func main() { // Use our own FlagSet, because some libraries pollute the global one var cmdLine = flag.NewFlagSet(os.Args[0], flag.ExitOnError) cfgfile.CmdLineFlags(cmdLine, Name) logp.CmdLineFlags(cmdLine) service.CmdLineFlags(cmdLine) publisher.CmdLineFlags(cmdLine) file := cmdLine.String("I", "", "file") loop := cmdLine.Int("l", 1, "Loop file. 0 - loop forever") oneAtAtime := cmdLine.Bool("O", false, "Read packets one at a time (press Enter)") topSpeed := cmdLine.Bool("t", false, "Read packets as fast as possible, without sleeping") printVersion := cmdLine.Bool("version", false, "Print version and exit") dumpfile := cmdLine.String("dump", "", "Write all captured packets to this libpcap file.") cmdLine.Parse(os.Args[1:]) sniff := new(sniffer.SnifferSetup) if *printVersion { fmt.Printf("Packetbeat version %s (%s)\n", Version, runtime.GOARCH) return } err := cfgfile.Read(&config.ConfigSingleton) logp.Init(Name, &config.ConfigSingleton.Logging) // CLI flags over-riding config if *topSpeed { config.ConfigSingleton.Interfaces.TopSpeed = true } if len(*file) > 0 { config.ConfigSingleton.Interfaces.File = *file } config.ConfigSingleton.Interfaces.Loop = *loop config.ConfigSingleton.Interfaces.OneAtATime = *oneAtAtime if len(*dumpfile) > 0 { config.ConfigSingleton.Interfaces.Dumpfile = *dumpfile } logp.Debug("main", "Initializing output plugins") if err = publisher.Publisher.Init(config.ConfigSingleton.Output, config.ConfigSingleton.Shipper); err != nil { logp.Critical(err.Error()) os.Exit(1) } if err = procs.ProcWatcher.Init(config.ConfigSingleton.Procs); err != nil { logp.Critical(err.Error()) os.Exit(1) } logp.Debug("main", "Initializing protocol plugins") for proto, plugin := range EnabledProtocolPlugins { err = plugin.Init(false, publisher.Publisher.Queue) if err != nil { logp.Critical("Initializing plugin %s failed: %v", proto, err) os.Exit(1) } protos.Protos.Register(proto, plugin) } tcpProc, err := tcp.NewTcp(&protos.Protos) if err != nil { logp.Critical(err.Error()) os.Exit(1) } udpProc, err := udp.NewUdp(&protos.Protos) if err != nil { logp.Critical(err.Error()) os.Exit(1) } over := make(chan bool) stopCb := func() { sniff.Stop() } logp.Debug("main", "Initializing filters") afterInputsQueue, err := filters.FiltersRun( config.ConfigSingleton.Filter, EnabledFilterPlugins, publisher.Publisher.Queue, stopCb) if err != nil { logp.Critical("%v", err) os.Exit(1) } logp.Debug("main", "Initializing sniffer") err = sniff.Init(false, afterInputsQueue, tcpProc, udpProc) if err != nil { logp.Critical("Initializing sniffer failed: %v", err) os.Exit(1) } // This needs to be after the sniffer Init but before the sniffer Run. if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil { logp.Critical(err.Error()) os.Exit(1) } // Up to here was the initialization, now about running if cfgfile.IsTestConfig() { // all good, exit with 0 os.Exit(0) } service.BeforeRun() // run the sniffer in background go func() { err := sniff.Run() if err != nil { logp.Critical("Sniffer main loop failed: %v", err) os.Exit(1) } over <- true }() service.HandleSignals(stopCb) // Startup successful, disable stderr logging if requested by // cmdline flag logp.SetStderr() logp.Debug("main", "Waiting for the sniffer to finish") // Wait for the goroutines to finish for _ = range over { if !sniff.IsAlive() { break } } logp.Debug("main", "Cleanup") if service.WithMemProfile() { // wait for all TCP streams to expire time.Sleep(tcp.TCP_STREAM_EXPIRY * 1.2) tcpProc.PrintTcpMap() } service.Cleanup() }
// Setup packetbeat func (pb *Packetbeat) Setup(b *beat.Beat) error { if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil { logp.Critical(err.Error()) os.Exit(1) } pb.Sniff = new(sniffer.SnifferSetup) logp.Debug("main", "Initializing protocol plugins") for proto, plugin := range EnabledProtocolPlugins { err := plugin.Init(false, b.Events) if err != nil { logp.Critical("Initializing plugin %s failed: %v", proto, err) os.Exit(1) } protos.Protos.Register(proto, plugin) } var err error tcpProc, err := tcp.NewTcp(&protos.Protos) if err != nil { logp.Critical(err.Error()) os.Exit(1) } udpProc, err := udp.NewUdp(&protos.Protos) if err != nil { logp.Critical(err.Error()) os.Exit(1) } pb.over = make(chan bool) /* logp.Debug("main", "Initializing filters") _, err = filters.FiltersRun( config.ConfigSingleton.Filter, EnabledFilterPlugins, b.Events, b.Stop) if err != nil { logp.Critical("%v", err) os.Exit(1) } */ logp.Debug("main", "Initializing sniffer") err = pb.Sniff.Init(false, tcpProc, udpProc) if err != nil { logp.Critical("Initializing sniffer failed: %v", err) os.Exit(1) } // This needs to be after the sniffer Init but before the sniffer Run. if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil { logp.Critical(err.Error()) os.Exit(1) } return err }