Domovská stránka Prehľadávať Pomoc
Registrovať Prihlásiť sa
scw
/
munchclient
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 8f6d7bd4e4
Branche Tagy
munchclient
/
vendor
/
github.com
/
google
/
gopacket
/
pcap
/
doc.go

doc.go 4.0 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. // Copyright 2012 Google, Inc. All rights reserved.
    2. 

  2. //
    3. 

  3. // Use of this source code is governed by a BSD-style license
    4. 

  4. // that can be found in the LICENSE file in the root of the source
    5. 

  5. // tree.
    6. 

  6. 

  7. /*
    8. 

  8. Package pcap allows users of gopacket to read packets off the wire or from
    9. 

  9. pcap files.
    10. 

  10. 

  11. This package is meant to be used with its parent,
    12. 

  12. http://github.com/google/gopacket, although it can also be used independently
    13. 

  13. if you just want to get packet data from the wire.
    14. 

  14. 

  15. Depending on libpcap version, os support, or file timestamp resolution,
    16. 

  16. nanosecond resolution is used for the internal timestamps. Returned timestamps
    17. 

  17. are always scaled to nanosecond resolution due to the usage of time.Time.
    18. 

  18. libpcap must be at least version 1.5 to support nanosecond timestamps. OpenLive
    19. 

  19. supports only microsecond resolution.
    20. 

  20. 

  21. Reading PCAP Files
    22. 

  22. 

  23. The following code can be used to read in data from a pcap file.
    24. 

  24. 

  25.  if handle, err := pcap.OpenOffline("/path/to/my/file"); err != nil {
    26. 

  26.    panic(err)
    27. 

  27.  } else {
    28. 

  28.    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    29. 

  29.    for packet := range packetSource.Packets() {
    30. 

  30.      handlePacket(packet)  // Do something with a packet here.
    31. 

  31.    }
    32. 

  32.  }
    33. 

  33. 

  34. Reading Live Packets
    35. 

  35. 

  36. The following code can be used to read in data from a live device, in this case
    37. 

  37. "eth0". Be aware, that OpenLive only supports microsecond resolution.
    38. 

  38. 

  39.  if handle, err := pcap.OpenLive("eth0", 1600, true, pcap.BlockForever); err != nil {
    40. 

  40.    panic(err)
    41. 

  41.  } else if err := handle.SetBPFFilter("tcp and port 80"); err != nil {  // optional
    42. 

  42.    panic(err)
    43. 

  43.  } else {
    44. 

  44.    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
    45. 

  45.    for packet := range packetSource.Packets() {
    46. 

  46.      handlePacket(packet)  // Do something with a packet here.
    47. 

  47.    }
    48. 

  48.  }
    49. 

  49. 

  50. Inactive Handles
    51. 

  51. 

  52. Newer PCAP functionality requires the concept of an 'inactive' PCAP handle.
    53. 

  53. Instead of constantly adding new arguments to pcap_open_live, users now call
    54. 

  54. pcap_create to create a handle, set it up with a bunch of optional function
    55. 

  55. calls, then call pcap_activate to activate it.  This library mirrors that
    56. 

  56. mechanism, for those that want to expose/use these new features:
    57. 

  57. 

  58.   inactive, err := pcap.NewInactiveHandle(deviceName)
    59. 

  59.   if err != nil {
    60. 

  60.     log.Fatal(err)
    61. 

  61.   }
    62. 

  62.   defer inactive.CleanUp()
    63. 

  63. 

  64.   // Call various functions on inactive to set it up the way you'd like:
    65. 

  65.   if err = inactive.SetTimeout(time.Minute); err != nil {
    66. 

  66.     log.Fatal(err)
    67. 

  67.   } else if err = inactive.SetTimestampSource("foo"); err != nil {
    68. 

  68.     log.Fatal(err)
    69. 

  69.   }
    70. 

  70. 

  71.   // Finally, create the actual handle by calling Activate:
    72. 

  72.   handle, err := inactive.Activate()  // after this, inactive is no longer valid
    73. 

  73.   if err != nil {
    74. 

  74.     log.Fatal(err)
    75. 

  75.   }
    76. 

  76.   defer handle.Close()
    77. 

  77. 

  78.   // Now use your handle as you see fit.
    79. 

  79. 

  80. PCAP Timeouts
    81. 

  81. 

  82. pcap.OpenLive and pcap.SetTimeout both take timeouts.
    83. 

  83. If you don't care about timeouts, just pass in BlockForever,
    84. 

  84. which should do what you expect with minimal fuss.
    85. 

  85. 

  86. A timeout of 0 is not recommended.  Some platforms, like Macs
    87. 

  87. (http://www.manpages.info/macosx/pcap.3.html) say:
    88. 

  88.   The read timeout is used to arrange that the read not necessarily return
    89. 

  89.   immediately when a packet is seen, but that it wait for some amount of time
    90. 

  90.   to allow more packets to arrive and to read multiple packets from the OS
    91. 

  91.   kernel in one operation.
    92. 

  92. This means that if you only capture one packet, the kernel might decide to wait
    93. 

  93. 'timeout' for more packets to batch with it before returning.  A timeout of
    94. 

  94. 0, then, means 'wait forever for more packets', which is... not good.
    95. 

  95. 

  96. To get around this, we've introduced the following behavior:  if a negative
    97. 

  97. timeout is passed in, we set the positive timeout in the handle, then loop
    98. 

  98. internally in ReadPacketData/ZeroCopyReadPacketData when we see timeout
    99. 

  99. errors.
    100. 

  100. 

  101. PCAP File Writing
    102. 

  102. 

  103. This package does not implement PCAP file writing.  However, gopacket/pcapgo
    104. 

  104. does!  Look there if you'd like to write PCAP files.
    105. 

  105. 

  106. Note For Windows Users
    107. 

  107. 

  108. gopacket can use winpcap or npcap. If both are installed at the same time,
    109. 

  109. npcap is preferred. Make sure the right windows service is loaded (npcap for npcap
    110. 

  110. and npf for winpcap).
    111. 

  111. */
    112. 

  112. package pcap
    113.