[Click] click http classification

Beyers Cronje bcronje at gmail.com
Tue Jun 26 04:43:51 EDT 2012 

You could classify based on TCP port for HTTP. This however would obviously
not filter non-http traffic masquerading under port 80. For that you would
have to create your own element to parse the http headers.

On Tue, Jun 26, 2012 at 6:09 AM, Vaithiyanathan Sundaram <
s.vaithiyanathan at knights.ucf.edu> wrote:

> Hello,
>
> Sorry for repeated questions. I know I can search and dig for few answers
> when i look into the code for a longer time, but I thought a question
> before that might help and save me a lot of time by guiding in the right
> direction.
>
> 1. Does Click have HTTP classification. For instance is it possible to
> classify http like we do in the case of tcp icmp or udp using classifiers?
> or the only way to do this is to create a new http header like ip.h or
> tcp.h and try to parse the data payload like in linux stack?
>
> Thanks a lot in advance.
> ________________________________________
> From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu]
> on behalf of click-request at pdos.csail.mit.edu [
> click-request at pdos.csail.mit.edu]
> Sent: Monday, June 25, 2012 12:00 PM
> To: click at pdos.csail.mit.edu
> Subject: click Digest, Vol 108, Issue 10
>
> Send click mailing list submissions to
>        click at amsterdam.lcs.mit.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> or, via email, send a message with subject or body 'help' to
>        click-request at amsterdam.lcs.mit.edu
>
> You can reach the person managing the list at
>        click-owner at amsterdam.lcs.mit.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of click digest..."
>
>
> Today's Topics:
>
>   1. Re: tcpdump file link type header format - in detail
>      (Vaithiyanathan Sundaram)
>   2. Re: About my ipsec additions (Markku Savela)
>   3. Re: tcpdump file link type header format - in detail
>      (Beyers Cronje)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 24 Jun 2012 20:11:16 +0000
> From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
> Subject: Re: [Click] tcpdump file link type header format - in detail
> To: "click at pdos.csail.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
>        <
> 2F4314DB472A5B4387DBE195EF7F79F4500B26 at BY2PRD0710MB365.namprd07.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="us-ascii"
>
> Thank you so much for your response Beyers.
>
> This is what I did:
>
> 1. TCPDUMP capture commands I tried so far: (I am running linux in Virtual
> Box). I tried the same in standalone linux too.
> tcpdump -i p2p1 -w final.dump
> tcpdump -i p2p1 -f tcp -w final.dump
> tcpdump -i p2p1 ip -w final.dump
> tcpdump -i p2p1 tcp -w final.dump
> tcpdump -i p2p1 -A -w final.dump
> tcpdump -i p2p1 -x -A -w final.dump
> tcpdump -i p2p1 -x -A -nn -vvv -w final.dump
> All the commands produced different dumps indeed.
>
> 2. My different versions of the .click config files
> FromDump(/home/Vaidsu/ClickGUD/click-2.0.1/click-tutorial1/gud.dump, STOP
> true)
> -> cip  :: MarkIPHeader
> -> ctcp :: CheckTCPHeader(DETAILS true)
> -> Discard
> DriverManager(pause, print >>details.drops ctcp.drops,
>                print >>details.drops ctcp.drop_details)
> I used MarkIPHeader, CheckIPHeader and even Align(2/4/8,0) offset.
> I also tried to use FromDump -> ToDump to convert from EN10MB trace to RAW
> IP trace.
>
> 3. In addition to all these I tried to generate the same dump files in
> tshark, even WinDump and tried using it here. Also tried converting pcap
> wireshark dump and using it.
>
> 4. I tried FromTcpdump too.
>
> The errors I got so far:
> 1. Bad Ip header
> 2. warning: first line suspicious; is this a tcpdump output file?
> 3. packet parse error - while using FromTcpdump
> 4. Importantly when I get no error, I found that the details.drops
> reported that all packets are not TCP. I bet there are lots of TCP flows in
> the trace. Wireshark could detect it.
> 9420
> 9420    not TCP
> 0       bad packet length
> 0       bad TCP checksum
>
> Sorry for the long mail. wanted to completely explain my attempts to get
> your help. I am stuck here.
> 1. Do I need to create a file that capture RAW IP by avoiding link level
> headers? Or
> 2. Do I need to create my own parser to parse the dump files?
>
> Thanks in advance.
>
>
> ________________________________________
> From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu]
> on behalf of click-request at pdos.csail.mit.edu [
> click-request at pdos.csail.mit.edu]
> Sent: Sunday, June 24, 2012 12:00 PM
> To: click at pdos.csail.mit.edu
> Subject: click Digest, Vol 108, Issue 9
>
> Send click mailing list submissions to
>        click at amsterdam.lcs.mit.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> or, via email, send a message with subject or body 'help' to
>        click-request at amsterdam.lcs.mit.edu
>
> You can reach the person managing the list at
>        click-owner at amsterdam.lcs.mit.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of click digest..."
>
>
> Today's Topics:
>
>   1. tcpdump file link type header format (Vaithiyanathan Sundaram)
>   2. Re: tcpdump file link type header format (Beyers Cronje)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 23 Jun 2012 19:44:53 +0000
> From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
> Subject: [Click] tcpdump file link type header format
> To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
>        <
> 2F4314DB472A5B4387DBE195EF7F79F4500AFD at BY2PRD0710MB365.namprd07.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> My first requirement is to generate TCP traffic with respect to the input
> in the form of tcpdump.
> I tried using
> FromDump(...)
> -> CheckTCPHeader
> -> My parser
> -> TCPIPSend (according to the parser).
>
> I am working on a shared buffer research. I need a tcp traffic generator
> as per the dump. My only problem is the tcpdump type. I could only collect
> a TCP dump with EN01B (ethernet) link type header. I think click elements
> requires RAW IP header format. How do I generate that? Is there any other
> way.
>
> Please help. Thanks a lot.
>
> Vaithiyanathan
> Mailing list: s.vaithiyanathan at knights.ucf.edu
>
>
> ------------------------------
>
> Message: 2
> Date: Sat, 23 Jun 2012 22:46:28 +0200
> From: Beyers Cronje <bcronje at gmail.com>
> Subject: Re: [Click] tcpdump file link type header format
> To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
>        <CAOO3n8WgdAE36QSv9R=74Fhx69sWcZT-_MPfZFiSTFo=OGRjig at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Have you actually tried running FromDump with that capture file? What error
> are you getting?
>
> Note you should include a MarkIPHeader or CheckIPHeader element before
> CheckTCPHeader as it requires the IP header annotation to be set already.
>
> Beyers
>
> On Sat, Jun 23, 2012 at 9:44 PM, Vaithiyanathan Sundaram <
> s.vaithiyanathan at knights.ucf.edu> wrote:
>
> > Hello,
> >
> > My first requirement is to generate TCP traffic with respect to the input
> > in the form of tcpdump.
> > I tried using
> > FromDump(...)
> > -> CheckTCPHeader
> > -> My parser
> > -> TCPIPSend (according to the parser).
> >
> > I am working on a shared buffer research. I need a tcp traffic generator
> > as per the dump. My only problem is the tcpdump type. I could only
> collect
> > a TCP dump with EN01B (ethernet) link type header. I think click elements
> > requires RAW IP header format. How do I generate that? Is there any other
> > way.
> >
> > Please help. Thanks a lot.
> >
> > Vaithiyanathan
> > Mailing list: s.vaithiyanathan at knights.ucf.edu
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
>
>
> ------------------------------
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>
> End of click Digest, Vol 108, Issue 9
> *************************************
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 25 Jun 2012 09:37:54 +0300
> From: Markku Savela <Markku.Savela at vtt.fi>
> Subject: Re: [Click] About my ipsec additions
> To: <kohler at seas.harvard.edu>
> Cc: click at pdos.csail.mit.edu
> Message-ID: <4FE80742.9030808 at vtt.fi>
> Content-Type: text/plain; charset="UTF-8"; format=flowed
>
> On 06/22/2012 07:00 PM, Eddie Kohler wrote:
>
> > But I looked through it very briefly for nits. Here are two,
> > interested in your thoughts.
> > - IPsec::Mutex: Why? We have Spinlock for this... At least make it a
> > nested class or call it IPsecMutex.
>
> I guess I forgot to look for such. Though, the main service
> of my version is the automatic lock on construct and automatic
> release on destructor -- you get "critical" region for the code
> block by simply declaring the mutex inside it -- no other calls
> needed because the compiler does all the work (no worry about
> accidentally leaving the lock on). But yes, could be derived
> from Spinlock...
>
> > - dynamic_cast: What you actually want to do here is call "cast()", a
> > Click-specific function designed for exactly this use. So
> >
> > IPsecTransform *tr = (IPsecTransform *)
> > e->output(port).element()->cast("IPsecTransform");
>
> Assuming it returns NULL, if element is not derived from
> IPsecTransform.
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 25 Jun 2012 10:49:22 +0200
> From: Beyers Cronje <bcronje at gmail.com>
> Subject: Re: [Click] tcpdump file link type header format - in detail
> To: "click at pdos.csail.mit.edu" <click at pdos.csail.mit.edu>
> Message-ID:
>        <CAOO3n8Xh-eF2Y7Jy=MXD4BNF5OnxrL--Hq=NtAKnEsOQB9j10A at mail.gmail.com
> >
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> You need to give the offset of where the IP header starts. You also can't
> just assume that all packets are indeed IP or TCP. So I would suggest
> something in the line of the following example (note this example is for
> ethernet, change to your layer 2 protocol specs accordingly):
>
> FromDump(dump.pcap) -> Classifier(12/0800) -> MarkIPHeader(14) ->
> IPClassifier(tcp) ->  CheckTCPHeader -> your other elements
>
> Beyers
>
> On Sun, Jun 24, 2012 at 10:11 PM, Vaithiyanathan Sundaram <
> s.vaithiyanathan at knights.ucf.edu> wrote:
>
> > Thank you so much for your response Beyers.
> >
> > This is what I did:
> >
> > 1. TCPDUMP capture commands I tried so far: (I am running linux in
> Virtual
> > Box). I tried the same in standalone linux too.
> > tcpdump -i p2p1 -w final.dump
> > tcpdump -i p2p1 -f tcp -w final.dump
> > tcpdump -i p2p1 ip -w final.dump
> > tcpdump -i p2p1 tcp -w final.dump
> > tcpdump -i p2p1 -A -w final.dump
> > tcpdump -i p2p1 -x -A -w final.dump
> > tcpdump -i p2p1 -x -A -nn -vvv -w final.dump
> > All the commands produced different dumps indeed.
> >
> > 2. My different versions of the .click config files
> > FromDump(/home/Vaidsu/ClickGUD/click-2.0.1/click-tutorial1/gud.dump, STOP
> > true)
> > -> cip  :: MarkIPHeader
> > -> ctcp :: CheckTCPHeader(DETAILS true)
> > -> Discard
> > DriverManager(pause, print >>details.drops ctcp.drops,
> >                print >>details.drops ctcp.drop_details)
> > I used MarkIPHeader, CheckIPHeader and even Align(2/4/8,0) offset.
> > I also tried to use FromDump -> ToDump to convert from EN10MB trace to
> RAW
> > IP trace.
> >
> > 3. In addition to all these I tried to generate the same dump files in
> > tshark, even WinDump and tried using it here. Also tried converting pcap
> > wireshark dump and using it.
> >
> > 4. I tried FromTcpdump too.
> >
> > The errors I got so far:
> > 1. Bad Ip header
> > 2. warning: first line suspicious; is this a tcpdump output file?
> > 3. packet parse error - while using FromTcpdump
> > 4. Importantly when I get no error, I found that the details.drops
> > reported that all packets are not TCP. I bet there are lots of TCP flows
> in
> > the trace. Wireshark could detect it.
> > 9420
> > 9420    not TCP
> > 0       bad packet length
> > 0       bad TCP checksum
> >
> > Sorry for the long mail. wanted to completely explain my attempts to get
> > your help. I am stuck here.
> > 1. Do I need to create a file that capture RAW IP by avoiding link level
> > headers? Or
> > 2. Do I need to create my own parser to parse the dump files?
> >
> > Thanks in advance.
> >
> >
> > ________________________________________
> > From: click-bounces at pdos.csail.mit.edu [click-bounces at pdos.csail.mit.edu
> ]
> > on behalf of click-request at pdos.csail.mit.edu [
> > click-request at pdos.csail.mit.edu]
> > Sent: Sunday, June 24, 2012 12:00 PM
> > To: click at pdos.csail.mit.edu
> > Subject: click Digest, Vol 108, Issue 9
> >
> > Send click mailing list submissions to
> >        click at amsterdam.lcs.mit.edu
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >        https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> > or, via email, send a message with subject or body 'help' to
> >        click-request at amsterdam.lcs.mit.edu
> >
> > You can reach the person managing the list at
> >        click-owner at amsterdam.lcs.mit.edu
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of click digest..."
> >
> >
> > Today's Topics:
> >
> >   1. tcpdump file link type header format (Vaithiyanathan Sundaram)
> >   2. Re: tcpdump file link type header format (Beyers Cronje)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Sat, 23 Jun 2012 19:44:53 +0000
> > From: Vaithiyanathan Sundaram <s.vaithiyanathan at knights.ucf.edu>
> > Subject: [Click] tcpdump file link type header format
> > To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> > Message-ID:
> >        <
> >
> 2F4314DB472A5B4387DBE195EF7F79F4500AFD at BY2PRD0710MB365.namprd07.prod.outlook.com
> > >
> >
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hello,
> >
> > My first requirement is to generate TCP traffic with respect to the input
> > in the form of tcpdump.
> > I tried using
> > FromDump(...)
> > -> CheckTCPHeader
> > -> My parser
> > -> TCPIPSend (according to the parser).
> >
> > I am working on a shared buffer research. I need a tcp traffic generator
> > as per the dump. My only problem is the tcpdump type. I could only
> collect
> > a TCP dump with EN01B (ethernet) link type header. I think click elements
> > requires RAW IP header format. How do I generate that? Is there any other
> > way.
> >
> > Please help. Thanks a lot.
> >
> > Vaithiyanathan
> > Mailing list: s.vaithiyanathan at knights.ucf.edu
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Sat, 23 Jun 2012 22:46:28 +0200
> > From: Beyers Cronje <bcronje at gmail.com>
> > Subject: Re: [Click] tcpdump file link type header format
> > To: "click at amsterdam.lcs.mit.edu" <click at pdos.csail.mit.edu>
> > Message-ID:
> >        <CAOO3n8WgdAE36QSv9R=74Fhx69sWcZT-_MPfZFiSTFo=
> OGRjig at mail.gmail.com
> > >
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > Have you actually tried running FromDump with that capture file? What
> error
> > are you getting?
> >
> > Note you should include a MarkIPHeader or CheckIPHeader element before
> > CheckTCPHeader as it requires the IP header annotation to be set already.
> >
> > Beyers
> >
> > On Sat, Jun 23, 2012 at 9:44 PM, Vaithiyanathan Sundaram <
> > s.vaithiyanathan at knights.ucf.edu> wrote:
> >
> > > Hello,
> > >
> > > My first requirement is to generate TCP traffic with respect to the
> input
> > > in the form of tcpdump.
> > > I tried using
> > > FromDump(...)
> > > -> CheckTCPHeader
> > > -> My parser
> > > -> TCPIPSend (according to the parser).
> > >
> > > I am working on a shared buffer research. I need a tcp traffic
> generator
> > > as per the dump. My only problem is the tcpdump type. I could only
> > collect
> > > a TCP dump with EN01B (ethernet) link type header. I think click
> elements
> > > requires RAW IP header format. How do I generate that? Is there any
> other
> > > way.
> > >
> > > Please help. Thanks a lot.
> > >
> > > Vaithiyanathan
> > > Mailing list: s.vaithiyanathan at knights.ucf.edu
> > > _______________________________________________
> > > click mailing list
> > > click at amsterdam.lcs.mit.edu
> > > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> > >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
> >
> > End of click Digest, Vol 108, Issue 9
> > *************************************
> >
> >
> >
> > _______________________________________________
> > click mailing list
> > click at amsterdam.lcs.mit.edu
> > https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> >
>
>
> ------------------------------
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>
>
> End of click Digest, Vol 108, Issue 10
> **************************************
>
>
>
> _______________________________________________
> click mailing list
> click at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>

More information about the click mailing list