search

meh / rust-packet

Network packet handling for Rust.
90 stars 27 forks source link

Unknown value in protocol() #13

Open diamantisk opened 3 years ago

diamantisk commented 3 years ago

I have tried to do some experiments with rust-packet crate in order to parse inbound data from a tun interface (using tokio_tun crate), as seen in the code below:

  #[tokio::main]
  async fn main() -> Result<()> {
      let tun = TunBuilder::new()
          .name("")            // if name is empty, then it is set by kernel.
          .tap(false)          // false (default): TUN, true: TAP.
          .packet_info(false)  // false: IFF_NO_PI, default is true.
          .up()                // or set it up manually using `sudo ip link set <tun-name> up`.
          .try_build()?;       // or `.try_build_mq(queues)` for multi-queue support.

      println!("tun created, name: {}, fd: {}", tun.name(), tun.as_raw_fd());

      let (mut reader, mut _writer) = tokio::io::split(tun);

      let mut buf = [0u8; 1024];
      loop {
          let n = reader.read(&mut buf).await?;
  //        println!("reading {} bytes: {:?}", n, &buf[..n]);

          let ether = ether::Packet::new(&mut buf[..]).unwrap();
          println!("ETHER SRC: {} DST: {}  PROTOCOL: {:?}", ether.source(), ether.destination(), ether.protocol());

          if(ether.protocol() == Protocol::Ipv4) {
              let ip    = ip::v4::Packet::new(ether.payload()).unwrap();
              println!("IP SRC: {} DST: {}", ip.source(), ip.destination());
          }

      }
  }

The above code seems not working as expected, since while performing a simple PING command on that tun interface, I got the following output:

ETHER SRC: 40:00:40:01:ED:5D DST: 45:00:00:54:C9:F6  PROTOCOL: Unknown(49320)
ETHER SRC: 40:00:40:01:EC:89 DST: 45:00:00:54:CA:CA  PROTOCOL: Unknown(49320)
ETHER SRC: 40:00:40:01:EB:D8 DST: 45:00:00:54:CB:7B  PROTOCOL: Unknown(49320)
ETHER SRC: 40:00:40:01:EB:1F DST: 45:00:00:54:CC:34  PROTOCOL: Unknown(49320)
ETHER SRC: 40:00:40:01:EA:7E DST: 45:00:00:54:CC:D5  PROTOCOL: Unknown(49320)
ETHER SRC: 40:00:40:01:EA:47 DST: 45:00:00:54:CD:0C  PROTOCOL: Unknown(49320)

Possibly I did something wrong and that is not an issue at all, but I would appreciate it if anybody can help me on this.

Thank you in advance!

oalhassane commented 3 years ago

I see two possible issues here:

  1. Tun packet do not have layer 2 frame. You should try the ip builder instead of ether.
  2. Tun packets have 4 bytes of extra data at the start if IFF_NO_PI is not set. You might want to skip them over when passing your slice to the builder.

I hope this is helpful