Example #1
1
func TestPacketDot11CtrlAck(t *testing.T) {
	p := gopacket.NewPacket(testPacketDot11CtrlAck, LinkTypeIEEE80211Radio, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11}, t)

	if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok {
		if !got.ChecksumValid() {
			t.Errorf("Dot11 packet processing failed:\nchecksum failed. got  :\n%#v\n\n", got)
		}
	}

	if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok {
		want := &Dot11{
			BaseLayer: BaseLayer{
				Contents: []uint8{0xd4, 0x0, 0x0, 0x0, 0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52},
				Payload:  []uint8{},
			},
			Type:       Dot11TypeCtrlAck,
			Proto:      0x0,
			Flags:      0x0,
			DurationID: 0x0,
			Address1:   net.HardwareAddr{0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52},
			Address2:   net.HardwareAddr(nil),
			Address3:   net.HardwareAddr(nil),
			Address4:   net.HardwareAddr(nil),
			Checksum:   0x8776e946,
		}
		if !reflect.DeepEqual(got, want) {
			t.Errorf("Dot11 packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	}
}
Example #2
0
func TestDecodeIPv6Jumbogram(t *testing.T) {
	// Haven't found any of these in the wild or on example pcaps online, so had
	// to generate one myself via scapy.  Unfortunately, scapy can only
	// str(packet) for packets with length < 65536, due to limitations in python's
	// struct library, so I generated the header with:
	// Ether() / IPv6(src='::1', dst='::2') / IPv6ExtHdrHopByHop(options=[Jumbo(jumboplen=70000)]) / TCP(sport=8888, dport=80)
	// then added the payload manually ("payload" * 9996).  The checksums here are
	// not correct, but we don't check, so who cares ;)
	dataStr := "\x00\x1f\xca\xb3v@$\xbe\x05'\x0b\x17\x86\xdd`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\xc2\x04\x00\x01\x11p\"\xb8\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00l\xd8\x00\x00"
	payload := strings.Repeat("payload", 9996)
	data := []byte(dataStr + payload)
	p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default)
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeIPv6HopByHop, LayerTypeTCP, gopacket.LayerTypePayload}, t)
	if p.ApplicationLayer() == nil {
		t.Error("Packet has no application layer")
	} else if string(p.ApplicationLayer().Payload()) != payload {
		t.Errorf("Jumbogram payload wrong")
	}
	// Check truncated for jumbograms
	data = data[:len(data)-1]
	p = gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default)
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeIPv6HopByHop, LayerTypeTCP, gopacket.LayerTypePayload}, t)
	if !p.Metadata().Truncated {
		t.Error("Jumbogram should be truncated")
	}
}
Example #3
0
func TestPacketIPSecESP(t *testing.T) {
	p := gopacket.NewPacket(testPacketIPSecESP, LinkTypeEthernet, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeIPSecESP}, t)
}
Example #4
0
func TestPacketDot11DataARP(t *testing.T) {
	p := gopacket.NewPacket(testPacketDot11DataARP, LinkTypeIEEE80211Radio, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeARP}, t)

	if got, ok := p.Layer(LayerTypeARP).(*ARP); ok {
		want := &ARP{
			BaseLayer: BaseLayer{
				Contents: []uint8{0x0, 0x1, 0x8, 0x0, 0x6, 0x4, 0x0, 0x1, 0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52, 0xa9, 0xfe, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x8, 0xe, 0x36},
				Payload:  []uint8{},
			},
			AddrType:          0x1,
			Protocol:          0x800,
			HwAddressSize:     0x6,
			ProtAddressSize:   0x4,
			Operation:         0x1,
			SourceHwAddress:   []uint8{0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52},
			SourceProtAddress: []uint8{0xa9, 0xfe, 0xf7, 0x0},
			DstHwAddress:      []uint8{0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
			DstProtAddress:    []uint8{0x43, 0x8, 0xe, 0x36},
		}

		if !reflect.DeepEqual(got, want) {
			t.Errorf("ARP packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	}
}
Example #5
0
func TestPacketDot11DataIP(t *testing.T) {
	p := gopacket.NewPacket(testPacketDot11DataIP, LinkTypeIEEE80211Radio, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeIPv4, LayerTypeUDP, gopacket.LayerTypePayload}, t)
}
Example #6
0
func BenchmarkEndpoints(b *testing.B) {
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.DecodeOptions{Lazy: true, NoCopy: true})
	flow := p.NetworkLayer().NetworkFlow()
	for i := 0; i < b.N; i++ {
		flow.Endpoints()
	}
}
Example #7
0
func getack(conn net.PacketConn, srcport layers.TCPPort, dstip string) (ack uint32, err error) {
	for {
		b := make([]byte, 4096)
		log.Println("reading from conn")
		var n int
		var addr net.Addr
		n, addr, err = conn.ReadFrom(b)
		if err != nil {
			log.Println("reading..", err)
			return
		} else if addr.String() == dstip {
			// Decode a packet
			packet := gopacket.NewPacket(b[:n], layers.LayerTypeTCP, gopacket.Default)
			// Get the TCP layer from this packet
			if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
				tcp, _ := tcpLayer.(*layers.TCP)
				if tcp.DstPort == srcport {
					if tcp.SYN && tcp.ACK {
						ack = tcp.Seq
					} else {
						err = errors.New("Port is CLOSED")
					}
					return
				}
			}
		} else {
			err = errors.New("Got packet not matching addr")
		}
	}
	return
}
Example #8
0
func TestDecodeNortelDiscovery(t *testing.T) {
	// http://www.thetechfirm.com/packets/nortel_btdp/btdp_nai.enc
	data := []byte{
		0x01, 0x00, 0x81, 0x00, 0x01, 0x00, 0x00, 0x04, 0x38, 0xe0, 0xcc, 0xde,
		0x00, 0x13, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x81, 0x01, 0xa2, 0xac, 0x13,
		0x58, 0x03, 0x00, 0x04, 0x15, 0x30, 0x0c, 0x02, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x04, 0x38, 0xe0, 0xcc, 0xde, 0x80, 0x6a, 0x00, 0x01, 0x14, 0x00,
		0x02, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	}
	p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default)
	wantLayers := []gopacket.LayerType{LayerTypeEthernet, LayerTypeLLC, LayerTypeSNAP, LayerTypeNortelDiscovery}
	checkLayers(p, wantLayers, t)

	want := &NortelDiscovery{
		IPAddress: []byte{172, 19, 88, 3},
		SegmentID: []byte{0x00, 0x04, 0x15},
		Chassis:   NDPChassisBayStack450101001000Switches,
		Backplane: NDPBackplaneEthernetFastEthernetGigabitEthernet,
		State:     NDPStateHeartbeat,
		NumLinks:  0,
	}
	ndpL := p.Layer(LayerTypeNortelDiscovery)
	info, _ := ndpL.(*NortelDiscovery)
	if !reflect.DeepEqual(info, want) {
		t.Errorf("Values mismatch, \ngot  %#v\nwant %#v\n", info, want)
	}
}
//export go_callback
func go_callback(queueId C.int, data *C.uchar, length C.int, cb *chan NFPacket) VerdictModified {
	xdata := C.GoBytes(unsafe.Pointer(data), length)
	packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{
		Lazy:               true,
		NoCopy:             true,
		SkipDecodeRecovery: false,
	})
	p := NFPacket{
		verdictChannel:         make(chan Verdict),
		verdictModifiedChannel: make(chan VerdictPacket),
		Packet:                 packet,
	}
	select {
	case (*cb) <- p:
		select {
		case v := <-p.verdictModifiedChannel:
			return VerdictModified{
				verdict: C.uint(v.Verdict),
				data:    (*C.uchar)(unsafe.Pointer(&v.Packet[0])),
				length:  C.uint(len(v.Packet)),
			}
		case v := <-p.verdictChannel:
			return VerdictModified{
				verdict: C.uint(v),
				data:    nil,
				length:  0,
			}
		}
	default:
		return VerdictModified{verdict: C.uint(NF_DROP), data: nil, length: 0}
	}
}
Example #10
0
func TestPacketUSB0(t *testing.T) {
	p := gopacket.NewPacket(testPacketUSB0, LinkTypeLinuxUSB, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeUSB, LayerTypeUSBInterrupt}, t)

	if got, ok := p.Layer(LayerTypeUSB).(*USB); ok {
		want := &USB{
			BaseLayer: BaseLayer{
				Contents: []uint8{0x0, 0x38, 0x4a, 0x3b, 0x0, 0x88, 0xff, 0xff, 0x43, 0x1, 0x81, 0x1, 0x2, 0x0, 0x2d, 0x0, 0xc0, 0xd3, 0x5b, 0x50, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x85, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0},
				Payload:  []uint8{0x4},
			},
			ID:             0xffff88003b4a3800,
			EventType:      USBEventTypeComplete,
			TransferType:   USBTransportTypeInterrupt,
			Direction:      0x1,
			EndpointNumber: 0x1,
			DeviceAddress:  0x1,
			BusID:          0x2,
			TimestampSec:   1348195264,
			TimestampUsec:  689546,
			Setup:          false,
			Data:           true,
			Status:         0,
			UrbLength:      0x1,
			UrbDataLength:  0x1,
		}

		if !reflect.DeepEqual(got, want) {
			t.Errorf("USB packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	}

}
Example #11
0
func TestICMP(t *testing.T) {
	p := gopacket.NewPacket(testICMP, LinkTypeEthernet, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeICMPv4, gopacket.LayerTypePayload}, t)
	testSerialization(t, p, testICMP)
}
Example #12
0
func BenchmarkTCPTransportLayerFromDecodedPacket(b *testing.B) {
	b.StopTimer()
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default)
	b.StartTimer()
	for i := 0; i < b.N; i++ {
		_ = p.TransportLayer()
	}
}
Example #13
0
func BenchmarkFmtVerboseString(b *testing.B) {
	b.StopTimer()
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default)
	b.StartTimer()
	for i := 0; i < b.N; i++ {
		fmt.Sprintf("%#v", p)
	}
}
Example #14
0
func TestPacketP6196(t *testing.T) {
	p := gopacket.NewPacket(testPacketP6196, LinkTypeIEEE80211Radio, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}

	checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11WEP}, t)
}
Example #15
0
func BenchmarkPacketDumpString(b *testing.B) {
	b.StopTimer()
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default)
	b.StartTimer()
	for i := 0; i < b.N; i++ {
		p.String()
	}
}
Example #16
0
func BenchmarkTCPLayerClassFromDecodedPacket(b *testing.B) {
	b.StopTimer()
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default)
	lc := gopacket.NewLayerClass([]gopacket.LayerType{LayerTypeTCP})
	b.StartTimer()
	for i := 0; i < b.N; i++ {
		_ = p.LayerClass(lc)
	}
}
Example #17
0
func getSerializeLayers() []gopacket.SerializableLayer {
	p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default)
	slayers := []gopacket.SerializableLayer{}
	for _, l := range p.Layers() {
		slayers = append(slayers, l.(gopacket.SerializableLayer))
	}
	p.Layer(LayerTypeTCP).(*TCP).SetNetworkLayerForChecksum(
		p.NetworkLayer())
	return slayers
}
Example #18
0
func TestPacketICMPv6(t *testing.T) {
	p := gopacket.NewPacket(testPacketICMPv6, LinkTypeEthernet, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeICMPv6, gopacket.LayerTypePayload}, t)
	if got, ok := p.Layer(LayerTypeIPv6).(*IPv6); ok {
		want := &IPv6{
			BaseLayer: BaseLayer{
				Contents: []byte{0x60, 0x0, 0x0, 0x0, 0x0, 0x18,
					0x3a, 0xff, 0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5,
					0xff, 0xfe, 0x27, 0xb, 0x17, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
					0x2, 0x1f, 0xca, 0xff, 0xfe, 0xb3, 0x76, 0x40},
				Payload: []byte{0x88, 0x0, 0x1e, 0xd6, 0x40, 0x0, 0x0, 0x0, 0x26, 0x20,
					0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb,
					0x17},
			},
			Version:      6,
			TrafficClass: 0,
			FlowLabel:    0,
			Length:       24,
			NextHeader:   IPProtocolICMPv6,
			HopLimit:     255,
			SrcIP:        net.IP{0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17},
			DstIP:        net.IP{0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1f, 0xca, 0xff, 0xfe, 0xb3, 0x76, 0x40},
		}
		if !reflect.DeepEqual(got, want) {
			t.Errorf("IPv6 packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	} else {
		t.Error("No IPv6 layer type found in packet")
	}
	if got, ok := p.Layer(LayerTypeICMPv6).(*ICMPv6); ok {
		want := &ICMPv6{
			BaseLayer: BaseLayer{
				Contents: []byte{0x88, 0x0, 0x1e, 0xd6, 0x40, 0x0, 0x0, 0x0},
				Payload: []byte{0x26, 0x20, 0x0, 0x0, 0x10,
					0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17},
			},
			TypeCode:  0x8800,
			Checksum:  0x1ed6,
			TypeBytes: []byte{0x40, 0x0, 0x0, 0x0},
		}
		if !reflect.DeepEqual(got, want) {
			t.Errorf("ICMPv6 packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
		if got.TypeCode.String() != "NeighborAdvertisement(0)" {
			t.Errorf("ICMPv6 type code, got %q want 'NeighborAdvertisement(0)'", got.TypeCode.String())
		}
	} else {
		t.Error("No ICMPv6 layer type found in packet")
	}
}
Example #19
0
//export go_callback
func go_callback(queueId C.int, data *C.uchar, len C.int, cb *chan NFPacket) C.struct_NFResult {
	xdata := C.GoBytes(unsafe.Pointer(data), len)
	packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{Lazy: true, NoCopy: true})
	p := NFPacket{resultChannel: make(chan C.struct_NFResult), Packet: packet}
	select {
	case (*cb) <- p:
		r := <-p.resultChannel
		return r
	default:
		return C.struct_NFResult{Verdict: C.uint(NF_DROP), Data: nil, Len: 0}
	}
}
Example #20
0
//export go_callback
func go_callback(queueId C.int, data *C.uchar, len C.int, cb *chan NFPacket) Verdict {
	xdata := C.GoBytes(unsafe.Pointer(data), len)
	packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{true, true})
	p := NFPacket{verdictChannel: make(chan Verdict), Packet: packet}
	select {
	case (*cb) <- p:
		v := <-p.verdictChannel
		return v
	default:
		return NF_DROP
	}
}
Example #21
0
func TestDecodeUDPPacketTooSmall(t *testing.T) {
	data := []byte{
		0x00, 0x15, 0x2c, 0x9d, 0xcc, 0x00, 0x00, 0x10, 0xdb, 0xff, 0x10, 0x00, 0x81, 0x00, 0x01, 0xf7,
		0x08, 0x00, 0x45, 0x60, 0x00, 0x3c, 0x0f, 0xa9, 0x00, 0x00, 0x6e, 0x11, 0x01, 0x0a, 0x47, 0xe6,
		0xee, 0x2e, 0xac, 0x16, 0x59, 0x73, 0x00, 0x50, 0x00, 0x50, 0x00, 0x28, 0x4d, 0xad, 0x00, 0x67,
		0x00, 0x01, 0x00, 0x72, 0xd5, 0xc7, 0xf1, 0x07, 0x00, 0x00, 0x01, 0x01, 0x00, 0x0d, 0x00, 0x00,
		0x00, 0x14, 0x00, 0x00, 0x19, 0xba,
	}
	p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default)
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeDot1Q, LayerTypeIPv4, LayerTypeUDP, gopacket.LayerTypePayload}, t)
	if !p.Metadata().Truncated {
		t.Error("UDP short packet should be truncated")
	}
}
Example #22
0
// getHwAddr is a hacky but effective way to get the destination hardware
// address for our packets.  It does an ARP request for our gateway (if there is
// one) or destination IP (if no gateway is necessary), then waits for an ARP
// reply.  This is pretty slow right now, since it blocks on the ARP
// request/reply.
func (s *scanner) getHwAddr() (net.HardwareAddr, error) {
	start := time.Now()
	arpDst := s.dst
	if s.gw != nil {
		arpDst = s.gw
	}
	// Prepare the layers to send for an ARP request.
	eth := layers.Ethernet{
		SrcMAC:       s.iface.HardwareAddr,
		DstMAC:       net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
		EthernetType: layers.EthernetTypeARP,
	}
	arp := layers.ARP{
		AddrType:          layers.LinkTypeEthernet,
		Protocol:          layers.EthernetTypeIPv4,
		HwAddressSize:     6,
		ProtAddressSize:   4,
		Operation:         layers.ARPRequest,
		SourceHwAddress:   []byte(s.iface.HardwareAddr),
		SourceProtAddress: []byte(s.src),
		DstHwAddress:      []byte{0, 0, 0, 0, 0, 0},
		DstProtAddress:    []byte(arpDst),
	}
	// Send a single ARP request packet (we never retry a send, since this
	// is just an example ;)
	if err := s.send(&eth, &arp); err != nil {
		return nil, err
	}
	// Wait 3 seconds for an ARP reply.
	for {
		if time.Since(start) > time.Second*3 {
			return nil, fmt.Errorf("timeout getting ARP reply")
		}
		data, _, err := s.handle.ReadPacketData()
		if err == pcap.NextErrorTimeoutExpired {
			continue
		} else if err != nil {
			return nil, err
		}
		packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.NoCopy)
		if arpLayer := packet.Layer(layers.LayerTypeARP); arpLayer != nil {
			arp := arpLayer.(*layers.ARP)
			if bytes.Equal(arp.SourceProtAddress, arpDst) {
				return net.HardwareAddr(arp.SourceHwAddress), nil
			}
		}
	}
}
Example #23
0
// Makes sure packet payload doesn't display the 6 trailing null of this packet
// as part of the payload.  They're actually the ethernet trailer.
func TestDecodeSmallTCPPacketHasEmptyPayload(t *testing.T) {
	smallPacket := []byte{
		0xbc, 0x30, 0x5b, 0xe8, 0xd3, 0x49, 0xb8, 0xac, 0x6f, 0x92, 0xd5, 0xbf,
		0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06,
		0x3f, 0x9f, 0xac, 0x11, 0x51, 0xc5, 0xac, 0x11, 0x51, 0x49, 0x00, 0x63,
		0x9a, 0xef, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc1, 0x27, 0x83, 0x50, 0x14,
		0x00, 0x00, 0xc3, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	}
	p := gopacket.NewPacket(smallPacket, LinkTypeEthernet, gopacket.Default)

	if payload := p.Layer(gopacket.LayerTypePayload); payload != nil {
		t.Error("Payload found for empty TCP packet")
	}

	testSerialization(t, p, smallPacket)
}
//Check that there is an error if the packet channel is full
func TestChannelFull(t *testing.T) {
	icmpPackets := make(chan gopacket.Packet, 100)
	var data []byte
	data = nil
	packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Default)

	var err error
	err = nil
	i := 0
	for err == nil {
		i++
		err = putChannel(packet, icmpPackets)
		if i > 200 {
			t.Error("Channel should be full and there should be an error but there isn't.")
		}
	}
}
Example #25
0
func main() {
	// "106.187.99.23:1988"

	var test bool
	flag.StringVar(&ghost, "h", "", "tunnel server host ip")
	flag.IntVar(&gport, "p", 9998, "tunnel server listen port")
	flag.StringVar(&gfilter, "f", "", "tunnel pcap filter")
	flag.BoolVar(&test, "t", false, "test")
	flag.BoolVar(&doudp, "udp", false, "do udp nat")
	flag.Parse()

	gwiface, gwip, gwmac = findGateway()
	log.Println("Found gateway", gwiface, gwip, gwmac)

	myip, mymac = findMyIpAndMac()
	log.Println("Found my ip", myip, "mac", mymac)

	if test {
		b, _ := ioutil.ReadFile("e.pkt")
		pkt := gopacket.NewPacket(b, layers.LayerTypeEthernet, gopacket.Default)
		for layer := range pkt.Layers() {
			log.Println("layer", layer)
		}
		app := pkt.ApplicationLayer()
		log.Println("app", app)

		mypkt, _ := NewPkt(b)
		log.Printf("oldchecksum %x %x\n", mypkt.tcp.Checksum, ^mypkt.tcp.Checksum)
		log.Println("applen", len(mypkt.app))
		UpdatePkt(&mypkt)
		log.Println("data", len(mypkt.data))

		log.Printf("newchecksum %x\n", mypkt.tcp.Checksum)
		return
	}

	if ghost == "" {
		srv := TunnelServer{}
		srv.Run()
	} else {
		cli := TunnelClient{}
		cli.Run()
	}
}
Example #26
0
func listenandcount(conn net.PacketConn, dstip string, srcport layers.TCPPort) (pkt_count, payload_size int, fullpayload []byte) {
	//Drain the connection without ACKing
	detected := make(map[uint32]bool) //Store the detected seq to weed out retransmits
	timer := time.NewTicker(10 * time.Second)
	for {
		select {
		case <-timer.C:
			//Stop draining when channel pings first time
			return
		default:
			b := make([]byte, 4096)
			n, addr, err := conn.ReadFrom(b)
			//log.Println(n)
			if err != nil {
				log.Println("error reading packet: ", err)
				return
			} else if addr.String() == dstip {
				packet := gopacket.NewPacket(b[:n], layers.LayerTypeTCP, gopacket.Default)
				if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
					tcp, _ := tcpLayer.(*layers.TCP)
					ok := detected[tcp.Seq]
					if !ok {
						//log.Println(packet)
						if tcp.DstPort == srcport {
							if payloadlayer := packet.Layer(gopacket.LayerTypePayload); payloadlayer != nil {
								log.Println(tcp.Seq)
								detected[tcp.Seq] = true
								pkt_count++
								cnt := payloadlayer.LayerContents()
								fullpayload = append(fullpayload, cnt...)
								//fmt.Println(string(cnt))
								payload_size += len(cnt)
								//log.Println(pkt_count, payload_size)
							}
						}
					} else {
						log.Println("retransmit")
					}
				}
			}
		}
	}
	return
}
Example #27
0
func loadDNS(dnspacket []byte, t *testing.T) *DNS {
	p := gopacket.NewPacket(dnspacket, LinkTypeEthernet, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4,
		LayerTypeUDP, LayerTypeDNS}, t)

	dnsL := p.Layer(LayerTypeDNS)
	if dnsL == nil {
		t.Error("No DNS Layer found")
	}

	dns, ok := dnsL.(*DNS)
	if !ok {
		return nil
	}
	return dns
}
Example #28
0
func handlePacket(p gopacket.Packet) {
	ap := AP{}
	// extract beacon
	// extract Ssid
	for _, l := range p.Layers() {
		switch l.LayerType() {
		case layers.LayerTypeDot11MgmtBeacon:
			beacon, ok := p.Layer(layers.LayerTypeDot11MgmtBeacon).(*layers.Dot11MgmtBeacon)
			if !ok {
				log.Println("Could not marshal layer thing")
				continue
			}
			pack := gopacket.NewPacket(beacon.LayerContents(), layers.LayerTypeDot11MgmtBeacon, gopacket.Default)
			for _, subpack := range pack.Layers() {
				info, ok := subpack.(*layers.Dot11InformationElement)
				if !ok {
					continue
				}
				if info.ID == layers.Dot11InformationElementIDSSID {
					ap.Ssid = fmt.Sprintf("%s", info.Info)
					break
				}
			}
		case layers.LayerTypeDot11:
			base, ok := p.Layer(layers.LayerTypeDot11).(*layers.Dot11)
			if !ok {
				continue
			}
			ap.Bssid = base.Address2
			continue
		case layers.LayerTypeRadioTap:
			radio, ok := p.Layer(layers.LayerTypeRadioTap).(*layers.RadioTap)
			if !ok {
				continue
			}
			ap.Channel = radio.ChannelFrequency
			continue

		}
	}
	APList[ap.Ssid] = ap
}
Example #29
0
func TestUDPPacketDNS(t *testing.T) {
	p := gopacket.NewPacket(testUDPPacketDNS, LinkTypeEthernet, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}
	checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeUDP, LayerTypeDNS}, t)
	if got, ok := p.TransportLayer().(*UDP); ok {
		want := &UDP{
			BaseLayer: BaseLayer{
				Contents: []byte{0x0, 0x35, 0x89, 0x6d, 0x0, 0xd2, 0x75, 0x4a},
				Payload: []byte{0xb8, 0xd8, 0x81, 0x80, 0x0, 0x1, 0x0,
					0x7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x78, 0x6b, 0x63, 0x64, 0x3, 0x63, 0x6f,
					0x6d, 0x0, 0x0, 0xf, 0x0, 0x1, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0,
					0x2, 0x58, 0x0, 0x18, 0x0, 0x14, 0x4, 0x41, 0x4c, 0x54, 0x32, 0x5, 0x41,
					0x53, 0x50, 0x4d, 0x58, 0x1, 0x4c, 0x6, 0x47, 0x4f, 0x4f, 0x47, 0x4c,
					0x45, 0xc0, 0x11, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0,
					0x16, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x32, 0xa, 0x47, 0x4f,
					0x4f, 0x47, 0x4c, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0xc0, 0x11, 0xc0, 0xc,
					0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41,
					0x53, 0x50, 0x4d, 0x58, 0x33, 0xc0, 0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1,
					0x0, 0x0, 0x2, 0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d,
					0x58, 0x34, 0xc0, 0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2,
					0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x35, 0xc0,
					0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0x4, 0x0,
					0xa, 0xc0, 0x2d, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0,
					0x9, 0x0, 0x14, 0x4, 0x41, 0x4c, 0x54, 0x31, 0xc0, 0x2d},
			},
			SrcPort:  53,
			DstPort:  35181,
			Length:   210,
			Checksum: 30026,
			sPort:    []byte{0x0, 0x35},
			dPort:    []byte{0x89, 0x6d},
		}
		if !reflect.DeepEqual(got, want) {
			t.Errorf("UDP packet mismatch:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	} else {
		t.Error("Transport layer packet not UDP")
	}
}
Example #30
0
func TestPacketDot11MgmtBeacon(t *testing.T) {
	p := gopacket.NewPacket(testPacketDot11MgmtBeacon, LinkTypeIEEE80211Radio, gopacket.Default)
	if p.ErrorLayer() != nil {
		t.Error("Failed to decode packet:", p.ErrorLayer().Error())
	}

	checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11MgmtBeacon}, t)

	if got, ok := p.Layer(LayerTypeRadioTap).(*RadioTap); ok {
		want := &RadioTap{BaseLayer: BaseLayer{Contents: []uint8{0x0, 0x0, 0x20, 0x0, 0x67, 0x8, 0x4, 0x0, 0xe9, 0xa2, 0xfe, 0x25, 0x0, 0x0, 0x0, 0x0, 0x22, 0xc, 0xd8, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x40, 0x1, 0x0, 0x0, 0x3c, 0x14, 0x24, 0x11}, Payload: []uint8{0x80, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0, 0x9b, 0x38, 0x40, 0x10, 0x28, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x8, 0x8c, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6c, 0x3, 0x1, 0x24, 0x5, 0x4, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2a, 0x55, 0x53, 0x20, 0x24, 0x1, 0x11, 0x28, 0x1, 0x11, 0x2c, 0x1, 0x11, 0x30, 0x1, 0x11, 0x34, 0x1, 0x17, 0x38, 0x1, 0x17, 0x3c, 0x1, 0x17, 0x40, 0x1, 0x17, 0x95, 0x1, 0x1e, 0x99, 0x1, 0x1e, 0x9d, 0x1, 0x1e, 0xa1, 0x1, 0x1e, 0xa5, 0x1, 0x1e, 0x20, 0x1, 0x0, 0xdd, 0x18, 0x0, 0x50, 0xf2, 0x2, 0x1, 0x1, 0x0, 0x0, 0x3, 0xa4, 0x0, 0x0, 0x27, 0xa4, 0x0, 0x0, 0x42, 0x43, 0x5e, 0x0, 0x62, 0x32, 0x2f, 0x0, 0x34, 0xc, 0x66, 0x72, 0x65, 0x65, 0x62, 0x73, 0x64, 0x2d, 0x6d, 0x65, 0x73, 0x68, 0x33, 0x17, 0x1, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xdf}}, Version: 0x0, Length: 0x20, Present: 0x40867, TSFT: 0x25fea2e9, Flags: 0x22, Rate: 0xc, ChannelFrequency: 0x0, ChannelFlags: 0x0, FHSS: 0x0, DBMAntennaSignal: -40, DBMAntennaNoise: -96, LockQuality: 0x0, TxAttenuation: 0x0, DBTxAttenuation: 0x0, DBMTxPower: 0, Antenna: 0x2, DBAntennaSignal: 0x0, DBAntennaNoise: 0x0}

		if !reflect.DeepEqual(got, want) {
			t.Errorf("RadioTap packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	}

	if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok {
		want := &Dot11{
			BaseLayer: BaseLayer{
				Contents: []uint8{0x80, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0, 0x9b},
				Payload:  []uint8{0x38, 0x40, 0x10, 0x28, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x8, 0x8c, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6c, 0x3, 0x1, 0x24, 0x5, 0x4, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2a, 0x55, 0x53, 0x20, 0x24, 0x1, 0x11, 0x28, 0x1, 0x11, 0x2c, 0x1, 0x11, 0x30, 0x1, 0x11, 0x34, 0x1, 0x17, 0x38, 0x1, 0x17, 0x3c, 0x1, 0x17, 0x40, 0x1, 0x17, 0x95, 0x1, 0x1e, 0x99, 0x1, 0x1e, 0x9d, 0x1, 0x1e, 0xa1, 0x1, 0x1e, 0xa5, 0x1, 0x1e, 0x20, 0x1, 0x0, 0xdd, 0x18, 0x0, 0x50, 0xf2, 0x2, 0x1, 0x1, 0x0, 0x0, 0x3, 0xa4, 0x0, 0x0, 0x27, 0xa4, 0x0, 0x0, 0x42, 0x43, 0x5e, 0x0, 0x62, 0x32, 0x2f, 0x0, 0x34, 0xc, 0x66, 0x72, 0x65, 0x65, 0x62, 0x73, 0x64, 0x2d, 0x6d, 0x65, 0x73, 0x68, 0x33, 0x17, 0x1, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf},
			},
			Type:           Dot11TypeMgmtBeacon,
			Proto:          0x0,
			Flags:          0x0,
			DurationID:     0x0,
			Address1:       net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
			Address2:       net.HardwareAddr{0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16},
			Address3:       net.HardwareAddr{0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
			Address4:       net.HardwareAddr(nil),
			SequenceNumber: 0x9bd, FragmentNumber: 0x0,
			Checksum: 0xdf00ffac,
		}

		if !reflect.DeepEqual(got, want) {
			t.Errorf("Dot11 packet processing failed:\ngot  :\n%#v\n\nwant :\n%#v\n\n", got, want)
		}
	}
}