nfqueue are sometimes closing too soon -> loss of packets dumped #8
Description
Here's my configuration file:
myconf.json
{
"cmd": "/usr/bin/curl -4 -f -m 1 http://192.168.56.4 -o results/index_{i}_{j}.html",
"nfrules": [
{"host": "192.168.56.4", "port": 80, "ipv6": false, "input_chain": true}
],
"input": [
],
"output": [
{
"mod_name": "ipv4_frag",
"mod_opts": "range 1 1000 1000"
}
]
}Here's my python script:
script.py
from fragscapy.engine import Engine
from fragscapy.config import Config
from subprocess import Popen
Popen(["mkdir", "-p", "results"])
engine = Engine(
Config("myconf.json"),
stdout="run/std/stdout_{i}_{j}.txt",
stderr="run/std/stderr_{i}_{j}.txt",
local_pcap="run/pcap/local_{i}_{j}.pcap",
remote_pcap="run/pcap/remote_{i}_{j}.pcap"
)
engine.start()Once I run it, I expect to see in the remote pcap the whole TCP Communication of the test, however sometimes the last packets are missing.
Here the "FIN-ACK, ACK" packets from remote_0_0.pcap are not gathered:
I runned tshark at the same time, here's what I expect to see at the end of the pcap:
remote_0_0.pcap
See the attached zip file to reproduced the error, note that it is not deterministic. The nfqueue seems to be closed before the last packets are processed.
expected.pcap
fragscapy_packet_loss.zip