func handlePacket(packet gopacket.Packet, counter chan *PacketCount) {
appLayer := packet.ApplicationLayer()
if appLayer == nil {
return
}
if networkLayer := packet.NetworkLayer(); networkLayer != nil {
srcIP := networkLayer.NetworkFlow().Src().String()
dstIP := networkLayer.NetworkFlow().Dst().String()
meta := packet.Metadata()
counter <- &PacketCount{
src: srcIP,
dst: dstIP,
size: uint64(meta.Length),
}
}
}
// Packet information digestion ------------------------------------------------------
// function that takes the raw packet and creates a GPPacket structure from it. Initial
// sanity checking has been performed in the function above, so we can now check whether
// the packet can be decoded directly
func (g *GPCapture) handlePacket(curPack gopacket.Packet) (*GPPacket, error) {
// process metadata
var numBytes uint16 = uint16(curPack.Metadata().CaptureInfo.Length)
// read the direction from which the packet entered the interface
isInboundTraffic := false
if curPack.Metadata().CaptureInfo.Inbound == 1 {
isInboundTraffic = true
}
// initialize vars (GO ensures that all variables are initialized with their
// respective zero element)
var (
src, dst []byte = zeroip, zeroip
sp, dp []byte = zeroport, zeroport
// the default value is reserved by IANA and thus will never occur unless
// the protocol could not be correctly identified
proto byte = 0xff
fragBits byte = 0x00
fragOffset uint16
TCPflags uint8
l7payload []byte = zeropayload
l7payloadSize uint16
// size helper vars
nlHeaderSize uint16
tpHeaderSize uint16
)
// decode rest of packet
if curPack.NetworkLayer() != nil {
nw_l := curPack.NetworkLayer().LayerContents()
nlHeaderSize = uint16(len(nw_l))
// exit if layer is available but the bytes aren't captured by the layer
// contents
if nlHeaderSize == 0 {
return nil, errors.New("Network layer header not available")
}
// get ip info
ipsrc, ipdst := curPack.NetworkLayer().NetworkFlow().Endpoints()
src = ipsrc.Raw()
dst = ipdst.Raw()
// read out the next layer protocol
switch curPack.NetworkLayer().LayerType() {
case layers.LayerTypeIPv4:
proto = nw_l[9]
// check for IP fragmentation
fragBits = (0xe0 & nw_l[6]) >> 5
fragOffset = (uint16(0x1f & nw_l[6]) << 8) | uint16(nw_l[7])
// return decoding error if the packet carries anything other than the
// first fragment, i.e. if the packet lacks a transport layer header
if fragOffset != 0 {
return nil, errors.New("Fragmented IP packet: offset: "+strconv.FormatUint(uint64(fragOffset), 10)+" flags: "+strconv.FormatUint(uint64(fragBits), 10))
}
case layers.LayerTypeIPv6:
proto = nw_l[6]
}
if curPack.TransportLayer() != nil {
// get layer contents
tp_l := curPack.TransportLayer().LayerContents()
tpHeaderSize = uint16(len(tp_l))
if tpHeaderSize == 0 {
return nil, errors.New("Transport layer header not available")
}
// get port bytes
psrc, dsrc := curPack.TransportLayer().TransportFlow().Endpoints()
// only get raw bytes if we actually have TCP or UDP
if proto == 6 || proto == 17 {
sp = psrc.Raw()
dp = dsrc.Raw()
}
// if the protocol is TCP, grab the flag information
if proto == 6 {
if tpHeaderSize < 14 {
return nil, errors.New("Incomplete TCP header: "+string(tp_l))
}
TCPflags = tp_l[13] // we are primarily interested in SYN, ACK and FIN
}
// grab the next layer payload's first 4 bytes and calculate
// the layer 7 payload size if the application layer could
// be correctly decoded
if curPack.ApplicationLayer() != nil {
pl := curPack.ApplicationLayer().Payload()
lenPayload := len(pl)
if lenPayload >= 4 {
l7payload = pl[0:4]
} else {
for i := 0; i < lenPayload; i++ {
l7payload[i] = pl[i]
}
}
}
l7payloadSize = numBytes - tpHeaderSize - nlHeaderSize
}
} else {
return nil, errors.New("network layer decoding failed")
}
return NewGPPacket(src, dst, sp, dp, l7payload, l7payloadSize, proto, numBytes, TCPflags, isInboundTraffic), nil
}