SF-TAP Flow Abstractorの更新
$ cd flow-abstractor
$ git pull origin master
$ make clean
$ cmake .
$ make
ICMP用のコンフィグ追加
icmp:
proto: ICMP
if: icmp
format: binary
body: yes
icmpv6:
proto: ICMPV6
if: icmpv6
format: binary
body: yes
Flow Abstractorを実行してインターフェースのディレクトリ確認。icmpがIPv4のICMP、icmpv6がIPv6のICMP。
$ sudo ls /tmp/sf-tap/icmp
icmp icmpv6
ICMP用のパーサを実行。現在はIPv4のICMPのみ実装。実行時の第一引数に/tmp/sf-tap/icmpみたいなUNIX domain socketのパスを指定できる。 無指定の場合、デフォルトの/tmp/sf-tap/icmpへつなぎに行く。
$ cd protocol-parser
$ git pull origin master
$ cd icmp
$ cmake .
$ make
$ sudo ./sftap_icmp
{"time":1493113328.018285,"len":64,"src":"172.16.253.127","dst":"172.16.255.21","type":8,"code":0,"chksum":8119,"id":21330,"seq":1,"data":"8Bn/WAAAAAA/RwAAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
{"time":1493113329.017484,"len":64,"src":"172.16.253.127","dst":"172.16.255.21","type":8,"code":0,"chksum":8640,"id":21330,"seq":2,"data":"8Rn/WAAAAAA1RAAAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
{"time":1493113330.017485,"len":64,"src":"172.16.253.127","dst":"172.16.255.21","type":8,"code":0,"chksum":8382,"id":21330,"seq":3,"data":"8hn/WAAAAAA2RAAAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
{"time":1493113331.017471,"len":64,"src":"172.16.253.127","dst":"172.16.255.21","type":8,"code":0,"chksum":8139,"id":21330,"seq":4,"data":"8xn/WAAAAAAoRAAAAAAAABAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc="}
{"time":1493113331.029848,"len":92,"src":"172.16.253.254","dst":"172.16.253.127","type":3,"code":1,"chksum":65276,"padding":0,"ip":{"ver":4,"hlen":5,"tos":0,"len":84,"id":50147,"offset":16384,"ttl":63,"proto":1,"cksum":8975,"src":"172.16.253.127","dst":"172.16.255.21","data":"JCUmJygpKissLS4vMDEyMzQ1NjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}}