Skip to content

Research and Decisions (The Why?)

Srinivas P G edited this page May 8, 2019 · 8 revisions

How did you solve the icing problem?

This page is dedicated to the research for different problems and the decision made which has been boiled down to code.

(This page will have iterative updates...)

default Gateway Identification

* This was a bit of a challenge, so I initially routed all the packet to a hardcoded "defaultGateway" node
* Considering attack scenarios for a security tool, this cannot be done in a clean way
* Also, sometimes in valid scenario we dont see packets unicast to the gateway
* Internal LAN routes need to be supported
* Currently at Master, internal LAN works with traffic exiting the LAN routed to defaultGateway
* Recent changes at develop address this issue, a gateway identification is added ( hybrid routing of l2 and l3 was one solution )

Routing ( L2 vs L3 )

* Initially routing was more focused on L3
* To support L2, recent changes have been made
* Following a hybrid route view method

Pcap Engine Support

* Pyshark
* Scapy
* Pcapy
* libpcap
* Splitcap
* Pypcap
* dpkt
* PacketQ
* packetPig

Read/Parse Pcap

* Primary concern is to reduce loops (iteration of each packet) 
  - scapy: possibility to fork and avoid one O(n) iteration

If you have any better solution to any of the problems below, feel free to raise an issue/pull request.

Clone this wiki locally