-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcap.go
151 lines (136 loc) · 3.39 KB
/
pcap.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package main
import (
"fmt"
"io"
"log"
"syscall"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
)
type CaptureConfig struct {
Interface string
SnapLen int
Bufsize int
Immediate bool
NoPromiscuous bool
TimestampSource string
}
type PCAP struct {
Handle *pcap.Handle
TimestampSource string
}
func OpenLive(c *CaptureConfig) (p *PCAP, err error) {
var ih *pcap.InactiveHandle
var h *pcap.Handle
var ts pcap.TimestampSource
var tstr string
var ok bool
if ih, err = pcap.NewInactiveHandle(c.Interface); err != nil {
err = fmt.Errorf("unable to create handle for interface %s (%s)", c.Interface, err)
return
}
if err = ih.SetSnapLen(c.SnapLen); err != nil {
err = fmt.Errorf("unable to set snaplen for %s (%s)", c.Interface, err)
return
}
if err = ih.SetBufferSize(c.Bufsize); err != nil {
err = fmt.Errorf("unable to set timeout for %s (%s)", c.Interface, err)
return
}
if err = ih.SetImmediateMode(c.Immediate); err != nil {
err = fmt.Errorf("unable to set immediate mode for %s (%s)", c.Interface, err)
return
}
if err = ih.SetPromisc(!c.NoPromiscuous); err != nil {
err = fmt.Errorf("unable to set promiscuous mode for %s (%s)", c.Interface, err)
return
}
if c.TimestampSource != "" {
if ts, ok, err = tstampSourceSupported(ih.SupportedTimestamps(), c.TimestampSource); err != nil {
err = fmt.Errorf("unable to get timestamp source for string %s (supported sources: %s)",
c.TimestampSource, supportedTstampSources(ih.SupportedTimestamps()))
return
}
if !ok {
err = fmt.Errorf("timestamp source %s not supported (supported sources: %s)",
c.TimestampSource, supportedTstampSources(ih.SupportedTimestamps()))
return
}
if err = ih.SetTimestampSource(ts); err != nil {
err = fmt.Errorf("unable to set timestamp source %s for %s (%s)",
c.TimestampSource, c.Interface, err)
return
}
tstr = ts.String()
} else {
tstr = "default"
}
if h, err = ih.Activate(); err != nil {
err = fmt.Errorf("unable to capture packets on interface %s (%s)", c.Interface, err)
return
}
p = &PCAP{h, tstr}
return
}
func OpenFile(file string) (p *PCAP, err error) {
var h *pcap.Handle
if h, err = pcap.OpenOffline(file); err != nil {
err = fmt.Errorf("unable to open pcap file \"%s\" (%s)", file, err)
} else {
p = &PCAP{h, ""}
}
return
}
func (p *PCAP) SetFilter(filter string) error {
return p.Handle.SetBPFFilter(filter)
}
func (p *PCAP) Stats() (*pcap.Stats, error) {
return p.Handle.Stats()
}
func (p *PCAP) Close() {
p.Handle.Close()
}
func (p *PCAP) Drain(ch chan gopacket.Packet) {
var err error
var k gopacket.Packet
defer func() {
close(ch)
}()
s := gopacket.NewPacketSource(p.Handle, p.Handle.LinkType())
s.DecodeOptions.NoCopy = true
s.DecodeOptions.Lazy = true
for {
if k, err = s.NextPacket(); err == nil {
ch <- k
} else if err == io.EOF || err == syscall.EBADF {
break
} else {
log.Println(err)
return
}
}
}
func tstampSourceSupported(stss []pcap.TimestampSource, s string) (ts pcap.TimestampSource, ok bool, err error) {
if ts, err = pcap.TimestampSourceFromString(s); err != nil {
return
}
for _, sts := range stss {
if sts == ts {
ok = true
return
}
}
return
}
func supportedTstampSources(stss []pcap.TimestampSource) (s string) {
for i, sts := range stss {
if i > 0 {
s += ", "
}
s += sts.String()
}
if s == "" {
s = "none"
}
return
}