netstack: write pcap header on new file capture

ignoramous · ignoramous · commit 12d6239fac67 · 2024-04-12T22:10:21.000+05:30
diff --git a/intra/netstack/netstack.go b/intra/netstack/netstack.go
@@ -29,6 +29,8 @@ const useIPTablesForICMP = false
 // enable forwarding of packets on the interface
 const nicfwd = false
 
+const SnapLen uint32 = 2048 // in bytes; some sufficient value
+
 type sniff struct {
 	stack.LinkEndpoint
 	Swapper
@@ -53,14 +55,15 @@ func NewEndpoint(dev, mtu int, sink io.WriteCloser) (ep SeamlessEndpoint, err er
 		return nil, err
 	}
 	// ref: github.com/google/gvisor/blob/aeabb785278/pkg/tcpip/link/sniffer/sniffer.go#L111-L131
-	return asSniffer(ep, sink, umtu)
+	return asSniffer(ep, sink)
 }
 
-func asSniffer(ep SeamlessEndpoint, sink io.WriteCloser, mtu uint32) (SeamlessEndpoint, error) {
+func asSniffer(ep SeamlessEndpoint, sink io.WriteCloser) (SeamlessEndpoint, error) {
 	if sink == nil {
 		return ep, nil
 	}
-	if link, err := sniffer.NewWithWriter(ep, sink, mtu); err != nil {
+	// TODO: MTU instead of SnapLen? Must match pcapsink.begin()
+	if link, err := sniffer.NewWithWriter(ep, sink, SnapLen); err != nil {
 		return nil, err
 	} else {
 		return sniff{link, ep}, nil
diff --git a/intra/tunnel.go b/intra/tunnel.go
@@ -76,6 +76,7 @@ type Tunnel interface {
 	// to which a PCAP file will be written to.
 	// If len(fpcap) is 0, no PCAP file will be written.
 	// If len(fpcap) is 1, PCAP be written to stdout.
+	// Must be called on a background thread.
 	SetPcap(fpcap string) error
 	// Set DNSMode, BlockMode, PtMode.
 	SetTunMode(dnsmode, blockmode, ptmode int)
diff --git a/tunnel/tunnel.go b/tunnel/tunnel.go
@@ -24,12 +24,15 @@
 package tunnel
 
 import (
+	"encoding/binary"
 	"errors"
 	"io"
 	"os"
 	"sync"
 	"sync/atomic"
+	"time"
 
+	"github.com/celzero/firestack/intra/core"
 	"github.com/celzero/firestack/intra/log"
 	"github.com/celzero/firestack/intra/netstack"
 	"github.com/celzero/firestack/intra/settings"
@@ -102,17 +105,35 @@ func (p *pcapsink) Close() error {
 	return err
 }
 
+// from: github.com/google/gvisor/blob/596e8d22/pkg/tcpip/link/sniffer/sniffer.go#L93
+func (p *pcapsink) begin() error {
+	_, offset := time.Date(0, 0, 0, 0, 0, 0, 0, time.Local).Zone()
+	return binary.Write(p.sink, binary.LittleEndian, core.PcapHeader{
+		MagicNumber:  0xa1b2c3d4,
+		VersionMajor: 2,
+		VersionMinor: 4,
+		Thiszone:     int32(offset),
+		Sigfigs:      0,
+		Snaplen:      netstack.SnapLen, // must match netstack.asSniffer()
+		Network:      101,              // LINKTYPE_RAW
+	})
+}
+
 func (p *pcapsink) file(f io.WriteCloser) (err error) {
 	p.Lock()
 	w := p.sink
 	p.sink = f
 	p.Unlock()
 
 	if w != nil {
-		err = w.Close()
+		_ = w.Close()
 	}
 	y := f != nil
-	netstack.FilePcap(y)
+	if y {
+		err = p.begin() // write pcap header before any packets
+		log.I("tun: pcap: begin: writeHeader; err(%v)", err)
+	}
+	netstack.FilePcap(y) // signal netstack to write packets
 	return
 }
 
