func TestPacketDot11CtrlAck(t *testing.T) { p := gopacket.NewPacket(testPacketDot11CtrlAck, LinkTypeIEEE80211Radio, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11}, t) if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok { if !got.ChecksumValid() { t.Errorf("Dot11 packet processing failed:\nchecksum failed. got :\n%#v\n\n", got) } } if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok { want := &Dot11{ BaseLayer: BaseLayer{ Contents: []uint8{0xd4, 0x0, 0x0, 0x0, 0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52}, Payload: []uint8{}, }, Type: Dot11TypeCtrlAck, Proto: 0x0, Flags: 0x0, DurationID: 0x0, Address1: net.HardwareAddr{0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52}, Address2: net.HardwareAddr(nil), Address3: net.HardwareAddr(nil), Address4: net.HardwareAddr(nil), Checksum: 0x8776e946, } if !reflect.DeepEqual(got, want) { t.Errorf("Dot11 packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } }
func TestDecodeIPv6Jumbogram(t *testing.T) { // Haven't found any of these in the wild or on example pcaps online, so had // to generate one myself via scapy. Unfortunately, scapy can only // str(packet) for packets with length < 65536, due to limitations in python's // struct library, so I generated the header with: // Ether() / IPv6(src='::1', dst='::2') / IPv6ExtHdrHopByHop(options=[Jumbo(jumboplen=70000)]) / TCP(sport=8888, dport=80) // then added the payload manually ("payload" * 9996). The checksums here are // not correct, but we don't check, so who cares ;) dataStr := "\x00\x1f\xca\xb3v@$\xbe\x05'\x0b\x17\x86\xdd`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\xc2\x04\x00\x01\x11p\"\xb8\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00l\xd8\x00\x00" payload := strings.Repeat("payload", 9996) data := []byte(dataStr + payload) p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default) checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeIPv6HopByHop, LayerTypeTCP, gopacket.LayerTypePayload}, t) if p.ApplicationLayer() == nil { t.Error("Packet has no application layer") } else if string(p.ApplicationLayer().Payload()) != payload { t.Errorf("Jumbogram payload wrong") } // Check truncated for jumbograms data = data[:len(data)-1] p = gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default) checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeIPv6HopByHop, LayerTypeTCP, gopacket.LayerTypePayload}, t) if !p.Metadata().Truncated { t.Error("Jumbogram should be truncated") } }
func TestPacketIPSecESP(t *testing.T) { p := gopacket.NewPacket(testPacketIPSecESP, LinkTypeEthernet, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeIPSecESP}, t) }
func TestPacketDot11DataARP(t *testing.T) { p := gopacket.NewPacket(testPacketDot11DataARP, LinkTypeIEEE80211Radio, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeARP}, t) if got, ok := p.Layer(LayerTypeARP).(*ARP); ok { want := &ARP{ BaseLayer: BaseLayer{ Contents: []uint8{0x0, 0x1, 0x8, 0x0, 0x6, 0x4, 0x0, 0x1, 0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52, 0xa9, 0xfe, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x8, 0xe, 0x36}, Payload: []uint8{}, }, AddrType: 0x1, Protocol: 0x800, HwAddressSize: 0x6, ProtAddressSize: 0x4, Operation: 0x1, SourceHwAddress: []uint8{0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52}, SourceProtAddress: []uint8{0xa9, 0xfe, 0xf7, 0x0}, DstHwAddress: []uint8{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, DstProtAddress: []uint8{0x43, 0x8, 0xe, 0x36}, } if !reflect.DeepEqual(got, want) { t.Errorf("ARP packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } }
func TestPacketDot11DataIP(t *testing.T) { p := gopacket.NewPacket(testPacketDot11DataIP, LinkTypeIEEE80211Radio, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeIPv4, LayerTypeUDP, gopacket.LayerTypePayload}, t) }
func BenchmarkEndpoints(b *testing.B) { p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.DecodeOptions{Lazy: true, NoCopy: true}) flow := p.NetworkLayer().NetworkFlow() for i := 0; i < b.N; i++ { flow.Endpoints() } }
func getack(conn net.PacketConn, srcport layers.TCPPort, dstip string) (ack uint32, err error) { for { b := make([]byte, 4096) log.Println("reading from conn") var n int var addr net.Addr n, addr, err = conn.ReadFrom(b) if err != nil { log.Println("reading..", err) return } else if addr.String() == dstip { // Decode a packet packet := gopacket.NewPacket(b[:n], layers.LayerTypeTCP, gopacket.Default) // Get the TCP layer from this packet if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil { tcp, _ := tcpLayer.(*layers.TCP) if tcp.DstPort == srcport { if tcp.SYN && tcp.ACK { ack = tcp.Seq } else { err = errors.New("Port is CLOSED") } return } } } else { err = errors.New("Got packet not matching addr") } } return }
func TestDecodeNortelDiscovery(t *testing.T) { // http://www.thetechfirm.com/packets/nortel_btdp/btdp_nai.enc data := []byte{ 0x01, 0x00, 0x81, 0x00, 0x01, 0x00, 0x00, 0x04, 0x38, 0xe0, 0xcc, 0xde, 0x00, 0x13, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x81, 0x01, 0xa2, 0xac, 0x13, 0x58, 0x03, 0x00, 0x04, 0x15, 0x30, 0x0c, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x38, 0xe0, 0xcc, 0xde, 0x80, 0x6a, 0x00, 0x01, 0x14, 0x00, 0x02, 0x00, 0x0f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, } p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default) wantLayers := []gopacket.LayerType{LayerTypeEthernet, LayerTypeLLC, LayerTypeSNAP, LayerTypeNortelDiscovery} checkLayers(p, wantLayers, t) want := &NortelDiscovery{ IPAddress: []byte{172, 19, 88, 3}, SegmentID: []byte{0x00, 0x04, 0x15}, Chassis: NDPChassisBayStack450101001000Switches, Backplane: NDPBackplaneEthernetFastEthernetGigabitEthernet, State: NDPStateHeartbeat, NumLinks: 0, } ndpL := p.Layer(LayerTypeNortelDiscovery) info, _ := ndpL.(*NortelDiscovery) if !reflect.DeepEqual(info, want) { t.Errorf("Values mismatch, \ngot %#v\nwant %#v\n", info, want) } }
//export go_callback func go_callback(queueId C.int, data *C.uchar, length C.int, cb *chan NFPacket) VerdictModified { xdata := C.GoBytes(unsafe.Pointer(data), length) packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{ Lazy: true, NoCopy: true, SkipDecodeRecovery: false, }) p := NFPacket{ verdictChannel: make(chan Verdict), verdictModifiedChannel: make(chan VerdictPacket), Packet: packet, } select { case (*cb) <- p: select { case v := <-p.verdictModifiedChannel: return VerdictModified{ verdict: C.uint(v.Verdict), data: (*C.uchar)(unsafe.Pointer(&v.Packet[0])), length: C.uint(len(v.Packet)), } case v := <-p.verdictChannel: return VerdictModified{ verdict: C.uint(v), data: nil, length: 0, } } default: return VerdictModified{verdict: C.uint(NF_DROP), data: nil, length: 0} } }
func TestPacketUSB0(t *testing.T) { p := gopacket.NewPacket(testPacketUSB0, LinkTypeLinuxUSB, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeUSB, LayerTypeUSBInterrupt}, t) if got, ok := p.Layer(LayerTypeUSB).(*USB); ok { want := &USB{ BaseLayer: BaseLayer{ Contents: []uint8{0x0, 0x38, 0x4a, 0x3b, 0x0, 0x88, 0xff, 0xff, 0x43, 0x1, 0x81, 0x1, 0x2, 0x0, 0x2d, 0x0, 0xc0, 0xd3, 0x5b, 0x50, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x85, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0}, Payload: []uint8{0x4}, }, ID: 0xffff88003b4a3800, EventType: USBEventTypeComplete, TransferType: USBTransportTypeInterrupt, Direction: 0x1, EndpointNumber: 0x1, DeviceAddress: 0x1, BusID: 0x2, TimestampSec: 1348195264, TimestampUsec: 689546, Setup: false, Data: true, Status: 0, UrbLength: 0x1, UrbDataLength: 0x1, } if !reflect.DeepEqual(got, want) { t.Errorf("USB packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } }
func TestICMP(t *testing.T) { p := gopacket.NewPacket(testICMP, LinkTypeEthernet, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeICMPv4, gopacket.LayerTypePayload}, t) testSerialization(t, p, testICMP) }
func BenchmarkTCPTransportLayerFromDecodedPacket(b *testing.B) { b.StopTimer() p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default) b.StartTimer() for i := 0; i < b.N; i++ { _ = p.TransportLayer() } }
func BenchmarkFmtVerboseString(b *testing.B) { b.StopTimer() p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default) b.StartTimer() for i := 0; i < b.N; i++ { fmt.Sprintf("%#v", p) } }
func TestPacketP6196(t *testing.T) { p := gopacket.NewPacket(testPacketP6196, LinkTypeIEEE80211Radio, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11WEP}, t) }
func BenchmarkPacketDumpString(b *testing.B) { b.StopTimer() p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default) b.StartTimer() for i := 0; i < b.N; i++ { p.String() } }
func BenchmarkTCPLayerClassFromDecodedPacket(b *testing.B) { b.StopTimer() p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default) lc := gopacket.NewLayerClass([]gopacket.LayerType{LayerTypeTCP}) b.StartTimer() for i := 0; i < b.N; i++ { _ = p.LayerClass(lc) } }
func getSerializeLayers() []gopacket.SerializableLayer { p := gopacket.NewPacket(testSimpleTCPPacket, LinkTypeEthernet, gopacket.Default) slayers := []gopacket.SerializableLayer{} for _, l := range p.Layers() { slayers = append(slayers, l.(gopacket.SerializableLayer)) } p.Layer(LayerTypeTCP).(*TCP).SetNetworkLayerForChecksum( p.NetworkLayer()) return slayers }
func TestPacketICMPv6(t *testing.T) { p := gopacket.NewPacket(testPacketICMPv6, LinkTypeEthernet, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv6, LayerTypeICMPv6, gopacket.LayerTypePayload}, t) if got, ok := p.Layer(LayerTypeIPv6).(*IPv6); ok { want := &IPv6{ BaseLayer: BaseLayer{ Contents: []byte{0x60, 0x0, 0x0, 0x0, 0x0, 0x18, 0x3a, 0xff, 0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1f, 0xca, 0xff, 0xfe, 0xb3, 0x76, 0x40}, Payload: []byte{0x88, 0x0, 0x1e, 0xd6, 0x40, 0x0, 0x0, 0x0, 0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17}, }, Version: 6, TrafficClass: 0, FlowLabel: 0, Length: 24, NextHeader: IPProtocolICMPv6, HopLimit: 255, SrcIP: net.IP{0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17}, DstIP: net.IP{0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1f, 0xca, 0xff, 0xfe, 0xb3, 0x76, 0x40}, } if !reflect.DeepEqual(got, want) { t.Errorf("IPv6 packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } else { t.Error("No IPv6 layer type found in packet") } if got, ok := p.Layer(LayerTypeICMPv6).(*ICMPv6); ok { want := &ICMPv6{ BaseLayer: BaseLayer{ Contents: []byte{0x88, 0x0, 0x1e, 0xd6, 0x40, 0x0, 0x0, 0x0}, Payload: []byte{0x26, 0x20, 0x0, 0x0, 0x10, 0x5, 0x0, 0x0, 0x26, 0xbe, 0x5, 0xff, 0xfe, 0x27, 0xb, 0x17}, }, TypeCode: 0x8800, Checksum: 0x1ed6, TypeBytes: []byte{0x40, 0x0, 0x0, 0x0}, } if !reflect.DeepEqual(got, want) { t.Errorf("ICMPv6 packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } if got.TypeCode.String() != "NeighborAdvertisement(0)" { t.Errorf("ICMPv6 type code, got %q want 'NeighborAdvertisement(0)'", got.TypeCode.String()) } } else { t.Error("No ICMPv6 layer type found in packet") } }
//export go_callback func go_callback(queueId C.int, data *C.uchar, len C.int, cb *chan NFPacket) C.struct_NFResult { xdata := C.GoBytes(unsafe.Pointer(data), len) packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{Lazy: true, NoCopy: true}) p := NFPacket{resultChannel: make(chan C.struct_NFResult), Packet: packet} select { case (*cb) <- p: r := <-p.resultChannel return r default: return C.struct_NFResult{Verdict: C.uint(NF_DROP), Data: nil, Len: 0} } }
//export go_callback func go_callback(queueId C.int, data *C.uchar, len C.int, cb *chan NFPacket) Verdict { xdata := C.GoBytes(unsafe.Pointer(data), len) packet := gopacket.NewPacket(xdata, layers.LayerTypeIPv4, gopacket.DecodeOptions{true, true}) p := NFPacket{verdictChannel: make(chan Verdict), Packet: packet} select { case (*cb) <- p: v := <-p.verdictChannel return v default: return NF_DROP } }
func TestDecodeUDPPacketTooSmall(t *testing.T) { data := []byte{ 0x00, 0x15, 0x2c, 0x9d, 0xcc, 0x00, 0x00, 0x10, 0xdb, 0xff, 0x10, 0x00, 0x81, 0x00, 0x01, 0xf7, 0x08, 0x00, 0x45, 0x60, 0x00, 0x3c, 0x0f, 0xa9, 0x00, 0x00, 0x6e, 0x11, 0x01, 0x0a, 0x47, 0xe6, 0xee, 0x2e, 0xac, 0x16, 0x59, 0x73, 0x00, 0x50, 0x00, 0x50, 0x00, 0x28, 0x4d, 0xad, 0x00, 0x67, 0x00, 0x01, 0x00, 0x72, 0xd5, 0xc7, 0xf1, 0x07, 0x00, 0x00, 0x01, 0x01, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x19, 0xba, } p := gopacket.NewPacket(data, LinkTypeEthernet, gopacket.Default) checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeDot1Q, LayerTypeIPv4, LayerTypeUDP, gopacket.LayerTypePayload}, t) if !p.Metadata().Truncated { t.Error("UDP short packet should be truncated") } }
// getHwAddr is a hacky but effective way to get the destination hardware // address for our packets. It does an ARP request for our gateway (if there is // one) or destination IP (if no gateway is necessary), then waits for an ARP // reply. This is pretty slow right now, since it blocks on the ARP // request/reply. func (s *scanner) getHwAddr() (net.HardwareAddr, error) { start := time.Now() arpDst := s.dst if s.gw != nil { arpDst = s.gw } // Prepare the layers to send for an ARP request. eth := layers.Ethernet{ SrcMAC: s.iface.HardwareAddr, DstMAC: net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, EthernetType: layers.EthernetTypeARP, } arp := layers.ARP{ AddrType: layers.LinkTypeEthernet, Protocol: layers.EthernetTypeIPv4, HwAddressSize: 6, ProtAddressSize: 4, Operation: layers.ARPRequest, SourceHwAddress: []byte(s.iface.HardwareAddr), SourceProtAddress: []byte(s.src), DstHwAddress: []byte{0, 0, 0, 0, 0, 0}, DstProtAddress: []byte(arpDst), } // Send a single ARP request packet (we never retry a send, since this // is just an example ;) if err := s.send(ð, &arp); err != nil { return nil, err } // Wait 3 seconds for an ARP reply. for { if time.Since(start) > time.Second*3 { return nil, fmt.Errorf("timeout getting ARP reply") } data, _, err := s.handle.ReadPacketData() if err == pcap.NextErrorTimeoutExpired { continue } else if err != nil { return nil, err } packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.NoCopy) if arpLayer := packet.Layer(layers.LayerTypeARP); arpLayer != nil { arp := arpLayer.(*layers.ARP) if bytes.Equal(arp.SourceProtAddress, arpDst) { return net.HardwareAddr(arp.SourceHwAddress), nil } } } }
// Makes sure packet payload doesn't display the 6 trailing null of this packet // as part of the payload. They're actually the ethernet trailer. func TestDecodeSmallTCPPacketHasEmptyPayload(t *testing.T) { smallPacket := []byte{ 0xbc, 0x30, 0x5b, 0xe8, 0xd3, 0x49, 0xb8, 0xac, 0x6f, 0x92, 0xd5, 0xbf, 0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0x3f, 0x9f, 0xac, 0x11, 0x51, 0xc5, 0xac, 0x11, 0x51, 0x49, 0x00, 0x63, 0x9a, 0xef, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc1, 0x27, 0x83, 0x50, 0x14, 0x00, 0x00, 0xc3, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, } p := gopacket.NewPacket(smallPacket, LinkTypeEthernet, gopacket.Default) if payload := p.Layer(gopacket.LayerTypePayload); payload != nil { t.Error("Payload found for empty TCP packet") } testSerialization(t, p, smallPacket) }
//Check that there is an error if the packet channel is full func TestChannelFull(t *testing.T) { icmpPackets := make(chan gopacket.Packet, 100) var data []byte data = nil packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Default) var err error err = nil i := 0 for err == nil { i++ err = putChannel(packet, icmpPackets) if i > 200 { t.Error("Channel should be full and there should be an error but there isn't.") } } }
func main() { // "106.187.99.23:1988" var test bool flag.StringVar(&ghost, "h", "", "tunnel server host ip") flag.IntVar(&gport, "p", 9998, "tunnel server listen port") flag.StringVar(&gfilter, "f", "", "tunnel pcap filter") flag.BoolVar(&test, "t", false, "test") flag.BoolVar(&doudp, "udp", false, "do udp nat") flag.Parse() gwiface, gwip, gwmac = findGateway() log.Println("Found gateway", gwiface, gwip, gwmac) myip, mymac = findMyIpAndMac() log.Println("Found my ip", myip, "mac", mymac) if test { b, _ := ioutil.ReadFile("e.pkt") pkt := gopacket.NewPacket(b, layers.LayerTypeEthernet, gopacket.Default) for layer := range pkt.Layers() { log.Println("layer", layer) } app := pkt.ApplicationLayer() log.Println("app", app) mypkt, _ := NewPkt(b) log.Printf("oldchecksum %x %x\n", mypkt.tcp.Checksum, ^mypkt.tcp.Checksum) log.Println("applen", len(mypkt.app)) UpdatePkt(&mypkt) log.Println("data", len(mypkt.data)) log.Printf("newchecksum %x\n", mypkt.tcp.Checksum) return } if ghost == "" { srv := TunnelServer{} srv.Run() } else { cli := TunnelClient{} cli.Run() } }
func listenandcount(conn net.PacketConn, dstip string, srcport layers.TCPPort) (pkt_count, payload_size int, fullpayload []byte) { //Drain the connection without ACKing detected := make(map[uint32]bool) //Store the detected seq to weed out retransmits timer := time.NewTicker(10 * time.Second) for { select { case <-timer.C: //Stop draining when channel pings first time return default: b := make([]byte, 4096) n, addr, err := conn.ReadFrom(b) //log.Println(n) if err != nil { log.Println("error reading packet: ", err) return } else if addr.String() == dstip { packet := gopacket.NewPacket(b[:n], layers.LayerTypeTCP, gopacket.Default) if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil { tcp, _ := tcpLayer.(*layers.TCP) ok := detected[tcp.Seq] if !ok { //log.Println(packet) if tcp.DstPort == srcport { if payloadlayer := packet.Layer(gopacket.LayerTypePayload); payloadlayer != nil { log.Println(tcp.Seq) detected[tcp.Seq] = true pkt_count++ cnt := payloadlayer.LayerContents() fullpayload = append(fullpayload, cnt...) //fmt.Println(string(cnt)) payload_size += len(cnt) //log.Println(pkt_count, payload_size) } } } else { log.Println("retransmit") } } } } } return }
func loadDNS(dnspacket []byte, t *testing.T) *DNS { p := gopacket.NewPacket(dnspacket, LinkTypeEthernet, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeUDP, LayerTypeDNS}, t) dnsL := p.Layer(LayerTypeDNS) if dnsL == nil { t.Error("No DNS Layer found") } dns, ok := dnsL.(*DNS) if !ok { return nil } return dns }
func handlePacket(p gopacket.Packet) { ap := AP{} // extract beacon // extract Ssid for _, l := range p.Layers() { switch l.LayerType() { case layers.LayerTypeDot11MgmtBeacon: beacon, ok := p.Layer(layers.LayerTypeDot11MgmtBeacon).(*layers.Dot11MgmtBeacon) if !ok { log.Println("Could not marshal layer thing") continue } pack := gopacket.NewPacket(beacon.LayerContents(), layers.LayerTypeDot11MgmtBeacon, gopacket.Default) for _, subpack := range pack.Layers() { info, ok := subpack.(*layers.Dot11InformationElement) if !ok { continue } if info.ID == layers.Dot11InformationElementIDSSID { ap.Ssid = fmt.Sprintf("%s", info.Info) break } } case layers.LayerTypeDot11: base, ok := p.Layer(layers.LayerTypeDot11).(*layers.Dot11) if !ok { continue } ap.Bssid = base.Address2 continue case layers.LayerTypeRadioTap: radio, ok := p.Layer(layers.LayerTypeRadioTap).(*layers.RadioTap) if !ok { continue } ap.Channel = radio.ChannelFrequency continue } } APList[ap.Ssid] = ap }
func TestUDPPacketDNS(t *testing.T) { p := gopacket.NewPacket(testUDPPacketDNS, LinkTypeEthernet, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeUDP, LayerTypeDNS}, t) if got, ok := p.TransportLayer().(*UDP); ok { want := &UDP{ BaseLayer: BaseLayer{ Contents: []byte{0x0, 0x35, 0x89, 0x6d, 0x0, 0xd2, 0x75, 0x4a}, Payload: []byte{0xb8, 0xd8, 0x81, 0x80, 0x0, 0x1, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4, 0x78, 0x6b, 0x63, 0x64, 0x3, 0x63, 0x6f, 0x6d, 0x0, 0x0, 0xf, 0x0, 0x1, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0x18, 0x0, 0x14, 0x4, 0x41, 0x4c, 0x54, 0x32, 0x5, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x1, 0x4c, 0x6, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0xc0, 0x11, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0x16, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x32, 0xa, 0x47, 0x4f, 0x4f, 0x47, 0x4c, 0x45, 0x4d, 0x41, 0x49, 0x4c, 0xc0, 0x11, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x33, 0xc0, 0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x34, 0xc0, 0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0xb, 0x0, 0x1e, 0x6, 0x41, 0x53, 0x50, 0x4d, 0x58, 0x35, 0xc0, 0x53, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0x4, 0x0, 0xa, 0xc0, 0x2d, 0xc0, 0xc, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x2, 0x58, 0x0, 0x9, 0x0, 0x14, 0x4, 0x41, 0x4c, 0x54, 0x31, 0xc0, 0x2d}, }, SrcPort: 53, DstPort: 35181, Length: 210, Checksum: 30026, sPort: []byte{0x0, 0x35}, dPort: []byte{0x89, 0x6d}, } if !reflect.DeepEqual(got, want) { t.Errorf("UDP packet mismatch:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } else { t.Error("Transport layer packet not UDP") } }
func TestPacketDot11MgmtBeacon(t *testing.T) { p := gopacket.NewPacket(testPacketDot11MgmtBeacon, LinkTypeIEEE80211Radio, gopacket.Default) if p.ErrorLayer() != nil { t.Error("Failed to decode packet:", p.ErrorLayer().Error()) } checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11MgmtBeacon}, t) if got, ok := p.Layer(LayerTypeRadioTap).(*RadioTap); ok { want := &RadioTap{BaseLayer: BaseLayer{Contents: []uint8{0x0, 0x0, 0x20, 0x0, 0x67, 0x8, 0x4, 0x0, 0xe9, 0xa2, 0xfe, 0x25, 0x0, 0x0, 0x0, 0x0, 0x22, 0xc, 0xd8, 0xa0, 0x2, 0x0, 0x0, 0x0, 0x40, 0x1, 0x0, 0x0, 0x3c, 0x14, 0x24, 0x11}, Payload: []uint8{0x80, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0, 0x9b, 0x38, 0x40, 0x10, 0x28, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x8, 0x8c, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6c, 0x3, 0x1, 0x24, 0x5, 0x4, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2a, 0x55, 0x53, 0x20, 0x24, 0x1, 0x11, 0x28, 0x1, 0x11, 0x2c, 0x1, 0x11, 0x30, 0x1, 0x11, 0x34, 0x1, 0x17, 0x38, 0x1, 0x17, 0x3c, 0x1, 0x17, 0x40, 0x1, 0x17, 0x95, 0x1, 0x1e, 0x99, 0x1, 0x1e, 0x9d, 0x1, 0x1e, 0xa1, 0x1, 0x1e, 0xa5, 0x1, 0x1e, 0x20, 0x1, 0x0, 0xdd, 0x18, 0x0, 0x50, 0xf2, 0x2, 0x1, 0x1, 0x0, 0x0, 0x3, 0xa4, 0x0, 0x0, 0x27, 0xa4, 0x0, 0x0, 0x42, 0x43, 0x5e, 0x0, 0x62, 0x32, 0x2f, 0x0, 0x34, 0xc, 0x66, 0x72, 0x65, 0x65, 0x62, 0x73, 0x64, 0x2d, 0x6d, 0x65, 0x73, 0x68, 0x33, 0x17, 0x1, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xdf}}, Version: 0x0, Length: 0x20, Present: 0x40867, TSFT: 0x25fea2e9, Flags: 0x22, Rate: 0xc, ChannelFrequency: 0x0, ChannelFlags: 0x0, FHSS: 0x0, DBMAntennaSignal: -40, DBMAntennaNoise: -96, LockQuality: 0x0, TxAttenuation: 0x0, DBTxAttenuation: 0x0, DBMTxPower: 0, Antenna: 0x2, DBAntennaSignal: 0x0, DBAntennaNoise: 0x0} if !reflect.DeepEqual(got, want) { t.Errorf("RadioTap packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } if got, ok := p.Layer(LayerTypeDot11).(*Dot11); ok { want := &Dot11{ BaseLayer: BaseLayer{ Contents: []uint8{0x80, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0, 0x9b}, Payload: []uint8{0x38, 0x40, 0x10, 0x28, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x8, 0x8c, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6c, 0x3, 0x1, 0x24, 0x5, 0x4, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2a, 0x55, 0x53, 0x20, 0x24, 0x1, 0x11, 0x28, 0x1, 0x11, 0x2c, 0x1, 0x11, 0x30, 0x1, 0x11, 0x34, 0x1, 0x17, 0x38, 0x1, 0x17, 0x3c, 0x1, 0x17, 0x40, 0x1, 0x17, 0x95, 0x1, 0x1e, 0x99, 0x1, 0x1e, 0x9d, 0x1, 0x1e, 0xa1, 0x1, 0x1e, 0xa5, 0x1, 0x1e, 0x20, 0x1, 0x0, 0xdd, 0x18, 0x0, 0x50, 0xf2, 0x2, 0x1, 0x1, 0x0, 0x0, 0x3, 0xa4, 0x0, 0x0, 0x27, 0xa4, 0x0, 0x0, 0x42, 0x43, 0x5e, 0x0, 0x62, 0x32, 0x2f, 0x0, 0x34, 0xc, 0x66, 0x72, 0x65, 0x65, 0x62, 0x73, 0x64, 0x2d, 0x6d, 0x65, 0x73, 0x68, 0x33, 0x17, 0x1, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0x0, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf, 0xac, 0xff, 0x0, 0xf}, }, Type: Dot11TypeMgmtBeacon, Proto: 0x0, Flags: 0x0, DurationID: 0x0, Address1: net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, Address2: net.HardwareAddr{0x0, 0x3, 0x7f, 0x7, 0xa0, 0x16}, Address3: net.HardwareAddr{0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, Address4: net.HardwareAddr(nil), SequenceNumber: 0x9bd, FragmentNumber: 0x0, Checksum: 0xdf00ffac, } if !reflect.DeepEqual(got, want) { t.Errorf("Dot11 packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want) } } }