri|GrBeRJc#JqK#KwsFlmiVA%mSt=X8JxAUL zUqj952Xqm{-wz|mk4PDN-uJLbv-b_iXil6LQ5-xP=vwzN(8~O59hGkyUcSv5d^*!!d!lZ WBS`8L{~^PKd4dS?-**}pLH-YvlcNOy literal 0 HcmV?d00001 diff --git a/src/test/dns6.pcap b/src/test/dns6.pcap new file mode 100644 index 0000000000000000000000000000000000000000..5fa3af892c462d493c14b8ef60b83b92944c0486 GIT binary patch literal 274 zcmca|c+)~A1{MYcU}0bcauhQDM!yMUV@L(EL70K(_P+>42Gt2E+Q-`NCa~xhGw2IC zXfZN>0Lq1f6fiI_xhgPvBzPo%IY6SL<1`C{DT98N_=!7=3SeUy7#P{o^YhblQkj$U zbAddNsHOl^2guT;ooo!HKt2dVtbj$kkaT5Ess|A{+|4G;@3 XEj_>kkzv$kU|DlhL=Wf)Ca5C-`wcc_ literal 0 HcmV?d00001 diff --git a/src/test/test1.gold b/src/test/test1.gold index cddd4f2..d0b3203 100644 --- a/src/test/test1.gold +++ b/src/test/test1.gold @@ -35,3 +35,111 @@ ] } ] +[ + { + "table_name": "result-0", + "query": "select netmask(src_addr), netmask(dst_addr, 8, 16) from dns", + "head": [ + { "name": "netmask(src_addr)","type": "text" }, + { "name": "netmask(dst_addr,8,16)","type": "text" } + ], + "data": [ + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"], + ["172.17.0.0","8.0.0.0"], + ["8.8.8.0","172.0.0.0"] + ] + } +] +[ + { + "table_name": "result-0", + "query": "select netmask(src_addr), netmask(dst_addr, 8, 16) from dns", + "head": [ + { "name": "netmask(src_addr)","type": "text" }, + { "name": "netmask(dst_addr,8,16)","type": "text" } + ], + "data": [ + ["2a01:3f0::","2001::"], + ["2001:4860:4860::","2a01::"] + ] + } +] diff --git a/src/test/test1.sh b/src/test/test1.sh index 2ec488c..7484855 100755 --- a/src/test/test1.sh +++ b/src/test/test1.sh @@ -20,4 +20,8 @@ ../packetq -j -s "select s, dst_addr as Dst_addr, qtype as questiontype, lower(src_addr) as lower_src, if(1 and s < 1 or s <= 1 or s > 1 or s >= 1, 't', 'f'), trim(trim('foofoo' || rsplit(src_addr, 1) || 'foofoo', 'foo'), 'bar'), count(*), len(src_addr), sum(msg_size + -1 - 2 % 4 << 3 >> 2 | 3 & ~4) + 1, min(msg_size), max(msg_size), truncate(1.1) as integer, 1.1 as float, sum(src_port + 1.0 - 2.0 / 1.5 * -2.5) + 1.0, max(src_port + 1.0), min(src_port + 1.0), avg(src_port), stdev(src_port), name('rcode', 0) from dns where src_addr like '%' and (qr or not qr) group by src_addr, s having s >= 0 order by s, lower_src, integer, float" "$srcdir/../../pcap/sample.pcap.gz" > test1.out +../packetq -j -s "select netmask(src_addr), netmask(dst_addr, 8, 16) from dns" "$srcdir/dns.pcap" >>test1.out + +../packetq -j -s "select netmask(src_addr), netmask(dst_addr, 8, 16) from dns" "$srcdir/dns6.pcap" >>test1.out + diff -uw "$srcdir/test1.gold" test1.out