search

packetcap / go-pcap

Packet capture library and tools in native go
Apache License 2.0
25 stars 6 forks source link

incomplete filter string support #59

Open hangyan opened 3 hours ago

hangyan commented 3 hours ago

using the offical cmd to test:

for udp and icmp:

image

udp src host ... and udp and src host ... both works, but the first one filter ICMP packets.

and is not working with icmp

deitch commented 2 hours ago

Hi @hangyan

A few things.

First, if you can, please copy text into the issue, rather than a screen capture. I know, you cannot always, but if you can, it is much more helpful.

Second, you have two example filters there. I think the first one is udp and src host ..., and you are saying that it works, but does icmp rather than ump packet?

Third, what is udp and src host 192.168.227.1 dst host 192.168.227.131. Shouldn't it be and dst host (adding the and)?

Fourth, the second filter is icmp and src host ..., and you are seeing an invalid argument error?

In any case, very happy to take PRs on this.

hangyan commented 2 hours ago

Hi @hangyan

A few things.

First, if you can, please copy text into the issue, rather than a screen capture. I know, you cannot always, but if you can, it is much more helpful.

Second, you have two example filters there. I think the first one is udp and src host ..., and you are saying that it works, but does icmp rather than ump packet?

Third, what is udp and src host 192.168.227.1 dst host 192.168.227.131. Shouldn't it be and dst host (adding the and)?

Fourth, the second filter is icmp and src host ..., and you are seeing an invalid argument error?

In any case, very happy to take PRs on this.

sorry , i run the tests in a vm env and i didn't configure the copy-test so screenshot is much simpler. I would like to explain the detailed errors and copy text for you.

  1. icmp and src host ... didn't work and it should be. unlike tcp and udp, seems and cause the invalid argument error. this also affect icmp6

  2. udp and src... and udp src... (only filter on src) both works, but the first one didn't filter udp packets, instead i saw tcp/icmp packets.... second one works fine please ignore this for now, cannot reproduce, maybe i was wrong.

other errors duing my tests:

  1. filter on some ipv6 address failed , icmp6 and dst host ::1 reports error : unkown host. ::1 is fine for ping6. not sure if this is a valid case
  2. protocol 17 (udp) is not supported.
  3. src 127.0.0.1 and tcp works but src 127.0.0.1 and icmp didn't. error: invalid argument. maybe also the and problem.
  4. tcp and dst port 8000 and 'tcp[tcpflags] & tcp-syn == tcp-syn' doesn't working, it didn't filter on tcp flags