func benchmarkPacketDecode(packetSource *gopacket.PacketSource) {
count, errors := 0, 0
start := time.Now()
for packet, err := packetSource.NextPacket(); err != io.EOF; packet, err = packetSource.NextPacket() {
if err != nil {
fmt.Println("Error reading in packet:", err)
continue
}
count++
var hasError bool
if *printErrors && packet.ErrorLayer() != nil {
fmt.Println("\n\n\nError decoding packet:", packet.ErrorLayer().Error())
fmt.Println(hex.Dump(packet.Data()))
fmt.Printf("%#v\n", packet.Data())
errors++
hasError = true
}
if *printLayers || hasError {
fmt.Printf("\n=== PACKET %d ===\n", count)
for _, l := range packet.Layers() {
fmt.Printf("--- LAYER %v ---\n%#v\n\n", l.LayerType(), l)
}
fmt.Println()
}
}
duration := time.Since(start)
fmt.Printf("\tRead in %v packets in %v, %v per packet\n", count, duration, duration/time.Duration(count))
if *printErrors {
fmt.Printf("%v errors, successfully decoded %.02f%%\n", errors, float64(count-errors)*100.0/float64(count))
}
}
func runNGNet(packetSource *gopacket.PacketSource) {
streamFactory := ngnet.NewHttpStreamFactory(eventChan)
pool := tcpassembly.NewStreamPool(streamFactory)
assembler := tcpassembly.NewAssembler(pool)
var pcapWriter *pcapgo.Writer
if *outputPcap != "" {
outPcapFile, err := os.Create(*outputPcap)
if err != nil {
log.Fatalln(err)
}
defer outPcapFile.Close()
pcapWriter = pcapgo.NewWriter(outPcapFile)
pcapWriter.WriteFileHeader(65536, layers.LinkTypeEthernet)
}
var count int = 0
for packet := range packetSource.Packets() {
count++
net_layer := packet.NetworkLayer()
if net_layer == nil {
continue
}
trans_layer := packet.TransportLayer()
if trans_layer == nil {
continue
}
tcp, _ := trans_layer.(*layers.TCP)
if tcp == nil {
continue
}
if pcapWriter != nil {
pcapWriter.WritePacket(packet.Metadata().CaptureInfo, packet.Data())
}
assembler.AssembleWithTimestamp(
net_layer.NetworkFlow(),
tcp,
packet.Metadata().CaptureInfo.Timestamp)
}
assembler.FlushAll()
streamFactory.Wait()
log.Println("Packet count: ", count)
}
func doCaptureLoop(packageSource *gopacket.PacketSource) {
//
dataStream := datastream.TcpDataStreamFactory{ps[:len(ps)]}
streamPool := tcpassembly.NewStreamPool(dataStream)
assembler := tcpassembly.NewAssembler(streamPool)
log.Debug("构建tcp分析者完成")
//
packets := packageSource.Packets()
ticker := time.Tick(time.Minute)
//
for {
select {
case packet := <-packets:
{
if packet == nil {
return
}
if packet.NetworkLayer() == nil || packet.TransportLayer() == nil {
continue
}
//tcp
if packet.TransportLayer().LayerType() == layers.LayerTypeTCP {
tcp, _ := packet.TransportLayer().(*layers.TCP)
assembler.AssembleWithTimestamp(
packet.NetworkLayer().NetworkFlow(),
tcp,
packet.Metadata().Timestamp)
}
}
case <-ticker:
assembler.FlushOlderThan(time.Now().Add(time.Minute * -2))
}
}
}
/*
func writeData(w *pcapgo.Writer, source *gopacket.PacketSource) error {
defragger := ip4defrag.NewIPv4Defragmenter()
w.WriteFileHeader(65536, layers.LinkTypeEthernet)
for packet := range source.Packets() {
tcpLayer := packet.Layer(layers.LayerTypeTCP)
if tcpLayer != nil {
// do assemble
} else {
v6Layer := packet.Layer(layers.LayerTypeIPv6)
if v6Layer != nil {
// do v6 defrag
} else {
v4Layer := packet.Layer(layers.LayerTypeIPv4)
if v4Layer == nil {
continue
}
in, err := defragger.DefragIPv4(v4Layer)
if err != nil {
return err
} else if in == nil { //part of fragment continue
continue
} else {
err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerContents()) //write the header
if err != nil {
return err
}
err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerPayload()) // write the payload
if err != nil {
return err
}
}
}
}
}
return nil
}*/
func readSource(source *gopacket.PacketSource, tcpPack chan gopacket.Packet,
normalPack chan gopacket.Packet, fragV4Pack chan gopacket.Packet, fragv6Pack chan gopacket.Packet,
endNotification chan bool) {
for packet := range source.Packets() {
tcpLayer := packet.Layer(layers.LayerTypeTCP)
if tcpLayer != nil {
tcpPack <- packet
// send packet to tcp ASSEMBLER
} else {
v6Layer := packet.Layer(layers.LayerTypeIPv6)
if v6Layer != nil {
v6frag := packet.Layer(layers.LayerTypeIPv6Fragment)
if v6frag == nil {
ipv6 := v6Layer.(*layers.IPv6)
IPserializeBuffer := gopacket.NewSerializeBuffer()
buf, _ := IPserializeBuffer.PrependBytes(len(ipv6.Payload))
copy(buf, ipv6.Payload)
ops := gopacket.SerializeOptions{
FixLengths: true,
ComputeChecksums: true,
}
ipv6.SerializeTo(IPserializeBuffer, ops)
sendPack := gopacket.NewPacket(IPserializeBuffer.Bytes(), layers.LayerTypeIPv6, gopacket.Default)
err := sendPack.ErrorLayer()
if err != nil {
fmt.Println("Error decoding some part of the packet:", err)
normalPack <- packet
} else {
sendPack.Metadata().CaptureLength = len(sendPack.Data())
sendPack.Metadata().Length = len(sendPack.Data())
normalPack <- sendPack
}
} else {
fragv6Pack <- packet
}
// do v6 process
} else {
v4Layer := packet.Layer(layers.LayerTypeIPv4)
if v4Layer == nil {
continue
}
ip := v4Layer.(*layers.IPv4)
if notFraV4(ip) {
IPserializeBuffer := gopacket.NewSerializeBuffer()
buf, _ := IPserializeBuffer.PrependBytes(len(ip.Payload))
copy(buf, ip.Payload)
ops := gopacket.SerializeOptions{
FixLengths: true,
ComputeChecksums: true,
}
// ipBuffer, _ := IPserializeBuffer.PrependBytes(len(ip.Payload))
// copy(ipBuffer, ip.Payload)
ip.SerializeTo(IPserializeBuffer, ops)
sendPack := gopacket.NewPacket(IPserializeBuffer.Bytes(), layers.LayerTypeIPv4, gopacket.Default)
err := sendPack.ErrorLayer()
if err != nil {
fmt.Println("Error decoding some part of the packet:", err)
normalPack <- packet
} else {
sendPack.Metadata().CaptureLength = len(sendPack.Data())
sendPack.Metadata().Length = len(sendPack.Data())
normalPack <- sendPack
}
} else {
fragV4Pack <- packet
}
/*
in, err := defragger.DefragIPv4(v4Layer)
if err != nil {
return err
} else if in == nil { //part of fragment continue
continue
} else {
err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerContents()) //write the header
if err != nil {
return err
}
err := w.WritePacket(packet.Metadata().CaptureInfo, in.LayerPayload()) // write the payload
if err != nil {
return err
}
}*/
}
}
time.Sleep(time.Millisecond * 500)
}
fmt.Printf("done reading in readSource()\n")
// give a time to write file
endNotification <- true
}