-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add pcap analysis to XRay #14
base: main
Are you sure you want to change the base?
Conversation
ee12b0d
to
747cf65
Compare
xray/src/pcap.rs
Outdated
'top_level: while let Ok(packet) = capture.next_packet() { | ||
let ts = packet.header.ts; | ||
let ts = ts.tv_sec as u128 * 1_000_000 + ts.tv_usec as u128; | ||
if let Some(sll2_packet) = SLL2Packet::new(packet.data) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think switching to early returns will minify the "Indent Hadouken"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well more like early continues, or you could also extract singular packet parsing into a seperate function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't like 7-8 levels of indentation?! 😄 I extracted it into a few function with early returns where practical
xray/src/pcap.rs
Outdated
let mut capture = Capture::from_file(pcap_path)?; | ||
let mut decrypt_buf = vec![0; 1024]; | ||
|
||
'top_level: while let Ok(packet) = capture.next_packet() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
label is mostly for clarity?, as i don't see any other iteration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Leftover from a previous version that had nested loops. Removed
@@ -331,6 +331,41 @@ impl Tunn { | |||
self.handle_verified_packet(packet, dst) | |||
} | |||
|
|||
#[cfg(feature = "xray")] | |||
pub fn decrypt<'a>( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So you can only use this while tunnel is "hot" right ?
Basicaly we have a 180s * 3 (you can see in timers)
I guess this is fine for now, but would be nice if we could rebuild everything from packet's in long past :D, let's at minimum have a jira ticket to track it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had this thought too but didn't really want to dig into it, but it's a good idea 😄 Created LLT-5881 for it
747cf65
to
79dbb91
Compare
79dbb91
to
c7d175b
Compare
This PR adds pcap analysis to XRay, though it's likely still not utilized as much as it could, but the infrastructure is now in place.
How it works is that the pcap file is opened in rust when the test is done, since we have the
noise::Tunn
object there that encrypted the packets, and we decrypt the packets after the fact. This requires adding some functions to noise itself, but those are feature gated so they can't be used in the wrong place. The data that is gathered from the pcaps (currently the timestamp provided by tcpdump and the sender index) are written to the CSV file, and then used in the analysis step. The previous histograms have been replaced by stacked historgrams so that the different checkin points can be seen separately.