kandi background
Explore Kits

pkts | Pure java based pcap library capable of reading and writing | Learning library

 by   aboutsip Java Version: Current License: MIT

 by   aboutsip Java Version: Current License: MIT

kandi X-RAY | pkts Summary

pkts is a Java library typically used in Tutorial, Learning, Kafka applications. pkts has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. However pkts has 33 bugs. You can download it from GitHub, Maven.
pkts.io is a pure java library for reading and writing pcaps. It's primary purpose is to manipulate/analyze existing pcaps, allowing you to build various tools around pcaps. For full documentation, please see aboutsip.com.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • pkts has a low active ecosystem.
  • It has 150 star(s) with 75 fork(s). There are 16 watchers for this library.
  • It had no major release in the last 6 months.
  • There are 21 open issues and 19 have been closed. On average issues are closed in 131 days. There are no pull requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of pkts is current.
pkts Support
Best in #Learning
Average in #Learning
pkts Support
Best in #Learning
Average in #Learning

quality kandi Quality

  • pkts has 33 bugs (1 blocker, 2 critical, 17 major, 13 minor) and 966 code smells.
pkts Quality
Best in #Learning
Average in #Learning
pkts Quality
Best in #Learning
Average in #Learning

securitySecurity

  • pkts has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • pkts code analysis shows 0 unresolved vulnerabilities.
  • There are 89 security hotspots that need review.
pkts Security
Best in #Learning
Average in #Learning
pkts Security
Best in #Learning
Average in #Learning

license License

  • pkts is licensed under the MIT License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
pkts License
Best in #Learning
Average in #Learning
pkts License
Best in #Learning
Average in #Learning

buildReuse

  • pkts releases are not available. You will need to build from source code and install.
  • Deployable package is available in Maven.
  • Build file is available. You can build the component from source.
  • Installation instructions are not available. Examples and code snippets are available.
  • It has 25202 lines of code, 2895 functions and 269 files.
  • It has medium code complexity. Code complexity directly impacts maintainability of the code.
pkts Reuse
Best in #Learning
Average in #Learning
pkts Reuse
Best in #Learning
Average in #Learning
Top functions reviewed by kandi - BETA

kandi has reviewed pkts and discovered the below as its top functions. This is intended to give you an instant insight into pkts implemented functionality, and help decide if they suit your requirements.

  • Create a copy of this instance
    • Gets the phone uri
    • Consumes an address - spec
    • Parse an IP address - address - link - address - name - value pair
  • Consumes a Via header
    • Expect the next SIP 2 byte to expect
    • Returns the number of bytes in the given buffer
    • Consumes a quoted - string
  • Get the raw IPv4 address
    • Serialize this URI to a given destination
      • Read line
        • Main entry point to the pcap
          • Reads the next header from the buffer
            • Read a number of bytes from the underlying stream
              • Creates a dummy header for this capture
                • Compares two TelURI objects
                  • Runs the example program
                    • Reads a number of bytes from the stream
                      • Register a stream listener
                        • Main entry point
                          • Process header values
                            • Consumes a sent - by message
                              • Compares two SIP URIs
                                • Builds a SIP message
                                  • Is SDP
                                    • Main method

                                      Get all kandi verified functions for this library.

                                      Get all kandi verified functions for this library.

                                      pkts Key Features

                                      Pure java based pcap library capable of reading and writing to/from pcaps.

                                      pkts Examples and Code Snippets

                                      See all related Code Snippets

                                      Community Discussions

                                      Trending Discussions on pkts
                                      • eBPF: 'bpf_map_update()' returns the 'invalid indirect read from stack' error
                                      • Fail to curl webserver on port 80 (using Nginx)
                                      • Cannot use testpmd to send pkts to VM in qemu process though virtio
                                      • How to modify scapy packet payload
                                      • Running F-stack DPDK executable - Unsupported Rx multi queue mode 1
                                      • pktgen cannot send packet in ovs dpdk scenario
                                      • DPDK 20.11 - IPv4 Fragmentation - indirect pool gets exhausted
                                      • Is there a way to configure Docker's embedded DNS server's upstream nameserver's port?
                                      • scrape docker metrics from inside container
                                      • dpdk testpmd packet forwarding huge amount of packet drop with fm10420 NIC (fm10k)
                                      Trending Discussions on pkts

                                      QUESTION

                                      eBPF: 'bpf_map_update()' returns the 'invalid indirect read from stack' error

                                      Asked 2022-Mar-22 at 22:28

                                      I have an eBPF program with the following map definitions:

                                      struct bpf_map_def SEC("maps") servers = {
                                          .type = BPF_MAP_TYPE_HASH,
                                          .key_size = sizeof(struct ip_key),
                                          .value_size = sizeof(struct dest_info),
                                          .max_entries = MAX_SERVERS,
                                      };
                                      
                                      struct bpf_map_def SEC("maps") client_addrs = {
                                          .type = BPF_MAP_TYPE_HASH,
                                          .key_size = sizeof(struct port_key),
                                          .value_size = sizeof(struct client_port_addr),
                                          .max_entries = MAX_CLIENTS,
                                      };
                                      

                                      where the struct definitions are as below:

                                      struct port_key {
                                          __u16 port;
                                          __u16 pad[3];
                                      };
                                      
                                      struct ip_key {
                                          __u32 key;
                                          __u32 pad;
                                      };
                                      
                                      struct dest_info {
                                          __u32 saddr;
                                          __u32 daddr;
                                          __u64 bytes;
                                          __u64 pkts;
                                          __u8 dmac[6];
                                          __u16 pad;
                                      };
                                      
                                      struct client_port_addr {
                                          __u32 client_ip;
                                          __u8 dmac[6];
                                          __u16 pad[3];
                                      };
                                      

                                      The program itself, after the pointer verifications and initial checks, is shown below.

                                      struct port_key key = {0};
                                      struct client_port_addr val;
                                      key.port = udp->source;
                                      val.client_ip = iph->saddr;
                                      memcpy (val.dmac, eth->h_source, 6 * sizeof(__u8));
                                      bpf_map_update_elem(&client_addrs, &key, &val, BPF_ANY);
                                      iph->saddr = IP_ADDRESS(BALANCER);
                                      iph->daddr = dest_tnl->daddr;
                                      memcpy (eth->h_source, eth->h_dest, 6 * sizeof(__u8));
                                      memcpy (eth->h_dest, dest_tnl->dmac, 6 * sizeof(__u8));
                                      

                                      So, the problem is that I use bpf_map_update() in my code, but while using it, I get the invalid indirect read from the stack error as shown below.

                                      libbpf: 
                                      0: (bf) r6 = r1
                                      1: (61) r9 = *(u32 *)(r6 +4)
                                      2: (61) r7 = *(u32 *)(r6 +0)
                                      3: (18) r1 = 0xffffa59ac00b6000
                                      5: (b7) r2 = 24
                                      6: (85) call bpf_trace_printk#6
                                       R1_w=map_value(id=0,off=0,ks=4,vs=50,imm=0) R2_w=inv24 R6_w=ctx(id=0,off=0,imm=0) R7_w=pkt(id=0,off=0,r=0,imm=0) R9_w=pkt_end(id=0,off=0,imm=0) R10=fp0
                                      last_idx 6 first_idx 0
                                      regs=4 stack=0 before 5: (b7) r2 = 24
                                      7: (b7) r8 = 1
                                      8: (bf) r1 = r7
                                      9: (07) r1 += 14
                                      10: (2d) if r1 > r9 goto pc+130
                                       R0_w=inv(id=0) R1_w=pkt(id=0,off=14,r=14,imm=0) R6_w=ctx(id=0,off=0,imm=0) R7_w=pkt(id=0,off=0,r=14,imm=0) R8_w=inv1 R9_w=pkt_end(id=0,off=0,imm=0) R10=fp0
                                      11: (71) r1 = *(u8 *)(r7 +12)
                                      12: (71) r2 = *(u8 *)(r7 +13)
                                      13: (67) r2 <<= 8
                                      14: (4f) r2 |= r1
                                      15: (b7) r8 = 2
                                      16: (55) if r2 != 0x8 goto pc+124
                                       R0=inv(id=0) R1=inv(id=0,umax_value=255,var_off=(0x0; 0xff)) R2=inv8 R6=ctx(id=0,off=0,imm=0) R7=pkt(id=0,off=0,r=14,imm=0) R8=inv2 R9=pkt_end(id=0,off=0,imm=0) R10=fp0
                                      17: (61) r7 = *(u32 *)(r6 +4)
                                      18: (61) r9 = *(u32 *)(r6 +0)
                                      19: (bf) r6 = r9
                                      20: (07) r6 += 14
                                      21: (b7) r8 = 1
                                      22: (2d) if r6 > r7 goto pc+118
                                       R0=inv(id=0) R1=inv(id=0,umax_value=255,var_off=(0x0; 0xff)) R2=inv8 R6_w=pkt(id=0,off=14,r=14,imm=0) R7_w=pkt_end(id=0,off=0,imm=0) R8_w=inv1 R9_w=pkt(id=0,off=0,r=14,imm=0) R10=fp0
                                      23: (bf) r1 = r9
                                      24: (07) r1 += 34
                                      25: (b7) r8 = 1
                                      26: (2d) if r1 > r7 goto pc+114
                                       R0=inv(id=0) R1=pkt(id=0,off=34,r=34,imm=0) R2=inv8 R6=pkt(id=0,off=14,r=34,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8=inv1 R9=pkt(id=0,off=0,r=34,imm=0) R10=fp0
                                      27: (71) r1 = *(u8 *)(r6 +0)
                                      28: (57) r1 &= 15
                                      29: (b7) r8 = 1
                                      30: (55) if r1 != 0x5 goto pc+110
                                       R0=inv(id=0) R1_w=inv5 R2=inv8 R6=pkt(id=0,off=14,r=34,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8_w=inv1 R9=pkt(id=0,off=0,r=34,imm=0) R10=fp0
                                      31: (61) r3 = *(u32 *)(r9 +26)
                                      32: (18) r1 = 0xffffa59ac00b6018
                                      34: (b7) r2 = 26
                                      35: (85) call bpf_trace_printk#6
                                       R0=inv(id=0) R1_w=map_value(id=0,off=24,ks=4,vs=50,imm=0) R2_w=inv26 R3_w=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff)) R6=pkt(id=0,off=14,r=34,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8_w=inv1 R9=pkt(id=0,off=0,r=34,imm=0) R10=fp0
                                      last_idx 35 first_idx 26
                                      regs=4 stack=0 before 34: (b7) r2 = 26
                                      36: (69) r1 = *(u16 *)(r9 +20)
                                      37: (57) r1 &= 65343
                                      38: (b7) r8 = 1
                                      39: (55) if r1 != 0x0 goto pc+101
                                       R0=inv(id=0) R1_w=inv0 R6=pkt(id=0,off=14,r=34,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8_w=inv1 R9=pkt(id=0,off=0,r=34,imm=0) R10=fp0
                                      40: (71) r1 = *(u8 *)(r9 +23)
                                      41: (b7) r8 = 2
                                      42: (55) if r1 != 0x11 goto pc+98
                                       R0=inv(id=0) R1_w=inv17 R6=pkt(id=0,off=14,r=34,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8_w=inv2 R9=pkt(id=0,off=0,r=34,imm=0) R10=fp0
                                      43: (bf) r1 = r9
                                      44: (07) r1 += 42
                                      45: (b7) r8 = 1
                                      46: (2d) if r1 > r7 goto pc+94
                                       R0=inv(id=0) R1=pkt(id=0,off=42,r=42,imm=0) R6=pkt(id=0,off=14,r=42,imm=0) R7=pkt_end(id=0,off=0,imm=0) R8=inv1 R9=pkt(id=0,off=0,r=42,imm=0) R10=fp0
                                      47: (b7) r8 = 0
                                      48: (7b) *(u64 *)(r10 -8) = r8
                                      last_idx 48 first_idx 46
                                      regs=100 stack=0 before 47: (b7) r8 = 0
                                      49: (bf) r2 = r10
                                      50: (07) r2 += -8
                                      51: (18) r1 = 0xffff9a7bed1bc000
                                      53: (85) call bpf_map_lookup_elem#1
                                      54: (bf) r7 = r0
                                      55: (15) if r7 == 0x0 goto pc+85
                                       R0=map_value(id=0,off=0,ks=8,vs=32,imm=0) R6=pkt(id=0,off=14,r=42,imm=0) R7=map_value(id=0,off=0,ks=8,vs=32,imm=0) R8=invP0 R9=pkt(id=0,off=0,r=42,imm=0) R10=fp0 fp-8=mmmmmmmm
                                      56: (b7) r8 = 0
                                      57: (7b) *(u64 *)(r10 -16) = r8
                                      last_idx 57 first_idx 55
                                      regs=100 stack=0 before 56: (b7) r8 = 0
                                      58: (69) r1 = *(u16 *)(r9 +34)
                                      59: (6b) *(u16 *)(r10 -16) = r1
                                      60: (61) r1 = *(u32 *)(r9 +26)
                                      61: (63) *(u32 *)(r10 -32) = r1
                                      62: (71) r1 = *(u8 *)(r9 +11)
                                      63: (73) *(u8 *)(r10 -23) = r1
                                      64: (71) r1 = *(u8 *)(r9 +10)
                                      65: (73) *(u8 *)(r10 -24) = r1
                                      66: (71) r1 = *(u8 *)(r9 +7)
                                      67: (67) r1 <<= 8
                                      68: (71) r2 = *(u8 *)(r9 +6)
                                      69: (4f) r1 |= r2
                                      70: (71) r2 = *(u8 *)(r9 +9)
                                      71: (67) r2 <<= 8
                                      72: (71) r3 = *(u8 *)(r9 +8)
                                      73: (4f) r2 |= r3
                                      74: (67) r2 <<= 16
                                      75: (4f) r2 |= r1
                                      76: (63) *(u32 *)(r10 -28) = r2
                                      77: (bf) r2 = r10
                                      78: (07) r2 += -16
                                      79: (bf) r3 = r10
                                      80: (07) r3 += -32
                                      81: (18) r1 = 0xffff9a7bed1bf400
                                      83: (b7) r4 = 0
                                      84: (85) call bpf_map_update_elem#2
                                      invalid indirect read from stack R3 off -32+10 size 16
                                      processed 81 insns (limit 1000000) max_states_per_insn 0 total_states 5 peak_states 5 mark_read 2
                                      
                                      libbpf: -- END LOG --
                                      libbpf: failed to load program 'loadbal'
                                      

                                      All of the defined structs for keys and values are padded to their next multiple of 8 bytes. Since I could not find any useful and descriptive explanation on my issue, explanations of this topic and maybe even a bit of detail are much appreciated.

                                      Please let me know if you need more information.

                                      ANSWER

                                      Answered 2022-Mar-22 at 22:28

                                      The verifier complains because your code is trying to read uninitialised data from the stack, in particular in your variable val.

                                      If we look at your code:

                                      struct client_port_addr {
                                          __u32 client_ip;
                                          __u8 dmac[6];
                                          __u16 pad[3];
                                      };
                                      
                                      struct client_port_addr val;
                                      [...]
                                      val.client_ip = iph->saddr;                                  // val.client_ip
                                      memcpy (val.dmac, eth->h_source, 6 * sizeof(__u8));          // val.dmac
                                                                                                   // val.pad where??
                                      bpf_map_update_elem(&client_addrs, &key, &val, BPF_ANY);
                                      

                                      You initialised val.client_ip, and val.dmac, but val.pad is never initialised. When you pass val to bpf_map_update_elem(), the eBPF verifier realises that the helper function might read this variable which contains uninitialised memory from kernel space. This is a security risk, therefore, the verifier rejects the program.

                                      To fix the issue, make sure you initialise the memory before using it. You have at least three ways to do so:

                                      • You could initialise val when declaring it, like for your key:
                                      struct client_port_addr val = {0};
                                      
                                      This should work in your case, but is not generally recommended, because this will set all fields to 0 but if your struct contains padding that was not explicitely added, it may remain uninitialised.
                                    • In your case, you could fill val.pad with zeroes with memcpy(). Same as the first option, this won't help if the compiler pads your struct.
                                    • The safest option would be to memset() the struct after declaring it:
                                    • struct client_port_addr val;
                                      
                                      memset(&val, 0, sizeof(val));
                                      
                                      Then you can fill the relevant fields of the struct, and pass it to the map update helper.

                                      Source https://stackoverflow.com/questions/71529801

                                      Community Discussions, Code Snippets contain sources that include Stack Exchange Network

                                      Vulnerabilities

                                      No vulnerabilities reported

                                      Install pkts

                                      You can download it from GitHub, Maven.
                                      You can use pkts like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the pkts component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

                                      Support

                                      For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

                                      Find more information at:

                                      Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                                      over 650 million Knowledge Items
                                      Find more libraries
                                      Reuse Solution Kits and Libraries Curated by Popular Use Cases
                                      Explore Kits

                                      Save this library and start creating your kit

                                      Clone
                                      • https://github.com/aboutsip/pkts.git

                                      • gh repo clone aboutsip/pkts

                                      • git@github.com:aboutsip/pkts.git

                                      Share this Page

                                      share link

                                      See Similar Libraries in

                                      Consider Popular Learning Libraries
                                      Try Top Libraries by aboutsip
                                      Compare Learning Libraries with Highest Support
                                      Compare Learning Libraries with Highest Quality
                                      Compare Learning Libraries with Highest Security
                                      Compare Learning Libraries with Permissive License
                                      Compare Learning Libraries with Highest Reuse
                                      Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
                                      over 650 million Knowledge Items
                                      Find more libraries
                                      Reuse Solution Kits and Libraries Curated by Popular Use Cases
                                      Explore Kits

                                      Save this library and start creating your kit