netshovel/netshovel.go

53 lines
1.5 KiB
Go
Raw Normal View History

2018-07-24 17:44:11 -06:00
/*
Package netshovel provides utilities to assist in creating of application-layer protocol decoders.
examples/simple/simple.go contains a full decoder which does nothing but dump every utterance.
It can be used as a template for new work.
*/
package netshovel
2018-07-23 09:58:31 -06:00
import (
"flag"
"log"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"github.com/google/gopacket/tcpassembly"
)
2018-07-24 17:32:08 -06:00
// Mainloop to handle dispatching of PCAP files from command line
//
// This parses the command line arguments,
// and for each PCAP file specified on the command line,
// invokes a TCP assembler that sends streams to whatever is returned from factory.
2018-07-23 09:58:31 -06:00
func Shovel(factory tcpassembly.StreamFactory) {
//verbose := flag.Bool("verbose", false, "Write lots of information out")
2018-07-23 09:58:31 -06:00
flag.Parse()
streamPool := tcpassembly.NewStreamPool(factory)
assembler := tcpassembly.NewAssembler(streamPool)
for _, fn := range flag.Args() {
handle, err := pcap.OpenOffline(fn)
if err != nil {
log.Fatal(err)
}
packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
packets := packetSource.Packets()
for packet := range packets {
if packet == nil {
break
}
if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
continue
}
tcp := packet.TransportLayer().(*layers.TCP)
assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
}
}
assembler.FlushAll()
}