Add basic support for some ip-in-ip tunnels

Add support for 4in4, 6in6 and 4in6 encapsulations Add support for ipv6 traffic in gtp tunnels, too To allow gtp unit test, gtp detunneling flag has been globally enabled in the test suite
author: Nardi Ivan <nardi.ivan@gmail.com> 2020-04-21 20:43:29 +0200
committer: Nardi Ivan <nardi.ivan@gmail.com> 2020-04-23 10:55:33 +0200
commit: f965983c23e1c9fc4dbbd294bc39217660f7169b (patch)
tree: 5736b79212f207263b47e521e5085e40f8ce934c /tests
parent: 0b702c20d32c4fab113f5c3da7e503f7fd1a9ec5 (diff)
10 files changed, 32 insertions, 4 deletions
diff --git a/tests/do.sh b/tests/do.sh
index 5c7ea452e..78e6216d9 100755
--- a/tests/do.sh
+++ b/tests/do.sh
@@ -10,7 +10,7 @@ build_results() {
 	#echo $f
 	# create result files if not present
 	if [ ! -f result/$f.out ]; then
-	    CMD="$READER -q -i pcap/$f -w result/$f.out -v 2"
+	    CMD="$READER -q -t -i pcap/$f -w result/$f.out -v 2"
 	    $CMD 
 	fi
 	# test fuzz target built with sanitizer on input from corpus
@@ -23,7 +23,7 @@ build_results() {
 check_results() {
     for f in $PCAPS; do 
 	if [ -f result/$f.out ]; then
-	    CMD="$READER -q -i pcap/$f -w /tmp/reader.out -v 2"
+	    CMD="$READER -q -t -i pcap/$f -w /tmp/reader.out -v 2"
 	    $CMD
 	    NUM_DIFF=`diff result/$f.out /tmp/reader.out | wc -l`
 	    
diff --git a/tests/pcap/4in4tunnel.pcap b/tests/pcap/4in4tunnel.pcap
new file mode 100644
index 000000000..769ab66fb
--- /dev/null
+++ b/tests/pcap/4in4tunnel.pcap
diff --git a/tests/pcap/4in6tunnel.pcap b/tests/pcap/4in6tunnel.pcap
new file mode 100644
index 000000000..9a23cb33d
--- /dev/null
+++ b/tests/pcap/4in6tunnel.pcap
diff --git a/tests/pcap/6in6tunnel.pcap b/tests/pcap/6in6tunnel.pcap
new file mode 100644
index 000000000..c5838fd13
--- /dev/null
+++ b/tests/pcap/6in6tunnel.pcap
diff --git a/tests/pcap/ipv6_in_gtp.pcap b/tests/pcap/ipv6_in_gtp.pcap
new file mode 100644
index 000000000..336fc49fc
--- /dev/null
+++ b/tests/pcap/ipv6_in_gtp.pcap
diff --git a/tests/result/4in4tunnel.pcap.out b/tests/result/4in4tunnel.pcap.out
new file mode 100644
index 000000000..1447acf69
--- /dev/null
+++ b/tests/result/4in4tunnel.pcap.out
@@ -0,0 +1,6 @@
+Unknown	5	850	1
+
+
+
+Undetected flows:
+	1	UDP 10.10.100.25:62367 -> 10.10.101.2:17000 [VLAN: 505][proto: 0/Unknown][5 pkts/850 bytes -> 0 pkts/0 bytes][Goodput ratio: 59/0][121572.07 sec]
diff --git a/tests/result/4in6tunnel.pcap.out b/tests/result/4in6tunnel.pcap.out
new file mode 100644
index 000000000..acea404c3
--- /dev/null
+++ b/tests/result/4in6tunnel.pcap.out
@@ -0,0 +1,8 @@
+Microsoft	4	2188	1
+
+JA3 Host Stats: 
+		 IP Address                  	 # JA3C     
+	1	 192.168.0.1              	 1      
+
+
+	1	TCP 192.168.0.1:64455 <-> 10.10.10.1:443 [proto: 91.212/TLS.Microsoft][cat: Web/5][2 pkts/520 bytes <-> 2 pkts/1668 bytes][Goodput ratio: 43/82][< 1 sec][ALPN: h2;http/1.1][TLSv1.2][Client: www.bing.com][JA3C: 9e10692f1b7f78228b2d4e424db3a98c]
diff --git a/tests/result/6in6tunnel.pcap.out b/tests/result/6in6tunnel.pcap.out
new file mode 100644
index 000000000..2e4d484eb
--- /dev/null
+++ b/tests/result/6in6tunnel.pcap.out
@@ -0,0 +1,6 @@
+Unknown	2	212	1
+
+
+
+Undetected flows:
+	1	UDP [dead::beef]:30000 -> [cafe::babe]:13000 [proto: 0/Unknown][2 pkts/212 bytes -> 0 pkts/0 bytes][Goodput ratio: 4/0][0.00 sec]
diff --git a/tests/result/capwap.pcap.out b/tests/result/capwap.pcap.out
index 5a500f679..aa52b65cc 100644
--- a/tests/result/capwap.pcap.out
+++ b/tests/result/capwap.pcap.out
@@ -1,8 +1,8 @@
 DNS	2	166	1
-CAPWAP	395	98343	4
+CAPWAP	393	98074	4
 
 	1	UDP 192.168.10.9:5246 <-> 192.168.10.10:12380 [proto: 247/CAPWAP][cat: Network/14][106 pkts/26144 bytes <-> 111 pkts/37530 bytes][Goodput ratio: 83/88][169.10 sec][bytes ratio: -0.179 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1421/1619 21349/21721 3881/4475][Pkt Len c2s/s2c min/avg/max/stddev: 106/115 247/338 1499/1499 292/381][PLAIN TEXT (Cisco Systems)]
-	2	UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][cat: Network/14][170 pkts/33465 bytes <-> 3 pkts/437 bytes][Goodput ratio: 79/71][157.99 sec][bytes ratio: 0.974 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 964/0 3999/0 858/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/125 197/146 470/168 78/18]
+	2	UDP 192.168.10.10:12380 <-> 192.168.10.9:5247 [proto: 247/CAPWAP][cat: Network/14][170 pkts/33465 bytes <-> 1 pkts/168 bytes][Goodput ratio: 79/75][157.99 sec][bytes ratio: 0.990 (Upload)][IAT c2s/s2c min/avg/max/stddev: 0/0 961/0 3999/0 859/0][Pkt Len c2s/s2c min/avg/max/stddev: 93/168 197/168 470/168 78/0]
 	3	UDP 192.168.10.10:12380 -> 255.255.255.255:5246 [proto: 247/CAPWAP][cat: Network/14][4 pkts/660 bytes -> 0 pkts/0 bytes][Goodput ratio: 74/0][130.41 sec][PLAIN TEXT (838.61f)]
 	4	UDP 192.168.10.10:49259 -> 255.255.255.255:53 [proto: 5/DNS][cat: Network/14][2 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 49/0][3.00 sec][Host: cisco-capwap-controller][::][PLAIN TEXT (CAPWAP)]
 	5	UDP 192.168.10.9:5246 -> 192.168.10.10:12379 [proto: 247/CAPWAP][cat: Network/14][1 pkts/107 bytes -> 0 pkts/0 bytes][Goodput ratio: 60/0][< 1 sec]
diff --git a/tests/result/ipv6_in_gtp.pcap.out b/tests/result/ipv6_in_gtp.pcap.out
new file mode 100644
index 000000000..064b1103d
--- /dev/null
+++ b/tests/result/ipv6_in_gtp.pcap.out
@@ -0,0 +1,8 @@
+Unknown	1	150	1
+IPsec	1	166	1
+
+	1	50 [2a01:4c8:c014:144e:1:2:945b:6761]:0 -> [2a01:4c8:f000:f49::4]:0 [VLAN: 2][proto: GTP:79/IPsec][cat: VPN/2][1 pkts/166 bytes -> 0 pkts/0 bytes][Goodput ratio: 0/0][< 1 sec]
+
+
+Undetected flows:
+	1	UDP [2607:fc20:4052:39e:490a:ea4d:17fe:e09c]:49120 -> [fd00:976a:bc67:193e::7]:25658 [VLAN: 5][proto: GTP:0/Unknown][1 pkts/150 bytes -> 0 pkts/0 bytes][Goodput ratio: 29/0][< 1 sec]
author	Nardi Ivan <nardi.ivan@gmail.com>	2020-04-21 20:43:29 +0200
committer	Nardi Ivan <nardi.ivan@gmail.com>	2020-04-23 10:55:33 +0200
commit	f965983c23e1c9fc4dbbd294bc39217660f7169b (patch)
tree	5736b79212f207263b47e521e5085e40f8ce934c /tests
parent	0b702c20d32c4fab113f5c3da7e503f7fd1a9ec5 (diff)