func TestMatch(t *testing.T) {
arp, err := filter.Compile("arp", packet.Eth, false)
if err != nil {
t.Fatalf("Error compiling arp")
}
if !arp.Validate() {
t.Fatalf("Invalid filter ARP\n%s", arp)
}
udp, err := filter.Compile("udp", packet.Eth, false)
if err != nil {
t.Fatalf("Error compiling udp")
}
port, err := filter.Compile("port 8338", packet.Eth, false)
if err != nil {
t.Fatalf("Error compiling port")
}
if !arp.Match(test_eth_arp) {
t.Fatalf("ARP mismatch")
}
if arp.Match(test_eth_ipv4_udp) {
t.Fatalf("ARP matched (but it shouldn't have)")
}
if !udp.Match(test_eth_ipv4_udp) {
t.Fatalf("ARP mismatch")
}
if udp.Match(test_eth_ipv4_tcp) {
t.Fatalf("UDP matched (but it shouldn't have)")
}
if !port.Match(test_eth_ipv4_udp) {
t.Fatalf("UDP port mismatch")
}
if !port.Match(test_eth_ipv4_tcp) {
t.Fatalf("TCP port mismatch")
}
if port.Match(test_eth_vlan_arp) {
t.Fatalf("Port matched (but it shouldn't have)")
}
}
func BenchmarkMatch(b *testing.B) {
test_filter, _ := filter.Compile("port 8338", packet.Eth, false)
for n := 0; n < b.N; n++ {
test_filter.Match(test_eth_ipv4_tcp)
}
}
func ExampleFilter() {
// Match UDP or TCP packets on top of Ethernet
flt, err := filter.Compile("udp or tcp", packet.Eth, false)
if err != nil {
log.Fatal(err)
}
if flt.Match([]byte("random data")) {
log.Println("MATCH!!!")
}
}
func TestCaptureFilter(t *testing.T) {
src, err := file.Open("capture_test.pcap")
if err != nil {
t.Fatalf("Error opening: %s", err)
}
defer src.Close()
flt, err := filter.Compile("arp", src.LinkType())
if err != nil {
t.Fatalf("Error parsing filter: %s", err)
}
defer flt.Cleanup()
err = src.ApplyFilter(flt)
if err != nil {
t.Fatalf("Error applying filter: %s", err)
}
var count uint64
for {
buf, err := src.Capture()
if err != nil {
t.Fatalf("Error reading: %s %d", err, count)
}
if buf == nil {
break
}
count++
}
if count != 2 {
t.Fatalf("Count mismatch: %d", count)
}
}
func main() {
log.SetFlags(0)
usage := `Usage: dump [options] [<expression>]
Dump the traffic on the network (like tcpdump).
Options:
-c <count> Exit after receiving count packets.
-i <iface> Listen on interface.
-r <file> Read packets from file.
-w <file> Write the raw packets to file.`
args, err := docopt.Parse(usage, nil, true, "", false)
if err != nil {
log.Fatalf("Invalid arguments: %s", err)
}
var count uint64
if args["-c"] != nil {
count, err = strconv.ParseUint(args["-c"].(string), 10, 64)
if err != nil {
log.Fatalf("Error parsing count: %s", err)
}
}
var src capture.Handle
if args["-i"] != nil {
src, err = pcap.Open(args["-i"].(string))
if err != nil {
log.Fatalf("Error opening iface: %s", err)
}
} else if args["-r"] != nil {
src, err = file.Open(args["-r"].(string))
if err != nil {
log.Fatalf("Error opening file: %s", err)
}
} else {
log.Fatalf("Must select a source (either -i or -r)")
}
defer src.Close()
var dst capture.Handle
if args["-w"] != nil {
dst, err = file.Open(args["-w"].(string))
if err != nil {
log.Fatalf("Error opening file: %s", err)
}
defer dst.Close()
}
err = src.Activate()
if err != nil {
log.Fatalf("Error activating source: %s", err)
}
if args["<expression>"] != nil {
expr := args["<expression>"].(string)
flt, err := filter.Compile(expr, src.LinkType(), false)
if err != nil {
log.Fatalf("Error parsing filter: %s", err)
}
defer flt.Cleanup()
err = src.ApplyFilter(flt)
if err != nil {
log.Fatalf("Error appying filter: %s", err)
}
}
var i uint64
for {
buf, err := src.Capture()
if err != nil {
log.Fatalf("Error: %s", err)
break
}
if buf == nil {
break
}
i++
if dst == nil {
rcv_pkt, err := layers.UnpackAll(buf, src.LinkType())
if err != nil {
log.Printf("Error: %s\n", err)
}
log.Println(rcv_pkt)
} else {
dst.Inject(buf)
}
if count > 0 && i >= count {
break
}
}
}