From: ian Date: Sun, 3 Mar 2002 16:54:57 +0000 (+0000) Subject: Summaries X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=1bf54832674f0b0c2ce1e4e21f3435d8ece030d0;p=vinegar-ip.git Summaries --- diff --git a/.cvsignore b/.cvsignore index 1bc23c1..7290301 100644 --- a/.cvsignore +++ b/.cvsignore @@ -7,3 +7,5 @@ monitor.sh recv-*.log recv-*.pcap recv-*.diff +recv-*.mdiff +recv-*.summary diff --git a/Makefile b/Makefile index 8f4acce..7923859 100644 --- a/Makefile +++ b/Makefile @@ -61,7 +61,9 @@ A_WHYS= $(addsuffix .why,$(A_BASES)) AN_BASES= $(basename $(wildcard recv-*.pcap)) AN_LOGS= $(addsuffix .log,$(AN_BASES)) AN_DIFFS= $(addsuffix .diff,$(AN_BASES)) -AN_TARGETS= $(AN_LOGS) $(AN_DIFFS) +AN_MDIFFS= $(addsuffix .mdiff,$(AN_BASES)) +AN_SUMMARIES= $(addsuffix .summary,$(AN_BASES)) +AN_TARGETS= $(AN_LOGS) $(AN_DIFFS) $(AN_MDIFFS) $(AN_SUMMARIES) INFORM= @echo ' GENERATED THESE FILES:'; \ echo ' $^' @@ -81,7 +83,7 @@ scripts: $(SCRIPT_TARGETS) anal analyse: $(AN_TARGETS) $(INFORM) -send-all.pcap: $(A_PCAPS) Makefile +send-all.pcap: $(A_PCAPS) rm -f $@ dd if=$< ibs=24 count=1 of=$@ set -e; for f in $(A_PCAPS); do \ @@ -92,20 +94,29 @@ send-all.why: $(A_WHYS) Makefile nl -bp'^ ? ? ?[0-9]' <$@.1.tmp >$@.2.tmp @mv -f $@.2.tmp $@ -send-%.pcap send-%.why: ./make-probes.tcl Makefile +send-%.pcap send-%.why: ./make-probes.tcl ./make-probes.tcl --write $@ --mtu $(MTU) --upto $(PERPART) \ --source $(SOURCE) \ --dest $(DEST) \ --xseed "$* $(UNIQUE)" >send-$*.why -%.log: %.pcap lnumber-tcpdump.pl Makefile - tcpdump -tnxvvs$$(($(MTU)+500)) -r $< >$@.1.tmp +%.log: %.pcap lnumber-tcpdump.pl blank-ttl-ipcsum.pl Makefile + tcpdump -tnxvvs$$(($(MTU)+500)) -r $< >$@.0.tmp + ./blank-ttl-ipcsum.pl <$@.0.tmp >$@.1.tmp ./lnumber-tcpdump.pl <$@.1.tmp >$@.2.tmp @mv -f $@.2.tmp $@ recv-%.diff: send-%.log recv-%.log diff -uI'^[0-9]' $^ >$@ || test $$? == 1 +recv-%.mdiff: send-%.log recv-%.log + diff -U 1 -I'^[0-9]\|^ [ ][ ]' $^ >$@ \ + || test $$? == 1 + +recv-%.summary: recv-%.mdiff mdiff-summarise.pl + ./mdiff-summarise.pl <$< >$@.1.tmp + @mv -f $@.1.tmp $@ + %.sh: %.template Makefile sed <$< >$@.tmp -e ' \ s/@@M/'$$(($(MTU)+500))'/; \ diff --git a/README b/README index dc5a83b..f6d5264 100644 --- a/README +++ b/README @@ -68,8 +68,9 @@ WHAT TO DO * When it has finished, kill on-dest.sh and monitor.sh. Copy the file recv-1.pcap back to your analysis machine, and there say `make anal'. - * This will generate `recv-1.log' and `recv-1.diff'. - Read the diff and see if it's by and large working. + * This will generate + recv-1.log recv-1.diff recv-1.mdiff recv-1.summary + Read the diffs and see if it's by and large working. See below for information about interpreting the various files. 3. Run the full test @@ -103,6 +104,27 @@ FILES INVOLVED INTERPRETATION OF THE TEXT FILES - EXAMPLE + +You probably want to start with the recv-*.summary files. Here's an +example line (folded and indented here to make it easier to read: + +-7 80.4.4.56 > 212.22.195.1: 6.115.30.33.50 > 158.55.15.27.50: \ + udp 37 (DF) [tos 0xaf] (ttl 255, id 55590) [tos 0x62] (ttl ###, id 21803) + +This means that packet no.7 either the packet didn't arrive, or +tcpdump produced different a summary line for the second packet. + +The recv-*.summary and recv-*.mdiff files DO NOT contain information +about packets whose bodies changed, unless tcpdump reported the change +in its summary. recv-*.diff contains ALL changes, even to meaningless +parts of packets, except changes to the IP TTL and IP header checksum +(which are expected to change). + +So, you can then look in recv-1.mdiff and recv-1.diff for more +information about packet no.7, if you're interested. See below for +help on interpreting the diffs. + + Here is an example of a diff you might see: @@ -23,12 +15,7 @@ @@ -128,21 +150,20 @@ with `+', they aren't useful. In this case, it's packet 5 that's missing. So, we can look in send-1.why or send-all.why, as appropriate, and see this: +batch packet within batch + | / 1 5 tos=0xe7 id=30130 df (!any) proto=icmp[1] \ (any) type=75 (junk) l=11 code=140 45e7002375b24000ff0152f2ac122d23ac122d064b8c34ba4844ce2d1bde5caf0ab9e6 -In send-all.why, these are prepended by another line number, which is -the one you should use, so it would look like this: +or this: + batch packet within batch + | / 5 1 5 tos=0xe7 id=30130 df (!any) proto=icmp[1] \ - (any) type=75 (junk) l=11 code=140 - 45e7002375b24000ff0152f2ac122d23ac122d064b8c34ba4844ce2d\ - 1bde5caf0ab9e6 - -(The other two numbers are the batch and line within the batch. -I have wrapped this here with \ and some indentation for ease of -reading.) + / (any) type=75 (junk) l=11 code=140 + overall 45e7002375b24000ff0152f2ac122d23ac122d064b8c34ba4844ce2d\ + packet no. 1bde5caf0ab9e6 You can see the hex dump of the packet, which is the same as the one in the tcpdump output, except that the tcpdump one has some extra diff --git a/blank-ttl-ipcsum.pl b/blank-ttl-ipcsum.pl new file mode 100755 index 0000000..07a43b6 --- /dev/null +++ b/blank-ttl-ipcsum.pl @@ -0,0 +1,7 @@ +#!/usr/bin/perl -p +if ($zonk) { + s/^(\s\s+4\w\w\w \w{4} \w{4} \w{4}) \w\w(\w\w) \w{4} (\w{4} \w{4})$/$1 ##$2 #### $3/ or die "$_ ?"; + $zonk=0; +} elsif (m/^ ?[^ \t]/ && s/(\(ttl )\d+(, id \d+\))$/$1###$2/) { + $zonk=1; +} diff --git a/mdiff-summarise.pl b/mdiff-summarise.pl new file mode 100755 index 0000000..8b09d16 --- /dev/null +++ b/mdiff-summarise.pl @@ -0,0 +1,16 @@ +#!/usr/bin/perl -n +next if m/^\+/; +if (m/^[- ](\d+)$/) { + $nlno= $1; + next; +} elsif (defined $nlno) { + m/^[- ] *\S/ or die; + s/^([- ]) / $1. sprintf "%-6d ", $nlno /e; + undef $nlno; +} +die if defined $lno; +next if m/^[- ] \s\s/; +next if m/^\-\-\-|^\@\@/; +next if m/^ /; +die unless m/^\-/; +print or die $!;