Ejemplo n.º 1
0
func benchmarkPacketDecode(packetSource *gopacket.PacketSource) {
	count, errors := 0, 0
	start := time.Now()
	for packet, err := packetSource.NextPacket(); err != io.EOF; packet, err = packetSource.NextPacket() {
		if err != nil {
			fmt.Println("Error reading in packet:", err)
			continue
		}
		count++
		var hasError bool
		if *printErrors && packet.ErrorLayer() != nil {
			fmt.Println("\n\n\nError decoding packet:", packet.ErrorLayer().Error())
			fmt.Println(hex.Dump(packet.Data()))
			fmt.Printf("%#v\n", packet.Data())
			errors++
			hasError = true
		}
		if *printLayers || hasError {
			fmt.Printf("\n=== PACKET %d ===\n", count)
			for _, l := range packet.Layers() {
				fmt.Printf("--- LAYER %v ---\n%#v\n\n", l.LayerType(), l)
			}
			fmt.Println()
		}
	}
	duration := time.Since(start)
	fmt.Printf("\tRead in %v packets in %v, %v per packet\n", count, duration, duration/time.Duration(count))
	if *printErrors {
		fmt.Printf("%v errors, successfully decoded %.02f%%\n", errors, float64(count-errors)*100.0/float64(count))
	}
}
Ejemplo n.º 2
0
func runNGNet(packetSource *gopacket.PacketSource) {
	streamFactory := ngnet.NewHttpStreamFactory(eventChan)
	pool := tcpassembly.NewStreamPool(streamFactory)
	assembler := tcpassembly.NewAssembler(pool)

	var pcapWriter *pcapgo.Writer
	if *outputPcap != "" {
		outPcapFile, err := os.Create(*outputPcap)
		if err != nil {
			log.Fatalln(err)
		}
		defer outPcapFile.Close()
		pcapWriter = pcapgo.NewWriter(outPcapFile)
		pcapWriter.WriteFileHeader(65536, layers.LinkTypeEthernet)
	}

	var count int = 0
	for packet := range packetSource.Packets() {
		count++
		net_layer := packet.NetworkLayer()
		if net_layer == nil {
			continue
		}
		trans_layer := packet.TransportLayer()
		if trans_layer == nil {
			continue
		}
		tcp, _ := trans_layer.(*layers.TCP)
		if tcp == nil {
			continue
		}

		if pcapWriter != nil {
			pcapWriter.WritePacket(packet.Metadata().CaptureInfo, packet.Data())
		}

		assembler.AssembleWithTimestamp(
			net_layer.NetworkFlow(),
			tcp,
			packet.Metadata().CaptureInfo.Timestamp)
	}

	assembler.FlushAll()
	streamFactory.Wait()
	log.Println("Packet count: ", count)
}
Ejemplo n.º 3
0
func doCaptureLoop(packageSource *gopacket.PacketSource) {
	//
	dataStream := datastream.TcpDataStreamFactory{ps[:len(ps)]}
	streamPool := tcpassembly.NewStreamPool(dataStream)
	assembler := tcpassembly.NewAssembler(streamPool)
	log.Debug("构建tcp分析者完成")

	//
	packets := packageSource.Packets()
	ticker := time.Tick(time.Minute)

	//
	for {
		select {
		case packet := <-packets:
			{
				if packet == nil {
					return
				}
				if packet.NetworkLayer() == nil || packet.TransportLayer() == nil {
					continue
				}

				//tcp
				if packet.TransportLayer().LayerType() == layers.LayerTypeTCP {
					tcp, _ := packet.TransportLayer().(*layers.TCP)
					assembler.AssembleWithTimestamp(
						packet.NetworkLayer().NetworkFlow(),
						tcp,
						packet.Metadata().Timestamp)
				}
			}
		case <-ticker:
			assembler.FlushOlderThan(time.Now().Add(time.Minute * -2))
		}
	}
}
Ejemplo n.º 4
0
/*
func writeData(w *pcapgo.Writer, source *gopacket.PacketSource) error {
	defragger := ip4defrag.NewIPv4Defragmenter()
	w.WriteFileHeader(65536, layers.LinkTypeEthernet)
	for packet := range source.Packets() {
		tcpLayer := packet.Layer(layers.LayerTypeTCP)
		if tcpLayer != nil {
			// do assemble
		} else {
			v6Layer := packet.Layer(layers.LayerTypeIPv6)
			if v6Layer != nil {
				// do v6 defrag
			} else {
				v4Layer := packet.Layer(layers.LayerTypeIPv4)
				if v4Layer == nil {
					continue
				}
				in, err := defragger.DefragIPv4(v4Layer)
				if err != nil {
					return err
				} else if in == nil { //part of fragment continue
					continue
				} else {
					err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerContents()) //write the header
					if err != nil {
						return err
					}
					err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerPayload()) // write the payload
					if err != nil {
						return err
					}
				}
			}
		}
	}
	return nil
}*/
func readSource(source *gopacket.PacketSource, tcpPack chan gopacket.Packet,
	normalPack chan gopacket.Packet, fragV4Pack chan gopacket.Packet, fragv6Pack chan gopacket.Packet,
	endNotification chan bool) {
	for packet := range source.Packets() {
		tcpLayer := packet.Layer(layers.LayerTypeTCP)
		if tcpLayer != nil {
			tcpPack <- packet
			// send packet to tcp ASSEMBLER
		} else {
			v6Layer := packet.Layer(layers.LayerTypeIPv6)
			if v6Layer != nil {
				v6frag := packet.Layer(layers.LayerTypeIPv6Fragment)
				if v6frag == nil {
					ipv6 := v6Layer.(*layers.IPv6)
					IPserializeBuffer := gopacket.NewSerializeBuffer()
					buf, _ := IPserializeBuffer.PrependBytes(len(ipv6.Payload))
					copy(buf, ipv6.Payload)
					ops := gopacket.SerializeOptions{
						FixLengths:       true,
						ComputeChecksums: true,
					}
					ipv6.SerializeTo(IPserializeBuffer, ops)
					sendPack := gopacket.NewPacket(IPserializeBuffer.Bytes(), layers.LayerTypeIPv6, gopacket.Default)
					err := sendPack.ErrorLayer()
					if err != nil {
						fmt.Println("Error decoding some part of the packet:", err)
						normalPack <- packet
					} else {
						sendPack.Metadata().CaptureLength = len(sendPack.Data())
						sendPack.Metadata().Length = len(sendPack.Data())
						normalPack <- sendPack
					}
				} else {
					fragv6Pack <- packet
				}
				// do v6 process
			} else {
				v4Layer := packet.Layer(layers.LayerTypeIPv4)
				if v4Layer == nil {
					continue
				}
				ip := v4Layer.(*layers.IPv4)

				if notFraV4(ip) {
					IPserializeBuffer := gopacket.NewSerializeBuffer()
					buf, _ := IPserializeBuffer.PrependBytes(len(ip.Payload))
					copy(buf, ip.Payload)
					ops := gopacket.SerializeOptions{
						FixLengths:       true,
						ComputeChecksums: true,
					}
					//	ipBuffer, _ := IPserializeBuffer.PrependBytes(len(ip.Payload))
					//	copy(ipBuffer, ip.Payload)
					ip.SerializeTo(IPserializeBuffer, ops)
					sendPack := gopacket.NewPacket(IPserializeBuffer.Bytes(), layers.LayerTypeIPv4, gopacket.Default)
					err := sendPack.ErrorLayer()
					if err != nil {
						fmt.Println("Error decoding some part of the packet:", err)
						normalPack <- packet
					} else {
						sendPack.Metadata().CaptureLength = len(sendPack.Data())
						sendPack.Metadata().Length = len(sendPack.Data())
						normalPack <- sendPack
					}
				} else {
					fragV4Pack <- packet
				}
				/*
					in, err := defragger.DefragIPv4(v4Layer)
					if err != nil {
						return err
					} else if in == nil { //part of fragment continue
						continue
					} else {
						err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerContents()) //write the header
						if err != nil {
							return err
						}
						err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerPayload()) // write the payload
						if err != nil {
							return err
						}
					}*/
			}
		}
		time.Sleep(time.Millisecond * 500)
	}
	fmt.Printf("done reading in readSource()\n")
	// give a time to write file
	endNotification <- true

}