Support Inband Flow Analyzer (IFA)

jingfeihu · jingfeihu · commit a1a1f5a033ac · 2024-12-30T11:11:53.000+08:00
1.support IFA over ipv4/ipv6 + udp/tcp/vxlan/gre/geneve
2.add IFA unit tests
diff --git a/scapy/contrib/ifa.py b/scapy/contrib/ifa.py
@@ -0,0 +1,131 @@
+# scapy.contrib.description = Inband Flow Analyzer Protocol (IFA)
+# scapy.contrib.status = loads
+
+'''
+Inband Flow Analyzer Protocol (IFA)
+
+References:
+https://datatracker.ietf.org/doc/html/draft-kumar-ippm-ifa-08
+'''
+
+import struct
+import socket
+from scapy.data import IP_PROTOS
+from scapy.layers.l2 import Ether, GRE
+from scapy.layers.inet import IP, TCP, UDP
+from scapy.layers.inet6 import IPv6
+from scapy.layers.vxlan import VXLAN
+from scapy.contrib.geneve import GENEVE
+from scapy.packet import Packet, bind_layers
+from scapy.fields import BitField, BitEnumField, FlagsField, \
+    ByteField, ByteEnumField, ShortField, IntField, PacketListField
+
+IPPROTO_IFA = 131
+IP_PROTOS[IPPROTO_IFA] = 'IFA'
+
+_ifa_flags = [
+    'C',    # Checksum
+    'TA',   # Turn Around
+    'I',    # Inband
+    'TS',   # Tail Stamp
+    'MF',   # Metadata Fragment
+    'R',    # Reserved
+    'R',    # Reserved
+    'R',    # Reserved
+]
+
+_ifa_action = [
+    'R',    # Reserved
+    'R',    # Reserved
+    'R',    # Reserved
+    'R',    # Reserved
+    'R',    # Reserved
+    'R',    # Reserved
+    'C',    # Color bit to mark the packet
+    'L',    # Loss bit to measure packet loss
+]
+
+_ifa_speed = {
+    0: '10Gbps',
+    1: '25Gbps',
+    2: '40Gbps',
+    3: '50Gbps',
+    4: '100Gbps',
+    5: '200Gbps',
+    6: '400Gbps',
+}
+
+
+class IFA(Packet):
+    name = 'IFA'
+    fields_desc = [
+        BitField('ver', 3, 4),
+        BitField('gns', 0, 4),
+        ByteEnumField("nexthdr", 0, IP_PROTOS),
+        FlagsField("flags", 0, 8, _ifa_flags),
+        ByteField('maxlen', 255),
+    ]
+
+
+class IFAMd(Packet):
+    name = 'IFAMd'
+    fields_desc = [
+        BitField('lns', 0, 4),
+        BitField('device_id', 0, 20),
+        ByteField('ttl', 0),
+        BitEnumField('speed', 0, 4, _ifa_speed),
+        BitField('ecn', 0, 2),
+        BitField('qid', 0, 6),
+        BitField('rx_sec', 0, 20),
+        ShortField('dport', 0),
+        ShortField('sport', 0),
+        IntField('rx_nsec', 0),
+        IntField('latency', 0),
+        IntField('qbytes', 0),
+        ShortField('rsvd0', 0),
+        ShortField('qcells', 0),
+        IntField('rsvd1', 0),
+    ]
+
+    def extract_padding(self, s):
+        return "", s
+
+
+class IFAMdHdr(Packet):
+    name = 'IFAMdHdr'
+    fields_desc = [
+        ByteField('request', 0),
+        FlagsField("action", 0, 8, _ifa_action),
+        ByteField('hoplmt', 128),
+        ByteField('curlen', 0),
+        PacketListField("mdstack", None, IFAMd,
+                        length_from=lambda pkt: pkt.curlen * 4)
+    ]
+
+    def post_build(self, p, pay):
+        mdlen = (len(p) - 4) // 4
+        if self.curlen != mdlen:
+            p = p[:3] + struct.pack("!B", mdlen) + p[4:]
+        return p + pay
+
+    def guess_payload_class(self, payload):
+        if isinstance(self.underlayer, UDP):
+            if self.underlayer.dport in [4789, 4790]:
+                return VXLAN
+            elif self.underlayer.dport == 6081:
+                return GENEVE
+        elif isinstance(self.underlayer, GRE):
+            if self.underlayer.proto == 0x6558:
+                return Ether
+            if self.underlayer.proto == 0x0800:
+                return IP
+            if self.underlayer.proto == 0x86dd:
+                return IPv6
+        return Packet.guess_payload_class(self, payload)
+
+
+bind_layers(IP, IFA, proto=IPPROTO_IFA)
+bind_layers(IPv6, IFA, nh=IPPROTO_IFA)
+bind_layers(IFA, TCP, nexthdr=socket.IPPROTO_TCP)
+bind_layers(IFA, UDP, nexthdr=socket.IPPROTO_UDP)
+bind_layers(IFA, GRE, nexthdr=socket.IPPROTO_GRE)
diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py
@@ -757,11 +757,15 @@ def post_build(self, p, pay):
             dataofs = (dataofs << 4) | orb(p[12]) & 0x0f
             p = p[:12] + chb(dataofs & 0xff) + p[13:]
         if self.chksum is None:
-            if isinstance(self.underlayer, IP):
-                ck = in4_chksum(socket.IPPROTO_TCP, self.underlayer, p)
+            _underlayer = self.underlayer
+            from scapy.contrib.ifa import IFA
+            if isinstance(self.underlayer, IFA):
+                _underlayer = self.underlayer.underlayer
+            if isinstance(_underlayer, IP):
+                ck = in4_chksum(socket.IPPROTO_TCP, _underlayer, p)
                 p = p[:16] + struct.pack("!H", ck) + p[18:]
-            elif conf.ipv6_enabled and isinstance(self.underlayer, scapy.layers.inet6.IPv6) or isinstance(self.underlayer, scapy.layers.inet6._IPv6ExtHdr):  # noqa: E501
-                ck = scapy.layers.inet6.in6_chksum(socket.IPPROTO_TCP, self.underlayer, p)  # noqa: E501
+            elif conf.ipv6_enabled and isinstance(_underlayer, scapy.layers.inet6.IPv6) or isinstance(_underlayer, scapy.layers.inet6._IPv6ExtHdr):  # noqa: E501
+                ck = scapy.layers.inet6.in6_chksum(socket.IPPROTO_TCP, _underlayer, p)  # noqa: E501
                 p = p[:16] + struct.pack("!H", ck) + p[18:]
             else:
                 log_runtime.info(
@@ -814,6 +818,12 @@ def mysummary(self):
         else:
             return self.sprintf("TCP %TCP.sport% > %TCP.dport% %TCP.flags%")
 
+    def guess_payload_class(self, payload):
+        from scapy.contrib.ifa import IFA, IFAMdHdr
+        if isinstance(self.underlayer, IFA):
+            return IFAMdHdr
+        return Packet.guess_payload_class(self, payload)
+
 
 class UDP(Packet):
     name = "UDP"
@@ -829,14 +839,18 @@ def post_build(self, p, pay):
             tmp_len = len(p)
             p = p[:4] + struct.pack("!H", tmp_len) + p[6:]
         if self.chksum is None:
-            if isinstance(self.underlayer, IP):
-                ck = in4_chksum(socket.IPPROTO_UDP, self.underlayer, p)
+            _underlayer = self.underlayer
+            from scapy.contrib.ifa import IFA
+            if isinstance(self.underlayer, IFA):
+                _underlayer = self.underlayer.underlayer
+            if isinstance(_underlayer, IP):
+                ck = in4_chksum(socket.IPPROTO_UDP, _underlayer, p)
                 # According to RFC768 if the result checksum is 0, it should be set to 0xFFFF  # noqa: E501
                 if ck == 0:
                     ck = 0xFFFF
                 p = p[:6] + struct.pack("!H", ck) + p[8:]
-            elif isinstance(self.underlayer, scapy.layers.inet6.IPv6) or isinstance(self.underlayer, scapy.layers.inet6._IPv6ExtHdr):  # noqa: E501
-                ck = scapy.layers.inet6.in6_chksum(socket.IPPROTO_UDP, self.underlayer, p)  # noqa: E501
+            elif isinstance(_underlayer, scapy.layers.inet6.IPv6) or isinstance(_underlayer, scapy.layers.inet6._IPv6ExtHdr):  # noqa: E501
+                ck = scapy.layers.inet6.in6_chksum(socket.IPPROTO_UDP, _underlayer, p)  # noqa: E501
                 # According to RFC2460 if the result checksum is 0, it should be set to 0xFFFF  # noqa: E501
                 if ck == 0:
                     ck = 0xFFFF
@@ -870,6 +884,12 @@ def mysummary(self):
         else:
             return self.sprintf("UDP %UDP.sport% > %UDP.dport%")
 
+    def guess_payload_class(self, payload):
+        from scapy.contrib.ifa import IFA, IFAMdHdr
+        if isinstance(self.underlayer, IFA):
+            return IFAMdHdr
+        return Packet.guess_payload_class(self, payload)
+
 
 # RFC 4884 ICMP extensions
 _ICMP_classnums = {
diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py
@@ -668,6 +668,12 @@ def post_build(self, p, pay):
             p = p[:4] + chb((c >> 8) & 0xff) + chb(c & 0xff) + p[6:]
         return p
 
+    def guess_payload_class(self, payload: bytes) -> Type[Packet]:
+        from scapy.contrib.ifa import IFA, IFAMdHdr
+        if isinstance(self.underlayer, IFA):
+            return IFAMdHdr
+        return Packet.guess_payload_class(self, payload)
+
 
 class GRE_PPTP(GRE):
 
diff --git a/test/contrib/ifa.uts b/test/contrib/ifa.uts
