Author Topic: I need to write a node.js pcap module + native bindings  (Read 2949 times)

0 Members and 1 Guest are viewing this topic.

adarqui

  • Administrator
  • Hero Member
  • *****
  • Posts: 31181
  • who run it.
  • Respect: +7694
    • View Profile
    • Email
I need to write a node.js pcap module + native bindings
« on: April 01, 2013, 09:21:00 pm »
0
node_pcap is nice but it just isn't cutting it for me.. lack of ipv6, only one session, too much "bloatware" (awesome bloatware though TCP sessions/http decoding etc).. I need something very small+efficient which can handle multiple sessions.

i've never written native bindings for node.js, and i'm not really a c++ guy so.. might take a little longer than I want.. anyway, this thread will document this project a bit.

;d

adarqui

  • Administrator
  • Hero Member
  • *****
  • Posts: 31181
  • who run it.
  • Respect: +7694
    • View Profile
    • Email
Re: I need to write a node.js pcap module + native bindings
« Reply #1 on: April 01, 2013, 09:22:06 pm »
0
some random info:

c++:
http://www.cplusplus.com/reference/string/string/


v8 docs:
http://izs.me/v8-docs/
http://code.google.com/p/v8/
http://code.google.com/p/v8/source/browse#svn%2Fbranches%2F3.9%2Fsrc
http://code.google.com/p/v8/source/browse
http://www.lamedoc.com/node.js/classnode_1_1Buffer.html
http://athile.net/library/wiki/index.php/Library/V8/Tutorial




buffers;
http://nodejs.org/api/buffer.html
http://nikhilm.bitbucket.org/articles/c_in_my_javascript/c_in_javascript_part_2.html
https://github.com/joyent/node/blob/master/src/node_buffer.h
http://docs.nodejitsu.com/articles/advanced/buffers/how-to-use-buffers
http://www.lamedoc.com/node.js/classnode_1_1Buffer.html




nodejs event loop:
http://blog.mixu.net/2011/02/01/understanding-the-node-js-event-loop/


native bindings api:
http://nodejs.org/api/addons.html
https://www.cloudkick.com/blog/2010/aug/23/writing-nodejs-native-extensions/
http://www.slideshare.net/nsm.nikhil/writing-native-bindings-to-nodejs-in-c
https://developers.google.com/v8/
https://developers.google.com/v8/embed

Buffers: http://www.samcday.com.au/blog/2011/03/03/creating-a-proper-buffer-in-a-node-c-addon/



google c++ styling guide:
http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml


node-gyp docs:
http://code.google.com/p/gyp/wiki/InputFormatReference
https://github.com/TooTallNate/node-gyp


pcap example:
http://www.tcpdump.org/pcap.html
http://seclists.org/tcpdump/2012/q2/22




libuv: replaces IOWrapper
https://github.com/joyent/libuv
http://nikhilm.github.com/uvbook/
http://opensourcebridge.org/sessions/920 <- audio lecture
http://stackoverflow.com/questions/11423426/how-does-libuv-compare-to-boost-asio <-- libuv vs asio comparison
https://gist.github.com/utaal/1195428 <- web ex

libuv's 'howto' heh: https://github.com/joyent/libuv/blob/master/include/uv.h
http://stackoverflow.com/questions/11390689/node-js-c-addon-multiple-callbacks-from-different-thread

great: https://github.com/joyent/node/wiki/How-to-migrate-from-ev_io_*-to-uv_poll_*-for-IO-polling




libpcap c++ wrapper:
http://libpcappp.sourceforge.net/


"compiling" the native bindings for a node module:

Code: [Select]
npm install -g node-gyp
node-gyp configure
node-gyp build



may be a good read later:
http://book.mixu.net/ch9.html

adarqui

  • Administrator
  • Hero Member
  • *****
  • Posts: 31181
  • who run it.
  • Respect: +7694
    • View Profile
    • Email
Re: I need to write a node.js pcap module + native bindings
« Reply #2 on: April 02, 2013, 12:26:22 pm »
0
some uv.h stuff:

Code: [Select]
uv_tcp_init
uv_tcp_open

UV_EXTERN uv_handle_type uv_guess_handle(uv_file file);


/* Initialize the poll watcher using a file descriptor. */
UV_EXTERN int uv_poll_init(uv_loop_t* loop, uv_poll_t* handle, int fd);

/*
 * Starts polling the file descriptor. `events` is a bitmask consisting made up
 * of UV_READABLE and UV_WRITABLE. As soon as an event is detected the callback
 * will be called with `status` set to 0, and the detected events set en the
 * `events` field.
 *
 * If an error happens while polling status may be set to -1 and the error
 * code can be retrieved with uv_last_error. The user should not close the
 * socket while uv_poll is active. If the user does that anyway, the callback
 * *may* be called reporting an error status, but this is not guaranteed.
 *
 * Calling uv_poll_start on an uv_poll watcher that is already active is fine.
 * Doing so will update the events mask that is being watched for.
 */
UV_EXTERN int uv_poll_start(uv_poll_t* handle, int events, uv_poll_cb cb);

/* Stops polling the file descriptor. */
UV_EXTERN int uv_poll_stop(uv_poll_t* handle);


UV_EXTERN int uv_async_init(uv_loop_t*, uv_async_t* async,
    uv_async_cb async_cb);

/*
 * This can be called from other threads to wake up a libuv thread.
 *
 * libuv is single threaded at the moment.
 */
UV_EXTERN int uv_async_send(uv_async_t* async);




for threads:
UV_EXTERN int uv_cancel(uv_req_t* req);

adarqui

  • Administrator
  • Hero Member
  • *****
  • Posts: 31181
  • who run it.
  • Respect: +7694
    • View Profile
    • Email
Re: I need to write a node.js pcap module + native bindings
« Reply #3 on: April 02, 2013, 07:43:35 pm »
0
Progress.. Initial test capture code, using libuv + cpp bindings:

Code: [Select]
tun0 PCAP.OPEN CB! { if: 'tun0',
  tv_sec: 1364945674,
  tv_usec: 247730,
  caplen: 141,
  len: 141 } 141
  tv_sec: 1364945610,
  tv_usec: 224148,
  caplen: 301,
  len: 301 } 301
tun0: <Buffer 45 00 01 2d ba 2f 40 00 40 11 67 f6 0a c8 01 0a 0a c8 01 01 be c1 05 ea 01 19 f3 9d 3a c8 4a 5e 0
5 d0 65 d4 f5 b7 01 34 b1 70 8b 3b 79 39 34 ad b1 d5 ec ...>
ON_FD_EVENT: 0 1 0x17f13e0
sit1 CB! { if: 'sit1',
  tv_sec: 1364945610,
  tv_usec: 309230,
  caplen: 104,
  len: 104 } 104
sit1: <Buffer 60 00 00 00 00 40 3a 40 20 01 04 70 00 07 05 dd 00 00 00 00 00 00 00 02 20 01 04 70 1f 10 0d dd 0
0 00 00 00 00 00 00 02 80 00 0d 2d 3c 55 00 05 ca 6a 5b ...>
ON_FD_EVENT: 0 1 0x17f13e0
sit1 CB! { if: 'sit1',
  tv_sec: 1364945610,
  tv_usec: 429044,
  caplen: 104,
  len: 104 } 104
sit1: <Buffer 60 00 00 00 00 40 3a 3c 20 01 04 70 1f 10 0d dd 00 00 00 00 00 00 00 02 20 01 04 70 00 07 05 dd 00 00 00 00 00 00 00 02 81 00 0c 2d 3c 55 00 05 ca 6a 5b ...>
timer
ON_FD_EVENT: 0 1 0x17e7790
tun0 PCAP.OPEN CB! { if: 'tun0',
  tv_sec: 1364945611,
  tv_usec: 764612,
  caplen: 48,
  len: 48 } 48
tun0: <Buffer 45 10 00 30 78 7c 40 00 74 06 c7 5d c9 be 04 13 c0 a8 38 64 04 9a 00 19 a5 68 64 be 00 00 00 00 70 02 ff ff ad c2 00 00 02 04 05 59 01 01 04 02>
timer
ON_FD_EVENT: 0 1 0x17e7790
tun0 PCAP.OPEN CB! { if: 'tun0',
  tv_sec: 1364945612,
  tv_usec: 226171,
  caplen: 253,
  len: 253 } 253
tun0: <Buffer 45 00 00 fd ba 30 40 00 40 11 68 25 0a c8 01 0a 0a c8 01 01 be c1 05 ea 00 e9 d2 51 3a 34 61 50 97 e6 b4 7b 4a fa 84 d4 19 95 8b 0f e0 38 3f b1 48 dc 70 ...>
ON_FD_EVENT: 0 1 0x17e7790
tun0 PCAP.OPEN CB! { if: 'tun0',
  tv_sec: 1364945612,
  tv_usec: 226219,
  caplen: 301,
  len: 301 } 301
tun0: <Buffer 45 00 01 2d ba 31 40 00 40 11 67 f4 0a c8 01 0a 0a c8 01 01 be c1 05 ea 01 19 78 c9 3a 78 48 b4 a6 c1 e0 be 05 1e 84 05 0f 9c 7d 3f 27 97 d0 b0 13 ce 11 ...>
ON_FD_EVENT: 0 1 0x17e82b0
eth0 CB! { if: 'eth0',
  tv_sec: 1364945612,


^^ Capturing on three sessions concurrently.. Next step is to start decoding the Buffer *'s.. Here's the front end java script so far.

Code: [Select]
    var po = deps.pcap.open("tun0", "none", 1, 1000, function(hdr, data) {
        console.log("tun0 PCAP.OPEN CB!", hdr, data.length);

        //data = data.join();
        var buf = new Buffer(data);
        console.log("tun0:", buf);


/*      var z = hexDump(data);
        console.log(z);
*/
    });

    var po2 = deps.pcap.open("eth0", "icmp", 1, 1000, function(hdr, data) {
        console.log("eth0 CB!", hdr, data.length);
        var buf = new Buffer(data);
        console.log("eth0:", buf);
    });

 var po3 = deps.pcap.open("sit1", "icmp6", 1, 1000, function(hdr, data) {
        console.log("sit1 CB!", hdr, data.length);
        var buf = new Buffer(data);
        console.log("sit1:", buf);
    });


All of this is going to require some MEGA-CLEANUP obviously.. I want the ability to open multiple interfaces with custom filters per, or one filter for everything, or use the 'any' interface which listens on all interfaces etc...

Decoding the buffer's will be pretty fun I imagine, brings me back to my raw socket C+bsd/linux days etc.

pc


adarqui

  • Administrator
  • Hero Member
  • *****
  • Posts: 31181
  • who run it.
  • Respect: +7694
    • View Profile
    • Email
Re: I need to write a node.js pcap module + native bindings
« Reply #5 on: April 10, 2013, 02:41:52 am »
0
https://github.com/adarqui/pcapjs

ok so I'm done writing that for now, works decent at the basic level.