Add pcap analysis to XRay #14
Conversation
mathiaspeters
force-pushed
the
xray-pcap-analysis
branch
from
ee12b0d to
747cf65
Compare
xray/src/pcap.rs
Outdated
| 'top_level: while let Ok(packet) = capture.next_packet() { | ||
| let ts = packet.header.ts; | ||
| let ts = ts.tv_sec as u128 * 1_000_000 + ts.tv_usec as u128; | ||
| if let Some(sll2_packet) = SLL2Packet::new(packet.data) { |
There was a problem hiding this comment.
I think switching to early returns will minify the "Indent Hadouken"
There was a problem hiding this comment.
Well more like early continues, or you could also extract singular packet parsing into a seperate function
There was a problem hiding this comment.
You don't like 7-8 levels of indentation?! 😄 I extracted it into a few function with early returns where practical
xray/src/pcap.rs
Outdated
| let mut capture = Capture::from_file(pcap_path)?; | ||
| let mut decrypt_buf = vec![0; 1024]; | ||
|
|
||
| 'top_level: while let Ok(packet) = capture.next_packet() { |
There was a problem hiding this comment.
label is mostly for clarity?, as i don't see any other iteration
There was a problem hiding this comment.
Leftover from a previous version that had nested loops. Removed
| @@ -331,6 +331,41 @@ impl Tunn { | |||
| self.handle_verified_packet(packet, dst) | |||
| } | |||
|
|
|||
| #[cfg(feature = "xray")] | |||
| pub fn decrypt<'a>( | |||
There was a problem hiding this comment.
So you can only use this while tunnel is "hot" right ?
Basicaly we have a 180s * 3 (you can see in timers)
I guess this is fine for now, but would be nice if we could rebuild everything from packet's in long past :D, let's at minimum have a jira ticket to track it
There was a problem hiding this comment.
I had this thought too but didn't really want to dig into it, but it's a good idea 😄 Created LLT-5881 for it
mathiaspeters
force-pushed
the
xray-pcap-analysis
branch
from
747cf65 to
79dbb91
Compare
This PR adds pcap analysis to XRay, though it's likely still not utilized as much as it could, but the infrastructure is now in place.
How it works is that the pcap file is opened in rust when the test is done, since we have the
noise::Tunnobject there that encrypted the packets, and we decrypt the packets after the fact. This requires adding some functions to noise itself, but those are feature gated so they can't be used in the wrong place. The data that is gathered from the pcaps (currently the timestamp provided by tcpdump and the sender index) are written to the CSV file, and then used in the analysis step. The previous histograms have been replaced by stacked historgrams so that the different checkin points can be seen separately.