Refactor IPFilter to support IPv6 where possible.

[Dimi1010]

The PR aims to address #1288, supporting IPv6 filtering where possible, and raise errors where it is not supported.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 82.35%. Comparing base (8240a53) to head (86eeb76).

Additional details and impacted files

@@            Coverage Diff             @@
##              dev    #1324      +/-   ##
==========================================
+ Coverage   82.33%   82.35%   +0.01%     
==========================================
  Files         163      163              
  Lines       20954    20971      +17     
  Branches     7914     7925      +11     
==========================================
+ Hits        17253    17271      +18     
  Misses       3028     3028              
+ Partials      673      672       -1     

Flag	Coverage Δ
alpine317	72.39% <76.00%> (+0.01%)	:arrow_up:
fedora37	72.39% <76.00%> (+0.05%)	:arrow_up:
macos-12	61.43% <72.00%> (+0.04%)	:arrow_up:
macos-13	60.46% <72.00%> (+0.03%)	:arrow_up:
macos-14	60.46% <72.00%> (+0.03%)	:arrow_up:
macos-ventura	61.50% <72.00%> (+0.03%)	:arrow_up:
mingw32	70.26% <86.95%> (+<0.01%)	:arrow_up:
mingw64	70.28% <86.95%> (+<0.01%)	:arrow_up:
npcap	83.32% <100.00%> (-0.03%)	:arrow_down:
rhel93	72.42% <76.00%> (+0.01%)	:arrow_up:
ubuntu1804	74.73% <81.81%> (+0.05%)	:arrow_up:
ubuntu2004	73.19% <73.91%> (+0.02%)	:arrow_up:
ubuntu2204	72.21% <76.00%> (+0.01%)	:arrow_up:
ubuntu2204-icpx	59.04% <72.00%> (+0.08%)	:arrow_up:
unittest	82.35% <100.00%> (+0.01%)	:arrow_up:
windows-2019	83.34% <100.00%> (-0.02%)	:arrow_down:
windows-2022	83.37% <100.00%> (-0.01%)	:arrow_down:
winpcap	83.33% <100.00%> (+<0.01%)	:arrow_up:
xdp	58.98% <0.00%> (-0.07%)	:arrow_down:
zstd	73.83% <81.48%> (+0.02%)	:arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[Dimi1010]

Hmm... so I seem to have hit a bit of a roadblock. When the filter is being compiled by Winpcap, I get the message "bogus IPv6 address". This persists for even the simplest IPv6 addresses like ::1.

Full error message:

[ERROR: ...\PcapPlusPlus\Pcap++\src\PcapDevice.cpp: pcpp::IPcapDevice::setFilter:31] Error compiling filter. Error message is: bogus IPv6 address ::1
TestPcapFiltersOffline             : FAILED (...\PcapPlusPlus\Tests\Pcap++Test\Tests\FilterTests.cpp:530). Assert TRUE failed:
   [fileReaderDev5.setFilter(ipFilterWithMask)]

[seladb]

[fileReaderDev5.setFilter

@Dimi1010 did you try the full version of an ipv6 address, for example: instead of ::1 use 0000:0000:0000:0000:0000:0000:0000:0001?

[Dimi1010]

@Dimi1010 did you try the full version of an ipv6 address, for example: instead of ::1 use 0000:0000:0000:0000:0000:0000:0000:0001?

@seladb Yes, tried these so far:

• 2001:db9:0:12::1 -> Error compiling filter. Error message is: bogus IPv6 address 2001:db9:0:12::1
• ::1 -> Error compiling filter. Error message is: bogus IPv6 address ::1
• 0000:0000:0000:0000:0000:0000:0000:0001 -> Error compiling filter. Error message is: bogus IPv6 address ::1

[seladb]

@Dimi1010 did you try the full version of an ipv6 address, for example: instead of ::1 use 0000:0000:0000:0000:0000:0000:0000:0001?

@seladb Yes, tried these so far:

* `2001:db9:0:12::1` -> `Error compiling filter. Error message is: bogus IPv6 address 2001:db9:0:12::1`

* `::1` -> `Error compiling filter. Error message is: bogus IPv6 address ::1`

* `0000:0000:0000:0000:0000:0000:0000:0001` -> `Error compiling filter. Error message is: bogus IPv6 address ::1`

I looked in WinPcap source code and found this error string in wpcap/libpcap/scanner.c. It looks like it run getaddrinfo(pcap_text, NULL, &hints, &res) to find the address from string, so I'm not sure why it doesn't work 🤔

Does it work in Npcap and libpcap?

[seladb]

@Dimi1010 did you manage to figure out what's the problem with WinPcap or Npcap (does it happen in both)?

[Dimi1010]

@seladb Haven't really had much time for it, yet. Had some trouble getting npcap to work coz I was using vcpkg and it only had winpcap, then got hit with a lot of stuff from work to deal with.

[Dimi1010]

@seladb The main issue I have with atm is getting the tests to run. For some reason without vcpkg, the project builds fine, and then when I run the test exe, I get this.

[egecetin]

@Dimi1010 It might be related with libpcap version. Original winpcap (which can be downloaded from their site) supports libpcap version 1.4.2 (I checked their SDK. Inside the SDK package the pcap.h library mentions this version) but there is another version in sourceforge currently which supports libpcap 1.7.4 (personally not tested this fork). From your screenshot the pcap_open_offline_with_timestamp_precision function introduced with libpcap 1.5.1. Is there any possibility of more than one libpcap version in your system or maybe some similar problem to create confusion for compiler/linker?

My suggestion, check the linked libraries to your exe and search pcap.h headers in your system paths

[seladb]

@Dimi1010 It might be related with libpcap version. Original winpcap (which can be downloaded from their site) supports libpcap version 1.4.2 (I checked their SDK. Inside the SDK package the pcap.h library mentions this version) but there is another version in sourceforge currently which supports libpcap 1.7.4 (personally not tested this fork). From your screenshot the pcap_open_offline_with_timestamp_precision function introduced with libpcap 1.5.1. Is there any possibility of more than one libpcap version in your system or maybe some similar problem to create confusion for compiler/linker?

My suggestion, check the linked libraries to your exe and search pcap.h headers in your system paths

In addition, I'd advise using Npcap instead on WinPcap, it's maintained and is likely to include a much newer libpcap version under the hood

[Dimi1010]

ok, apparently it was a random wpcap.dll that somehow found itself in the tests Bin folder shadowing the one in system32. No idea how it got itself there, and the rebuilds did not remove it apparently. Deleted it and now the tests run fine in npcap and winpcap.

[tigercosmos]

@seladb btw, maybe we should consider dropping the support for winpcap, as it already suggests users to choose npcap instead of winpcap. https://www.winpcap.org/news.htm

[Dimi1010]

@seladb Yes, tried these so far:

* `2001:db9:0:12::1` -> `Error compiling filter. Error message is: bogus IPv6 address 2001:db9:0:12::1`

* `::1` -> `Error compiling filter. Error message is: bogus IPv6 address ::1`

* `0000:0000:0000:0000:0000:0000:0000:0001` -> `Error compiling filter. Error message is: bogus IPv6 address ::1`

I looked in WinPcap source code and found this error string in wpcap/libpcap/scanner.c. It looks like it run getaddrinfo(pcap_text, NULL, &hints, &res) to find the address from string, so I'm not sure why it doesn't work 🤔

Does it work in Npcap and libpcap?

@seladb Npcap also errors on pcap_compile but with the message Error compiling filter. Error message is: expression rejects all packets instead for the following expressions ip and src net 2001:db9:0:12::1 and ip and src net ::1.

Edit: Hmm, reading this (https://serverfault.com/a/995269), I think it might have some connection with the IPv6 being short form instead of full form.

Edit 2: And issue was passing ip instead of ip6 on the filter.