netshovel/netshovel.go

/*

Package netshovel provides utilities to assist in creating of application-layer protocol decoders.

examples/simple/simple.go contains a full decoder which does nothing but dump every utterance.
It can be used as a template for new work.

*/
package netshovel

import (
	"flag"
	"log"

	"github.com/google/gopacket"
	"github.com/google/gopacket/layers"
	"github.com/google/gopacket/pcap"
	"github.com/google/gopacket/tcpassembly"
)

// Shovel handles dispatching of PCAP files from the command line.
// It's intended that you invoke this from your main function.
// This parses the command line arguments,
// and for each PCAP file specified on the command line,
// invokes a TCP assembler that sends streams to whatever is returned from factory.
func Shovel(factory tcpassembly.StreamFactory) {
	//verbose := flag.Bool("verbose", false, "Write lots of information out")
	flag.Parse()

	streamPool := tcpassembly.NewStreamPool(factory)
	assembler := tcpassembly.NewAssembler(streamPool)

	for _, fn := range flag.Args() {
		ShovelFile(fn, assembler)
	}

	assembler.FlushAll()
}

// ShovelFile shovels a single file.
// You must call assembler.FlushAll() at the end of this!
func ShovelFile(filename string, assembler *tcpassembly.Assembler) {
	handle, err := pcap.OpenOffline(filename)
	if err != nil {
		log.Fatal(err)
	}

	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
	packets := packetSource.Packets()
	for packet := range packets {
		if packet == nil {
			break
		}
		if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
			continue
		}
		tcp := packet.TransportLayer().(*layers.TCP)
		assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
	}
}
Remove superfluous doc.go 2018-07-24 17:44:11 -06:00			`/*`

			`Package netshovel provides utilities to assist in creating of application-layer protocol decoders.`

			`examples/simple/simple.go contains a full decoder which does nothing but dump every utterance.`
			`It can be used as a template for new work.`

			`*/`
Add some resources and make it build sort of 2018-07-23 10:44:30 -06:00			`package netshovel`
Start trying to make it a library 2018-07-23 09:58:31 -06:00
			`import (`
			`"flag"`
Handle unaligned headers 2020-09-24 16:57:02 -06:00			`"log"`

Start trying to make it a library 2018-07-23 09:58:31 -06:00			`"github.com/google/gopacket"`
			`"github.com/google/gopacket/layers"`
			`"github.com/google/gopacket/pcap"`
			`"github.com/google/gopacket/tcpassembly"`
			`)`

Handle unaligned headers 2020-09-24 16:57:02 -06:00			`// Shovel handles dispatching of PCAP files from the command line.`
			`// It's intended that you invoke this from your main function.`
Further documentation 2018-07-24 17:32:08 -06:00			`// This parses the command line arguments,`
			`// and for each PCAP file specified on the command line,`
			`// invokes a TCP assembler that sends streams to whatever is returned from factory.`
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`func Shovel(factory tcpassembly.StreamFactory) {`
Add some resources and make it build sort of 2018-07-23 10:44:30 -06:00			`//verbose := flag.Bool("verbose", false, "Write lots of information out")`
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`flag.Parse()`
go fmt 2018-07-24 17:53:06 -06:00
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`streamPool := tcpassembly.NewStreamPool(factory)`
			`assembler := tcpassembly.NewAssembler(streamPool)`
go fmt 2018-07-24 17:53:06 -06:00
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`for _, fn := range flag.Args() {`
Fix loss of state, and a thorough test 2020-09-24 20:23:43 -06:00			`ShovelFile(fn, assembler)`
			`}`

			`assembler.FlushAll()`
			`}`
go fmt 2018-07-24 17:53:06 -06:00
Fix loss of state, and a thorough test 2020-09-24 20:23:43 -06:00			`// ShovelFile shovels a single file.`
			`// You must call assembler.FlushAll() at the end of this!`
			`func ShovelFile(filename string, assembler *tcpassembly.Assembler) {`
			`handle, err := pcap.OpenOffline(filename)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`packetSource := gopacket.NewPacketSource(handle, handle.LinkType())`
			`packets := packetSource.Packets()`
			`for packet := range packets {`
			`if packet == nil {`
			`break`
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`}`
Fix loss of state, and a thorough test 2020-09-24 20:23:43 -06:00			`if packet.NetworkLayer() == nil \|\| packet.TransportLayer() == nil \|\| packet.TransportLayer().LayerType() != layers.LayerTypeTCP {`
			`continue`
			`}`
			`tcp := packet.TransportLayer().(*layers.TCP)`
			`assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)`
Start trying to make it a library 2018-07-23 09:58:31 -06:00			`}`
			`}`