[Click] info on DATA field of InfiniteSource

Cliff Frey cliff at meraki.com
Mon Oct 3 12:15:49 EDT 2011 

That is a pcap file header.  tcpdump behaves the same way:

bug:~/co/gs3$ sudo tcpdump -w /tmp/foo.pcap tcp dst port 8787
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel
bug:~/co/gs3$ ls -l /tmp/foo.pcap
-rw-r--r-- 1 root root *24* 2011-10-03 09:17 /tmp/foo.pcap

Cliff

On Mon, Oct 3, 2011 at 6:56 AM, Luca Costantino
<luca.costantino at gmail.com>wrote:

> 2011/9/30 Cliff Frey <cliff at meraki.com>:
> > This works for me:
> > click -e '
> > InfiniteSource(DATA "packet contents here are ascii", LIMIT 1, STOP true)
> > -> UDPIPEncap(192.168.1.2, 1000, 10.0.0.2, 2000)
> > -> IPPrint(PAYLOAD ascii)
> > -> Discard
> > '
>
> thanks, that worked!
>
> i now have another question. i'm playing with REALLY simple
> configurations, that is something like this
>
> InfiniteSource(DATA "Hello world", LIMIT 5, STOP true)
>         -> UDPIPEncap(192.168.1.2, 1000, 10.0.0.2, 2000)
>         -> ciph :: CheckIPHeader(BADSRC 192.168.1.2)
>
> ciph[0] -> ToDump(correct.dump, ENCAP IP)
> ciph[1] -> ToDump(wrong.dump, ENCAP IP)
>
> even if there are no correct packets (all match the BADSRC rule), i
> end up having two dump files. the wrong.dump contains (correctly) all
> the packets (i can see that from wireshark). the correct.dump file is
> not readable from wireshark or tcpdump, is 24 bytes long, and contains
> the following hexadecimal code
>
>  D4 C3 B2 A1  02 00 04 00   00 00 00 00  00 00 00 00  D0 07 00 00  65 00 00
> 00
>
>
> why is that file created, what does that mean?
>
> luca
> --
> Chiave pubblica http://luca.costantino.googlepages.com/luca.costantino.asc
>
> Prima di tutto vennero a prendere gli zingari e fui contento, perché
> rubacchiavano.
> Poi vennero a prendere gli ebrei e stetti zitto, perché mi stavano
> antipatici.
> Poi vennero a prendere gli omosessuali, e fui sollevato, perché mi
> erano fastidiosi.
> Poi vennero a prendere i comunisti, e io non dissi niente, perché non
> ero comunista.
> Un giorno vennero a prendere me, e non c’era rimasto nessuno a protestare.
> (Martin Niemöller)
>

More information about the click mailing list