[PATCH] Processing VLAN packets in pcapCorpus.py
by Nan Xiao
Hi Hyperscan team,
Below is a trivial patch to support processing VLAN packets in
pcapCorpus.py, not sure it is worth to be merged or not, thanks!
From 2e7146b601d61411e6198f42400970acbacc0ed1 Mon Sep 17 00:00:00 2001
From: Nan Xiao <xiaonan830818(a)gmail.com>
Date: Tue, 7 Jan 2020 09:52:46 +0800
Subject: [PATCH] Processing VLAN packets in pcapCorpus.py
Signed-off-by: Nan Xiao <xiaonan830818(a)gmail.com>
---
tools/hsbench/scripts/pcapCorpus.py | 25 +++++++++++++++++--------
1 file changed, 17 insertions(+), 8 deletions(-)
diff --git a/tools/hsbench/scripts/pcapCorpus.py
b/tools/hsbench/scripts/pcapCorpus.py
index c10bfef..30d6192 100755
--- a/tools/hsbench/scripts/pcapCorpus.py
+++ b/tools/hsbench/scripts/pcapCorpus.py
@@ -216,8 +216,9 @@ def enchunk_pcap(pcapFN, sqliteFN):
#
# Read in the contents of the pcap file, adding stream segments as found
#
- pkt_cnt = 0;
- ip_pkt_cnt = 0;
+ pkt_cnt = 0
+ ip_pkt_cnt = 0
+ ip_pkt_off = 0
unsupported_ip_protocol_cnt = 0
pcap_ref = pcap.pcap(pcapFN)
done = False
@@ -231,16 +232,24 @@ def enchunk_pcap(pcapFN, sqliteFN):
pkt_cnt += 1
linkLayerType = struct.unpack('!H', packet[(pcap_ref.dloff -
2):pcap_ref.dloff])[0]
- if linkLayerType != ETHERTYPE_IP:
- #
- # We're only interested in IP packets
- #
+ #
+ # We're only interested in IP packets
+ #
+ if linkLayerType == ETHERTYPE_VLAN:
+ linkLayerType = struct.unpack('!H',
packet[(pcap_ref.dloff + 2):(pcap_ref.dloff + 4)])[0]
+ if linkLayerType != ETHERTYPE_IP:
+ continue
+ else:
+ ip_pkt_off = pcap_ref.dloff + 4
+ elif linkLayerType == ETHERTYPE_IP:
+ ip_pkt_off = pcap_ref.dloff
+ else:
continue
ip_pkt_cnt += 1
- ip_pkt_total_len = struct.unpack('!H', packet[pcap_ref.dloff
+ 2: pcap_ref.dloff + 4])[0]
- ip_pkt = packet[pcap_ref.dloff:pcap_ref.dloff + ip_pkt_total_len]
+ ip_pkt_total_len = struct.unpack('!H', packet[ip_pkt_off + 2:
ip_pkt_off + 4])[0]
+ ip_pkt = packet[ip_pkt_off:ip_pkt_off + ip_pkt_total_len]
pkt_protocol = struct.unpack('B', ip_pkt[9])[0]
if (pkt_protocol != IPPROTO_UDP) and (pkt_protocol != IPPROTO_TCP):
--
2.21.0 (Apple Git-122)
Best Regards
Nan Xiao
6 months, 4 weeks