[Click] click http classification
Vaithiyanathan Sundaram
s.vaithiyanathan at knights.ucf.edu
Tue Jun 26 00:09:58 EDT 2012
Hello,
Sorry for repeated questions. I know I can search and dig for few answers when i look into the code for a longer time, but I thought a question before that might help and save me a lot of time by guiding in the right direction.
1. Does Click have HTTP classification. For instance is it possible to classify http like we do in the case of tcp icmp or udp using classifiers? or the only way to do this is to create a new http header like ip.h or tcp.h and try to parse the data payload like in linux stack?
Thanks a lot in advance.
________________________________________
From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu] on behalf of click-request at pdos.csail.mit.edu [click-request at pdos.csail.mit.edu]
Sent: Monday, June 25, 2012 12:00 PM
To: click at pdos.csail.mit.edu
Subject: click Digest, Vol 108, Issue 10
Send click mailing list submissions to
click at amsterdam.lcs.mit.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://amsterdam.lcs.mit.edu/mailman/listinfo/click
or, via email, send a message with subject or body 'help' to
click-request at amsterdam.lcs.mit.edu
You can reach the person managing the list at
click-owner at amsterdam.lcs.mit.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of click digest..."
Today's Topics:
1. Re: tcpdump file link type header format - in detail
(Vaithiyanathan Sundaram)
2. Re: About my ipsec additions (Markku Savela)
3. Re: tcpdump file link type header format - in detail
(Beyers Cronje)
----------------------------------------------------------------------
Message: 1
Date: Sun, 24 Jun 2012 20:11:16 +0000
From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
Subject: Re: [Click] tcpdump file link type header format - in detail
To: "click at pdos.csail.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
<2F4314DB472A5B4387DBE195EF7F79F4500B26 at BY2PRD0710MB365.namprd07.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Thank you so much for your response Beyers.
This is what I did:
1. TCPDUMP capture commands I tried so far: (I am running linux in Virtual Box). I tried the same in standalone linux too.
tcpdump -i p2p1 -w final.dump
tcpdump -i p2p1 -f tcp -w final.dump
tcpdump -i p2p1 ip -w final.dump
tcpdump -i p2p1 tcp -w final.dump
tcpdump -i p2p1 -A -w final.dump
tcpdump -i p2p1 -x -A -w final.dump
tcpdump -i p2p1 -x -A -nn -vvv -w final.dump
All the commands produced different dumps indeed.
2. My different versions of the .click config files
FromDump(/home/Vaidsu/ClickGUD/click-2.0.1/click-tutorial1/gud.dump, STOP true)
-> cip :: MarkIPHeader
-> ctcp :: CheckTCPHeader(DETAILS true)
-> Discard
DriverManager(pause, print >>details.drops ctcp.drops,
print >>details.drops ctcp.drop_details)
I used MarkIPHeader, CheckIPHeader and even Align(2/4/8,0) offset.
I also tried to use FromDump -> ToDump to convert from EN10MB trace to RAW IP trace.
3. In addition to all these I tried to generate the same dump files in tshark, even WinDump and tried using it here. Also tried converting pcap wireshark dump and using it.
4. I tried FromTcpdump too.
The errors I got so far:
1. Bad Ip header
2. warning: first line suspicious; is this a tcpdump output file?
3. packet parse error - while using FromTcpdump
4. Importantly when I get no error, I found that the details.drops reported that all packets are not TCP. I bet there are lots of TCP flows in the trace. Wireshark could detect it.
9420
9420 not TCP
0 bad packet length
0 bad TCP checksum
Sorry for the long mail. wanted to completely explain my attempts to get your help. I am stuck here.
1. Do I need to create a file that capture RAW IP by avoiding link level headers? Or
2. Do I need to create my own parser to parse the dump files?
Thanks in advance.
________________________________________
From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu] on behalf of click-request at pdos.csail.mit.edu [click-request at pdos.csail.mit.edu]
Sent: Sunday, June 24, 2012 12:00 PM
To: click at pdos.csail.mit.edu
Subject: click Digest, Vol 108, Issue 9
Send click mailing list submissions to
click at amsterdam.lcs.mit.edu
To subscribe or unsubscribe via the World Wide Web, visit
https://amsterdam.lcs.mit.edu/mailman/listinfo/click
or, via email, send a message with subject or body 'help' to
click-request at amsterdam.lcs.mit.edu
You can reach the person managing the list at
click-owner at amsterdam.lcs.mit.edu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of click digest..."
Today's Topics:
1. tcpdump file link type header format (Vaithiyanathan Sundaram)
2. Re: tcpdump file link type header format (Beyers Cronje)
----------------------------------------------------------------------
Message: 1
Date: Sat, 23 Jun 2012 19:44:53 +0000
From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
Subject: [Click] tcpdump file link type header format
To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
<2F4314DB472A5B4387DBE195EF7F79F4500AFD at BY2PRD0710MB365.namprd07.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
My first requirement is to generate TCP traffic with respect to the input in the form of tcpdump.
I tried using
FromDump(...)
-> CheckTCPHeader
-> My parser
-> TCPIPSend (according to the parser).
I am working on a shared buffer research. I need a tcp traffic generator as per the dump. My only problem is the tcpdump type. I could only collect a TCP dump with EN01B (ethernet) link type header. I think click elements requires RAW IP header format. How do I generate that? Is there any other way.
Please help. Thanks a lot.
Vaithiyanathan
Mailing list: s.vaithiyanathan at knights.ucf.edu
------------------------------
Message: 2
Date: Sat, 23 Jun 2012 22:46:28 +0200
From: Beyers Cronje <bcronje at gmail.com>
Subject: Re: [Click] tcpdump file link type header format
To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
<CAOO3n8WgdAE36QSv9R=74Fhx69sWcZT-_MPfZFiSTFo=OGRjig at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Have you actually tried running FromDump with that capture file? What error
are you getting?
Note you should include a MarkIPHeader or CheckIPHeader element before
CheckTCPHeader as it requires the IP header annotation to be set already.
Beyers
On Sat, Jun 23, 2012 at 9:44 PM, Vaithiyanathan Sundaram <
s.vaithiyanathan at knights.ucf.edu> wrote:
> Hello,
>
> My first requirement is to generate TCP traffic with respect to the input
> in the form of tcpdump.
> I tried using
> FromDump(...)
> -> CheckTCPHeader
> -> My parser
> -> TCPIPSend (according to the parser).
>
> I am working on a shared buffer research. I need a tcp traffic generator
> as per the dump. My only problem is the tcpdump type. I could only collect
> a TCP dump with EN01B (ethernet) link type header. I think click elements
> requires RAW IP header format. How do I generate that? Is there any other
> way.
>
> Please help. Thanks a lot.
>
> Vaithiyanathan
> Mailing list: s.vaithiyanathan at knights.ucf.edu
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
------------------------------
_______________________________________________
click mailing list
click at amsterdam.lcs.mit.edu
https://amsterdam.lcs.mit.edu/mailman/listinfo/click
End of click Digest, Vol 108, Issue 9
*************************************
------------------------------
Message: 2
Date: Mon, 25 Jun 2012 09:37:54 +0300
From: Markku Savela <Markku.Savela at vtt.fi>
Subject: Re: [Click] About my ipsec additions
To: <kohler at seas.harvard.edu>
Cc: click at pdos.csail.mit.edu
Message-ID: <4FE80742.9030808 at vtt.fi>
Content-Type: text/plain; charset="UTF-8"; format=flowed
On 06/22/2012 07:00 PM, Eddie Kohler wrote:
> But I looked through it very briefly for nits. Here are two,
> interested in your thoughts.
> - IPsec::Mutex: Why? We have Spinlock for this... At least make it a
> nested class or call it IPsecMutex.
I guess I forgot to look for such. Though, the main service
of my version is the automatic lock on construct and automatic
release on destructor -- you get "critical" region for the code
block by simply declaring the mutex inside it -- no other calls
needed because the compiler does all the work (no worry about
accidentally leaving the lock on). But yes, could be derived
from Spinlock...
> - dynamic_cast: What you actually want to do here is call "cast()", a
> Click-specific function designed for exactly this use. So
>
> IPsecTransform *tr = (IPsecTransform *)
> e->output(port).element()->cast("IPsecTransform");
Assuming it returns NULL, if element is not derived from
IPsecTransform.
------------------------------
Message: 3
Date: Mon, 25 Jun 2012 10:49:22 +0200
From: Beyers Cronje <bcronje at gmail.com>
Subject: Re: [Click] tcpdump file link type header format - in detail
To: "click at pdos.csail.mit.edu" <click at pdos.csail.mit.edu>
Message-ID:
<CAOO3n8Xh-eF2Y7Jy=MXD4BNF5OnxrL--Hq=NtAKnEsOQB9j10A at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hi,
You need to give the offset of where the IP header starts. You also can't
just assume that all packets are indeed IP or TCP. So I would suggest
something in the line of the following example (note this example is for
ethernet, change to your layer 2 protocol specs accordingly):
FromDump(dump.pcap) -> Classifier(12/0800) -> MarkIPHeader(14) ->
IPClassifier(tcp) -> CheckTCPHeader -> your other elements
Beyers
On Sun, Jun 24, 2012 at 10:11 PM, Vaithiyanathan Sundaram <
s.vaithiyanathan at knights.ucf.edu> wrote:
> Thank you so much for your response Beyers.
>
> This is what I did:
>
> 1. TCPDUMP capture commands I tried so far: (I am running linux in Virtual
> Box). I tried the same in standalone linux too.
> tcpdump -i p2p1 -w final.dump
> tcpdump -i p2p1 -f tcp -w final.dump
> tcpdump -i p2p1 ip -w final.dump
> tcpdump -i p2p1 tcp -w final.dump
> tcpdump -i p2p1 -A -w final.dump
> tcpdump -i p2p1 -x -A -w final.dump
> tcpdump -i p2p1 -x -A -nn -vvv -w final.dump
> All the commands produced different dumps indeed.
>
> 2. My different versions of the .click config files
> FromDump(/home/Vaidsu/ClickGUD/click-2.0.1/click-tutorial1/gud.dump, STOP
> true)
> -> cip :: MarkIPHeader
> -> ctcp :: CheckTCPHeader(DETAILS true)
> -> Discard
> DriverManager(pause, print >>details.drops ctcp.drops,
> print >>details.drops ctcp.drop_details)
> I used MarkIPHeader, CheckIPHeader and even Align(2/4/8,0) offset.
> I also tried to use FromDump -> ToDump to convert from EN10MB trace to RAW
> IP trace.
>
> 3. In addition to all these I tried to generate the same dump files in
> tshark, even WinDump and tried using it here. Also tried converting pcap
> wireshark dump and using it.
>
> 4. I tried FromTcpdump too.
>
> The errors I got so far:
> 1. Bad Ip header
> 2. warning: first line suspicious; is this a tcpdump output file?
> 3. packet parse error - while using FromTcpdump
> 4. Importantly when I get no error, I found that the details.drops
> reported that all packets are not TCP. I bet there are lots of TCP flows in
> the trace. Wireshark could detect it.
> 9420
> 9420 not TCP
> 0 bad packet length
> 0 bad TCP checksum
>
> Sorry for the long mail. wanted to completely explain my attempts to get
> your help. I am stuck here.
> 1. Do I need to create a file that capture RAW IP by avoiding link level
> headers? Or
> 2. Do I need to create my own parser to parse the dump files?
>
> Thanks in advance.
>
>
> ________________________________________
> From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu]
> on behalf of click-request at pdos.csail.mit.edu [
> click-request at pdos.csail.mit.edu]
> Sent: Sunday, June 24, 2012 12:00 PM
> To: click at pdos.csail.mit.edu
> Subject: click Digest, Vol 108, Issue 9
>
> Send click mailing list submissions to
> click at amsterdam.lcs.mit.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> or, via email, send a message with subject or body 'help' to
> click-request at amsterdam.lcs.mit.edu
>
> You can reach the person managing the list at
> click-owner at amsterdam.lcs.mit.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of click digest..."
>
>
> Today's Topics:
>
> 1. tcpdump file link type header format (Vaithiyanathan Sundaram)
> 2. Re: tcpdump file link type header format (Beyers Cronje)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 23 Jun 2012 19:44:53 +0000
> From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
> Subject: [Click] tcpdump file link type header format
> To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
> <
> 2F4314DB472A5B4387DBE195EF7F79F4500AFD at BY2PRD0710MB365.namprd07.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> My first requirement is to generate TCP traffic with respect to the input
> in the form of tcpdump.
> I tried using
> FromDump(...)
> -> CheckTCPHeader
> -> My parser
> -> TCPIPSend (according to the parser).
>
> I am working on a shared buffer research. I need a tcp traffic generator
> as per the dump. My only problem is the tcpdump type. I could only collect
> a TCP dump with EN01B (ethernet) link type header. I think click elements
> requires RAW IP header format. How do I generate that? Is there any other
> way.
>
> Please help. Thanks a lot.
>
> Vaithiyanathan
> Mailing list: s.vaithiyanathan at knights.ucf.edu
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 23 Jun 2012 22:46:28 +0200
> From: Beyers Cronje <bcronje at gmail.com>
> Subject: Re: [Click] tcpdump file link type header format
> To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
> <CAOO3n8WgdAE36QSv9R=74Fhx69sWcZT-_MPfZFiSTFo=OGRjig at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Have you actually tried running FromDump with that capture file? What error
> are you getting?
>
> Note you should include a MarkIPHeader or CheckIPHeader element before
> CheckTCPHeader as it requires the IP header annotation to be set already.
>
> Beyers
>
> On Sat, Jun 23, 2012 at 9:44 PM, Vaithiyanathan Sundaram <
> s.vaithiyanathan at knights.ucf.edu> wrote:
>
> > Hello,
> >
> > My first requirement is to generate TCP traffic with respect to the input
> > in the form of tcpdump.
> > I tried using
> > FromDump(...)
> > -> CheckTCPHeader
> > -> My parser
> > -> TCPIPSend (according to the parser).
> >
> > I am working on a shared buffer research. I need a tcp traffic generator
> > as per the dump. My only problem is the tcpdump type. I could only
> collect
> > a TCP dump with EN01B (ethernet) link type header. I think click elements
> > requires RAW IP header format. How do I generate that? Is there any other
> > way.
> >
> > Please help. Thanks a lot.
> >
> > Vaithiyanathan
> > Mailing list: s.vaithiyanathan at knights.ucf.edu
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
>
>
> ------------------------------
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>
> End of click Digest, Vol 108, Issue 9
> *************************************
>
>
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
------------------------------
_______________________________________________
click mailing list
click at amsterdam.lcs.mit.edu
https://amsterdam.lcs.mit.edu/mailman/listinfo/click
End of click Digest, Vol 108, Issue 10
**************************************
More information about the click
mailing list