func main() {
defer util.Run()()
var handle *pcap.Handle
var err error
// Set up pcap packet capture
if *fname != "" {
log.Printf("Reading from pcap dump %q", *fname)
handle, err = pcap.OpenOffline(*fname)
} else {
log.Printf("Starting capture on interface %q", *iface)
handle, err = pcap.OpenLive(*iface, int32(*snaplen), true, pcap.BlockForever)
}
if err != nil {
log.Fatal(err)
}
if err := handle.SetBPFFilter(*filter); err != nil {
log.Fatal(err)
}
// Set up assembly
streamFactory := &httpStreamFactory{}
streamPool := tcpassembly.NewStreamPool(streamFactory)
assembler := tcpassembly.NewAssembler(streamPool)
log.Println("reading in packets")
// Read in packets, pass to assembler.
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
packets := packetSource.Packets()
ticker := time.Tick(time.Minute)
for {
select {
case packet := <-packets:
// A nil packet indicates the end of a pcap file.
if packet == nil {
return
}
if *logAllPackets {
log.Println(packet)
}
if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
log.Println("Unusable packet")
continue
}
tcp := packet.TransportLayer().(*layers.TCP)
assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
case <-ticker:
// Every minute, flush connections that haven't seen activity in the past 2 minutes.
assembler.FlushOlderThan(time.Now().Add(time.Minute * -2))
}
}
}
func main() {
defer util.Run()()
var handle *pcap.Handle
var err error
if *fname != "" {
if handle, err = pcap.OpenOffline(*fname); err != nil {
log.Fatal("PCAP OpenOffline error:", err)
}
} else {
// This is a little complicated because we want to allow all possible options
// for creating the packet capture handle... instead of all this you can
// just call pcap.OpenLive if you want a simple handle.
inactive, err := pcap.NewInactiveHandle(*iface)
if err != nil {
log.Fatal("could not create: %v", err)
}
defer inactive.CleanUp()
if err = inactive.SetSnapLen(*snaplen); err != nil {
log.Fatal("could not set snap length: %v", err)
} else if err = inactive.SetPromisc(*promisc); err != nil {
log.Fatal("could not set promisc mode: %v", err)
} else if err = inactive.SetTimeout(time.Second); err != nil {
log.Fatal("could not set timeout: %v", err)
}
if *tstype != "" {
if t, err := pcap.TimestampSourceFromString(*tstype); err != nil {
log.Fatalf("Supported timestamp types: %v", inactive.SupportedTimestamps())
} else if err := inactive.SetTimestampSource(t); err != nil {
log.Fatalf("Supported timestamp types: %v", inactive.SupportedTimestamps())
}
}
if handle, err = inactive.Activate(); err != nil {
log.Fatal("PCAP Activate error:", err)
}
defer handle.Close()
if len(flag.Args()) > 0 {
bpffilter := strings.Join(flag.Args(), " ")
fmt.Fprintf(os.Stderr, "Using BPF filter %q\n", bpffilter)
if err = handle.SetBPFFilter(bpffilter); err != nil {
log.Fatal("BPF filter error:", err)
}
}
}
dumpcommand.Run(handle)
}
func main() {
flag.Parse()
filename := os.TempDir() + string(os.PathSeparator) + "gopacket_benchmark.pcap"
if _, err := os.Stat(filename); err != nil {
// This URL points to a publicly available packet data set from a DARPA
// intrusion detection evaluation. See
// http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999/training/week1/index.html
// for more details.
fmt.Println("Local pcap file", filename, "doesn't exist, reading from", *url)
if resp, err := http.Get(*url); err != nil {
panic(err)
} else if out, err := os.Create(filename); err != nil {
panic(err)
} else if gz, err := gzip.NewReader(resp.Body); err != nil {
panic(err)
} else if n, err := io.Copy(out, gz); err != nil {
panic(err)
} else if err := gz.Close(); err != nil {
panic(err)
} else if err := out.Close(); err != nil {
panic(err)
} else {
fmt.Println("Successfully read", n, "bytes from url, unzipped to local storage")
}
}
fmt.Println("Reading file once through to hopefully cache most of it")
if f, err := os.Open(filename); err != nil {
panic(err)
} else if n, err := io.Copy(ioutil.Discard, f); err != nil {
panic(err)
} else if err := f.Close(); err != nil {
panic(err)
} else {
fmt.Println("Read in file", filename, ", total of", n, "bytes")
}
if *cpuProfile != "" {
if cpu, err := os.Create(*cpuProfile); err != nil {
panic(err)
} else if err := pprof.StartCPUProfile(cpu); err != nil {
panic(err)
} else {
defer func() {
pprof.StopCPUProfile()
cpu.Close()
}()
}
}
var packetDataSource *BufferPacketSource
var packetSource *gopacket.PacketSource
fmt.Printf("Opening file %q for read\n", filename)
if h, err := pcap.OpenOffline(filename); err != nil {
panic(err)
} else {
fmt.Println("Reading all packets into memory with BufferPacketSource.")
start := time.Now()
packetDataSource = NewBufferPacketSource(h)
duration := time.Since(start)
fmt.Printf("Time to read packet data into memory from file: %v\n", duration)
packetSource = gopacket.NewPacketSource(packetDataSource, h.LinkType())
packetSource.DecodeOptions.Lazy = *decodeLazy
packetSource.DecodeOptions.NoCopy = *decodeNoCopy
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decode %d/%d\n", i+1, *repeat)
benchmarkPacketDecode(packetSource)
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decoding layer parser %d/%d\n", i+1, *repeat)
benchmarkLayerDecode(packetDataSource, false)
}
fmt.Println()
for i := 0; i < *repeat; i++ {
packetDataSource.Reset()
fmt.Printf("Benchmarking decoding layer parser with assembly %d/%d\n", i+1, *repeat)
benchmarkLayerDecode(packetDataSource, true)
}
}