Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nfqueue are sometimes closing too soon -> loss of packets dumped #8

Open
Fratso opened this issue Apr 27, 2021 · 0 comments
Open

nfqueue are sometimes closing too soon -> loss of packets dumped #8

Fratso opened this issue Apr 27, 2021 · 0 comments

Comments

@Fratso
Copy link
Contributor

Fratso commented Apr 27, 2021

Here's my configuration file:

myconf.json

{
  "cmd": "/usr/bin/curl -4 -f -m 1 http://192.168.56.4 -o results/index_{i}_{j}.html",

  "nfrules": [
    {"host": "192.168.56.4", "port": 80, "ipv6": false, "input_chain": true}
  ],

  "input": [
  ],

  "output": [
    {
      "mod_name": "ipv4_frag",
      "mod_opts": "range 1 1000 1000"
    }
  ]
}

Here's my python script:
script.py

from fragscapy.engine import Engine
from fragscapy.config import Config
from subprocess import Popen


Popen(["mkdir", "-p", "results"])

engine = Engine(
    Config("myconf.json"),
    stdout="run/std/stdout_{i}_{j}.txt",
    stderr="run/std/stderr_{i}_{j}.txt",
    local_pcap="run/pcap/local_{i}_{j}.pcap",
    remote_pcap="run/pcap/remote_{i}_{j}.pcap"
)
engine.start()

Once I run it, I expect to see in the remote pcap the whole TCP Communication of the test, however sometimes the last packets are missing.
Here the "FIN-ACK, ACK" packets from remote_0_0.pcap are not gathered:
image

I runned tshark at the same time, here's what I expect to see at the end of the pcap:
remote_0_0.pcap
image

See the attached zip file to reproduced the error, note that it is not deterministic. The nfqueue seems to be closed before the last packets are processed.
expected.pcap
fragscapy_packet_loss.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant