func Testv4Defrag(t *testing.T) {
nomalPack := make(chan gopacket.Packet, 5)
fragV4Pack := make(chan gopacket.Packet, 5)
go v4Defrag(fragV4Pack, nomalPack)
pack1 := gopacket.NewPacket(testPing1Frag1, layers.LinkTypeEthernet, gopacket.Default)
fragV4Pack <- pack1
pack2 := gopacket.NewPacket(testPing1Frag2, layers.LinkTypeEthernet, gopacket.Default)
fragV4Pack <- pack2
pack3 := gopacket.NewPacket(testPing1Frag3, layers.LinkTypeEthernet, gopacket.Default)
fragV4Pack <- pack3
pack4 := gopacket.NewPacket(testPing1Frag4, layers.LinkTypeEthernet, gopacket.Default)
fragV4Pack <- pack4
result := <-nomalPack
ip := result.Layer(layers.LayerTypeIPv4)
//TEST if the ip matches expectation
if ip == nil {
t.Errorf("defrag does not return IPV4 LAYER")
}
if len(ip.LayerPayload()) != 4508 {
t.Fatalf("defrag: expecting a packet of 4508 bytes, got %d", len(ip.LayerPayload()))
}
validPayload := append(testPing1Frag1[34:], testPing1Frag2[34:]...)
validPayload = append(validPayload, testPing1Frag3[34:]...)
validPayload = append(validPayload, testPing1Frag4[34:]...)
if bytes.Compare(validPayload, ip.LayerPayload()) != 0 {
fmt.Println(bytediff.BashOutput.String(
bytediff.Diff(validPayload, ip.LayerPayload())))
t.Errorf("defrag: payload is not correctly defragmented")
}
}
func TestUDPPacketVXLANGetInnerEthernetLayer(t *testing.T) {
p := gopacket.NewPacket(testUDPPacketVXLAN, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
// show how to extract the inner ethernet header
vxlan := p.Layer(LayerTypeVxlan)
p2 := gopacket.NewPacket(vxlan.LayerPayload(), LinkTypeEthernet, gopacket.Default)
ethernetL := p2.Layer(LayerTypeEthernet)
ethernet, _ := ethernetL.(*Ethernet)
if ethernet == nil {
t.Error("Failed to find ethernet header")
}
dstmac := net.HardwareAddr{0x00, 0x30, 0x88, 0x01, 0x00, 0x02}
srcmac := net.HardwareAddr{0x00, 0x16, 0x3e, 0x37, 0xf6, 0x04}
if ethernet.DstMAC[0] != dstmac[0] &&
ethernet.DstMAC[1] != dstmac[1] &&
ethernet.DstMAC[2] != dstmac[2] &&
ethernet.DstMAC[3] != dstmac[3] &&
ethernet.DstMAC[4] != dstmac[4] &&
ethernet.DstMAC[5] != dstmac[5] &&
ethernet.SrcMAC[0] != srcmac[0] &&
ethernet.SrcMAC[1] != srcmac[1] &&
ethernet.SrcMAC[2] != srcmac[2] &&
ethernet.SrcMAC[3] != srcmac[3] &&
ethernet.SrcMAC[4] != srcmac[4] &&
ethernet.SrcMAC[5] != srcmac[5] &&
ethernet.EthernetType != 0x0800 {
t.Error("Decoded packet incorrect values")
}
}
func main() {
// If we don't have a handle to a device or a file, but we have a bunch
// of raw bytes, we can try to decode them in to packet information
// NewPacket() takes the raw bytes that make up the packet as the first parameter
// The second parameter is the lowest level layer you want to decode. It will
// decode that layer and all layers on top of it. The third layer
// is the type of decoding: default(all at once), lazy(on demand), and NoCopy
// which will not create a copy of the buffer
// Create an packet with ethernet, IP, TCP, and payload layers
// We are creating one we know will be decoded properly but
// your byte source could be anything. If any of the packets
// come back as nil, that means it could not decode it in to
// the proper layer (malformed or incorrect packet type)
payload := []byte{2, 4, 6}
options := gopacket.SerializeOptions{}
buffer := gopacket.NewSerializeBuffer()
gopacket.SerializeLayers(buffer, options,
&layers.Ethernet{},
&layers.IPv4{},
&layers.TCP{},
gopacket.Payload(payload),
)
rawBytes := buffer.Bytes()
// Decode an ethernet packet
ethPacket :=
gopacket.NewPacket(
rawBytes,
layers.LayerTypeEthernet,
gopacket.Default,
)
// with Lazy decoding it will only decode what it needs when it needs it
// This is not concurrency safe. If using concurrency, use default
ipPacket :=
gopacket.NewPacket(
rawBytes,
layers.LayerTypeIPv4,
gopacket.Lazy,
)
// With the NoCopy option, the underlying slices are referenced
// directly and not copied. If the underlying bytes change so will
// the packet
tcpPacket :=
gopacket.NewPacket(
rawBytes,
layers.LayerTypeTCP,
gopacket.NoCopy,
)
fmt.Println(ethPacket)
fmt.Println(ipPacket)
fmt.Println(tcpPacket)
}
func Testv4Defrag(t *testing.T) {
v4defragger := ip4defrag.NewIPv4Defragmenter()
pack1 := gopacket.NewPacket(testPing1Frag1, layers.LinkTypeEthernet, gopacket.Default)
pack2 := gopacket.NewPacket(testPing1Frag2, layers.LinkTypeEthernet, gopacket.Default)
pack3 := gopacket.NewPacket(testPing1Frag3, layers.LinkTypeEthernet, gopacket.Default)
pack4 := gopacket.NewPacket(testPing1Frag4, layers.LinkTypeEthernet, gopacket.Default)
result, err := v4defragger.DefragIPv4(pack1.Layer(layers.LayerTypeIPv4).(*layers.IPv4))
if err != nil {
t.Fatalf("error defragmenting pack1")
}
if result != nil {
t.Fatalf("unexpected defragmented packet after pack1")
}
result, err = v4defragger.DefragIPv4(pack2.Layer(layers.LayerTypeIPv4).(*layers.IPv4))
if err != nil {
t.Fatalf("error defragmenting pack2")
}
if result != nil {
t.Fatalf("unexpected defragmented packet after pack2")
}
result, err = v4defragger.DefragIPv4(pack3.Layer(layers.LayerTypeIPv4).(*layers.IPv4))
if err != nil {
t.Fatalf("error defragmenting pack3")
}
if result != nil {
t.Fatalf("unexpected defragmented packet after pack3")
}
result, err = v4defragger.DefragIPv4(pack4.Layer(layers.LayerTypeIPv4).(*layers.IPv4))
if err != nil {
t.Fatalf("error defragmenting pack4")
}
if result == nil {
t.Fatalf("missing defragmented packet after pack4")
}
ip := result
// TEST if the ip matches expectation
if ip == nil {
t.Errorf("defrag does not return IPV4 LAYER")
}
if len(ip.LayerPayload()) != 4508 {
t.Fatalf("defrag: expecting a packet of 4508 bytes, got %d", len(ip.LayerPayload()))
}
validPayload := append(testPing1Frag1[34:], testPing1Frag2[34:]...)
validPayload = append(validPayload, testPing1Frag3[34:]...)
validPayload = append(validPayload, testPing1Frag4[34:]...)
if bytes.Compare(validPayload, ip.LayerPayload()) != 0 {
fmt.Println(bytediff.BashOutput.String(
bytediff.Diff(validPayload, ip.LayerPayload())))
t.Errorf("defrag: payload is not correctly defragmented")
}
}
// Layers returns gopacket layer representation of this frame. layers contents are all pointer to struct,
// so you can modify the frame information simply setting values to the slice contents directly.
func (self *Frame) Layers() []gopacket.Layer {
if len(self.serialized) != 0 {
self.layers = gopacket.NewPacket(self.serialized, layers.LinkTypeEthernet, gopacket.Lazy).Layers()
self.serialized = self.serialized[:0]
}
return self.layers
}
func getack(conn net.PacketConn, srcport layers.TCPPort, dstip string) (ack uint32, err error) {
for {
b := make([]byte, 4096)
log.Println("reading from conn")
var n int
var addr net.Addr
n, addr, err = conn.ReadFrom(b)
if err != nil {
log.Println("reading..", err)
return
} else if addr.String() == dstip {
// Decode a packet
packet := gopacket.NewPacket(b[:n], layers.LayerTypeTCP, gopacket.Default)
// Get the TCP layer from this packet
if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
tcp, _ := tcpLayer.(*layers.TCP)
if tcp.DstPort == srcport {
if tcp.SYN && tcp.ACK {
ack = tcp.Seq
} else {
err = errors.New("Port is CLOSED")
}
return
}
}
} else {
err = errors.New("Got packet not matching addr")
}
}
return
}
func v4Defrag(v4frag chan gopacket.Packet, normalPack chan gopacket.Packet) error {
defragger := ip4defrag.NewIPv4Defragmenter()
for {
fragpack := <-v4frag
layer := fragpack.Layer(layers.LayerTypeIPv4).(*layers.IPv4)
in, err := defragger.DefragIPv4(layer)
if err != nil {
return err //error handle
} else if in == nil { //part of fragment continue
continue
} else {
b := gopacket.NewSerializeBuffer()
ops := gopacket.SerializeOptions{
FixLengths: true,
ComputeChecksums: true,
}
// it should be remebered that you should copy the payload in when you use SerializeTo
ip_payload, _ := b.PrependBytes(len(in.Payload))
copy(ip_payload, in.Payload)
in.SerializeTo(b, ops)
resultPack := gopacket.NewPacket(b.Bytes(), layers.LayerTypeIPv4, gopacket.Default)
err := resultPack.ErrorLayer()
if err != nil {
fmt.Println("Error decoding some part of the packet:", err) //need error handle here
//return
continue
}
resultPack.Metadata().CaptureLength = len(resultPack.Data())
resultPack.Metadata().Length = len(resultPack.Data())
fmt.Println("defrag a package")
normalPack <- resultPack
}
}
return nil
}
func main() {
var err error
var ci gopacket.CaptureInfo
var frame []byte
sniffer, err := bsdbpf.NewBPFSniffer("alc0", nil)
if err != nil {
panic(err)
}
for {
frame, ci, err = sniffer.ReadPacketData()
if err != nil {
panic(err)
}
fmt.Printf("timeStamp %s\n", ci.Timestamp)
packet := gopacket.NewPacket(frame, layers.LayerTypeEthernet, gopacket.Default)
// Get the TCP layer from this packet
if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
fmt.Println("This is a TCP packet!")
// Get actual TCP data from this layer
tcp, _ := tcpLayer.(*layers.TCP)
fmt.Printf("From src port %d to dst port %d\n", tcp.SrcPort, tcp.DstPort)
}
// Iterate over all layers, printing out each layer type
for _, layer := range packet.Layers() {
fmt.Println("PACKET LAYER:", layer.LayerType())
}
}
}
func TestPacketDot11DataIP(t *testing.T) {
p := gopacket.NewPacket(testPacketDot11DataIP, LinkTypeIEEE80211Radio, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeIPv4, LayerTypeUDP, gopacket.LayerTypePayload}, t)
}
func TestDHCPv4EncodeResponse(t *testing.T) {
dhcp := &DHCPv4{Operation: DHCPOpReply, HardwareType: LinkTypeEthernet, Xid: 0x12345678,
ClientIP: net.IP{0, 0, 0, 0}, YourClientIP: net.IP{192, 168, 0, 123}, NextServerIP: net.IP{192, 168, 0, 1}, RelayAgentIP: net.IP{0, 0, 0, 0},
ClientHWAddr: net.HardwareAddr{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc},
ServerName: make([]byte, 64), File: make([]byte, 128)}
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptMessageType, []byte{byte(DHCPMsgTypeOffer)}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptSubnetMask, []byte{255, 255, 255, 0}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptT1, []byte{0x00, 0x00, 0x0e, 0x10}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptT2, []byte{0x00, 0x00, 0x0e, 0x10}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptLeaseTime, []byte{0x00, 0x00, 0x0e, 0x10}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptServerID, []byte{192, 168, 0, 1}))
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{FixLengths: true}
err := gopacket.SerializeLayers(buf, opts, dhcp)
if err != nil {
t.Fatal(err)
}
p2 := gopacket.NewPacket(buf.Bytes(), LayerTypeDHCPv4, testDecodeOptions)
dhcp2 := p2.Layer(LayerTypeDHCPv4).(*DHCPv4)
testDHCPEqual(t, dhcp, dhcp2)
fmt.Print(p2)
}
func TestVRRPPacketPacket0(t *testing.T) {
p := gopacket.NewPacket(vrrpPacketPriority100, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeVRRP}, t)
// Version=2 Type=VRRPv2 Advertisement VirtualRtrID=1 Priority=100
vrrp := p.Layer(LayerTypeVRRP).(*VRRPv2)
if vrrp.Version != 2 {
t.Fatalf("Unable to decode VRRPv2 version. Received %d, expected %d", vrrp.Version, 2)
}
if vrrp.Type != 1 {
t.Fatalf("Unable to decode VRRPv2 type. Received %d, expected %d", vrrp.Type, 1)
}
if vrrp.Priority != 100 {
t.Fatalf("Unable to decode VRRPv2 priority. Received %d, expected %d", vrrp.Priority, 100)
}
if vrrp.Checksum != 47698 {
t.Fatalf("Unable to decode VRRPv2 checksum. Received %d, expected %d", vrrp.Checksum, 47698)
}
}
func (h *arpPktInHandler) Rcv(msg bh.Msg, ctx bh.RcvContext) error {
pin := msg.Data().(nom.PacketIn)
p := gopacket.NewPacket([]byte(pin.Packet), layers.LayerTypeEthernet, gopacket.Default)
etherlayer := p.Layer(layers.LayerTypeEthernet)
if etherlayer == nil {
return nil
}
e, _ := etherlayer.(*layers.Ethernet)
if e.EthernetType != layers.EthernetTypeARP {
return nil
}
host, _, err := decodeARP([]byte(pin.Packet))
host.Node = pin.Node
if err != nil {
glog.Errorf("ARP decoding error: %v", err)
return err
}
glog.V(2).Infof("Host detected: %v", host)
ctx.Emit(nom.HostConnected(host))
return nil
}
func TestPacketVXLAN(t *testing.T) {
p := gopacket.NewPacket(testPacketVXLAN, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeUDP, LayerTypeVXLAN, LayerTypeEthernet, LayerTypeIPv4, LayerTypeICMPv4, gopacket.LayerTypePayload}, t)
if got, ok := p.Layer(LayerTypeVXLAN).(*VXLAN); ok {
want := &VXLAN{
BaseLayer: BaseLayer{
Contents: []byte{0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00},
Payload: []byte{0x00, 0x30, 0x88, 0x01, 0x00, 0x02, 0x00, 0x16, 0x3e, 0x37, 0xf6, 0x04, 0x08, 0x00,
0x45, 0x00, 0x00, 0x54, 0x00, 0x00, 0x40, 0x00, 0x40, 0x01, 0x23, 0x4f, 0xc0, 0xa8, 0xcb, 0x03,
0xc0, 0xa8, 0xcb, 0x05, 0x08, 0x00, 0xf6, 0xf2, 0x05, 0x0c, 0x00, 0x01, 0xfc, 0xe2, 0x97, 0x51,
0x00, 0x00, 0x00, 0x00, 0xa6, 0xf8, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
0x34, 0x35, 0x36, 0x37},
},
ValidIDFlag: true,
VNI: 255,
GBPExtension: false,
GBPApplied: false,
GBPDontLearn: false,
GBPGroupPolicyID: 0,
}
if !reflect.DeepEqual(want, got) {
t.Errorf("VXLAN layer mismatch, \nwant %#v\ngot %#v\n", want, got)
}
}
}
func (vnet *VNET) runReader(ctx context.Context) {
defer vnet.wg.Done()
var maxPktSize = vnet.iface.MaxPacketSize()
for {
var pkt = NewPacket(maxPktSize)
n, flags, err := vnet.iface.ReadPacket(pkt.buf)
if err == io.EOF {
pkt.Release()
return
}
if err != nil {
pkt.Release()
log.Printf("error during read: %s", err)
time.Sleep(10 * time.Millisecond)
continue
}
pkt.Packet = gopacket.NewPacket(pkt.buf[:n], layers.LayerTypeEthernet, gopacket.NoCopy)
pkt.Flags = flags
pkt.layers = pkt.Layers()
vnet.dispatch(ctx, pkt)
}
}
func TestPacketUSB0(t *testing.T) {
p := gopacket.NewPacket(testPacketUSB0, LinkTypeLinuxUSB, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeUSB, LayerTypeUSBInterrupt}, t)
if got, ok := p.Layer(LayerTypeUSB).(*USB); ok {
want := &USB{
BaseLayer: BaseLayer{
Contents: []uint8{0x0, 0x38, 0x4a, 0x3b, 0x0, 0x88, 0xff, 0xff, 0x43, 0x1, 0x81, 0x1, 0x2, 0x0, 0x2d, 0x0, 0xc0, 0xd3, 0x5b, 0x50, 0x0, 0x0, 0x0, 0x0, 0x8a, 0x85, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0},
Payload: []uint8{0x4},
},
ID: 0xffff88003b4a3800,
EventType: USBEventTypeComplete,
TransferType: USBTransportTypeInterrupt,
Direction: 0x1,
EndpointNumber: 0x1,
DeviceAddress: 0x1,
BusID: 0x2,
TimestampSec: 1348195264,
TimestampUsec: 689546,
Setup: false,
Data: true,
Status: 0,
UrbLength: 0x1,
UrbDataLength: 0x1,
}
if !reflect.DeepEqual(got, want) {
t.Errorf("USB packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want)
}
}
}
func TestDHCPv4EncodeRequest(t *testing.T) {
dhcp := &DHCPv4{Operation: DHCPOpRequest, HardwareType: LinkTypeEthernet, Xid: 0x12345678,
ClientIP: net.IP{0, 0, 0, 0}, YourClientIP: net.IP{0, 0, 0, 0}, NextServerIP: net.IP{0, 0, 0, 0}, RelayAgentIP: net.IP{0, 0, 0, 0},
ClientHWAddr: net.HardwareAddr{0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc},
ServerName: make([]byte, 64), File: make([]byte, 128)}
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptMessageType, []byte{byte(DHCPMsgTypeDiscover)}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptHostname, []byte{'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm'}))
dhcp.Options = append(dhcp.Options, NewDHCPOption(DHCPOptParamsRequest,
[]byte{byte(DHCPOptSubnetMask), byte(DHCPOptBroadcastAddr), byte(DHCPOptTimeOffset),
byte(DHCPOptRouter), byte(DHCPOptDomainName), byte(DHCPOptDNS), byte(DHCPOptDomainSearch),
byte(DHCPOptHostname), byte(DHCPOptNetBIOSTCPNS), byte(DHCPOptInterfaceMTU), byte(DHCPOptClasslessStaticRoute),
byte(DHCPOptNTPServers)}))
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{FixLengths: true}
err := gopacket.SerializeLayers(buf, opts, dhcp)
if err != nil {
t.Fatal(err)
}
p2 := gopacket.NewPacket(buf.Bytes(), LayerTypeDHCPv4, testDecodeOptions)
dhcp2 := p2.Layer(LayerTypeDHCPv4).(*DHCPv4)
testDHCPEqual(t, dhcp, dhcp2)
}
func decodeInGRELayer(data []byte, p gopacket.PacketBuilder) error {
switch (data[0] >> 4) & 0xf {
case 4:
ip4 := &layers.IPv4{}
err := ip4.DecodeFromBytes(data, p)
p.AddLayer(ip4)
p.SetNetworkLayer(ip4)
if err != nil {
return err
}
return p.NextDecoder(ip4.NextLayerType())
case 6:
ip6 := &layers.IPv6{}
err := ip6.DecodeFromBytes(data, p)
p.AddLayer(ip6)
p.SetNetworkLayer(ip6)
if err != nil {
return err
}
return p.NextDecoder(ip6.NextLayerType())
}
packet := gopacket.NewPacket(data, layers.LayerTypeARP, gopacket.Lazy)
layer := packet.Layer(layers.LayerTypeARP)
p.AddLayer(layer)
return nil
}
func TestPacketDot11DataARP(t *testing.T) {
p := gopacket.NewPacket(testPacketDot11DataARP, LinkTypeIEEE80211Radio, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeRadioTap, LayerTypeDot11, LayerTypeDot11Data, LayerTypeLLC, LayerTypeSNAP, LayerTypeARP}, t)
if got, ok := p.Layer(LayerTypeARP).(*ARP); ok {
want := &ARP{
BaseLayer: BaseLayer{
Contents: []uint8{0x0, 0x1, 0x8, 0x0, 0x6, 0x4, 0x0, 0x1, 0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52, 0xa9, 0xfe, 0xf7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43, 0x8, 0xe, 0x36},
Payload: []uint8{},
},
AddrType: 0x1,
Protocol: 0x800,
HwAddressSize: 0x6,
ProtAddressSize: 0x4,
Operation: 0x1,
SourceHwAddress: []uint8{0x0, 0x19, 0xe3, 0xd3, 0x53, 0x52},
SourceProtAddress: []uint8{0xa9, 0xfe, 0xf7, 0x0},
DstHwAddress: []uint8{0x0, 0x0, 0x0, 0x0, 0x0, 0x0},
DstProtAddress: []uint8{0x43, 0x8, 0xe, 0x36},
}
if !reflect.DeepEqual(got, want) {
t.Errorf("ARP packet processing failed:\ngot :\n%#v\n\nwant :\n%#v\n\n", got, want)
}
}
}
// checkNTP() uses the ntp.go code to analyse the packet bytes as an NTP UDP
// packet and generate an NTP object. It then compares the generated NTP object
// with the one provided and raises the alarm if there is any difference.
// The desc argument is output with any failure message to identify the test.
func checkNTP(desc string, t *testing.T, packetBytes []byte, pExpectedNTP *NTP) {
// Analyse the packet bytes, yielding a new packet object p.
p := gopacket.NewPacket(packetBytes, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Errorf("Failed to decode packet %s: %v", desc, p.ErrorLayer().Error())
}
// Ensure that the packet analysis yielded the correct set of layers:
// Link Layer = Ethernet.
// Network Layer = IPv4.
// Transport Layer = UDP.
// Application Layer = NTP.
checkLayers(p, []gopacket.LayerType{
LayerTypeEthernet,
LayerTypeIPv4,
LayerTypeUDP,
LayerTypeNTP}, t)
// Select the Application (NTP) layer.
pResultNTP, ok := p.ApplicationLayer().(*NTP)
if !ok {
t.Error("No NTP layer type found in packet in " + desc + ".")
}
// Compare the generated NTP object with the expected NTP object.
if !reflect.DeepEqual(pResultNTP, pExpectedNTP) {
t.Errorf("NTP packet processing failed for packet "+desc+
":\ngot :\n%#v\n\nwant :\n%#v\n\n", pResultNTP, pExpectedNTP)
}
}
func TestUDPPacketVXLAN(t *testing.T) {
p := gopacket.NewPacket(testUDPPacketVXLAN, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4,
LayerTypeUDP, LayerTypeVxlan, LayerTypeEthernet, LayerTypeIPv4,
LayerTypeICMPv4, gopacket.LayerTypePayload}, t)
vxlanL := p.Layer(LayerTypeVxlan)
if vxlanL == nil {
t.Fatal("Failed to get a pointer to VXLAN struct")
}
vxlan, _ := vxlanL.(*VXLAN)
if vxlan.Flags != 0x08 {
t.Fatal("Failed to decode Flags properly")
}
if vxlan.VNI[0] != 0x00 ||
vxlan.VNI[1] != 0x00 ||
vxlan.VNI[2] != 0x00 {
t.Fatal("Failed to decode VNI properly")
}
}
func main() {
var err error
sniffer := bpf_sniffer.NewBpfSniffer()
err = sniffer.Init("vio0")
if err != nil {
panic(err)
}
for {
timedFrame := sniffer.ReadTimedFrame()
// Decode a packet
fmt.Printf("timedFrame timestamp %s\n", timedFrame.Timestamp)
packet := gopacket.NewPacket(timedFrame.RawFrame, layers.LayerTypeEthernet, gopacket.Default)
// Get the TCP layer from this packet
if tcpLayer := packet.Layer(layers.LayerTypeTCP); tcpLayer != nil {
fmt.Println("This is a TCP packet!")
// Get actual TCP data from this layer
tcp, _ := tcpLayer.(*layers.TCP)
fmt.Printf("From src port %d to dst port %d\n", tcp.SrcPort, tcp.DstPort)
}
// Iterate over all layers, printing out each layer type
for _, layer := range packet.Layers() {
fmt.Println("PACKET LAYER:", layer.LayerType())
}
}
}
func TestPacketIPSecESP(t *testing.T) {
p := gopacket.NewPacket(testPacketIPSecESP, LinkTypeEthernet, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeIPSecESP}, t)
}
func (sfa *SFlowAgent) feedFlowTable(packetsChan chan flow.FlowPackets) {
var buf [maxDgramSize]byte
for {
_, _, err := sfa.Conn.ReadFromUDP(buf[:])
if err != nil {
return
}
// TODO use gopacket.NoCopy ? instead of gopacket.Default
p := gopacket.NewPacket(buf[:], layers.LayerTypeSFlow, gopacket.Default)
sflowLayer := p.Layer(layers.LayerTypeSFlow)
sflowPacket, ok := sflowLayer.(*layers.SFlowDatagram)
if !ok {
continue
}
if sflowPacket.SampleCount > 0 {
logging.GetLogger().Debugf("%d sample captured", sflowPacket.SampleCount)
for _, sample := range sflowPacket.FlowSamples {
// iterate over a set of FlowPackets as a sample contains multiple
// records each generating FlowPackets.
for _, flowPackets := range flow.FlowPacketsFromSFlowSample(&sample) {
packetsChan <- flowPackets
}
}
}
}
}
func TestPacketDNSRegression(t *testing.T) {
p := gopacket.NewPacket(testPacketDNSRegression, LinkTypeEthernet, testDecodeOptions)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeEthernet, LayerTypeIPv4, LayerTypeUDP, LayerTypeDNS}, t)
}
func main() {
// If you create your own encoding and decoding you can essentially
// create your own protocol or implement a protocol that is not
// already defined in the layers package. In our example we are just
// wrapping a normal ethernet packet with our own layer.
// Creating your own protocol is good if you want to create
// some obfuscated binary data type that was difficult for others
// to decode
// Finally, decode your packets:
rawBytes := []byte{0xF0, 0x0F, 65, 65, 66, 67, 68}
packet := gopacket.NewPacket(
rawBytes,
CustomLayerType,
gopacket.Default,
)
fmt.Println("Created packet out of raw bytes.")
fmt.Println(packet)
// Decode the packet as our custom layer
customLayer := packet.Layer(CustomLayerType)
if customLayer != nil {
fmt.Println("Packet was successfully decoded with custom layer decoder.")
customLayerContent, _ := customLayer.(*CustomLayer)
// Now we can access the elements of the custom struct
fmt.Println("Payload: ", customLayerContent.LayerPayload())
fmt.Println("SomeByte element:", customLayerContent.SomeByte)
fmt.Println("AnotherByte element:", customLayerContent.AnotherByte)
}
}
func TestDNSEncodeQuery(t *testing.T) {
dns := &DNS{ID: 1234, OpCode: DNSOpCodeQuery, RD: true}
dns.Questions = append(dns.Questions,
DNSQuestion{
Name: []byte("example1.com"),
Type: DNSTypeA,
Class: DNSClassIN,
})
dns.Questions = append(dns.Questions,
DNSQuestion{
Name: []byte("example2.com"),
Type: DNSTypeA,
Class: DNSClassIN,
})
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{FixLengths: true}
err := gopacket.SerializeLayers(buf, opts, dns)
if err != nil {
t.Fatal(err)
}
if int(dns.QDCount) != len(dns.Questions) {
t.Errorf("fix lengths did not adjust QDCount, expected %d got %d", len(dns.Questions), dns.QDCount)
}
p2 := gopacket.NewPacket(buf.Bytes(), LayerTypeDNS, testDecodeOptions)
dns2 := p2.Layer(LayerTypeDNS).(*DNS)
testDNSEqual(t, dns, dns2)
}
func forgeEthIPTCP(t *testing.T, seed int64) *gopacket.Packet {
var options gopacket.SerializeOptions
rnd := rand.New(rand.NewSource(seed))
rawBytes := []byte{10, 20, 30}
ethernetLayer := &layers.Ethernet{
SrcMAC: net.HardwareAddr{0x00, 0x0F, 0xAA, 0xFA, 0xAA, byte(rnd.Intn(0x100))},
DstMAC: net.HardwareAddr{0x00, 0x0D, 0xBD, 0xBD, byte(rnd.Intn(0x100)), 0xBD},
}
ipLayer := &layers.IPv4{
SrcIP: net.IP{127, 0, 0, byte(rnd.Intn(0x100))},
DstIP: net.IP{byte(rnd.Intn(0x100)), 8, 8, 8},
}
tcpLayer := &layers.TCP{
SrcPort: layers.TCPPort(byte(rnd.Intn(0x10000))),
DstPort: layers.TCPPort(byte(rnd.Intn(0x10000))),
}
// And create the packet with the layers
buffer := gopacket.NewSerializeBuffer()
err := gopacket.SerializeLayers(buffer, options,
ethernetLayer,
ipLayer,
tcpLayer,
gopacket.Payload(rawBytes),
)
if err != nil {
t.Fail()
}
gpacket := gopacket.NewPacket(buffer.Bytes(), layers.LayerTypeEthernet, gopacket.Default)
return &gpacket
}
func TestGREChecksum(t *testing.T) {
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{
ComputeChecksums: true,
FixLengths: true,
}
for cksum, packet := range testGREChecksum {
buf.Clear()
if err := setNetworkLayer(packet); err != nil {
t.Errorf("Failed to set network layer: %v", err)
continue
}
if err := gopacket.SerializeLayers(buf, opts, packet...); err != nil {
t.Errorf("Failed to serialize packet: %v", err)
continue
}
p := gopacket.NewPacket(buf.Bytes(), LinkTypeEthernet, gopacket.Default)
t.Log(p)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
continue
}
if got, ok := p.Layer(LayerTypeGRE).(*GRE); ok {
if got.Checksum != cksum {
t.Errorf("Incorrect checksum calculated for GRE packet: want %v, got %v", cksum, got.Checksum)
}
}
}
}
func TestPacketIPv6Destination0Decode(t *testing.T) {
ip6 := &IPv6{
BaseLayer: BaseLayer{
Contents: []byte{
0x60, 0x00, 0x00, 0x00, 0x00, 0x08, 0x3c, 0x40, 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
},
Payload: []byte{0x3b, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00},
},
Version: 6,
TrafficClass: 0,
FlowLabel: 0,
Length: 8,
NextHeader: IPProtocolIPv6Destination,
HopLimit: 64,
SrcIP: net.IP{0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
DstIP: net.IP{0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
}
dst := &IPv6Destination{}
dst.BaseLayer = BaseLayer{
Contents: []byte{0x3b, 0x00, 0x01, 0x04, 0x00, 0x00, 0x00, 0x00},
Payload: []byte{},
}
dst.NextHeader = IPProtocolNoNextHeader
dst.HeaderLength = uint8(0)
dst.ActualLength = 8
opt := &IPv6DestinationOption{
OptionType: uint8(0x01),
OptionLength: uint8(0x04),
ActualLength: 6,
OptionData: []byte{0x00, 0x00, 0x00, 0x00},
}
dst.Options = append(dst.Options, opt)
p := gopacket.NewPacket(testPacketIPv6Destination0, LinkTypeRaw, gopacket.Default)
if p.ErrorLayer() != nil {
t.Error("Failed to decode packet:", p.ErrorLayer().Error())
}
checkLayers(p, []gopacket.LayerType{LayerTypeIPv6, LayerTypeIPv6Destination}, t)
if got, ok := p.Layer(LayerTypeIPv6).(*IPv6); ok {
want := ip6
if !reflect.DeepEqual(got, want) {
t.Errorf("IPv6 packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
}
} else {
t.Error("No IPv6 layer type found in packet")
}
if got, ok := p.Layer(LayerTypeIPv6Destination).(*IPv6Destination); ok {
want := dst
if !reflect.DeepEqual(got, want) {
t.Errorf("IPv6Destination packet processing failed:\ngot:\n%#v\n\nwant:\n%#v\n\n", got, want)
}
} else {
t.Error("No IPv6Destination layer type found in packet")
}
}
//need work
func (f *fragmentList) build(in gopacket.Packet) (gopacket.Packet, error) {
var final []byte
var currentOffset uint16 = 0
debug.Printf("defrag: building the datagram \n")
for e := f.List.Front(); e != nil; e = e.Next() {
pack, _ := e.Value.(gopacket.Packet)
frag := pack.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment)
ip := pack.Layer(layers.LayerTypeIPv6).(*layers.IPv6)
if frag.FragmentOffset*8 == currentOffset {
debug.Printf("defrag: building - adding %d\n", frag.FragmentOffset*8)
final = append(final, frag.Payload...)
currentOffset = currentOffset + ip.Length - 8
} else if frag.FragmentOffset*8 < currentOffset {
// overlapping fragment - let's take only what we need
startAt := currentOffset - frag.FragmentOffset*8
debug.Printf("defrag: building - overlapping, starting at %d\n",
startAt)
if startAt > ip.Length-8 {
return nil, fmt.Errorf("defrag: building - invalid fragment")
}
final = append(final, frag.Payload[startAt:]...)
currentOffset = currentOffset + frag.FragmentOffset*8
} else {
// Houston - we have an hole !
debug.Printf("defrag: hole found while building, " +
"stopping the defrag process\n")
return nil, fmt.Errorf("defrag: building - hole found")
}
debug.Printf("defrag: building - next is %d\n", currentOffset)
}
final_ipv6 := in.Layer(layers.LayerTypeIPv6).(*layers.IPv6)
final_frag := in.Layer(layers.LayerTypeIPv6Fragment).(*layers.IPv6Fragment)
// TODO recompute IP Checksum
out := &layers.IPv6{
Version: final_ipv6.Version,
TrafficClass: final_ipv6.TrafficClass,
FlowLabel: final_ipv6.FlowLabel,
Length: f.Highest,
NextHeader: final_frag.NextHeader,
HopLimit: final_ipv6.HopLimit,
SrcIP: final_ipv6.SrcIP,
DstIP: final_ipv6.DstIP,
HopByHop: final_ipv6.HopByHop,
}
out.Payload = final
v6SerailizeBuffer := gopacket.NewSerializeBuffer()
v6Buffer, _ := v6SerailizeBuffer.PrependBytes(len(final))
copy(v6Buffer, final)
ops := gopacket.SerializeOptions{
FixLengths: true,
ComputeChecksums: true,
}
out.SerializeTo(v6SerailizeBuffer, ops)
outPacket := gopacket.NewPacket(v6SerailizeBuffer.Bytes(), layers.LayerTypeIPv6, gopacket.Default)
outPacket.Metadata().CaptureLength = len(outPacket.Data())
outPacket.Metadata().Length = len(outPacket.Data())
return outPacket, nil
}