Exemple #1
0
func (p *Pcap) CompileAndSetFilter(filter string) error {
	var bpf C.struct_bpf_program
	if C.pcap_compile(p.pcap, &bpf, C.CString(filter), 1, 0) != 0 {
		return errors.New(p.GetErr())
	}

	if C.pcap_setfilter(p.pcap, &bpf) != 0 {
		return errors.New(p.GetErr())
	}

	return nil
}
Exemple #2
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	bpf, err := p.compileBPFFilter(expr)
	defer C.pcap_freecode(&bpf)
	if err != nil {
		return err
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	return nil
}
Exemple #3
0
// SetBPFInstructionFilter may be used to apply a filter in BPF asm byte code format.
//
// Simplest way to generate BPF asm byte code is with tcpdump:
//     tcpdump -dd 'udp'
//
// The output may be used directly to add a filter, e.g.:
//     bpfInstructions := []pcap.BpfInstruction{
//			{0x28, 0, 0, 0x0000000c},
//			{0x15, 0, 9, 0x00000800},
//			{0x30, 0, 0, 0x00000017},
//			{0x15, 0, 7, 0x00000006},
//			{0x28, 0, 0, 0x00000014},
//			{0x45, 5, 0, 0x00001fff},
//			{0xb1, 0, 0, 0x0000000e},
//			{0x50, 0, 0, 0x0000001b},
//			{0x54, 0, 0, 0x00000012},
//			{0x15, 0, 1, 0x00000012},
//			{0x6, 0, 0, 0x0000ffff},
//			{0x6, 0, 0, 0x00000000},
//		}
//
// An other posibility is to write the bpf code in bpf asm.
// Documentation: https://www.kernel.org/doc/Documentation/networking/filter.txt
//
// To compile the code use bpf_asm from
// https://github.com/torvalds/linux/tree/master/tools/net
//
// The following command may be used to convert bpf_asm output to c/go struct, usable for SetBPFFilterByte:
// bpf_asm -c tcp.bpf
func (p *Handle) SetBPFInstructionFilter(bpfInstructions []BPFInstruction) (err error) {
	bpf, err := bpfInstructionFilter(bpfInstructions)
	if err != nil {
		return err
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	C.pcap_freecode(&bpf)

	return nil
}
Exemple #4
0
func (p *Pcap) Setfilter(expr string) (err string) {
	var bpf _Ctype_struct_bpf_program

	if -1 == C.pcap_compile(p.cptr, &bpf, C.CString(expr), 1, 0) {
		return p.Geterror()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Geterror()
	}

	C.pcap_freecode(&bpf)
	return ""
}
Exemple #5
0
func (p *Pcap) SetFilter(expr string) (err error) {
	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) {
		return p.Geterror()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Geterror()
	}
	C.pcap_freecode(&bpf)
	return nil
}
Exemple #6
0
func (p *Pcap) Setfilter(expr string) os.Error {
	var bpf C.struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) == -1 {
		return os.NewError(p.Geterror())
	}
	defer C.pcap_freecode(&bpf)

	if C.pcap_setfilter(p.cptr, &bpf) == -1 {
		return os.NewError(p.Geterror())
	}

	return nil
}
Exemple #7
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	p.activate.Do(p.activation)
	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) {
		return p.Error()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}
	C.pcap_freecode(&bpf)
	return nil
}
Exemple #8
0
// Apply the given filter it to the packet source. Only packets that match this
// filter will be captured.
func (h *Handle) ApplyFilter(filter *filter.Filter) error {
	if !filter.Validate() {
		return fmt.Errorf("Invalid filter")
	}

	err_str := (*C.char)(C.calloc(256, 1))
	defer C.free(unsafe.Pointer(err_str))

	dev_str := C.CString(h.Device)
	defer C.free(unsafe.Pointer(dev_str))

	err := C.pcap_setfilter(h.pcap, (*C.struct_bpf_program)(filter.Program()))
	if err < 0 {
		return fmt.Errorf("Could not set filter: %s", h.get_error())
	}

	return nil
}
Exemple #9
0
func main() {
	var errbuf = (*C.char)(C.malloc(C.PCAP_ERRBUF_SIZE))
	defer C.free(unsafe.Pointer(errbuf))
	var source = C.CString("any")
	defer C.free(unsafe.Pointer(source))

	pcap_handle := C.pcap_create(source, errbuf)
	if pcap_handle == nil {
		panic("pcap_handle")
	}
	C.pcap_set_buffer_size(pcap_handle, 2*1024*1024)
	C.pcap_set_promisc(pcap_handle, 1)
	C.pcap_set_snaplen(pcap_handle, 512) // more than enough to recognize a WOL packet
	C.pcap_setdirection(pcap_handle, C.PCAP_D_IN)
	if C.pcap_activate(pcap_handle) != 0 {
		panic(C.GoString(C.pcap_geterr(pcap_handle)))
	}

	var bpf_program C.struct_bpf_program
	if C.pcap_compile(pcap_handle, &bpf_program, pcap_filter, 0, 0) != 0 {
		panic(C.GoString(C.pcap_geterr(pcap_handle)))
	}
	if C.pcap_setfilter(pcap_handle, &bpf_program) != 0 {
		panic(C.GoString(C.pcap_geterr(pcap_handle)))
	}

	for {
		var pkt_header *C.struct_pcap_pkthdr
		var pkt_data *C.u_char
		if C.pcap_next_ex(pcap_handle, &pkt_header, &pkt_data) < 0 {
			panic(C.GoString(C.pcap_geterr(pcap_handle)))
		}
		if pkt_data == nil {
			continue
		}
		data := make([]byte, pkt_header.caplen)
		copy(data, (*(*[10000000]byte)(unsafe.Pointer(pkt_data)))[0:])
		from_mac, to_mac := checkwol(data)
		if from_mac != "" {
			fmt.Printf("%v: %v sends WOL to %v\n", time.Now(), from_mac, to_mac)
		}
	}

}
Exemple #10
0
// SetBPFFilter compiles and sets a BPF filter for the pcap handle.
func (p *Handle) SetBPFFilter(expr string) (err error) {
	errorBuf := (*C.char)(C.calloc(errorBufferSize, 1))
	defer C.free(unsafe.Pointer(errorBuf))

	var netp uint32
	var maskp uint32

	// Only do the lookup on network interfaces.
	// No device indicates we're handling a pcap file.
	if len(p.device) > 0 {
		dev := C.CString(p.device)
		defer C.free(unsafe.Pointer(dev))
		if -1 == C.pcap_lookupnet(
			dev,
			(*C.bpf_u_int32)(unsafe.Pointer(&netp)),
			(*C.bpf_u_int32)(unsafe.Pointer(&maskp)),
			errorBuf,
		) {
			// We can't lookup the network, but that could be because the interface
			// doesn't have an IPv4.
		}
	}

	var bpf _Ctype_struct_bpf_program
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, C.bpf_u_int32(maskp)) {
		return p.Error()
	}

	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
		C.pcap_freecode(&bpf)
		return p.Error()
	}

	C.pcap_freecode(&bpf)

	return nil
}
Exemple #11
0
// Setfilter compiles a filter string into a bpf program and sets the filter.
func (p *Pcap) Setfilter(expr string) error {
	cexpr := C.CString(expr)
	defer C.free(unsafe.Pointer(cexpr))

	var bpf C.struct_bpf_program
	res := C.pcap_compile(p.cptr, &bpf, cexpr, C.int(OptimizeFilters),
		C.PCAP_NETMASK_UNKNOWN)
	if res == C.PCAP_ERROR {
		return p.GetErr()
	}

	res = C.pcap_setfilter(p.cptr, &bpf)
	if res == C.PCAP_ERROR {
		C.pcap_freecode(&bpf)
		return p.GetErr()
	}

	p.Filters = append(p.Filters, expr)

	C.pcap_freecode(&bpf)
	return nil
}