Neale Pickett
·
2020-09-24
netshovel.go
1/*
2
3Package netshovel provides utilities to assist in creating of application-layer protocol decoders.
4
5examples/simple/simple.go contains a full decoder which does nothing but dump every utterance.
6It can be used as a template for new work.
7
8*/
9package netshovel
10
11import (
12 "flag"
13 "log"
14
15 "github.com/google/gopacket"
16 "github.com/google/gopacket/layers"
17 "github.com/google/gopacket/pcap"
18 "github.com/google/gopacket/tcpassembly"
19)
20
21// Shovel handles dispatching of PCAP files from the command line.
22// It's intended that you invoke this from your main function.
23// This parses the command line arguments,
24// and for each PCAP file specified on the command line,
25// invokes a TCP assembler that sends streams to whatever is returned from factory.
26func Shovel(factory tcpassembly.StreamFactory) {
27 //verbose := flag.Bool("verbose", false, "Write lots of information out")
28 flag.Parse()
29
30 streamPool := tcpassembly.NewStreamPool(factory)
31 assembler := tcpassembly.NewAssembler(streamPool)
32
33 for _, fn := range flag.Args() {
34 ShovelFile(fn, assembler)
35 }
36
37 assembler.FlushAll()
38}
39
40// ShovelFile shovels a single file.
41// You must call assembler.FlushAll() at the end of this!
42func ShovelFile(filename string, assembler *tcpassembly.Assembler) {
43 handle, err := pcap.OpenOffline(filename)
44 if err != nil {
45 log.Fatal(err)
46 }
47
48 packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
49 packets := packetSource.Packets()
50 for packet := range packets {
51 if packet == nil {
52 break
53 }
54 if packet.NetworkLayer() == nil || packet.TransportLayer() == nil || packet.TransportLayer().LayerType() != layers.LayerTypeTCP {
55 continue
56 }
57 tcp := packet.TransportLayer().(*layers.TCP)
58 assembler.AssembleWithTimestamp(packet.NetworkLayer().NetworkFlow(), tcp, packet.Metadata().Timestamp)
59 }
60}