Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UDP input/output issue #86

Open
thepacketlover opened this issue Feb 22, 2021 · 2 comments
Open

UDP input/output issue #86

thepacketlover opened this issue Feb 22, 2021 · 2 comments

Comments

@thepacketlover
Copy link

thepacketlover commented Feb 22, 2021
edited

Hello,
on the WIKI on HEP forwarding https://github.com/sipcapture/paStash/wiki/Example:-HEP-Relay there an example with UDP in and UDP out, also an example with UDP-> AMQP. AMQP -> UDP. I have tried both with similar problems.

I am trying to get UDP-> AMQP. AMQP -> UDP working but I have a feeling the UDP in/out issue will solve the issue with AMQP.

Here is an outline of what I have tried or looked at:

heplify -------UDP. ------>. heplify Server. Data in Homer

Once I put in paStash with UDP in and out based on example nothing shows up in homer

heplify---UDP--> paStatsh --UDP----> heplify Server nothing in Homer

I have replaced paStash with Samplicator. https://github.com/sleinen/samplicator and I get data in homer. Samplicator is a simple UDP packet replicator.

heplify---UDP--> samplicator --UDP----> heplify Server Data in homer... but does not help on moving to AMQP. It just shows the path and firewall rules are good.

Environment: Cent 7 latest. node v14.15.5 also tried v10.x, v15.8.0. same issues.
simple udp in udp out config.

input {
  udp {
    host => 192.168.176.11
    port => 9060
  }
}

output {
  udp {
    host => 192.168.176.8
    port => 9060
  }
}

192.168.176.43 heplify
192.168.176.11. paStash
192.168.176.8 Heplify-server

I see packet flow in and out of paStash. pcap is attached.

The LUA Wireshark dissector
pa-Stash-udp-udp-hep.pcap.zip
does not decode what is going out of paStash(packets sourced from 192.168.176.11 to 192.168.176.8). The packet capture was from the server where paStash running 192.168.176.11
@lmangani
Copy link
Member

Hi @thepacketlover its hard to compare pastash and samplicator - pastash does not blindly forward network packets but rather interprets, reassembles and decodes them internally for modification and reshaping. The raw UDP/TCP examples should work indeed, but perhaps there's more at play. Try to stdout{} a few of the egress messages to see what they contain in detail.

In your case, you also might want to avoid doing UDP/TCP/UDP pipelines for obvious reasons i'd suggest using TCP HEP.

@lmangani
Copy link
Member

NOTE: adding the raw serializer to the input might make this work as you would expect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmangani @thepacketlover