Repository: ghedo/go.pkt Branch: master Commit: c97f47ad982f Files: 63 Total size: 261.3 KB Directory structure: gitextract_y_3guso3/ ├── .travis.yml ├── COPYING ├── README.md ├── capture/ │ ├── capture.go │ ├── file/ │ │ ├── capture.go │ │ ├── capture_test.go │ │ └── capture_test.pcap │ └── pcap/ │ ├── capture.go │ └── capture_test.go ├── examples/ │ ├── arp/ │ │ └── main.go │ ├── bpf_asm/ │ │ ├── Makefile │ │ ├── bpf_asm.l │ │ └── bpf_asm.y │ ├── dump/ │ │ └── main.go │ ├── ping/ │ │ └── main.go │ ├── route/ │ │ └── main.go │ ├── syn_scan/ │ │ └── main.go │ ├── tracereply/ │ │ └── main.go │ └── traceroute/ │ └── main.go ├── filter/ │ ├── bpf_builder.go │ ├── bpf_builder_test.go │ ├── bpf_filter.c │ ├── bpf_filter.go │ ├── bpf_filter.h │ ├── bpf_filter_test.go │ └── pcap.go ├── go.mod ├── go.sum ├── layers/ │ ├── layers.go │ └── layers_test.go ├── network/ │ └── network.go ├── packet/ │ ├── arp/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── buffer.go │ ├── eth/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── icmpv4/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── icmpv6/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── ipv4/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── ipv6/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── llc/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── packet.go │ ├── radiotap/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── raw/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── sll/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── snap/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── tcp/ │ │ ├── pkt.go │ │ └── pkt_test.go │ ├── udp/ │ │ ├── pkt.go │ │ └── pkt_test.go │ └── vlan/ │ ├── pkt.go │ └── pkt_test.go └── routing/ ├── routing.go └── routing_linux.go ================================================ FILE CONTENTS ================================================ ================================================ FILE: .travis.yml ================================================ language: go sudo: false addons: apt: packages: - libpcap0.8-dev go: - "1.11" - "tip" env: - GO111MODULE=on script: - go build ./... - go test ./... ================================================ FILE: COPYING ================================================ Copyright (c) 2014, Alessandro Ghedini All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ FILE: README.md ================================================ go.pkt ====== ![Travis CI](https://secure.travis-ci.org/ghedo/go.pkt.png) **go.pkt** provides Go libraries for capturing, injecting, filtering, encoding and decoding network packets. * [capture][capture]: provides the basic interface for packet capturing and injection. Different implementations ("pcap", "file", ...) are provided as subpackages. * [filter][filter]: provides an API for compiling and manipulating BPF filters. A filter can be either compiled from tcpdump-like expressions, or created from basic BPF instructions. Filters can then be either applied to packet sources (see the capture package) or directly run against binary data. * [packet][packet]: provides the interfaces for implementing packet encoders and decoders. Every supported protocol implements the Packet interface as a submodule of this package (e.g. packet/ipv4, packet/tcp, ...). * [layers][layers]: provides utility functions for encoding and decoding packets to/from binary data. Differently from the basic "packet" interface, this can encode and decode complete "stacks" of packets, instead of manipulating single ones. * [network][network]: provides utility functions for sending and receiving packets over the network. Basically, it hides some of the complexity of using the capture and layers packages together. * [routing][routing]: provides network routing information about the system. It can either return all available routes or select a specific route depending on a destination address. [capture]: http://godoc.org/github.com/ghedo/go.pkt/capture [filter]: http://godoc.org/github.com/ghedo/go.pkt/filter [packet]: http://godoc.org/github.com/ghedo/go.pkt/packet [layers]: http://godoc.org/github.com/ghedo/go.pkt/layers [network]: http://godoc.org/github.com/ghedo/go.pkt/network [routing]: http://godoc.org/github.com/ghedo/go.pkt/routing ## Getting Started ### Capturing Packet capturing is done using a packet "source" such as a network interface or a dump file. In the following example we create a "pcap" capture handle using the `eth0` network interface, we activate it and then capture packets using the `Capture()` method. ```go src, err := pcap.Open("eth0") if err != nil { log.Fatal(err) } defer src.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = src.Activate() if err != nil { log.Fatal(err) } for { buf, err := src.Capture() if err != nil { log.Fatal(err) } log.Println("PACKET!!!") // do something with the packet } ``` ### Injection Similarly to packet capturing, packet injection requires a capture handle. In the following example we create a capture handle like before and then use the `Inject()` method to send some data (we'll see later how to encode data in the propert formats). ```go dst, err := pcap.Open("eth0") if err != nil { log.Fatal(err) } defer dst.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = dst.Activate() if err != nil { log.Fatal(err) } err = dst.Inject([]byte("random data")) if err != nil { log.Fatal(err) } ``` ### Filtering Packet filtering is done by creating a filter (e.g. by compiling it from an expression) which can be either applied to a capture handle (by using the `ApplyFilter()` method) or used directly against a data buffer. In the following example we create a filter by compiling a tcpdump-like expression and then try to match some data against it. ```go // Match UDP or TCP packets on top of Ethernet flt, err := filter.Compile("udp or tcp", packet.Eth) if err != nil { log.Fatal(err) } if flt.Match([]byte("random data")) { log.Println("MATCH!!!") } ``` ### Encoding Encoding packets is done by using the functions provided by the `layers` package. In the following example we create an ARP packet on top of an Ethernet packet and we encode them to binary data by using the `Pack()` method. Note that you'll need to import the packages of the protocols used (`packet/eth` and `packet/arp`). ```go // Create an Ethernet packet eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") // Create an ARP packet arp_pkt := arp.Make() arp_pkt.HWSrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr = net.ParseIP("192.168.1.135") arp_pkt.ProtoDstAddr = net.ParseIP("192.168.1.254") buf, err := layers.Pack(eth_pkt, arp_pkt) if err != nil { log.Fatal(err) } // do something with the packet log.Println(buf) ``` ### Decoding Like encoding, decoding is done by using the functions provided by the `layers` package. The following example uses the `UnpackAll()` function to decode a whole chain of packets (e.g. ethernet -> ipv4 -> udp). ```go // Create the buf data buf := []byte("random data") // Assume Ethernet as datalink layer pkt, err := layers.UnpackAll(buf, packet.Eth) if err != nil { log.Fatal(err) } log.Println(pkt) ``` ### Network Instead of using the layers and capture packages together, the network package can be used instead. The following example creates an ARP request packet and uses `SendRecv()` to send it and receive a suitable answer. ```go c, err := pcap.Open("eth0") if err != nil { log.Fatal(err) } defer c.Close() err = c.Activate() if err != nil { log.Fatal(err) } // Create an Ethernet packet eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") // Create an ARP packet arp_pkt := arp.Make() arp_pkt.HWSrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr = net.ParseIP("192.168.1.135") arp_pkt.ProtoDstAddr = net.ParseIP("192.168.1.254") rsp_pkt, err := network.SendRecv(c, 0, eth_pkt, arp_pkt) if err != nil { log.Fatal(err) } log.Println(rsp_pkt) ``` ### Routing TODO For more examples have a look at the [examples](examples/) directory in the source repository. ## Dependencies * `libpcap` ## Copyright Copyright (C) 2014 Alessandro Ghedini See COPYING for the license. ================================================ FILE: capture/capture.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides the basic interface for packet capturing and injection. Different // implementations ("pcap", "file", ...) are provided as subpackages. package capture import "github.com/ghedo/go.pkt/filter" import "github.com/ghedo/go.pkt/packet" type Handle interface { LinkType() packet.Type SetMTU(mtu int) error SetPromiscMode(promisc bool) error SetMonitorMode(monitor bool) error ApplyFilter(filter *filter.Filter) error Activate() error Capture() ([]byte, error) Inject(buf []byte) error Close() } ================================================ FILE: capture/file/capture.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides native packet capturing and injection on pcap dump files without // requiring the libpcap library. package file import "bytes" import "encoding/binary" import "fmt" import "io" import "os" import "github.com/ghedo/go.pkt/filter" import "github.com/ghedo/go.pkt/packet" type Handle struct { File string file *os.File out *os.File order binary.ByteOrder link uint32 mtu uint32 filter *filter.Filter } var BigEndian = []byte{0xa1, 0xb2, 0xc3, 0xd4} var LittleEndian = []byte{0xd4, 0xc3, 0xb2, 0xa1} // Create a new capture handle from the given dump file. This will either open // the file if it exists, or create a new one. func Open(file_name string) (*Handle, error) { handle := &Handle{ File: file_name } open := open_file if _, err := os.Stat(file_name); os.IsNotExist(err) { open = create_file } file, err := open(file_name) if err != nil { return nil, err } handle.file = file handle.file.Seek(0, 0) magic := make([]byte, 4) file.Read(magic) switch { case bytes.Equal(magic, BigEndian): handle.order = binary.BigEndian case bytes.Equal(magic, LittleEndian): handle.order = binary.LittleEndian default: handle.file.Close() return nil, fmt.Errorf("Invalid file") } var ver_maj, ver_min uint16 var discard, mtu, link_type uint32 binary.Read(file, handle.order, &ver_maj) binary.Read(file, handle.order, &ver_min) binary.Read(file, handle.order, &discard) binary.Read(file, handle.order, &discard) binary.Read(file, handle.order, &mtu) binary.Read(file, handle.order, &link_type) handle.link = link_type handle.mtu = mtu /* * Use a different file handle for injecting packages so that we don't * need to seek back and forth for capturing and injecting */ handle.out, _ = open_file(file_name) handle.out.Seek(0, 2) return handle, nil } func create_file(file_name string) (*os.File, error) { file, err := os.Create(file_name) if err != nil { return nil, fmt.Errorf("Could not create file: %s", err) } file.Write(BigEndian) /* endiannes */ binary.Write(file, binary.BigEndian, uint16(2)) /* ver major */ binary.Write(file, binary.BigEndian, uint16(4)) /* ver minor */ binary.Write(file, binary.BigEndian, uint32(0)) binary.Write(file, binary.BigEndian, uint32(0)) binary.Write(file, binary.BigEndian, uint32(0x7fff)) /* MTU */ binary.Write(file, binary.BigEndian, uint32(1)) /* link type */ return file, nil } func open_file(file_name string) (*os.File, error) { file, err := os.OpenFile(file_name, os.O_RDWR, 0644); if err != nil { return nil, fmt.Errorf("Could not open file: %s", err) } return file, nil } // Return the link type of the capture handle (that is, the type of packets that // come out of the packet source). func (h *Handle) LinkType() packet.Type { return packet.LinkType(h.link) } // Not supported. func (h *Handle) SetMTU(mtu int) error { return fmt.Errorf("Unsupported") } // Not supported. func (h *Handle) SetPromiscMode(promisc bool) error { return fmt.Errorf("Unsupported") } // Not supported. func (h *Handle) SetMonitorMode(monitor bool) error { return fmt.Errorf("Unsupported") } // Apply the given filter it to the packet source. Only packets that match this // filter will be captured. func (h *Handle) ApplyFilter(filter *filter.Filter) error { if !filter.Validate() { return fmt.Errorf("Invalid filter") } h.filter = filter return nil } // Activate the capture handle (this is not needed for the file capture handle, // but you may want to call it anyway in order to make switching to different // packet sources easier). func (h *Handle) Activate() error { return nil } // Capture a single packet from the packet source. If no packet is available // (i.e. if the end of the dump file has been reached) it will return a nil // slice. func (h *Handle) Capture() ([]byte, error) { var buf []byte var sec, usec, caplen, wirelen uint32 for { binary.Read(h.file, h.order, &sec) binary.Read(h.file, h.order, &usec) binary.Read(h.file, h.order, &caplen) binary.Read(h.file, h.order, &wirelen) if caplen == 0 { return nil, nil } buf = make([]byte, int(caplen)) _, err := h.file.Read(buf) if err == io.EOF { return nil, nil } if err != nil { return nil, fmt.Errorf("Could not capture: %s", err) } if h.filter != nil && !h.filter.Match(buf) { continue } break } return buf, nil } // Inject a packet in the packet source. This will automatically append packets // at the end of the dump file, instead of truncating it. func (h *Handle) Inject(buf []byte) error { var sec, usec, caplen, wirelen uint32 sec = 0 usec = 0 caplen = uint32(len(buf)) wirelen = caplen binary.Write(h.out, h.order, sec) binary.Write(h.out, h.order, usec) binary.Write(h.out, h.order, caplen) binary.Write(h.out, h.order, wirelen) n, err := h.out.Write(buf) if err != nil || n < len(buf) { return fmt.Errorf("Could not write packet: %s", err) } return nil } // Close the packet source. func (h *Handle) Close() { h.file.Close() h.out.Close() } ================================================ FILE: capture/file/capture_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package file_test import "log" import "testing" import "github.com/ghedo/go.pkt/capture/file" import "github.com/ghedo/go.pkt/filter" func TestCapture(t *testing.T) { src, err := file.Open("capture_test.pcap") if err != nil { t.Fatalf("Error opening: %s", err) } defer src.Close() var count uint64 for { buf, err := src.Capture() if err != nil { t.Fatalf("Error reading: %s", err) } if buf == nil { break } count++ } if count != 16 { t.Fatalf("Count mismatch: %d", count) } } func TestCaptureFilter(t *testing.T) { src, err := file.Open("capture_test.pcap") if err != nil { t.Fatalf("Error opening: %s", err) } defer src.Close() flt, err := filter.Compile("arp", src.LinkType(), false) if err != nil { t.Fatalf("Error parsing filter: %s", err) } defer flt.Cleanup() err = src.ApplyFilter(flt) if err != nil { t.Fatalf("Error applying filter: %s", err) } var count uint64 for { buf, err := src.Capture() if err != nil { t.Fatalf("Error reading: %s %d", err, count) } if buf == nil { break } count++ } if count != 2 { t.Fatalf("Count mismatch: %d", count) } } func TestInject(t *testing.T) { src, err := file.Open("capture_test.pcap") if err != nil { t.Fatalf("Error opening: %s", err) } defer src.Close() dst, err := file.Open("inject_test.pcap") if err != nil { t.Fatalf("Error opening: %s", err) } defer dst.Close() var count uint64 for { buf, err := src.Capture() if err != nil { t.Fatalf("Error reading: %s", err) } if buf == nil { break } err = dst.Inject(buf) if err != nil { t.Fatalf("Error writing: %s", err) } count++ } if count != 16 { t.Fatalf("Count mismatch: %d", count) } } func ExampleCapture() { src, err := file.Open("/path/to/file/dump.pcap") if err != nil { log.Fatal(err) } defer src.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = src.Activate() if err != nil { log.Fatal(err) } for { buf, err := src.Capture() if err != nil { log.Fatal(err) } if buf == nil { break } log.Println("PACKET!!!") // do something with the packet } } func ExampleInject() { dst, err := file.Open("/path/to/file/dump.pcap") if err != nil { log.Fatal(err) } defer dst.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = dst.Activate() if err != nil { log.Fatal(err) } err = dst.Inject([]byte("random data")) if err != nil { log.Fatal(err) } } ================================================ FILE: capture/pcap/capture.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides packet capturing and injection on live network interfaces via // libpcap. package pcap // #cgo LDFLAGS: -lpcap // #include // #include import "C" import "fmt" import "unsafe" import "github.com/ghedo/go.pkt/filter" import "github.com/ghedo/go.pkt/packet" type Handle struct { Device string pcap *C.pcap_t } // Create a new capture handle from the given network interface. Noe that this // may require root privileges. func Open(dev_name string) (*Handle, error) { handle := &Handle{ Device: dev_name } dev_str := C.CString(dev_name) defer C.free(unsafe.Pointer(dev_str)) err_str := (*C.char)(C.calloc(256, 1)) defer C.free(unsafe.Pointer(err_str)) handle.pcap = C.pcap_create(dev_str, err_str) if handle == nil { return nil, fmt.Errorf( "Could not open device: %s", C.GoString(err_str), ) } return handle, nil } // Return the link type of the capture handle (that is, the type of packets that // come out of the packet source). func (h *Handle) LinkType() packet.Type { return packet.LinkType(uint32(C.pcap_datalink(h.pcap))) } func (h *Handle) SetMTU(mtu int) error { err := C.pcap_set_snaplen(h.pcap, C.int(mtu)) if err < 0 { return fmt.Errorf("Handle already active") } return nil } // Enable/disable promiscuous mode. func (h *Handle) SetPromiscMode(promisc bool) error { var promisc_int C.int if promisc { promisc_int = 1 } else { promisc_int = 0 } err := C.pcap_set_promisc(h.pcap, promisc_int) if err < 0 { return fmt.Errorf("Handle already active") } return nil } // Enable/disable monitor mode. This is only relevant to RF-based packet sources // (e.g. a WiFi or Bluetooth network interface) func (h *Handle) SetMonitorMode(monitor bool) error { var rfmon_int C.int if monitor { rfmon_int = 1 } else { rfmon_int = 0 } err := C.pcap_set_rfmon(h.pcap, rfmon_int) if err < 0 { return fmt.Errorf("Handle already active") } return nil } // Apply the given filter it to the packet source. Only packets that match this // filter will be captured. func (h *Handle) ApplyFilter(filter *filter.Filter) error { if !filter.Validate() { return fmt.Errorf("Invalid filter") } err_str := (*C.char)(C.calloc(256, 1)) defer C.free(unsafe.Pointer(err_str)) dev_str := C.CString(h.Device) defer C.free(unsafe.Pointer(dev_str)) err := C.pcap_setfilter(h.pcap, (*C.struct_bpf_program)(filter.Program())) if err < 0 { return fmt.Errorf("Could not set filter: %s", h.get_error()) } return nil } // Activate the packet source. Note that after calling this method it will not // be possible to change the packet source configuration (MTU, promiscuous mode, // monitor mode, ...) func (h *Handle) Activate() error { err := C.pcap_activate(h.pcap) if err < 0 { return fmt.Errorf("Could not activate: %s", h.get_error()) } return nil } // Capture a single packet from the packet source. This will block until a // packet is received. func (h *Handle) Capture() ([]byte, error) { var buf *C.u_char var pkt_hdr *C.struct_pcap_pkthdr for { err := C.pcap_next_ex(h.pcap, &pkt_hdr, &buf) switch err { case -2: return nil, nil case -1: return nil, fmt.Errorf( "Could not read packet: %s", h.get_error(), ) case 0: continue case 1: return C.GoBytes(unsafe.Pointer(buf), C.int(pkt_hdr.len)), nil } } return nil, fmt.Errorf("WTF") } // Inject a packet in the packet source. func (h *Handle) Inject(buf []byte) error { cbuf := (*C.u_char)(&buf[0]) blen := C.int(len(buf)) err := C.pcap_sendpacket(h.pcap, cbuf, blen) if err < 0 { return fmt.Errorf("Could not inject packet: %s", h.get_error()) } return nil } // Close the packet source. func (h *Handle) Close() { C.pcap_close(h.pcap) } func (h *Handle) get_error() error { err_str := C.pcap_geterr(h.pcap) return fmt.Errorf(C.GoString(err_str)) } ================================================ FILE: capture/pcap/capture_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package pcap_test import "log" import "github.com/ghedo/go.pkt/capture/pcap" func ExampleCapture() { src, err := pcap.Open("eth0") if err != nil { log.Fatal(err) } defer src.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = src.Activate() if err != nil { log.Fatal(err) } for { buf, err := src.Capture() if err != nil { log.Fatal(err) } log.Printf("PACKET!!! %v", buf) // do something with the packet } } func ExampleInject() { dst, err := pcap.Open("eth0") if err != nil { log.Fatal(err) } defer dst.Close() // you may configure the source further, e.g. by activating // promiscuous mode. err = dst.Activate() if err != nil { log.Fatal(err) } err = dst.Inject([]byte("random data")) if err != nil { log.Fatal(err) } } ================================================ FILE: examples/arp/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "log" import "net" import "time" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/capture/pcap" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/arp" import "github.com/ghedo/go.pkt/network" import "github.com/ghedo/go.pkt/routing" func main() { log.SetFlags(0) usage := `Usage: arp Resolve the given IP address using ARP.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } addr := args[""].(string) addr_ip := net.ParseIP(addr) timeout := 5 * time.Second route, err := routing.RouteTo(addr_ip) if err != nil { log.Fatalf("Error: %s", err) } if route == nil { log.Println("No route found") } c, err := pcap.Open(route.Iface.Name) if err != nil { log.Fatalf("Error opening interface: %s", err) } defer c.Close() err = c.Activate() if err != nil { log.Fatalf("Error activating source: %s", err) } eth_pkt := eth.Make() eth_pkt.SrcAddr = route.Iface.HardwareAddr eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") arp_pkt := arp.Make() arp_pkt.HWSrcAddr = route.Iface.HardwareAddr arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr, _ = route.GetIfaceIPv4Addr() arp_pkt.ProtoDstAddr = addr_ip pkt, err := network.SendRecv(c, timeout, eth_pkt, arp_pkt) if err != nil { log.Fatal(err) } log.Println(pkt.Payload().(*arp.Packet).HWSrcAddr) } ================================================ FILE: examples/bpf_asm/Makefile ================================================ all: bpf_asm bpf_asm: bpf_asm.nn.go y.go go build -o bpf_asm bpf_asm.nn.go y.go y.go: bpf_asm.y go tool yacc bpf_asm.y bpf_asm.nn.go: bpf_asm.l nex bpf_asm.l ================================================ FILE: examples/bpf_asm/bpf_asm.l ================================================ /ldb/ { return OP_LDB } /ldh/ { return OP_LDH } /ld/ { return OP_LD } /ldi/ { return OP_LDI } /ldx/ { return OP_LDX } /ldxi/ { return OP_LDXI } /ldxb/ { return OP_LDXB } /st/ { return OP_ST } /stx/ { return OP_STX } /jmp/ { return OP_JMP } /ja/ { return OP_JMP } /jeq/ { return OP_JEQ } /jneq/ { return OP_JNEQ } /jne/ { return OP_JNEQ } /jlt/ { return OP_JLT } /jle/ { return OP_JLE } /jgt/ { return OP_JGT } /jge/ { return OP_JGE } /jset/ { return OP_JSET } /add/ { return OP_ADD } /sub/ { return OP_SUB } /mul/ { return OP_MUL } /div/ { return OP_DIV } /neg/ { return OP_NEG } /and/ { return OP_AND } /or/ { return OP_OR } /lsh/ { return OP_LSH } /rsh/ { return OP_RSH } /ret/ { return OP_RET } /tax/ { return OP_TAX } /txa/ { return OP_TXA } /#?len/ { return K_PKT_LEN } /#?proto/ { return K_PROTO } /#?type/ { return K_TYPE } /#?poff/ { return K_POFF } /#?ifidx/ { return K_IFIDX } /#?nla/ { return K_NLATTR } /#?nlan/ { return K_NLATTR_NEST } /#?mark/ { return K_MARK } /#?queue/ { return K_QUEUE } /#?hatype/ { return K_HATYPE } /#?rxhash/ { return K_RXHASH } /#?cpu/ { return K_CPU } /#?vlan_tci/ { return K_VLANT } /#?vlan_pr/ { return K_VLANP } /:/ { return ':' } /,/ { return ',' } /#/ { return '#' } /%/ { return '%' } /\[/ { return '[' } /\]/ { return ']' } /$/ { return '(' } /$/ { return ')' } /x/ { return 'x' } /a/ { return 'a' } /\+/ { return '+' } /M/ { return 'M' } /\*/ { return '*' } /&/ { return '&' } /([0][x][a-fA-F0-9]+)/ { str := strings.TrimPrefix(yylex.Text(), "0x") num, _ := strconv.ParseUint(str, 16, 32) lval.number = uint32(num) return number } /([0][b][0-1]+)/ { str := strings.TrimPrefix(yylex.Text(), "0b") num, _ := strconv.ParseUint(str, 2, 32) lval.number = uint32(num) return number } /(([0])|([-+]?[1-9][0-9]*))/ { num, _ := strconv.ParseUint(yylex.Text(), 10, 32) lval.number = uint32(num) return number } /([0][0-9]+)/ { str := strings.TrimPrefix(yylex.Text(), "0") num, _ := strconv.ParseUint(str, 8, 32) lval.number = uint32(num) return number } /[a-zA-Z_][a-zA-Z0-9_]+/ { lval.label = yylex.Text() return label } // package main import "log" import "strconv" import "os" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/filter" var bld *filter.Builder func main() { log.SetFlags(0) usage := `Usage: bpf_asm ` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } file, err := os.Open(args[""].(string)) if err != nil { log.Fatalf("Error opening file: %s", err) } bld = filter.NewBuilder() lex := NewLexer(file) yyParse(lex) flt := bld.Build() if !flt.Validate() { log.Fatalf("Invalid filter") } log.Println(flt) } ================================================ FILE: examples/bpf_asm/bpf_asm.y ================================================ %{ package main import "github.com/ghedo/go.pkt/filter" %} %union { label string number uint32 } %token OP_LDB %token OP_LDH %token OP_LD %token OP_LDI %token OP_LDX %token OP_LDXI %token OP_LDXB %token OP_ST %token OP_STX %token OP_JMP %token OP_JEQ %token OP_JNEQ %token OP_JLT %token OP_JLE %token OP_JGT %token OP_JGE %token OP_JSET %token OP_ADD %token OP_SUB %token OP_MUL %token OP_DIV %token OP_NEG %token OP_AND %token OP_OR %token OP_LSH %token OP_RSH %token OP_RET %token OP_TAX %token OP_TXA %token K_PKT_LEN %token K_PROTO %token K_TYPE %token K_POFF %token K_IFIDX %token K_NLATTR %token K_NLATTR_NEST %token K_MARK %token K_QUEUE %token K_HATYPE %token K_RXHASH %token K_CPU %token K_VLANT %token K_VLANP %token number %token label %token jtl %token jfl %token jkl %token ':' ',' '[' ']' '(' ')' 'x' 'a' '+' 'M' '*' '&' '#' '%' %type label %type number %% prog : line | prog line ; line : instr | labelled_instr ; labelled_instr : labelled instr ; instr : ldb | ldh | ld | ldi | ldx | ldxi | st | stx | jmp | jeq | jneq | jlt | jle | jgt | jge | jset | add | sub | mul | div | neg | and | or | lsh | rsh | ret | tax | txa ; labelled : label ':' { bld.Label($1) } ; ldb : OP_LDB '[' 'x' '+' number ']' { bld.LD(filter.Byte, filter.IND, $5) } | OP_LDB '[' '%' 'x' '+' number ']' { bld.LD(filter.Byte, filter.IND, $6) } | OP_LDB '[' number ']' { bld.LD(filter.Byte, filter.ABS, $3) } ; ldh : OP_LDH '[' 'x' '+' number ']' { bld.LD(filter.Half, filter.IND, $5) } | OP_LDH '[' '%' 'x' '+' number ']' { bld.LD(filter.Half, filter.IND, $6) } | OP_LDH '[' number ']' { bld.LD(filter.Half, filter.ABS, $3) } ; ldi : OP_LDI '#' number { bld.LD(filter.Word, filter.IMM, $3) } | OP_LDI number { bld.LD(filter.Word, filter.IMM, $2) } ; ld : OP_LD '#' number { bld.LD(filter.Word, filter.IMM, $3) } | OP_LD K_PKT_LEN { bld.LD(filter.Word, filter.LEN, 0) } | OP_LD 'M' '[' number ']' { bld.LD(filter.Word, filter.MEM, $4) } | OP_LD '[' 'x' '+' number ']' { bld.LD(filter.Word, filter.IND, $5) } | OP_LD '[' '%' 'x' '+' number ']' { bld.LD(filter.Word, filter.IND, $6) } | OP_LD '[' number ']' { bld.LD(filter.Word, filter.ABS, $3) } ; ldxi : OP_LDXI '#' number { bld.LDX(filter.Word, filter.IMM, $3) } | OP_LDXI number { bld.LDX(filter.Word, filter.IMM, $2) } ; ldx : OP_LDX '#' number { bld.LDX(filter.Word, filter.IMM, $3) } | OP_LDX K_PKT_LEN { bld.LDX(filter.Word, filter.LEN, 0) } | OP_LDX 'M' '[' number ']' { bld.LDX(filter.Word, filter.MEM, $4) } | OP_LDXB number '*' '(' '[' number ']' '&' number ')' { if ($2 != 4 || $9 != 0xf) { yylex.Error("ldxb offset not supported!") } else { bld.LDX(filter.Byte, filter.MSH, $6) } } | OP_LDX number '*' '(' '[' number ']' '&' number ')' { if ($2 != 4 || $9 != 0xf) { yylex.Error("ldxb offset not supported!") } else { bld.LDX(filter.Byte, filter.MSH, $6) } } ; st : OP_ST 'M' '[' number ']' { bld.ST($4) } ; stx : OP_STX 'M' '[' number ']' { bld.STX($4) } ; jmp : OP_JMP label { bld.JA($2) } ; jeq : OP_JEQ '#' number ',' label ',' label { bld.JEQ(filter.Const, $5, $7, $3) } | OP_JEQ 'x' ',' label ',' label { bld.JEQ(filter.Index, $4, $6, 0) } | OP_JEQ '%' 'x' ',' label ',' label { bld.JEQ(filter.Index, $5, $7, 0) } | OP_JEQ '#' number ',' label { bld.JEQ(filter.Const, "", $5, $3) } | OP_JEQ 'x' ',' label { bld.JEQ(filter.Index, "", $4, 0) } | OP_JEQ '%' 'x' ',' label { bld.JEQ(filter.Index, "", $5, 0) } ; jneq : OP_JNEQ '#' number ',' label { bld.JEQ(filter.Const, "", $5, $3) } | OP_JNEQ 'x' ',' label { bld.JEQ(filter.Index, "", $4, 0) } | OP_JNEQ '%' 'x' ',' label { bld.JEQ(filter.Index, "", $5, 0) } ; jlt : OP_JLT '#' number ',' label { bld.JGE(filter.Const, "", $5, $3) } | OP_JLT 'x' ',' label { bld.JGE(filter.Index, "", $4, 0) } | OP_JLT '%' 'x' ',' label { bld.JGE(filter.Index, "", $5, 0) } ; jle : OP_JLE '#' number ',' label { bld.JGT(filter.Const, "", $5, $3) } | OP_JLE 'x' ',' label { bld.JGT(filter.Index, "", $4, 0) } | OP_JLE '%' 'x' ',' label { bld.JGT(filter.Index, "", $5, 0) } ; jgt : OP_JGT '#' number ',' label ',' label { bld.JGT(filter.Const, $5, $7, $3) } | OP_JGT 'x' ',' label ',' label { bld.JGT(filter.Index, $4, $6, 0) } | OP_JGT '%' 'x' ',' label ',' label { bld.JGT(filter.Index, $5, $7, 0) } | OP_JGT '#' number ',' label { bld.JGT(filter.Const, "", $5, $3) } | OP_JGT 'x' ',' label { bld.JGT(filter.Index, "", $4, 0) } | OP_JGT '%' 'x' ',' label { bld.JGT(filter.Index, "", $5, 0) } ; jge : OP_JGE '#' number ',' label ',' label { bld.JGE(filter.Const, $5, $7, $3) } | OP_JGE 'x' ',' label ',' label { bld.JGE(filter.Index, $4, $6, 0) } | OP_JGE '%' 'x' ',' label ',' label { bld.JGE(filter.Index, $5, $7, 0) } | OP_JGE '#' number ',' label { bld.JGE(filter.Const, "", $5, $3) } | OP_JGE 'x' ',' label { bld.JGE(filter.Index, "", $4, 0) } | OP_JGE '%' 'x' ',' label { bld.JGE(filter.Index, "", $5, 0) } ; jset : OP_JSET '#' number ',' label ',' label { bld.JSET(filter.Const, $5, $7, $3) } | OP_JSET 'x' ',' label ',' label { bld.JSET(filter.Index, $4, $6, 0) } | OP_JSET '%' 'x' ',' label ',' label { bld.JSET(filter.Index, $5, $7, 0) } | OP_JSET '#' number ',' label { bld.JSET(filter.Const, "", $5, $3) } | OP_JSET 'x' ',' label { bld.JSET(filter.Index, "", $4, 0) } | OP_JSET '%' 'x' ',' label { bld.JSET(filter.Index, "", $5, 0) } ; add : OP_ADD '#' number { bld.ADD(filter.Const, $3) } | OP_ADD 'x' { bld.ADD(filter.Index, 0) } | OP_ADD '%' 'x' { bld.ADD(filter.Index, 0) } ; sub : OP_SUB '#' number { bld.SUB(filter.Const, $3) } | OP_SUB 'x' { bld.SUB(filter.Index, 0) } | OP_SUB '%' 'x' { bld.SUB(filter.Index, 0) } ; mul : OP_MUL '#' number { bld.MUL(filter.Const, $3) } | OP_MUL 'x' { bld.MUL(filter.Index, 0) } | OP_MUL '%' 'x' { bld.MUL(filter.Index, 0) } ; div : OP_DIV '#' number { bld.DIV(filter.Const, $3) } | OP_DIV 'x' { bld.DIV(filter.Index, 0) } | OP_DIV '%' 'x' { bld.DIV(filter.Index, 0) } ; neg : OP_NEG { bld.NEG() } ; and : OP_AND '#' number { bld.AND(filter.Const, $3) } | OP_AND 'x' { bld.AND(filter.Index, 0) } | OP_AND '%' 'x' { bld.AND(filter.Index, 0) } ; or : OP_OR '#' number { bld.OR(filter.Const, $3) } | OP_OR 'x' { bld.OR(filter.Index, 0) } | OP_OR '%' 'x' { bld.OR(filter.Index, 0) } ; lsh : OP_LSH '#' number { bld.LSH(filter.Const, $3) } | OP_LSH 'x' { bld.LSH(filter.Index, 0) } | OP_LSH '%' 'x' { bld.LSH(filter.Index, 0) } ; rsh : OP_RSH '#' number { bld.RSH(filter.Const, $3) } | OP_RSH 'x' { bld.RSH(filter.Index, 0) } | OP_RSH '%' 'x' { bld.RSH(filter.Index, 0) } ; ret : OP_RET 'a' { bld.RET(filter.Acc, 0) } | OP_RET '%' 'a' { bld.RET(filter.Acc, 0) } | OP_RET 'x' { bld.RET(filter.Index, 0) } | OP_RET '%' 'x' { bld.RET(filter.Index, 0) } | OP_RET '#' number { bld.RET(filter.Const, $3) } ; tax : OP_TAX { bld.TAX() } ; txa : OP_TXA { bld.TXA() } ; %% ================================================ FILE: examples/dump/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "log" import "strconv" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/capture" import "github.com/ghedo/go.pkt/capture/pcap" import "github.com/ghedo/go.pkt/capture/file" import "github.com/ghedo/go.pkt/filter" import "github.com/ghedo/go.pkt/layers" func main() { log.SetFlags(0) usage := `Usage: dump [options] [] Dump the traffic on the network (like tcpdump). Options: -c Exit after receiving count packets. -i Listen on interface. -r Read packets from file. -w Write the raw packets to file.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } var count uint64 if args["-c"] != nil { count, err = strconv.ParseUint(args["-c"].(string), 10, 64) if err != nil { log.Fatalf("Error parsing count: %s", err) } } var src capture.Handle if args["-i"] != nil { src, err = pcap.Open(args["-i"].(string)) if err != nil { log.Fatalf("Error opening iface: %s", err) } } else if args["-r"] != nil { src, err = file.Open(args["-r"].(string)) if err != nil { log.Fatalf("Error opening file: %s", err) } } else { log.Fatalf("Must select a source (either -i or -r)") } defer src.Close() var dst capture.Handle if args["-w"] != nil { dst, err = file.Open(args["-w"].(string)) if err != nil { log.Fatalf("Error opening file: %s", err) } defer dst.Close() } err = src.Activate() if err != nil { log.Fatalf("Error activating source: %s", err) } if args[""] != nil { expr := args[""].(string) flt, err := filter.Compile(expr, src.LinkType(), false) if err != nil { log.Fatalf("Error parsing filter: %s", err) } defer flt.Cleanup() err = src.ApplyFilter(flt) if err != nil { log.Fatalf("Error appying filter: %s", err) } } var i uint64 for { buf, err := src.Capture() if err != nil { log.Fatalf("Error: %s", err) break } if buf == nil { break } i++ if dst == nil { rcv_pkt, err := layers.UnpackAll(buf, src.LinkType()) if err != nil { log.Printf("Error: %s\n", err) } log.Println(rcv_pkt) } else { dst.Inject(buf) } if count > 0 && i >= count { break } } } ================================================ FILE: examples/ping/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "log" import "math/rand" import "net" import "time" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/capture/pcap" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/icmpv4" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/network" import "github.com/ghedo/go.pkt/routing" func main() { log.SetFlags(0) usage := `Usage: ping Ping the given IP address.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } addr := args[""].(string) addr_ip := net.ParseIP(addr) timeout := 5 * time.Second route, err := routing.RouteTo(addr_ip) if err != nil { log.Fatalf("Error: %s", err) } if route == nil { log.Println("No route found") } c, err := pcap.Open(route.Iface.Name) if err != nil { log.Fatalf("Error opening interface: %s", err) } defer c.Close() err = c.Activate() if err != nil { log.Fatalf("Error activating source: %s", err) } eth_pkt := eth.Make() eth_pkt.SrcAddr = route.Iface.HardwareAddr eth_pkt.DstAddr, _ = network.NextHopMAC(c, timeout, route, addr_ip) ipv4_pkt := ipv4.Make() ipv4_pkt.SrcAddr, _ = route.GetIfaceIPv4Addr() ipv4_pkt.DstAddr = addr_ip icmp_pkt := icmpv4.Make() icmp_pkt.Type = icmpv4.EchoRequest icmp_pkt.Seq = 0 icmp_pkt.Id = uint16(rand.Intn(65535)) _, err = network.SendRecv(c, timeout, eth_pkt, ipv4_pkt, icmp_pkt) if err != nil { log.Fatal(err) } log.Println("ping") } ================================================ FILE: examples/route/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "log" import "net" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/routing" func main() { log.SetFlags(0) usage := `Usage: route [options] [] Find the best route on the local routing table to the given destination IP address (or dump all routes). Options: -a Dump all routes.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } if args["-a"].(bool) { routes, err := routing.Routes() if err != err { log.Fatalf("Error: %s", err) } for _, r := range routes { log.Println(r) } return } if args[""] == nil { log.Fatalf("Must pass destination address") } route, err := routing.RouteTo(net.ParseIP(args[""].(string))) if err != nil { log.Fatalf("Error: %s", err) } if route != nil { log.Println(route) } else { log.Println("No route found") } } ================================================ FILE: examples/syn_scan/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "fmt" import "log" import "math" import "math/rand" import "net" import "time" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/capture/pcap" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/tcp" import "github.com/ghedo/go.pkt/layers" import "github.com/ghedo/go.pkt/network" import "github.com/ghedo/go.pkt/routing" func main() { log.SetFlags(0) usage := `Usage: syn_scan Simple TCP port scanner.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } addr := args[""].(string) addr_ip := net.ParseIP(addr) timeout := 1 * time.Second route, err := routing.RouteTo(addr_ip) if err != nil { log.Fatalf("Error: %s", err) } if route == nil { log.Println("No route found") } c, err := pcap.Open(route.Iface.Name) if err != nil { log.Fatalf("Error opening interface: %s", err) } defer c.Close() err = c.Activate() if err != nil { log.Fatalf("Error activating source: %s", err) } eth_pkt := eth.Make() eth_pkt.SrcAddr = route.Iface.HardwareAddr eth_pkt.DstAddr, _ = network.NextHopMAC(c, timeout, route, addr_ip) ipv4_pkt := ipv4.Make() ipv4_pkt.SrcAddr, _ = route.GetIfaceIPv4Addr() ipv4_pkt.DstAddr = addr_ip tcp_pkt := tcp.Make() tcp_pkt.SrcPort = 49152 tcp_pkt.DstPort = 1 tcp_pkt.Flags = tcp.Syn tcp_pkt.Seq = uint32(rand.Intn(math.MaxUint32)) tcp_pkt.WindowSize = 5840 for port := uint16(1); port < math.MaxUint16; port ++ { tcp_pkt.DstPort = port fmt.Printf("Scanning port %.5d: ", port) pkt, err := network.SendRecv(c, timeout, eth_pkt, ipv4_pkt, tcp_pkt) if err != nil { fmt.Printf("%s\n", err) continue } tcp_pkt := layers.FindLayer(pkt, packet.TCP).(*tcp.Packet) if tcp_pkt.Flags & tcp.Rst == 0 { fmt.Printf("OPEN\n") } else if tcp_pkt.Flags & tcp.Syn == 0{ fmt.Printf("CLOSED\n") } } } ================================================ FILE: examples/tracereply/main.go ================================================ package main import "log" import "net" import "strconv" import "github.com/docopt/docopt-go" import "github.com/songgao/water" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv6" import "github.com/ghedo/go.pkt/packet/icmpv6" import "github.com/ghedo/go.pkt/packet/tcp" import "github.com/ghedo/go.pkt/packet/udp" import "github.com/ghedo/go.pkt/layers" func main() { log.SetFlags(0) usage := `Usage: tracereply Reply to ICMPv6 traceroutes.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } netif := args[""].(string) ip := net.ParseIP(args[""].(string)) hops, err := strconv.ParseUint(args[""].(string), 10, 8) if err != nil { log.Fatalf("Error parsing hop paramenter: %s", err) } config := water.Config{ DeviceType: water.TUN } config.Name = netif capture, err := water.New(config) if err != nil { log.Fatalf("Error creating capture interface: %s", err) } for { buf := make([]byte, 1500) buf_len, err := capture.Read(buf) if err != nil { log.Fatalf("Error reading packet from interface: %s", err) } buf = buf[:buf_len] pkt, err := layers.UnpackAll(buf, packet.IPv6) if err != nil { log.Printf("Error unpacking packet: %s", err) continue; } ip_pkt := layers.FindLayer(pkt, packet.IPv6) if ip_pkt == nil { continue; } if ip_pkt.Payload() == nil { continue } reply_ip_pkt := ipv6.Make() reply_ip_pkt.DstAddr = ip_pkt.(*ipv6.Packet).SrcAddr ttl := ip_pkt.(*ipv6.Packet).HopLimit reply_pkts := []packet.Packet{ reply_ip_pkt } switch { case uint64(ttl) < hops: []byte(ip)[len(ip) - 1] = ttl reply_ip_pkt.SrcAddr = ip reply_pkt := icmpv6.Make() reply_pkt.Type = icmpv6.TimeExceeded reply_pkt.Code = 0 reply_pkts = append(reply_pkts, reply_pkt, ip_pkt, ip_pkt.Payload()) case uint64(ttl) >= hops: reply_ip_pkt.SrcAddr = ip_pkt.(*ipv6.Packet).DstAddr switch ip_pkt.Payload().GetType() { case packet.ICMPv6: reply_pkt := icmpv6.Make() reply_pkt.Type = icmpv6.EchoReply reply_pkt.Code = 0 reply_pkt.Body = ip_pkt.Payload().(*icmpv6.Packet).Body reply_pkts = append(reply_pkts, reply_pkt) case packet.TCP: reply_pkt := tcp.Make() reply_pkt.SrcPort = ip_pkt.Payload().(*tcp.Packet).DstPort reply_pkt.DstPort = ip_pkt.Payload().(*tcp.Packet).SrcPort reply_pkt.Flags = tcp.Rst reply_pkts = append(reply_pkts, reply_pkt) case packet.UDP: reply_pkt := udp.Make() reply_pkt.SrcPort = ip_pkt.Payload().(*udp.Packet).DstPort reply_pkt.DstPort = ip_pkt.Payload().(*udp.Packet).SrcPort reply_pkts = append(reply_pkts, reply_pkt, ip_pkt.Payload().Payload()) } } reply_buf, err := layers.Pack(reply_pkts...) if err != nil { log.Printf("Error while packing: %s\n", err) continue; } capture.Write(reply_buf) } } ================================================ FILE: examples/traceroute/main.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package main import "log" import "math" import "math/rand" import "net" import "time" import "github.com/docopt/docopt-go" import "github.com/ghedo/go.pkt/capture/pcap" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/icmpv4" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/raw" import "github.com/ghedo/go.pkt/packet/tcp" import "github.com/ghedo/go.pkt/packet/udp" import "github.com/ghedo/go.pkt/layers" import "github.com/ghedo/go.pkt/network" import "github.com/ghedo/go.pkt/routing" func main() { log.SetFlags(0) usage := `Usage: traceroute (--icmp | --udp | --tcp ) Find the route to the given IP address using ICMP, UDP or TCP packets. Options: --icmp Use ICMP packets. --udp Use UDP packets. --tcp Use TCP packets.` args, err := docopt.Parse(usage, nil, true, "", false) if err != nil { log.Fatalf("Invalid arguments: %s", err) } addr := args[""].(string) addr_ip := net.ParseIP(addr) timeout := 5 * time.Second route, err := routing.RouteTo(addr_ip) if err != nil { log.Fatalf("Error: %s", err) } if route == nil { log.Println("No route found") } c, err := pcap.Open(route.Iface.Name) if err != nil { log.Fatalf("Error opening interface: %s", err) } defer c.Close() err = c.Activate() if err != nil { log.Fatalf("Error activating source: %s", err) } eth_pkt := eth.Make() eth_pkt.SrcAddr = route.Iface.HardwareAddr eth_pkt.DstAddr, _ = network.NextHopMAC(c, timeout, route, addr_ip) ipv4_pkt := ipv4.Make() ipv4_pkt.SrcAddr, _ = route.GetIfaceIPv4Addr() ipv4_pkt.DstAddr = addr_ip ipv4_pkt.Id = uint16(rand.Intn(math.MaxUint16)) ipv4_pkt.TTL = 1 var payload_pkt packet.Packet if args["--icmp"].(bool) { icmp_pkt := icmpv4.Make() icmp_pkt.Type = icmpv4.EchoRequest icmp_pkt.Id = uint16(rand.Intn(math.MaxUint16)) icmp_pkt.Seq = 1 payload_pkt = icmp_pkt } if args["--udp"].(bool) { udp_pkt := udp.Make() udp_pkt.SrcPort = 49152 udp_pkt.DstPort = 33434 raw_pkt := raw.Make() raw_pkt.Data = make([]byte, 40 - udp_pkt.GetLength()) for i := 0; i < len(raw_pkt.Data); i++ { raw_pkt.Data[i] = byte(0x40 + (i & 0x3f)) } udp_pkt.SetPayload(raw_pkt) payload_pkt = udp_pkt } if args["--tcp"].(bool) { tcp_pkt := tcp.Make() tcp_pkt.SrcPort = 49152 tcp_pkt.DstPort = 80 tcp_pkt.Flags = tcp.Syn | tcp.ECE | tcp.Cwr tcp_pkt.Seq = uint32(rand.Intn(math.MaxUint32)) tcp_pkt.WindowSize = 5840 raw_pkt := raw.Make() raw_pkt.Data = make([]byte, 40 - tcp_pkt.GetLength()) for i := 0; i < len(raw_pkt.Data); i++ { raw_pkt.Data[i] = byte(0x40 + (i & 0x3f)) } tcp_pkt.SetPayload(raw_pkt) payload_pkt = tcp_pkt } for { pkt, err := network.SendRecv(c, timeout, eth_pkt, ipv4_pkt, payload_pkt) if err != nil { log.Fatal(err) } ipv4_rsp := layers.FindLayer(pkt, packet.IPv4).(*ipv4.Packet) log.Println(ipv4_rsp.SrcAddr) if ipv4_rsp.SrcAddr.Equal(addr_ip) { return } ipv4_pkt.TTL++ ipv4_pkt.Id++ if ipv4_pkt.TTL > 64 { return } } } ================================================ FILE: filter/bpf_builder.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package filter // #include "bpf_filter.h" import "C" // A Builder is used to compile a BPF filter from basic BPF instructions. type Builder struct { filter *Filter labels map[string]int jumps_k map[int]string jumps_jt map[int]string jumps_jf map[int]string } // Allocate and initialize a new Builder. func NewBuilder() *Builder { b := &Builder{} b.filter = &Filter{} b.labels = make(map[string]int) b.jumps_k = make(map[int]string) b.jumps_jt = make(map[int]string) b.jumps_jf = make(map[int]string) return b } // Generate and return the Filter associated with the Builder. func (b *Builder) Build() *Filter { prog := (*C.struct_bpf_program)(b.filter.Program()) flen := int(C.bpf_get_len(prog)) for i := 0; i < flen; i++ { insn := C.bpf_get_insn(prog, C.int(i)) if lbl, ok := b.jumps_k[i]; ok { addr := b.labels[lbl] if addr != 0 { insn.k = C.bpf_u_int32(addr - i - 1) } } if lbl, ok := b.jumps_jt[i]; ok { addr := b.labels[lbl] if addr != 0 { insn.jt = C.u_char(addr - i - 1) } } if lbl, ok := b.jumps_jf[i]; ok { addr := b.labels[lbl] if addr != 0 { insn.jf = C.u_char(addr - i - 1) } } } return b.filter } // Define a new label at the next instruction position. Labels are used in jump // instructions to identify the jump target. func (b *Builder) Label(name string) *Builder { b.labels[name] = b.filter.Len() return b } // Append an LD instruction to the filter, which loads a value of size s into // the accumulator. m represents the addressing mode of the source operand and // can be IMM (load a constant value), ABS (load packet data at the given fixed // offset), IND (load packet data at the given relative offset), LEN (load the // packet length or MEM (load a value from memory at the given offset). func (b *Builder) LD(s Size, m Mode, val uint32) *Builder { code := Code(uint16(s) | uint16(m)) | LD b.filter.append_insn(code, 0, 0, val) return b } // Append a LDX (load index) instruction to the filter, which loads a value of // size s into the index register. m represents the addressing mode of the // source operand and can be IMM (load a constant value), LEN (load the packet // length, MEM (load a value from memory at the given offset) or MSH (load the // length of the IP header). func (b *Builder) LDX(s Size, m Mode, val uint32) *Builder { code := Code(uint16(s) | uint16(m) | LDX) b.filter.append_insn(code, 0, 0, val) return b } // Append a ST (store) instruction to the filter, which stores the value of the // accumulator in memory at the given offset. func (b *Builder) ST(off uint32) *Builder { b.filter.append_insn(ST, 0, 0, off) return b } // Append a STX (store index) instruction to the filter, which stores the value // of the index register in memory at the given offset. func (b *Builder) STX(off uint32) *Builder { b.filter.append_insn(STX, 0, 0, off) return b } // Append an ADD instruction to the filter, which adds a value to the // accumulator. s represents the source operand type and can be either Const // (which adds the supplied value) or Index (which adds the index register // value). func (b *Builder) ADD(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x00) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append a SUB instruction to the filter, which subtracts a value from the // accumulator. s represents the source operand type and can be either Const // (which subtracts the supplied value) or Index (which subtracts the index // register value). func (b *Builder) SUB(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x10) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append a MUL instruction to the filter, which multiplies a value to the // accumulator. s represents the source operand type and can be either Const // (which multiplies the supplied value) or Index (which multiplies the index // register value). func (b *Builder) MUL(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x20) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append a DIV instruction to the filter, which divides the accumulator by a // value. s represents the source operand type and can be either Const (which // divides by the supplied value) or Index (which divides by the index register // value). func (b *Builder) DIV(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x30) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append an OR instruction to the filter, which performs the binary "or" // between the accumulator and a value. s represents the source operand type and // can be either Const (which uses the supplied value) or Index (which uses the // index register value). func (b *Builder) OR(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x40) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append an AND instruction to the filter, which performs the binary "and" // between the accumulator and a value. s represents the source operand type and // can be either Const (which uses the supplied value) or Index (which uses the // index register value). func (b *Builder) AND(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x50) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append an LSH instruction to the filter, which shifts to the left the // accumulator register by a value. s represents the source operand type and can // be either Const (which shifts by the supplied value) or Index (which shifts // by the index register value). func (b *Builder) LSH(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x60) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append an RSH instruction to the filter, which shifts to the right the // accumulator register by a value. s represents the source operand type and can // be either Const (which shifts by the supplied value) or Index (which shifts // by the index register value). func (b *Builder) RSH(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x70) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append a NEG instruction to the filter which negates the accumulator. func (b *Builder) NEG() *Builder { code := Code(uint16(0x80) | ALU) b.filter.append_insn(code, 0, 0, 0) return b } // Append a MOD instruction to the filter, which computes the accumulator modulo a // value. s represents the source operand type and can be either Const (which // divides by the supplied value) or Index (which divides by the index register // value). func (b *Builder) MOD(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0x90) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append an XOR instruction to the filter, which performs the binary "xor" // between the accumulator and a value. s represents the source operand type and // can be either Const (which uses the supplied value) or Index (which uses the // index register value). func (b *Builder) XOR(s Src, val uint32) *Builder { code := Code(uint16(s) | uint16(0xa0) | ALU) b.filter.append_insn(code, 0, 0, val) return b } // Append a JA instruction to the filter, which performs a jump to the given // label. func (b *Builder) JA(j string) *Builder { b.jumps_k[b.filter.Len()] = j code := Code(uint16(0x00) | JMP) b.filter.append_insn(code, 0, 0, 0) return b } // Append a JEQ instruction to the filter, which performs a jump to the jt label // if the accumulator value equals cmp (if s is Const) or the index register (if // s is Index), otherwise jumps to jf. func (b *Builder) JEQ(s Src, jt, jf string, cmp uint32) *Builder { b.jumps_jt[b.filter.Len()] = jt b.jumps_jf[b.filter.Len()] = jf code := Code(uint16(s) | uint16(0x10) | JMP) b.filter.append_insn(code, 0, 0, cmp) return b } // Append a JGT instruction to the filter, which performs a jump to the jt label // if the accumulator value is greater than cmp (if s is Const) or the index // register (if s is Index), otherwise jumps to jf. func (b *Builder) JGT(s Src, jt, jf string, cmp uint32) *Builder { b.jumps_jt[b.filter.Len()] = jt b.jumps_jf[b.filter.Len()] = jf code := Code(uint16(s) | uint16(0x20) | JMP) b.filter.append_insn(code, 0, 0, cmp) return b } // Append a JGE instruction to the filter, which performs a jump to the jt label // if the accumulator value is greater than or equals cmp (if s is Const) or the // index register (if s is Index), otherwise jumps to jf. func (b *Builder) JGE(s Src, jt, jf string, cmp uint32) *Builder { b.jumps_jt[b.filter.Len()] = jt b.jumps_jf[b.filter.Len()] = jf code := Code(uint16(s) | uint16(0x30) | JMP) b.filter.append_insn(code, 0, 0, cmp) return b } // Append a JSET instruction to the filter. func (b *Builder) JSET(s Src, jt, jf string, cmp uint32) *Builder { b.jumps_jt[b.filter.Len()] = jt b.jumps_jf[b.filter.Len()] = jf code := Code(uint16(s) | uint16(0x40) | JMP) b.filter.append_insn(code, 0, 0, cmp) return b } // Append a RET instruction to the filter, which terminates the filter program // and specifies the amount of the packet to accept. s represents the source // operand type and can be either Const (which returns the supplied value) or // Acc (which returns the accumulator value). func (b *Builder) RET(s Src, bytes uint32) *Builder { code := Code(uint16(s) | RET) b.filter.append_insn(code, 0, 0, bytes) return b } // Append a TAX instruction to the filter. TAX transfers the accumulator value // into the index register. func (b *Builder) TAX() *Builder { code := Code(uint16(0x00) | MISC) b.filter.append_insn(code, 0, 0, 0) return b } // Append a TXA instruction to the filter. TXA transfers the index register // value into the accumulator. func (b *Builder) TXA() *Builder { code := Code(uint16(0x80) | MISC) b.filter.append_insn(code, 0, 0, 0) return b } // Append a raw BPF instruction func (b *Builder) AppendInstruction(code Code, jt, jf uint8, k uint32) *Builder { b.filter.append_insn(code, jt, jf, k) return b } ================================================ FILE: filter/bpf_builder_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package filter_test import "log" import "testing" import "github.com/ghedo/go.pkt/filter" func TestEmpty(t *testing.T) { bld := filter.NewBuilder() flt := bld.Build() if flt.Len() != 0 { t.Fatalf("Len mismatch: %d", flt.Len()) } flt.Cleanup() } var test_arp = `{ 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 1, 0x00000806 }, { 0x06, 0, 0, 0x00040000 }, { 0x06, 0, 0, 0x00000000 },` func TestARP(t *testing.T) { arp := filter.NewBuilder(). LD(filter.Half, filter.ABS, 12). JEQ(filter.Const, "", "fail", 0x806). RET(filter.Const, 0x40000). Label("fail"). RET(filter.Const, 0x0). Build() if arp.String() != test_arp { t.Fatalf("Program mismatch: %s", arp.String()) } } func TestARPcBPF(t *testing.T) { arp := filter.NewBuilder(). AppendInstruction(40, 0, 0, 12). AppendInstruction(21, 0, 1, 2054). AppendInstruction(6, 0, 0, 262144). AppendInstruction(6, 0, 0, 0). Build() if arp.String() != test_arp { t.Fatalf("Program mismatch: %s", arp.String()) } } var test_dns = `{ 0x00, 0, 0, 0x00000014 }, { 0xb1, 0, 0, 0x00000000 }, { 0x0c, 0, 0, 0x00000000 }, { 0x07, 0, 0, 0x00000000 }, { 0x40, 0, 0, 0x00000000 }, { 0x15, 0, 7, 0x07657861 }, { 0x40, 0, 0, 0x00000004 }, { 0x15, 0, 5, 0x6d706c65 }, { 0x40, 0, 0, 0x00000008 }, { 0x15, 0, 3, 0x03636f6d }, { 0x50, 0, 0, 0x0000000c }, { 0x15, 0, 1, 0x00000000 }, { 0x06, 0, 0, 0x00000001 }, { 0x06, 0, 0, 0x00000000 },` func TestDNS(t *testing.T) { dns := filter.NewBuilder(). LD(filter.Word, filter.IMM, 20). LDX(filter.Byte, filter.MSH, 0). ADD(filter.Index, 0). TAX(). Label("lb_0"). LD(filter.Word, filter.IND, 0). JEQ(filter.Const, "", "lb_1", 0x07657861). LD(filter.Word, filter.IND, 4). JEQ(filter.Const, "", "lb_1", 0x6d706c65). LD(filter.Word, filter.IND, 8). JEQ(filter.Const, "", "lb_1", 0x03636f6d). LD(filter.Byte, filter.IND, 12). JEQ(filter.Const, "", "lb_1", 0x00). RET(filter.Const, 1). Label("lb_1"). RET(filter.Const, 0). Build() if dns.String() != test_dns { t.Fatalf("Program mismatch: %s", dns.String()) } } func TestALUOps(t *testing.T) { flt := filter.NewBuilder(). LD(filter.Byte, filter.ABS, 0). JEQ(filter.Const, "", "fail", 0x0f). ADD(filter.Const, 1). JEQ(filter.Const, "", "fail", 0x10). SUB(filter.Const, 1). JEQ(filter.Const, "", "fail", 0x0f). MUL(filter.Const, 2). JEQ(filter.Const, "", "fail", 0x1e). DIV(filter.Const, 2). JEQ(filter.Const, "", "fail", 0x0f). OR(filter.Const, 0xf0). JEQ(filter.Const, "", "fail", 0xff). AND(filter.Const, 0x0f). JEQ(filter.Const, "", "fail", 0x0f). LSH(filter.Const, 4). JEQ(filter.Const, "", "fail", 0xf0). RSH(filter.Const, 4). JEQ(filter.Const, "", "fail", 0x0f). MOD(filter.Const, 0x0d). JEQ(filter.Const, "", "fail", 0x02). XOR(filter.Const, 0x03). JEQ(filter.Const, "", "fail", 0x01). RET(filter.Const, 0x40000). Label("fail"). RET(filter.Const, 0x0). Build() if !flt.Validate() { t.Fatalf("Invalid filter: %s", flt.String()) } if !flt.Match([]byte{0x0f}) { t.Fatal("Bad Math") } } func ExampleBuilder() { // Build a filter to match ARP packets on top of Ethernet flt := filter.NewBuilder(). LD(filter.Half, filter.ABS, 12). JEQ(filter.Const, "", "fail", 0x806). RET(filter.Const, 0x40000). Label("fail"). RET(filter.Const, 0x0). Build() if flt.Match([]byte("random data")) { log.Println("MATCH!!!") } } ================================================ FILE: filter/bpf_filter.c ================================================ /*- * Copyright (c) 1990, 1991, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf_filter.c 8.1 (Berkeley) 6/10/93 */ #include #include #include #include #include #include #ifndef __i386__ #define BPF_ALIGN #endif #define EXTRACT_BYTE(p)\ ((u_int8_t)\ ((u_int8_t)*((u_char *)p))) #ifndef BPF_ALIGN #define EXTRACT_SHORT(p) ((u_int16_t)ntohs(*(u_int16_t *)p)) #define EXTRACT_LONG(p) (ntohl(*(u_int32_t *)p)) #else #define EXTRACT_SHORT(p)\ ((u_int16_t)\ ((u_int16_t)*((u_char *)p+0)<<8|\ (u_int16_t)*((u_char *)p+1)<<0)) #define EXTRACT_LONG(p)\ ((u_int32_t)*((u_char *)p+0)<<24|\ (u_int32_t)*((u_char *)p+1)<<16|\ (u_int32_t)*((u_char *)p+2)<<8|\ (u_int32_t)*((u_char *)p+3)<<0) #endif #include "bpf_filter.h" /* * Execute the filter program starting at pc on the packet p * wirelen is the length of the original packet * buflen is the amount of data present */ u_int bpf_filter(const struct bpf_insn *pc, char *p, u_int wirelen, u_int buflen) { u_int32_t A = 0, X = 0; u_int32_t k; u_int32_t mem[BPF_MEMWORDS]; bzero(mem, sizeof(mem)); if (pc == NULL) /* * No filter means accept all. */ return ((u_int)-1); --pc; while (1) { ++pc; switch (pc->code) { default: abort(); case BPF_RET|BPF_K: return ((u_int)pc->k); case BPF_RET|BPF_A: return ((u_int)A); case BPF_LD|BPF_W|BPF_ABS: k = pc->k; if (k > buflen || sizeof(int32_t) > buflen - k) { return (0); } #ifdef BPF_ALIGN if (((intptr_t)(p + k) & 3) != 0) A = EXTRACT_LONG(&p[k]); else #endif A = ntohl(*(int32_t *)(p + k)); continue; case BPF_LD|BPF_H|BPF_ABS: k = pc->k; if (k > buflen || sizeof(int16_t) > buflen - k) { return (0); } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_ABS: k = pc->k; if (k >= buflen) { return (0); } A = EXTRACT_BYTE(&p[k]); continue; case BPF_LD|BPF_W|BPF_LEN: A = wirelen; continue; case BPF_LDX|BPF_W|BPF_LEN: X = wirelen; continue; case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; if (pc->k > buflen || X > buflen - pc->k || sizeof(int32_t) > buflen - k) { return (0); } #ifdef BPF_ALIGN if (((intptr_t)(p + k) & 3) != 0) A = EXTRACT_LONG(&p[k]); else #endif A = ntohl(*(int32_t *)(p + k)); continue; case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; if (X > buflen || pc->k > buflen - X || sizeof(int16_t) > buflen - k) { return (0); } A = EXTRACT_SHORT(&p[k]); continue; case BPF_LD|BPF_B|BPF_IND: k = X + pc->k; if (pc->k >= buflen || X >= buflen - pc->k) { return (0); } A = EXTRACT_BYTE(&p[k]); continue; case BPF_LDX|BPF_MSH|BPF_B: k = pc->k; if (k >= buflen) { return (0); } X = (p[pc->k] & 0xf) << 2; continue; case BPF_LD|BPF_IMM: A = pc->k; continue; case BPF_LDX|BPF_IMM: X = pc->k; continue; case BPF_LD|BPF_MEM: A = mem[pc->k]; continue; case BPF_LDX|BPF_MEM: X = mem[pc->k]; continue; case BPF_ST: mem[pc->k] = A; continue; case BPF_STX: mem[pc->k] = X; continue; case BPF_JMP|BPF_JA: pc += pc->k; continue; case BPF_JMP|BPF_JGT|BPF_K: pc += (A > pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_K: pc += (A >= pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_K: pc += (A == pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_K: pc += (A & pc->k) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGT|BPF_X: pc += (A > X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JGE|BPF_X: pc += (A >= X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JEQ|BPF_X: pc += (A == X) ? pc->jt : pc->jf; continue; case BPF_JMP|BPF_JSET|BPF_X: pc += (A & X) ? pc->jt : pc->jf; continue; case BPF_ALU|BPF_ADD|BPF_X: A += X; continue; case BPF_ALU|BPF_SUB|BPF_X: A -= X; continue; case BPF_ALU|BPF_MUL|BPF_X: A *= X; continue; case BPF_ALU|BPF_DIV|BPF_X: if (X == 0) return (0); A /= X; continue; case BPF_ALU|BPF_MOD|BPF_X: if (X == 0) return 0; A %= X; continue; case BPF_ALU|BPF_AND|BPF_X: A &= X; continue; case BPF_ALU|BPF_OR|BPF_X: A |= X; continue; case BPF_ALU|BPF_XOR|BPF_X: A ^= X; continue; case BPF_ALU|BPF_LSH|BPF_X: A <<= X; continue; case BPF_ALU|BPF_RSH|BPF_X: A >>= X; continue; case BPF_ALU|BPF_ADD|BPF_K: A += pc->k; continue; case BPF_ALU|BPF_SUB|BPF_K: A -= pc->k; continue; case BPF_ALU|BPF_MUL|BPF_K: A *= pc->k; continue; case BPF_ALU|BPF_DIV|BPF_K: A /= pc->k; continue; case BPF_ALU|BPF_MOD|BPF_K: A %= pc->k; continue; case BPF_ALU|BPF_AND|BPF_K: A &= pc->k; continue; case BPF_ALU|BPF_OR|BPF_K: A |= pc->k; continue; case BPF_ALU|BPF_XOR|BPF_K: A ^= pc->k; continue; case BPF_ALU|BPF_LSH|BPF_K: A <<= pc->k; continue; case BPF_ALU|BPF_RSH|BPF_K: A >>= pc->k; continue; case BPF_ALU|BPF_NEG: A = -A; continue; case BPF_MISC|BPF_TAX: X = A; continue; case BPF_MISC|BPF_TXA: A = X; continue; } } } static const u_short bpf_code_map[] = { 0x10ff, /* 0x00-0x0f: 1111111100001000 */ 0x3070, /* 0x10-0x1f: 0000111000001100 */ 0x3131, /* 0x20-0x2f: 1000110010001100 */ 0x3031, /* 0x30-0x3f: 1000110000001100 */ 0x3131, /* 0x40-0x4f: 1000110010001100 */ 0x1011, /* 0x50-0x5f: 1000100000001000 */ 0x1013, /* 0x60-0x6f: 1100100000001000 */ 0x1010, /* 0x70-0x7f: 0000100000001000 */ 0x0093, /* 0x80-0x8f: 1100100100000000 */ 0x1010, /* 0x90-0x9f: 0000100000001000 */ 0x1010, /* 0xa0-0xaf: 0000100000001000 */ 0x0002, /* 0xb0-0xbf: 0100000000000000 */ 0x0000, /* 0xc0-0xcf: 0000000000000000 */ 0x0000, /* 0xd0-0xdf: 0000000000000000 */ 0x0000, /* 0xe0-0xef: 0000000000000000 */ 0x0000 /* 0xf0-0xff: 0000000000000000 */ }; #define BPF_VALIDATE_CODE(c) \ ((c) <= 0xff && (bpf_code_map[(c) >> 4] & (1 << ((c) & 0xf))) != 0) /* * Return true if the 'fcode' is a valid filter program. * The constraints are that each jump be forward and to a valid * code. The code must terminate with either an accept or reject. */ int bpf_validate(const struct bpf_insn *f, int len) { register int i; register const struct bpf_insn *p; /* Do not accept negative length filter. */ if (len < 0) return (0); /* An empty filter means accept all. */ if (len == 0) return (1); for (i = 0; i < len; ++i) { p = &f[i]; /* * Check that the code is valid. */ if (!BPF_VALIDATE_CODE(p->code)) return (0); /* * Check that that jumps are forward, and within * the code block. */ if (BPF_CLASS(p->code) == BPF_JMP) { register u_int offset; if (p->code == (BPF_JMP|BPF_JA)) offset = p->k; else offset = p->jt > p->jf ? p->jt : p->jf; if (offset >= (u_int)(len - i) - 1) return (0); continue; } /* * Check that memory operations use valid addresses. */ if (p->code == BPF_ST || p->code == BPF_STX || p->code == (BPF_LD|BPF_MEM) || p->code == (BPF_LDX|BPF_MEM)) { if (p->k >= BPF_MEMWORDS) return (0); continue; } /* * Check for constant division by 0. */ if ((p->code == (BPF_ALU|BPF_DIV|BPF_K) || p->code == (BPF_ALU|BPF_MOD|BPF_K)) && p->k == 0) return (0); } return (BPF_CLASS(f[len - 1].code) == BPF_RET); } int bpf_append_insn(struct bpf_program *p, unsigned short code, unsigned char jt, unsigned char jf, unsigned int k) { p->bf_insns = realloc(p->bf_insns, ++p->bf_len*sizeof(struct bpf_insn)); if (p->bf_insns == NULL) return -1; p->bf_insns[p->bf_len - 1].code = code; p->bf_insns[p->bf_len - 1].jt = jt; p->bf_insns[p->bf_len - 1].jf = jf; p->bf_insns[p->bf_len - 1].k = k; return 0; } int bpf_get_len(struct bpf_program *p) { return p->bf_len; } struct bpf_insn * bpf_get_insn(struct bpf_program *p, int i) { if (i > p->bf_len) return NULL; return &p->bf_insns[i]; } ================================================ FILE: filter/bpf_filter.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides an API for compiling and manipulating BPF filters. A filter can be // either compiled from tcpdump-like expressions, or created from basic BPF // instructions. Filters can then be either applied to packet sources (see the // capture package) or directly run against binary data. package filter // #include // #include "bpf_filter.h" import "C" import "fmt" import "strings" import "syscall" import "unsafe" type Filter struct { program C.struct_bpf_program } type Code uint16 const ( LD Code = syscall.BPF_LD LDX = syscall.BPF_LDX ST = syscall.BPF_ST STX = syscall.BPF_STX ALU = syscall.BPF_ALU JMP = syscall.BPF_JMP RET = syscall.BPF_RET MISC = syscall.BPF_MISC ) type Size uint16 const ( Word Size = syscall.BPF_W Half = syscall.BPF_H Byte = syscall.BPF_B ) type Mode uint16 const ( IMM Mode = syscall.BPF_IMM ABS = syscall.BPF_ABS IND = syscall.BPF_IND MEM = syscall.BPF_MEM LEN = syscall.BPF_LEN MSH = syscall.BPF_MSH ) type Src uint16 const ( Const Src = syscall.BPF_K Index = syscall.BPF_X Acc = syscall.BPF_A ) // Try to match the given buffer against the filter. func (f *Filter) Match(buf []byte) bool { cbuf := (*C.char)(unsafe.Pointer(&buf[0])) blen := C.uint(len(buf)) if C.bpf_filter(f.program.bf_insns, cbuf, blen, blen) > 0 { return true } return false } // Run filter on the given buffer and return its result. func (f *Filter) Filter(buf []byte) uint { cbuf := (*C.char)(unsafe.Pointer(&buf[0])) blen := C.uint(len(buf)) rc := C.bpf_filter(f.program.bf_insns, cbuf, blen, blen) return uint(rc) } // Validate the filter. The constraints are that each jump be forward and to a // valid code. The code must terminate with either an accept or reject. func (f *Filter) Validate() bool { if C.bpf_validate(f.program.bf_insns, C.int(f.program.bf_len)) > 0 { return true } return false } // Deallocate the filter. func (f *Filter) Cleanup() { f.program.bf_len = 0 if f.program.bf_insns != nil { C.free(unsafe.Pointer(f.program.bf_insns)) f.program.bf_insns = nil } } // Return the number of instructions in the filter. func (f *Filter) Len() int { prog := (*C.struct_bpf_program)(f.Program()) flen := C.bpf_get_len(prog) return int(flen) } // Return the compiled BPF program. func (f *Filter) Program() unsafe.Pointer { return unsafe.Pointer(&f.program) } func (f *Filter) String() string { var insns []string prog := (*C.struct_bpf_program)(f.Program()) flen := C.bpf_get_len(prog) for i := C.int(0); i < flen; i++ { insn := C.bpf_get_insn(prog, i) str := fmt.Sprintf( "{ 0x%.2x, %3d, %3d, 0x%.8x },", insn.code, insn.jt, insn.jf, insn.k, ) insns = append(insns, str) } return strings.Join(insns, "\n") } func (f *Filter) append_insn(code Code, jt, jf uint8, k uint32) { prog := (*C.struct_bpf_program)(f.Program()) C.bpf_append_insn( prog, C.ushort(code), C.uchar(jt), C.uchar(jf), C.uint(k), ) } ================================================ FILE: filter/bpf_filter.h ================================================ /*- * Copyright (c) 1990, 1991, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from the Stanford/CMU enet packet filter, * (net/enet.c) distributed as part of 4.3BSD, and code contributed * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence * Berkeley Laboratory. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)bpf.h 8.1 (Berkeley) 6/10/93 * @(#)bpf.h 1.34 (LBL) 6/16/96 * * $FreeBSD$ */ typedef unsigned int bpf_u_int32; /* cgo is stupid... */ typedef unsigned char u_char; /* oh, so stupid... */ struct bpf_program { unsigned int bf_len; /* u_int */ struct bpf_insn *bf_insns; }; /* * The instruction encodings. */ /* instruction classes */ #define BPF_CLASS(code) ((code) & 0x07) #define BPF_LD 0x00 #define BPF_LDX 0x01 #define BPF_ST 0x02 #define BPF_STX 0x03 #define BPF_ALU 0x04 #define BPF_JMP 0x05 #define BPF_RET 0x06 #define BPF_MISC 0x07 /* ld/ldx fields */ #define BPF_SIZE(code) ((code) & 0x18) #define BPF_W 0x00 #define BPF_H 0x08 #define BPF_B 0x10 #define BPF_MODE(code) ((code) & 0xe0) #define BPF_IMM 0x00 #define BPF_ABS 0x20 #define BPF_IND 0x40 #define BPF_MEM 0x60 #define BPF_LEN 0x80 #define BPF_MSH 0xa0 /* alu/jmp fields */ #define BPF_OP(code) ((code) & 0xf0) #define BPF_ADD 0x00 #define BPF_SUB 0x10 #define BPF_MUL 0x20 #define BPF_DIV 0x30 #define BPF_OR 0x40 #define BPF_AND 0x50 #define BPF_LSH 0x60 #define BPF_RSH 0x70 #define BPF_NEG 0x80 #define BPF_MOD 0x90 #define BPF_XOR 0xa0 #define BPF_JA 0x00 #define BPF_JEQ 0x10 #define BPF_JGT 0x20 #define BPF_JGE 0x30 #define BPF_JSET 0x40 #define BPF_SRC(code) ((code) & 0x08) #define BPF_K 0x00 #define BPF_X 0x08 /* ret - BPF_K and BPF_X also apply */ #define BPF_RVAL(code) ((code) & 0x18) #define BPF_A 0x10 /* misc */ #define BPF_MISCOP(code) ((code) & 0xf8) #define BPF_TAX 0x00 #define BPF_TXA 0x80 /* * The instruction data structure. */ struct bpf_insn { unsigned short code; /* u_short */ unsigned char jt; /* u_char */ unsigned char jf; /* u_char */ unsigned int k; /* u_int32_t */ }; /* * Macros for insn array initializers. */ #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } /* * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). */ #define BPF_MEMWORDS 16 unsigned int bpf_filter(const struct bpf_insn *pc, char *p, unsigned int wirelen, unsigned int buflen); int bpf_validate(const struct bpf_insn *f, int len); int bpf_append_insn(struct bpf_program *p, unsigned short code, unsigned char jt, unsigned char jf, unsigned int k); int bpf_get_len(struct bpf_program *p); struct bpf_insn *bpf_get_insn(struct bpf_program *p, int i); ================================================ FILE: filter/bpf_filter_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package filter_test import "log" import "testing" import "github.com/ghedo/go.pkt/filter" import "github.com/ghedo/go.pkt/packet" var test_eth_arp = []byte{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0xc0, 0xa8, 0x01, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x1b, 0xd0, 0x25, } var test_eth_vlan_arp = []byte{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x81, 0x00, 0x00, 0x87, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0xc0, 0xa8, 0x01, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x1b, 0xd0, 0x25, } var test_eth_ipv4_udp = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x27, 0x60, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x08, 0xe9, 0x80, } var test_eth_ipv4_tcp = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x00, 0x01, 0x00, 0x00, 0x40, 0x06, 0x27, 0x5f, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00, 0x79, 0x85, 0x00, 0x00, } var test_ipv4_tcp_single_byte = []byte{ 0x45, 0x00, 0x00, 0x3c, 0xf4, 0x65, 0x40, 0x00, 0x36, 0x06, 0x07, 0xec, 0x6e, 0x34, 0x6d, 0x8c, 0x3d, 0x36, 0x2f, 0x74, 0x98, 0x64, 0x00, 0x50, 0xa4, 0x30, 0x06, 0xd1, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0x39, 0x08, 0x90, 0x33, 0x00, 0x00, 0x02, 0x04, 0x05, 0xa0, 0x04, 0x02, 0x08, 0x0a, 0x00, 0x04, 0xf2, 0xb4, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x06, } func TestMatch(t *testing.T) { arp, err := filter.Compile("arp", packet.Eth, false) if err != nil { t.Fatalf("Error compiling arp") } if !arp.Validate() { t.Fatalf("Invalid filter ARP\n%s", arp) } udp, err := filter.Compile("udp", packet.Eth, false) if err != nil { t.Fatalf("Error compiling udp") } port, err := filter.Compile("port 8338", packet.Eth, false) if err != nil { t.Fatalf("Error compiling port") } single, err := filter.Compile("tcp[12] != 0xa0", packet.IPv4, false) if err != nil { t.Fatalf("Error compiling single") } if !arp.Match(test_eth_arp) { t.Fatalf("ARP mismatch") } if arp.Match(test_eth_ipv4_udp) { t.Fatalf("ARP matched (but it shouldn't have)") } if !udp.Match(test_eth_ipv4_udp) { t.Fatalf("ARP mismatch") } if udp.Match(test_eth_ipv4_tcp) { t.Fatalf("UDP matched (but it shouldn't have)") } if !port.Match(test_eth_ipv4_udp) { t.Fatalf("UDP port mismatch") } if !port.Match(test_eth_ipv4_tcp) { t.Fatalf("TCP port mismatch") } if port.Match(test_eth_vlan_arp) { t.Fatalf("Port matched (but it shouldn't have)") } if single.Match(test_ipv4_tcp_single_byte) { t.Fatalf("Byte matched (but it shouldn't have)") } } func BenchmarkMatch(b *testing.B) { test_filter, _ := filter.Compile("port 8338", packet.Eth, false) for n := 0; n < b.N; n++ { test_filter.Match(test_eth_ipv4_tcp) } } func ExampleFilter() { // Match UDP or TCP packets on top of Ethernet flt, err := filter.Compile("udp or tcp", packet.Eth, false) if err != nil { log.Fatal(err) } if flt.Match([]byte("random data")) { log.Println("MATCH!!!") } } ================================================ FILE: filter/pcap.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package filter // #cgo LDFLAGS: -lpcap // #include // #include import "C" import "fmt" import "unsafe" import "github.com/ghedo/go.pkt/packet" // Compile the given tcpdump-like expression to a BPF filter. func Compile(filter string, link_type packet.Type, optimize bool) (*Filter, error) { var do_optimize int if optimize { do_optimize = 1 } else { do_optimize = 0 } f := &Filter{} filter_str := C.CString(filter) defer C.free(unsafe.Pointer(filter_str)) pcap_type := link_type.ToLinkType() err := C.pcap_compile_nopcap( C.int(0x7fff), C.int(pcap_type), (*C.struct_bpf_program)(f.Program()), filter_str, C.int(do_optimize), 0xffffffff, ) if err < 0 { return nil, fmt.Errorf("Could not compile filter") } return f, nil } ================================================ FILE: go.mod ================================================ module github.com/ghedo/go.pkt require ( github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 github.com/songgao/water v0.0.0-20180420064739-bf1a5d02778f ) ================================================ FILE: go.sum ================================================ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 h1:bWDMxwH3px2JBh6AyO7hdCn/PkvCZXii8TGj7sbtEbQ= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/songgao/water v0.0.0-20180420064739-bf1a5d02778f h1:UExbpoG328zaxx4MhWPRZZpc527IdNUfQ1Z0uejVddc= github.com/songgao/water v0.0.0-20180420064739-bf1a5d02778f/go.mod h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E= ================================================ FILE: layers/layers.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides utility functions for encoding and decoding packets to/from binary // data. Differently from the basic "packet" interface, this can encode and // decode complete "stacks" of packets, instead of manipulating single ones. package layers import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/arp" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/icmpv4" import "github.com/ghedo/go.pkt/packet/icmpv6" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/ipv6" import "github.com/ghedo/go.pkt/packet/llc" import "github.com/ghedo/go.pkt/packet/radiotap" import "github.com/ghedo/go.pkt/packet/raw" import "github.com/ghedo/go.pkt/packet/sll" import "github.com/ghedo/go.pkt/packet/snap" import "github.com/ghedo/go.pkt/packet/tcp" import "github.com/ghedo/go.pkt/packet/udp" import "github.com/ghedo/go.pkt/packet/vlan" // Compose packets into a chain and update their values (e.g. length, payload // protocol) accordingly. func Compose(pkts ...packet.Packet) (packet.Packet, error) { next_pkt := packet.Packet(nil) for i := len(pkts) - 1; i >= 0; i-- { if next_pkt != nil { err := pkts[i].SetPayload(next_pkt) if err != nil { return nil, err } } next_pkt = pkts[i] } return pkts[0], nil } // Pack packets into their binary form. This will stack the packets before // encoding them (see the Compose() method) and also calculate the checksums. func Pack(pkts ...packet.Packet) ([]byte, error) { var buf packet.Buffer base_pkt, err := Compose(pkts...) if err != nil { return nil, err } tot_len := int(base_pkt.GetLength()) buf.Init(make([]byte, tot_len)) for i := len(pkts) - 1; i >= 0; i-- { cur_pkt := pkts[i] cur_len := int(cur_pkt.GetLength()) buf.SetOffset(tot_len - cur_len) buf.NewLayer() err := cur_pkt.Pack(&buf) if err != nil { return nil, err } } buf.SetOffset(0) return buf.Bytes(), nil } // Unpack the given byte slice into the packet list supplied. Note that this // will not check whether the packet types provided match the raw data. If the // packet types to be decoded are unknown, UnpackAll() should be used instead. // // Note that unpacking is done without copying the input slice, which means that // if the slice is modifed, it may affect the packets that where unpacked from // it. If you can't guarantee that the data slice won't change, you'll need to // copy it and pass the copy to Unpack(). func Unpack(buf []byte, pkts ...packet.Packet) (packet.Packet, error) { var b packet.Buffer b.Init(buf) prev_pkt := packet.Packet(nil) for _, p := range pkts { if b.Len() <= 0 { break } b.NewLayer() err := p.Unpack(&b) if err != nil { return nil, err } if prev_pkt != nil { prev_pkt.SetPayload(p) } if p.GuessPayloadType() == packet.None { break } prev_pkt = p } return pkts[0], nil } // Recursively unpack the given byte slice into a packet. The link_type argument // must specify the type of the first layer in the input data, successive layers // will be detected automatically. // // Note that unpacking is done without copying the input slice, which means that // if the slice is modifed, it may affect the packets that where unpacked from // it. If you can't guarantee that the data slice won't change, you'll need to // copy it and pass the copy to UnpackAll(). func UnpackAll(buf []byte, link_type packet.Type) (packet.Packet, error) { var b packet.Buffer b.Init(buf) first_pkt := packet.Packet(nil) prev_pkt := packet.Packet(nil) for link_type != packet.None { var p packet.Packet if b.Len() <= 0 { break } switch link_type { case packet.ARP: p = &arp.Packet{} case packet.Eth: p = ð.Packet{} case packet.ICMPv4: p = &icmpv4.Packet{} case packet.ICMPv6: p = &icmpv6.Packet{} case packet.IPv4: p = &ipv4.Packet{} case packet.IPv6: p = &ipv6.Packet{} case packet.LLC: p = &llc.Packet{} case packet.RadioTap: p = &radiotap.Packet{} case packet.SLL: p = &sll.Packet{} case packet.SNAP: p = &snap.Packet{} case packet.TCP: p = &tcp.Packet{} case packet.UDP: p = &udp.Packet{} case packet.VLAN: p = &vlan.Packet{} default: p = &raw.Packet{} } if p == nil { break } b.NewLayer() err := p.Unpack(&b) if err != nil { return nil, err } if prev_pkt != nil { prev_pkt.SetPayload(p) } else { first_pkt = p } prev_pkt = p link_type = p.GuessPayloadType() } return first_pkt, nil } // Return the first layer of the given type in the packet. If no suitable layer // is found, return nil. func FindLayer(p packet.Packet, layer packet.Type) packet.Packet { switch { case p == nil: return nil case p.GetType() == layer: return p default: return FindLayer(p.Payload(), layer) } } ================================================ FILE: layers/layers_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package layers_test import "bytes" import "log" import "net" import "testing" import "github.com/ghedo/go.pkt/layers" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/arp" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/raw" import "github.com/ghedo/go.pkt/packet/udp" import "github.com/ghedo/go.pkt/packet/tcp" import "github.com/ghedo/go.pkt/packet/vlan" var hwsrc_str = "4c:72:b9:54:e5:3d" var hwdst_str = "00:21:96:6e:f0:70" var ipsrc_str = "192.168.1.135" var ipdst_str = "193.27.208.37" var test_eth_arp = []byte{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0xc0, 0xa8, 0x01, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x1b, 0xd0, 0x25, } func TestPackEthArp(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") arp_pkt := arp.Make() arp_pkt.HWSrcAddr, _ = net.ParseMAC(hwsrc_str) arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr = net.ParseIP(ipsrc_str) arp_pkt.ProtoDstAddr = net.ParseIP(ipdst_str) buf, err := layers.Pack(eth_pkt, arp_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_eth_arp, buf) { t.Fatalf("Raw packet mismatch: %x", buf) } } func TestUnpackEthArp(t *testing.T) { _, err := layers.Unpack(test_eth_arp, ð.Packet{}, &arp.Packet{}) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthArp(bn *testing.B) { var eth_pkt eth.Packet var arp_pkt arp.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_arp, ð_pkt, &arp_pkt) } } func TestUnpackAllEthArp(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_arp, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } if pkt.Payload().GetType() != packet.ARP { t.Fatalf("Packet type mismatch, %s", pkt.Payload().GetType()) } } func BenchmarkUnpackAllEthArp(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_arp, packet.Eth) } } var test_eth_vlan_arp = []byte{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x81, 0x00, 0x00, 0x87, 0x08, 0x06, 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0xc0, 0xa8, 0x01, 0x87, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc1, 0x1b, 0xd0, 0x25, } func TestPackEthVLANArp(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") vlan_pkt := vlan.Make() vlan_pkt.VLAN = 135 arp_pkt := arp.Make() arp_pkt.HWSrcAddr, _ = net.ParseMAC(hwsrc_str) arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr = net.ParseIP(ipsrc_str) arp_pkt.ProtoDstAddr = net.ParseIP(ipdst_str) buf, err := layers.Pack(eth_pkt, vlan_pkt, arp_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_eth_vlan_arp, buf) { t.Fatalf("Raw packet mismatch: %x", buf) } } func TestUnpackEthVLANArp(t *testing.T) { _, err := layers.Unpack(test_eth_arp, ð.Packet{}, &vlan.Packet{}, &arp.Packet{}) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthVLANArp(bn *testing.B) { var eth_pkt eth.Packet var vlan_pkt vlan.Packet var arp_pkt arp.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_vlan_arp, ð_pkt, &vlan_pkt, &arp_pkt) } } func TestUnpackAllEthVLANArp(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_vlan_arp, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.VLAN { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.ARP { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } } func BenchmarkUnpackAllEthVLANArp(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_vlan_arp, packet.Eth) } } var test_eth_ipv4_udp = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x27, 0x60, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x08, 0xe9, 0x80, } func TestPackEthIPv4UDP(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC(hwdst_str) ip4_pkt := ipv4.Make() ip4_pkt.SrcAddr = net.ParseIP(ipsrc_str) ip4_pkt.DstAddr = net.ParseIP(ipdst_str) udp_pkt := udp.Make() udp_pkt.SrcPort = 41562 udp_pkt.DstPort = 8338 buf, err := layers.Pack(eth_pkt, ip4_pkt, udp_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_eth_ipv4_udp, buf) { t.Fatalf("Raw packet mismatch: %x", buf) } } func TestUnpackEthUPv4UDP(t *testing.T) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var udp_pkt udp.Packet _, err := layers.Unpack(test_eth_ipv4_udp, ð_pkt, &ip4_pkt, &udp_pkt) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthUPv4UDP(bn *testing.B) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var udp_pkt udp.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_ipv4_udp, ð_pkt, &ip4_pkt, &udp_pkt) } } func TestUnpackAllEthIPv4UDP(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_ipv4_udp, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.IPv4 { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.UDP { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } } func BenchmarkUnpackAllEthIPv4UDP(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_ipv4_udp, packet.Eth) } } var test_eth_ipv4_udp_raw = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x42, 0x00, 0x01, 0x00, 0x00, 0x40, 0x11, 0x27, 0x3a, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x2e, 0x07, 0x03, 0x66, 0x64, 0x67, 0x20, 0x61, 0x67, 0x66, 0x68, 0x20, 0x6c, 0x64, 0x66, 0x68, 0x67, 0x6b, 0x20, 0x68, 0x66, 0x64, 0x6b, 0x67, 0x68, 0x20, 0x6b, 0x66, 0x6a, 0x64, 0x68, 0x73, 0x67, 0x20, 0x6b, 0x73, 0x68, 0x66, 0x64, 0x67, 0x6b, } func TestPackEthIPv4UDPRaw(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC(hwdst_str) ip4_pkt := ipv4.Make() ip4_pkt.SrcAddr = net.ParseIP(ipsrc_str) ip4_pkt.DstAddr = net.ParseIP(ipdst_str) udp_pkt := udp.Make() udp_pkt.SrcPort = 41562 udp_pkt.DstPort = 8338 raw_pkt := raw.Make() raw_pkt.Data = []byte("fdg agfh ldfhgk hfdkgh kfjdhsg kshfdgk") data, err := layers.Pack(eth_pkt, ip4_pkt, udp_pkt, raw_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if ip4_pkt.GetLength() != 66 { t.Fatalf("IPv4 length mismatch: %d", ip4_pkt.GetLength()) } if udp_pkt.GetLength() != 46 { t.Fatalf("UDP length mismatch: %d", udp_pkt.GetLength()) } if !bytes.Equal(test_eth_ipv4_udp_raw, data) { t.Fatalf("Raw packet mismatch: %x", data) } } func TestUnpackEthUPv4UDPRaw(t *testing.T) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var udp_pkt udp.Packet var raw_pkt raw.Packet _, err := layers.Unpack(test_eth_ipv4_udp_raw, ð_pkt, &ip4_pkt, &udp_pkt, &raw_pkt) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthUPv4UDPRaw(bn *testing.B) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var udp_pkt udp.Packet var raw_pkt raw.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_ipv4_udp_raw, ð_pkt, &ip4_pkt, &udp_pkt, &raw_pkt) } } func TestUnpackAllEthIPv4UDPRaw(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_ipv4_udp_raw, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.IPv4 { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.UDP { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.Raw { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } } func BenchmarkUnpackAllEthIPv4UDPRaw(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_ipv4_udp_raw, packet.Eth) } } var test_eth_ipv4_tcp = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x00, 0x01, 0x00, 0x00, 0x40, 0x06, 0x27, 0x5f, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00, 0x79, 0x85, 0x00, 0x00, } func TestPackEthIPv4TCP(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC(hwdst_str) ip4_pkt := ipv4.Make() ip4_pkt.SrcAddr = net.ParseIP(ipsrc_str) ip4_pkt.DstAddr = net.ParseIP(ipdst_str) tcp_pkt := tcp.Make() tcp_pkt.SrcPort = 41562 tcp_pkt.DstPort = 8338 tcp_pkt.Flags = tcp.Syn tcp_pkt.WindowSize = 8192 buf, err := layers.Pack(eth_pkt, ip4_pkt, tcp_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_eth_ipv4_tcp, buf) { t.Fatalf("Raw packet mismatch: %x", buf) } } func TestUnpackEthUPv4TCP(t *testing.T) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var tcp_pkt tcp.Packet _, err := layers.Unpack(test_eth_ipv4_tcp, ð_pkt, &ip4_pkt, &tcp_pkt) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthUPv4TCP(bn *testing.B) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var tcp_pkt tcp.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_ipv4_tcp, ð_pkt, &ip4_pkt, &tcp_pkt) } } func TestUnpackAllEthIPv4TCP(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_ipv4_tcp, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.IPv4 { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.TCP { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } } func BenchmarkUnpackAllEthIPv4TCP(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_ipv4_tcp, packet.Eth) } } var test_eth_ipv4_tcp_raw = []byte{ 0x00, 0x21, 0x96, 0x6e, 0xf0, 0x70, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, 0x45, 0x00, 0x00, 0x4e, 0x00, 0x01, 0x00, 0x00, 0x40, 0x06, 0x27, 0x39, 0xc0, 0xa8, 0x01, 0x87, 0xc1, 0x1b, 0xd0, 0x25, 0xa2, 0x5a, 0x20, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0x02, 0x20, 0x00, 0x97, 0x2d, 0x00, 0x00, 0x66, 0x64, 0x67, 0x20, 0x61, 0x67, 0x66, 0x68, 0x20, 0x6c, 0x64, 0x66, 0x68, 0x67, 0x6b, 0x20, 0x68, 0x66, 0x64, 0x6b, 0x67, 0x68, 0x20, 0x6b, 0x66, 0x6a, 0x64, 0x68, 0x73, 0x67, 0x20, 0x6b, 0x73, 0x68, 0x66, 0x64, 0x67, 0x6b, } func TestPackEthIPv4TCPRaw(t *testing.T) { eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC(hwsrc_str) eth_pkt.DstAddr, _ = net.ParseMAC(hwdst_str) ip4_pkt := ipv4.Make() ip4_pkt.SrcAddr = net.ParseIP(ipsrc_str) ip4_pkt.DstAddr = net.ParseIP(ipdst_str) tcp_pkt := tcp.Make() tcp_pkt.SrcPort = 41562 tcp_pkt.DstPort = 8338 tcp_pkt.Flags = tcp.Syn tcp_pkt.WindowSize = 8192 raw_pkt := raw.Make() raw_pkt.Data = []byte("fdg agfh ldfhgk hfdkgh kfjdhsg kshfdgk") data, err := layers.Pack(eth_pkt, ip4_pkt, tcp_pkt, raw_pkt) if err != nil { t.Fatalf("Error packing: %s", err) } if ip4_pkt.GetLength() != 78 { t.Fatalf("IPv4 length mismatch: %d", ip4_pkt.GetLength()) } if tcp_pkt.GetLength() != 58 { t.Fatalf("TCP length mismatch: %d", tcp_pkt.GetLength()) } if !bytes.Equal(test_eth_ipv4_tcp_raw, data) { t.Fatalf("Raw packet mismatch: %x", data) } } func TestUnpackEthUPv4TCPRaw(t *testing.T) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var tcp_pkt tcp.Packet var raw_pkt raw.Packet _, err := layers.Unpack(test_eth_ipv4_tcp_raw, ð_pkt, &ip4_pkt, &tcp_pkt, &raw_pkt) if err != nil { t.Fatalf("Error unpacking: %s", err) } } func BenchmarkUnpackEthUPv4TCPRaw(bn *testing.B) { var eth_pkt eth.Packet var ip4_pkt ipv4.Packet var tcp_pkt tcp.Packet var raw_pkt raw.Packet for n := 0; n < bn.N; n++ { layers.Unpack(test_eth_ipv4_tcp_raw, ð_pkt, &ip4_pkt, &tcp_pkt, &raw_pkt) } } func TestUnpackAllEthIPv4TCPRaw(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_ipv4_tcp_raw, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } if pkt.GetType() != packet.Eth { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.IPv4 { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.TCP { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } pkt = pkt.Payload() if pkt.GetType() != packet.Raw { t.Fatalf("Packet type mismatch, %s", pkt.GetType()) } } func BenchmarkUnpackAllEthIPv4TCPRaw(bn *testing.B) { for n := 0; n < bn.N; n++ { layers.UnpackAll(test_eth_ipv4_tcp_raw, packet.Eth) } } func TestFindLayer(t *testing.T) { pkt, err := layers.UnpackAll(test_eth_ipv4_tcp, packet.Eth) if err != nil { t.Fatalf("Error unpacking: %s", err) } ipv4_pkt := layers.FindLayer(pkt, packet.IPv4) if ipv4_pkt == nil || ipv4_pkt.GetType() != packet.IPv4 { t.Fatalf("Not IPv4: %s", ipv4_pkt) } tcp_pkt := layers.FindLayer(pkt, packet.TCP) if tcp_pkt == nil || tcp_pkt.GetType() != packet.TCP { t.Fatalf("Not TCP: %s", tcp_pkt) } udp_pkt := layers.FindLayer(pkt, packet.UDP) if udp_pkt != nil { t.Fatalf("Not nil: %s", udp_pkt) } } func ExamplePack() { // Create an Ethernet packet eth_pkt := eth.Make() eth_pkt.SrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") // Create an ARP packet arp_pkt := arp.Make() arp_pkt.HWSrcAddr, _ = net.ParseMAC("4c:72:b9:54:e5:3d") arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr = net.ParseIP("192.168.1.135") arp_pkt.ProtoDstAddr = net.ParseIP("192.168.1.254") buf, err := layers.Pack(eth_pkt, arp_pkt) if err != nil { log.Fatal(err) } // do something with the packet log.Println(buf) } func ExampleUnpack() { // Create the buf data buf := []byte("random data") // Assume Ethernet as datalink layer pkt, err := layers.UnpackAll(buf, packet.Eth) if err != nil { log.Fatal(err) } log.Println(pkt) } ================================================ FILE: network/network.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides utility functions for sending and receiving packets over the // network. Basically, it hides some of the complexity of using the capture and // layers packages together. package network import "fmt" import "net" import "time" import "github.com/ghedo/go.pkt/capture" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/arp" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/layers" import "github.com/ghedo/go.pkt/routing" // Pack packets into their binary form and inject them in the given capture // handle.. This will stack the packets before encoding them and also calculate // the checksums. func Send(c capture.Handle, pkts ...packet.Packet) error { if pkts[0].GetType() != c.LinkType() { return fmt.Errorf("Expected packet type %s, got %s", pkts[0].GetType(), c.LinkType()) } buf, err := layers.Pack(pkts...) if err != nil { return fmt.Errorf("Could not pack: %s", err) } err = c.Inject(buf) if err != nil { return fmt.Errorf("Could not inject: %s", err) } return nil } // Capture a single packet from the given capture handle, unpack it and return // it. This will block until a packet is received. func Recv(c capture.Handle) (packet.Packet, error) { buf, err := c.Capture() if err != nil { return nil, fmt.Errorf("Could not capture: %s", err) } pkt, err := layers.UnpackAll(buf, c.LinkType()) if err != nil { return nil, fmt.Errorf("Could not unpack: %s", err) } return pkt, nil } // Like Send() and Recv() combined. This only returns a suitable answer for the // sent packets. If t is not zero, this will return if not answer is received // before t expires. func SendRecv(c capture.Handle, t time.Duration, pkts ...packet.Packet) (packet.Packet, error) { err := Send(c, pkts...) if err != nil { return nil, err } now := time.Now() for { pkt, err := Recv(c) if err != nil { return nil, err } if pkt == nil { return nil, nil } if pkt.Answers(pkts[0]) { return pkt, nil } if int64(t) > 0 && int64(time.Since(now)) > int64(t.Nanoseconds()) { return nil, fmt.Errorf("Timeout") } } return nil, fmt.Errorf("WTF") } // Determine the next hop's MAX address to reach the given IP address and route // by doing an ARP resolution. func NextHopMAC(c capture.Handle, t time.Duration, r *routing.Route, addr net.IP) (net.HardwareAddr, error) { eth_pkt := eth.Make() eth_pkt.SrcAddr = r.Iface.HardwareAddr eth_pkt.DstAddr, _ = net.ParseMAC("ff:ff:ff:ff:ff:ff") arp_pkt := arp.Make() arp_pkt.HWSrcAddr = r.Iface.HardwareAddr arp_pkt.HWDstAddr, _ = net.ParseMAC("00:00:00:00:00:00") arp_pkt.ProtoSrcAddr, _ = r.GetIfaceIPv4Addr() if r.Default { arp_pkt.ProtoDstAddr = r.Gateway } else { arp_pkt.ProtoDstAddr = addr } pkt, err := SendRecv(c, t, eth_pkt, arp_pkt) if err != nil { return nil, err } return pkt.Payload().(*arp.Packet).HWSrcAddr, nil } ================================================ FILE: packet/arp/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for ARP packets. package arp import "net" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" type Packet struct { Operation Operation `string:"op"` HWType uint16 HWAddrLen uint8 `string:"hwlen"` HWSrcAddr net.HardwareAddr `string:"hwsrc"` HWDstAddr net.HardwareAddr `string:"hwdst"` ProtoType eth.EtherType `string:"ptype"` ProtoAddrLen uint8 `string:"plen"` ProtoSrcAddr net.IP `string:"psrc"` ProtoDstAddr net.IP `string:"pdst"` } type Operation uint16 const ( Request Operation = 1 Reply = 2 ) func Make() *Packet { return &Packet { Operation: Request, HWType: 1, HWAddrLen: 6, ProtoType: eth.IPv4, ProtoAddrLen: 4, } } func (p *Packet) GetType() packet.Type { return packet.ARP } func (p *Packet) GetLength() uint16 { return 8 + uint16(p.HWAddrLen) * 2 + uint16(p.ProtoAddrLen) * 2 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.ARP { return false } if p.Operation == Reply && other.(*Packet).Operation == Request && p.ProtoSrcAddr.Equal(other.(*Packet).ProtoDstAddr) { return true } return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.HWType) buf.WriteN(p.ProtoType) buf.WriteN(p.HWAddrLen) buf.WriteN(p.ProtoAddrLen) buf.WriteN(p.Operation) buf.Write(p.HWSrcAddr[len(p.HWSrcAddr) - int(p.HWAddrLen):]) buf.Write(p.ProtoSrcAddr[len(p.ProtoSrcAddr) - int(p.ProtoAddrLen):]) buf.Write(p.HWDstAddr[len(p.HWDstAddr) - int(p.HWAddrLen):]) buf.Write(p.ProtoDstAddr[len(p.ProtoDstAddr) - int(p.ProtoAddrLen):]) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.HWType) buf.ReadN(&p.ProtoType) buf.ReadN(&p.HWAddrLen) buf.ReadN(&p.ProtoAddrLen) buf.ReadN(&p.Operation) p.HWSrcAddr = net.HardwareAddr(buf.Next(int(p.HWAddrLen))) p.ProtoSrcAddr = net.IP(buf.Next(int(p.ProtoAddrLen))) p.HWDstAddr = net.HardwareAddr(buf.Next(int(p.HWAddrLen))) p.ProtoDstAddr = net.IP(buf.Next(int(p.ProtoAddrLen))) return nil } func (p *Packet) Payload() packet.Packet { return nil } func (p *Packet) GuessPayloadType() packet.Type { return packet.None } func (p *Packet) SetPayload(pl packet.Packet) error { return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } func (o Operation) String() string { switch o { case Request: return "request" case Reply: return "reply" default: return "invalid" } } ================================================ FILE: packet/arp/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package arp_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/arp" import "github.com/ghedo/go.pkt/packet/eth" var test_simple = []byte{ 0x00, 0x01, 0x08, 0x00, 0x06, 0x04, 0x00, 0x01, 0x4C, 0x72, 0xB9, 0x54, 0xE5, 0x3D, 0xC0, 0xA8, 0x01, 0x87, 0x1F, 0x92, 0x2B, 0x56, 0xED, 0x77, 0x1C, 0x3C, 0x09, 0xBF, } var hwsrc_str = "4c:72:b9:54:e5:3d" var hwdst_str = "1f:92:2b:56:ed:77" var ipsrc_str = "192.168.1.135" var ipdst_str = "28.60.9.191" func MakeTestSimple() *arp.Packet { hwsrc, _ := net.ParseMAC(hwsrc_str) hwdst, _ := net.ParseMAC(hwdst_str) ipsrc := net.ParseIP(ipsrc_str) ipdst := net.ParseIP(ipdst_str) return &arp.Packet{ Operation: arp.Request, HWType: 1, HWAddrLen: 6, HWSrcAddr: hwsrc, HWDstAddr: hwdst, ProtoType: eth.IPv4, ProtoAddrLen: 4, ProtoSrcAddr: ipsrc, ProtoDstAddr: ipdst, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p arp.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p arp.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/buffer.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package packet import "encoding/binary" // A Buffer is a variable-sized buffer of bytes with Read and Write methods. // It's based on the bytes.Buffer code provided by the standard library, but // implements additional convenience methods. // // This is used internally to provide packet encoding and decoding, and should // not be used directly. type Buffer struct { buf []byte off int layer_off int } // Initialize the buffer with the given slice. func (b *Buffer) Init(buf []byte) { b.buf = buf b.off = 0 b.layer_off = 0 } // Return the unread portion of the buffer as slice. func (b *Buffer) Bytes() []byte { return b.buf[b.off:] } // Return the whole buffer as slice. func (b *Buffer) Buffer() []byte { return b.buf } // Return the number of bytes of the unread portion of the buffer. func (b *Buffer) Len() int { return len(b.buf) - b.off } // Manually set the buffer offset to off. func (b *Buffer) SetOffset(off int) { b.off = off } // Point the layer starting offset to the current buffer offset. func (b *Buffer) NewLayer() { b.layer_off = len(b.buf) - b.Len() } // Return the buffer of the current layer as slice. func (b *Buffer) LayerBytes() []byte { return b.buf[b.layer_off:] } // Return the length of the current decoded layer. func (b *Buffer) LayerLen() int { return b.off - b.layer_off } // Append the contents of p to the buffer. func (b *Buffer) Write(p []byte) (n int, err error) { n = copy(b.buf[b.off:], p) b.off += n return } // Append the value of data to the buffer in network byter order. func (b *Buffer) WriteN(data interface{}) error { return binary.Write(b, binary.BigEndian, data) } // Append the value of data to the buffer in little endian byter order. func (b *Buffer) WriteL(data interface{}) error { return binary.Write(b, binary.LittleEndian, data) } // Write data in network byte order to the specified offset relative to the // start of the current layer. func (b *Buffer) PutUint16N(off int, data uint16) { binary.BigEndian.PutUint16(b.buf[b.layer_off + off:], data) } // Read the next len(p) bytes from the buffer or until the buffer is drained. func (b *Buffer) Read(p []byte) (n int, err error) { n = copy(p, b.buf[b.off:]) b.off += n return } // Read structured data from the buffer in network byte order. func (p *Buffer) ReadN(data interface{}) error { return binary.Read(p, binary.BigEndian, data) } // Read structured data from the buffer in little endian byte order. func (p *Buffer) ReadL(data interface{}) error { return binary.Read(p, binary.LittleEndian, data) } // Read aligned structured data from the buffer in little endian byte order. func (p *Buffer) ReadLAligned(data interface{}, width uintptr) error { p.off = ((((p.off) + ((int(width)) - 1)) & (^((int(width)) - 1))) - p.off) return binary.Read(p, binary.LittleEndian, data) } // Return a slice containing the next n bytes from the buffer, advancing the // buffer as if the bytes had been returned by Read func (b *Buffer) Next(n int) []byte { m := b.Len() if n > m { n = m } data := b.buf[b.off : b.off+n] b.off += n return data } ================================================ FILE: packet/eth/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for Ethernet (both EthernetII and 802.3) // packets. package eth import "fmt" import "net" import "github.com/ghedo/go.pkt/packet" type Packet struct { DstAddr net.HardwareAddr `string:"dst"` SrcAddr net.HardwareAddr `string:"src"` Type EtherType Length uint16 `cmp:"skip"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type EtherType uint16 const ( None EtherType = 0x0000 ARP = 0x0806 IPv4 = 0x0800 IPv6 = 0x86dd LLC = 0x0001 /* pseudo ethertype */ LLDP = 0x088cc QinQ = 0x88a8 TRILL = 0x22f3 VLAN = 0x8100 WoL = 0x0842 ) func Make() *Packet { return &Packet{ DstAddr: make([]byte, 6), SrcAddr: make([]byte, 6), Length: 14, } } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.Eth { return false } if p.Type != other.(*Packet).Type { return false } if p.Payload() != nil { return p.Payload().Answers(other.Payload()) } return true } func (p *Packet) GetType() packet.Type { return packet.Eth } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 14 } return 14 } func (p *Packet) Pack(buf *packet.Buffer) error { buf.Write(p.DstAddr) buf.Write(p.SrcAddr) if p.Type != LLC { buf.WriteN(p.Type) } else { buf.WriteN(p.Length) } return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { p.DstAddr = net.HardwareAddr(buf.Next(6)) p.SrcAddr = net.HardwareAddr(buf.Next(6)) buf.ReadN(&p.Type) if p.Type < 0x0600 { p.Length = uint16(p.Type) p.Type = LLC } return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return EtherTypeToType(p.Type) } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Type = TypeToEtherType(pl.GetType()) if p.Type < 0x0600 { p.Length = p.GetLength() } return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } var ethertype_to_type_map = map[EtherType]packet.Type{ None: packet.None, ARP: packet.ARP, IPv4: packet.IPv4, IPv6: packet.IPv6, LLC: packet.LLC, LLDP: packet.LLDP, VLAN: packet.VLAN, QinQ: packet.VLAN, TRILL: packet.TRILL, WoL: packet.WoL, } // Create a new Type from the given EtherType. func EtherTypeToType(ethertype EtherType) packet.Type { for e, t := range ethertype_to_type_map { if e == ethertype { return t } } return packet.Raw } // Convert the Type to the corresponding EtherType. func TypeToEtherType(pkttype packet.Type) EtherType { /* Hack to avoid non-determinism due to map iteration ordering */ if pkttype == packet.VLAN { return VLAN } for e, t := range ethertype_to_type_map { if t == pkttype { return e } } return None } func (t EtherType) String() string { switch t { case ARP: return "ARP" case IPv4: return "IPv4" case IPv6: return "IPv6" case LLC: return "LLC" case LLDP: return "LLDP" case None: return "None" case QinQ: return "QinQ" case TRILL: return "TRILL" case VLAN: return "VLAN" case WoL: return "WoL" default: return fmt.Sprintf("0x%x", uint16(t)) } } ================================================ FILE: packet/eth/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package eth_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" var hwsrc_str = "4c:72:b9:54:e5:3d" var hwdst_str = "1f:92:2b:56:ed:77" var test_simple = []byte{ 0x1f, 0x92, 0x2b, 0x56, 0xed, 0x77, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x08, 0x00, } func MakeTestSimple() *eth.Packet { hwsrc, _ := net.ParseMAC(hwsrc_str) hwdst, _ := net.ParseMAC(hwdst_str) return ð.Packet{ SrcAddr: hwsrc, DstAddr: hwdst, Type: eth.IPv4, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p eth.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p eth.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/icmpv4/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for ICMPv4 packets. package icmpv4 import "fmt" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" type Packet struct { Type Type Code Code Checksum uint16 `string:"sum"` Id uint16 Seq uint16 pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Type uint8 type Code uint8 const ( EchoReply Type = iota Reserved1 Reserved2 DstUnreachable SrcQuench RedirectMsg Reserved3 Reserved4 EchoRequest RouterAdv RouterSol TimeExceeded ParamProblem Timestamp TimestampReply InfoRequest InfoReply AddrMaskRequest AddrMaskReply ) func Make() *Packet { return &Packet{ Type: EchoRequest, } } func (p *Packet) GetType() packet.Type { return packet.ICMPv4 } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 8 } return 8 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.ICMPv4 { return false } if (other.(*Packet).Type == EchoRequest && p.Type == EchoReply) || (other.(*Packet).Type == Timestamp && p.Type == TimestampReply) || (other.(*Packet).Type == InfoRequest && p.Type == InfoReply) || (other.(*Packet).Type == AddrMaskRequest && p.Type == AddrMaskReply) { return (other.(*Packet).Seq == p.Seq) && (other.(*Packet).Id == p.Id) } return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(byte(p.Type)) buf.WriteN(byte(p.Code)) buf.WriteN(uint16(0x0000)) buf.WriteN(p.Id) buf.WriteN(p.Seq) p.Checksum = ipv4.CalculateChecksum(buf.LayerBytes(), 0) buf.PutUint16N(2, p.Checksum) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.Type) buf.ReadN(&p.Code) buf.ReadN(&p.Checksum) buf.ReadN(&p.Id) buf.ReadN(&p.Seq) /* TODO: data */ return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { switch p.Type { case DstUnreachable, SrcQuench, RedirectMsg, TimeExceeded, ParamProblem: return packet.IPv4 } return packet.None } func (p *Packet) SetPayload(pl packet.Packet) error { switch p.Type { case DstUnreachable, SrcQuench, RedirectMsg, TimeExceeded, ParamProblem: p.pkt_payload = pl } return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } func (t Type) String() string { switch t { case EchoReply: return "echo-reply" case DstUnreachable: return "dst-unreach" case SrcQuench: return "src-quench" case RedirectMsg: return "redirect" case EchoRequest: return "echo-request" case RouterAdv: return "router-adv" case RouterSol: return "router-sol" case TimeExceeded: return "time-exceeded" case ParamProblem: return "param-problem" case Timestamp: return "timestamp-request" case TimestampReply: return "timestamp-reply" case InfoRequest: return "info-request" case InfoReply: return "info-reply" case AddrMaskRequest: return "addr-mask-request" case AddrMaskReply: return "addr-mask-reply" default: return "unknown" } } func (c Code) String() string { if c != 0 { return fmt.Sprintf("%x", uint8(c)) } return "" } ================================================ FILE: packet/icmpv4/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package icmpv4_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/icmpv4" var test_simple = []byte{ 0x08, 0x00, 0xf7, 0xd2, 0x00, 0x0f, 0x00, 0x1e, } func MakeTestSimple() *icmpv4.Packet { return &icmpv4.Packet{ Type: icmpv4.EchoRequest, Code: 0, Id: 15, Seq: 30, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p icmpv4.Packet cmp := MakeTestSimple() cmp.Checksum = 0xf7d2 var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p icmpv4.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/icmpv6/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for ICMPv6 packets. package icmpv6 import "fmt" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" type Packet struct { Type Type Code Code Checksum uint16 `string:"sum"` csum_seed uint32 `cmp:"skip" string:"skip"` Body uint32 `cmp:"skip" string:"skip"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Type uint8 type Code uint8 const ( DstUnreachable Type = 1 PacketTooBig = 2 TimeExceeded = 3 ParamProblem = 4 Private1 = 100 Private2 = 101 Reserved1 = 127 EchoRequest = 128 EchoReply = 129 /* TODO: more types */ ) func Make() *Packet { return &Packet{ Type: EchoRequest, } } func (p *Packet) GetType() packet.Type { return packet.ICMPv6 } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 8 } return 8 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.ICMPv6 { return false } if other.(*Packet).Type == EchoRequest && p.Type == EchoReply { return true } return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(byte(p.Type)) buf.WriteN(byte(p.Code)) buf.WriteN(uint16(0x00)) buf.WriteN(p.Body) if p.csum_seed != 0 { p.Checksum = ipv4.CalculateChecksum(buf.LayerBytes(), p.csum_seed) buf.PutUint16N(2, p.Checksum) } return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.Type) buf.ReadN(&p.Code) buf.ReadN(&p.Checksum) /* TODO: data */ buf.ReadN(&p.Body) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { switch p.Type { case DstUnreachable, PacketTooBig, TimeExceeded, ParamProblem: return packet.IPv6 } return packet.None } func (p *Packet) SetPayload(pl packet.Packet) error { switch p.Type { case DstUnreachable, PacketTooBig, TimeExceeded, ParamProblem: p.pkt_payload = pl } return nil } func (p *Packet) InitChecksum(csum uint32) { p.csum_seed = csum } func (p *Packet) String() string { return packet.Stringify(p) } func (t Type) String() string { switch t { case DstUnreachable: return "dst-unreach" case PacketTooBig: return "too-big" case TimeExceeded: return "timeout" case ParamProblem: return "param-problem" case EchoRequest: return "echo-request" case EchoReply: return "echo-reply" default: return "unknown" } } func (c Code) String() string { if c != 0 { return fmt.Sprintf("%x", uint8(c)) } return "" } ================================================ FILE: packet/icmpv6/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package icmpv6_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/icmpv6" import "github.com/ghedo/go.pkt/packet/ipv6" var test_simple = []byte{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, } func MakeTestSimple() *icmpv6.Packet { return &icmpv6.Packet{ Type: icmpv6.EchoRequest, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p icmpv6.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p icmpv6.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } var test_with_ipv6 = []byte{ 0x80, 0x00, 0x5b, 0xed, 0x00, 0x00, 0x00, 0x00, } var ipsrc_str = "fe80::4e72:b9ff:fe54:e53d" var ipdst_str = "2001:4860:4860::8888" func TestPackWithIPv6(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_with_ipv6))) ip6 := ipv6.Make() ip6.SrcAddr = net.ParseIP(ipsrc_str) ip6.DstAddr = net.ParseIP(ipdst_str) icmp6 := MakeTestSimple() ip6.SetPayload(icmp6) err := icmp6.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_with_ipv6, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func TestUnpackWithIPv6(t *testing.T) { var p icmpv6.Packet cmp := MakeTestSimple() cmp.Checksum = 0x5bed var b packet.Buffer b.Init(test_with_ipv6) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } ================================================ FILE: packet/ipv4/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for IPv4 packets. package ipv4 import "fmt" import "net" import "strings" import "github.com/ghedo/go.pkt/packet" type Packet struct { Version uint8 IHL uint8 TOS uint8 `cmp:"skip"` Length uint16 `cmp:"skip"` Id uint16 Flags Flags FragOff uint16 TTL uint8 `cmp:"skip"` Protocol Protocol `string:"proto"` Checksum uint16 `cmp:"skip" string:"sum"` SrcAddr net.IP `string:"src"` DstAddr net.IP `string:"dst"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Flags uint8 const ( Evil Flags = 1 << 2 /* RFC3514 */ DontFragment = 1 << 1 MoreFragments = 1 << 0 ) type Protocol uint8 const ( None Protocol = 0x00 GRE = 0x2F ICMPv4 = 0x01 ICMPv6 = 0x3A IGMP = 0x02 IPSecAH = 0x33 IPSecESP = 0x32 IPv6 = 0x29 ISIS = 0x7C L2TP = 0x73 OSPF = 0x59 SCTP = 0x84 TCP = 0x06 UDP = 0x11 UDPLite = 0x88 ) func Make() *Packet { return &Packet{ Version: 4, IHL: 5, Length: 20, TTL: 64, Id: 1, } } func (p *Packet) GetType() packet.Type { return packet.IPv4 } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 20 } return 20 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.IPv4 { return false } if p.Payload() != nil && p.Payload().GetType() == packet.ICMPv4 && p.Payload().Payload() != nil { return p.Payload().Payload().Equals(other) } if !p.SrcAddr.Equal(other.(*Packet).DstAddr) || p.Protocol != other.(*Packet).Protocol { return false } if p.Payload() != nil { return p.Payload().Answers(other.Payload()) } return true } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN((p.Version << 4) | p.IHL) buf.WriteN(p.TOS) buf.WriteN(p.Length) buf.WriteN(p.Id) buf.WriteN((uint16(p.Flags) << 13) | p.FragOff) buf.WriteN(p.TTL) buf.WriteN(p.Protocol) buf.WriteN(uint16(0x00)) buf.Write(p.SrcAddr.To4()) buf.Write(p.DstAddr.To4()) p.checksum(buf.LayerBytes()[:20]) buf.PutUint16N(10, p.Checksum) return nil } func (p *Packet) checksum(raw_bytes []byte) { var csum uint32 for i := 0; i < len(raw_bytes) - 1; i += 2 { csum += uint32(raw_bytes[i]) << 8 csum += uint32(raw_bytes[i + 1]) } p.Checksum = ^uint16((csum >> 16) + csum) } func (p *Packet) pseudo_checksum() uint32 { var csum uint32 csum += (uint32(p.SrcAddr.To4()[0]) + uint32(p.SrcAddr.To4()[2])) << 8 csum += uint32(p.SrcAddr.To4()[1]) + uint32(p.SrcAddr.To4()[3]) csum += (uint32(p.DstAddr.To4()[0]) + uint32(p.DstAddr.To4()[2])) << 8 csum += uint32(p.DstAddr.To4()[1]) + uint32(p.DstAddr.To4()[3]) csum += uint32(p.Protocol) csum += uint32(p.pkt_payload.GetLength()) return csum } func (p *Packet) Unpack(buf *packet.Buffer) error { var versihl uint8 buf.ReadN(&versihl) p.Version = versihl >> 4 p.IHL = versihl & 0x0F buf.ReadN(&p.TOS) buf.ReadN(&p.Length) buf.ReadN(&p.Id) var flagsfrag uint16 buf.ReadN(&flagsfrag) p.Flags = Flags(flagsfrag >> 13) p.FragOff = flagsfrag & 0x1FFF buf.ReadN(&p.TTL) buf.ReadN(&p.Protocol) buf.ReadN(&p.Checksum) p.SrcAddr = net.IP(buf.Next(4)) p.DstAddr = net.IP(buf.Next(4)) /* TODO: Options */ return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return ProtocolToType(p.Protocol) } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Protocol = TypeToProtocol(pl.GetType()) p.Length = p.GetLength() pl.InitChecksum(p.pseudo_checksum()) return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } func (f Flags) String() string { var flags []string if f & Evil != 0 { flags = append(flags, "evil") } if f & DontFragment != 0 { flags = append(flags, "dont-fragment") } if f & MoreFragments != 0 { flags = append(flags, "more-fragments") } return strings.Join(flags, "|") } func CalculateChecksum(raw_bytes []byte, csum uint32) uint16 { length := len(raw_bytes) - 1 for i := 0; i < length; i += 2 { csum += uint32(raw_bytes[i]) << 8 csum += uint32(raw_bytes[i + 1]) } csum = (csum >> 16) + (csum & 0xffff) return ^uint16(csum + (csum >> 16)) } var ipv4proto_to_type_map = map[Protocol]packet.Type{ None: packet.None, GRE: packet.GRE, ICMPv4: packet.ICMPv4, ICMPv6: packet.ICMPv6, IGMP: packet.IGMP, IPSecAH: packet.IPSec, IPSecESP: packet.IPSec, IPv6: packet.IPv6, UDP: packet.UDP, ISIS: packet.ISIS, L2TP: packet.L2TP, OSPF: packet.OSPF, SCTP: packet.SCTP, UDPLite: packet.UDPLite, TCP: packet.TCP, } // Create a new Type from the given IP protocol ID. func ProtocolToType(proto Protocol) packet.Type { for p, t := range ipv4proto_to_type_map { if p == proto { return t } } return packet.Raw } // Convert the Type to the corresponding IP protocol ID. func TypeToProtocol(pkttype packet.Type) Protocol { for p, t := range ipv4proto_to_type_map { if t == pkttype { return p } } return None } func (p Protocol) String() string { switch p { case GRE: return "GRE" case ICMPv4: return "ICMPv4" case ICMPv6: return "ICMPv6" case IGMP: return "IGMP" case IPSecAH: return "IPSecAH" case IPSecESP: return "IPSecESP" case IPv6: return "IPv6" case UDP: return "UDP" case ISIS: return "ISIS" case L2TP: return "L2TP" case OSPF: return "OSPF" case SCTP: return "SCTP" case UDPLite: return "UDPLite" case TCP: return "TCP" default: return fmt.Sprintf("0x%x", uint16(p)) } } ================================================ FILE: packet/ipv4/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package ipv4_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" var test_simple = []byte{ 0x45, 0x03, 0x00, 0x14, 0x00, 0x0f, 0x40, 0x00, 0x64, 0x06, 0x48, 0x97, 0xc0, 0xa8, 0x01, 0x87, 0x08, 0x08, 0x04, 0x04, } var ipsrc_str = "192.168.1.135" var ipdst_str = "8.8.4.4" func MakeTestSimple() *ipv4.Packet { return &ipv4.Packet{ Version: 4, IHL: 5, Length: 20, TOS: 3, Id: 15, TTL: 100, Flags: ipv4.DontFragment, Protocol: ipv4.TCP, SrcAddr: net.ParseIP(ipsrc_str), DstAddr: net.ParseIP(ipdst_str), } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p ipv4.Packet cmp := MakeTestSimple() cmp.Checksum = 0x4897 var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p ipv4.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/ipv6/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for IPv6 packets. package ipv6 import "encoding/binary" import "net" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" type Packet struct { Version uint8 Class uint8 Label uint32 Length uint16 `string:"len"` NextHdr ipv4.Protocol `string:"next"` HopLimit uint8 `cmp:"skip" string:"hop"` SrcAddr net.IP `string:"src"` DstAddr net.IP `string:"dst"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Flags uint8 func Make() *Packet { return &Packet{ Version: 6, HopLimit: 64, } } func (p *Packet) GetType() packet.Type { return packet.IPv6 } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 40 } return 40 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.IPv6 { return false } /* TODO: check link-local broadcast addresses */ if !p.DstAddr.Equal(other.(*Packet).SrcAddr) { return false } /* TODO: check ICMPv6 errors */ if p.Payload() != nil { return p.Payload().Answers(other.Payload()) } return true } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(uint8(p.Version << 4 | (p.Class >> 4))) buf.WriteN(p.Class << 4 | uint8(p.Label >> 16)) buf.WriteN(uint16(p.Label)) buf.WriteN(p.Length) buf.WriteN(p.NextHdr) buf.WriteN(p.HopLimit) buf.Write(p.SrcAddr.To16()) buf.Write(p.DstAddr.To16()) return nil } func (p *Packet) pseudo_checksum() uint32 { var csum uint32 for i := 0; i < 16; i += 2 { csum += uint32(p.SrcAddr.To16()[i]) << 8 csum += uint32(p.SrcAddr.To16()[i + 1]) csum += uint32(p.DstAddr.To16()[i]) << 8 csum += uint32(p.DstAddr.To16()[i + 1]) } csum += uint32(p.Length) csum += uint32(p.NextHdr) return csum } func (p *Packet) Unpack(buf *packet.Buffer) error { var versclass uint8 buf.ReadN(&versclass) p.Version = versclass >> 4 p.Class = uint8((binary.BigEndian.Uint16(buf.LayerBytes()[0:2]) >> 4) & 0x00FF) p.Label = binary.BigEndian.Uint32(buf.LayerBytes()[0:4]) & 0x000FFFFF buf.Next(3) buf.ReadN(&p.Length) buf.ReadN(&p.NextHdr) buf.ReadN(&p.HopLimit) p.SrcAddr = net.IP(buf.Next(16)) p.DstAddr = net.IP(buf.Next(16)) /* TODO: Options */ return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return ipv4.ProtocolToType(p.NextHdr) } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.NextHdr = ipv4.TypeToProtocol(pl.GetType()) p.Length = pl.GetLength() pl.InitChecksum(p.pseudo_checksum()) return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } ================================================ FILE: packet/ipv6/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package ipv6_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/ipv6" var test_simple = []byte{ 0x63, 0x0d, 0x5b, 0x0a, 0x00, 0x08, 0x11, 0x40, 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x72, 0xb9, 0xff, 0xfe, 0x54, 0xe5, 0x3d, 0x07, 0x9a, 0x19, 0xb9, 0x11, 0x15, 0xed, 0x67, 0x99, 0xf5, 0xf0, 0x7a, 0x66, 0x87, 0x5b, 0x0f, } var ipsrc_str = "fe80::4e72:b9ff:fe54:e53d" var ipdst_str = "79a:19b9:1115:ed67:99f5:f07a:6687:5b0f" func MakeTestSimple() *ipv6.Packet { return &ipv6.Packet{ Version: 6, Class: 48, Label: 875274, Length: 8, NextHdr: ipv4.UDP, HopLimit: 64, SrcAddr: net.ParseIP(ipsrc_str), DstAddr: net.ParseIP(ipdst_str), } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p ipv6.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p ipv6.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/llc/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for LLC (802.2 Logical Link Control) packets. package llc import "github.com/ghedo/go.pkt/packet" type Packet struct { DSAP uint8 SSAP uint8 Control uint16 `string:"ctrl"` pkt_payload packet.Packet `string:"skip"` } func Make() *Packet { return &Packet{ } } func (p *Packet) GetType() packet.Type { return packet.LLC } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 2 } return 2 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.DSAP) buf.WriteN(p.SSAP) if p.Control & 0x1 == 0 || p.Control & 0x3 == 0x1 { buf.WriteN(p.Control) } else { buf.WriteN(uint8(p.Control)) } return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.DSAP) buf.ReadN(&p.SSAP) if buf.Bytes()[:1][0] & 0x1 == 0 || buf.Bytes()[:1][0] & 0x3 == 0x1 { buf.ReadN(&p.Control) } else { var ctrl uint8 buf.ReadN(&ctrl) p.Control = uint16(ctrl) } return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { if p.DSAP == 0xaa && p.SSAP == 0xaa { return packet.SNAP } return packet.None } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } ================================================ FILE: packet/llc/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package llc_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/llc" var test_simple = []byte{ 0x4e, 0x5e, 0x0b, } func MakeTestSimple() *llc.Packet { return &llc.Packet{ DSAP: 0x4e, SSAP: 0x5e, Control: 0xa | 0x1, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p llc.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p llc.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/packet.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides the interfaces for implementing packet encoders and decoders. Every // supported protocol implements the Packet interface as a submodule of this // package (e.g. packet/ipv4, packet/tcp, ...). package packet import "fmt" import "reflect" import "strconv" import "strings" // Type represents the protocol of a packet. type Type uint16 const ( None Type = iota ARP Bluetooth /* TODO */ Eth GRE /* TODO */ ICMPv4 ICMPv6 IGMP /* TODO */ IPSec /* TODO */ IPv4 IPv6 ISIS /* TODO */ L2TP /* TODO */ LLC LLDP /* TODO */ OSPF /* TODO */ RadioTap /* TODO */ Raw SCTP /* TODO */ SLL SNAP TCP TRILL /* TODO */ UDP UDPLite /* TODO */ VLAN WiFi /* TODO */ WoL /* TODO */ ) // Packet is the interface used internally to implement packet encoding and // decoding independently of the packet wire format. type Packet interface { /* Return the type of the packet */ GetType() Type /* Return the length of the packet including the payload if present */ GetLength() uint16 /* Check if the packet matches another packet */ Equals(other Packet) bool /* Check if the packet is an answer to another packet */ Answers(other Packet) bool /* Encode the packet and write it to the given buffer */ Pack(out *Buffer) error /* Decode the packet from the given buffer */ Unpack(in *Buffer) error /* Return the payload of the packet or nil */ Payload() Packet /* Initialize the payload of the packet */ SetPayload(payload Packet) error /* Try to guess the type of the payload */ GuessPayloadType() Type /* Initialize the checksum of the packet with the given seed */ InitChecksum(seed uint32) String() string } var pcap_link_type_to_type_map = [][2]uint32{ { 1, uint32(Eth) }, { 113, uint32(SLL) }, { 127, uint32(RadioTap) }, { 228, uint32(IPv4) }, { 229, uint32(IPv6) }, } // Create a new type from the given PCAP link type. func LinkType(link_type uint32) Type { for _, t := range pcap_link_type_to_type_map { if t[0] == link_type { return Type(t[1]) } } return None } // Convert the Type to the corresponding PCAP link type. func (pkttype Type) ToLinkType() uint32 { for _, t := range pcap_link_type_to_type_map { if t[1] == uint32(pkttype) { return t[0] } } return 0x00 } func (t Type) String() string { switch t { case ARP: return "ARP" case Bluetooth: return "Bluetooth" case Eth: return "Ethernet" case GRE: return "GRE" case ICMPv4: return "ICMPv4" case ICMPv6: return "ICMPv6" case IGMP: return "IGMP" case IPSec: return "IPSec" case IPv4: return "IPv4" case IPv6: return "IPv6" case ISIS: return "IS-IS" case L2TP: return "L2TP" case LLC: return "LLC" case LLDP: return "LLDP" case None: return "None" case OSPF: return "OSPF" case RadioTap: return "RadioTap" case SCTP: return "SCTP" case SNAP: return "SNAP" case SLL: return "SLL" case TCP: return "TCP" case TRILL: return "TRILL" case UDPLite: return "UDP Lite" case UDP: return "UDP" case VLAN: return "VLAN" case WiFi: return "WiFi" case WoL: return "WoL" /* case Raw: */ default: return "Data" } } func Compare(a, b Packet) bool { if a == nil || b == nil { return a == b } if a.GetType() != b.GetType() { return false } aval := reflect.ValueOf(a).Elem() bval := reflect.ValueOf(b).Elem() for i := 0; i < aval.NumField(); i++ { ftype := aval.Type().Field(i) if ftype.Tag.Get("cmp") == "skip" { continue } if !compare_value(aval.Field(i), bval.Field(i)) { fmt.Println(aval.Type().Field(i).Name) return false } } return true } func compare_value(a, b reflect.Value) bool { if a.Type() != b.Type() { return false } m := a.MethodByName("Equal") if m.IsValid() { res := m.Call([]reflect.Value{b}) return res[0].Bool() } switch a.Kind() { case reflect.Bool: return a.Bool() == b.Bool() case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: return a.Uint() == b.Uint() case reflect.Array: for i := 0; i < a.Len(); i++ { if !compare_value(a.Index(i), b.Index(i)) { return false } } return true case reflect.Slice: if a.IsNil() != b.IsNil() { return false } if a.Len() != b.Len() { return false } if a.Pointer() == b.Pointer() { return true } for i := 0; i < a.Len(); i++ { if !compare_value(a.Index(i), b.Index(i)) { return false } } return true case reflect.Interface: return true default: return false } } func Stringify(p Packet) string { value := reflect.ValueOf(p).Elem() name := strings.ToLower(p.GetType().String()) var fields []string for i := 0; i < value.NumField(); i++ { field := value.Field(i) ftype := value.Type().Field(i) key := strings.ToLower(ftype.Name) if ftype.Tag.Get("string") != "" { key = ftype.Tag.Get("string") } if key == "skip" { continue } val := stringify_value(key, field) if val != "" { fields = append(fields, fmt.Sprintf("%s=%s", key, val)) } } s := fmt.Sprintf("%s(%s)", name, strings.Join(fields, ", ")) if p.Payload() != nil { s = strings.Join([]string{s, p.Payload().String()}, " | ") } return s } func stringify_value(key string, val reflect.Value) string { var s string var m reflect.Value if !val.IsValid() { goto end } switch val.Kind() { case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64: if val.Uint() > 0 { if key == "sum" || key == "type" { s = "0x" + strconv.FormatUint(val.Uint(), 16) } else { s = strconv.FormatUint(val.Uint(), 10) } } case reflect.Interface, reflect.Slice, reflect.Struct: if val.IsNil() { goto end } case reflect.Bool: if val.Bool() { s = "true" } } m = val.MethodByName("String") if m.IsValid() { res := m.Call([]reflect.Value{}) s = res[0].String() } end: return s } ================================================ FILE: packet/radiotap/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for RadioTap packets. package radiotap import "fmt" import "github.com/ghedo/go.pkt/packet" type Packet struct { Version uint8 Length uint16 Present Present Data []byte `cmp:"skip" string:"skip"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Present uint32 const ( TSFT Present = 1 << iota Flags Rate Channel FHSS DbmAntSignal DbmAntNoise LockQuality TXAttenuation DbTXAttenuation DbmTXPower Antenna DbAntSignal DbAntNoise EXT ) func Make() *Packet { return &Packet{ } } func (p *Packet) GetType() packet.Type { return packet.RadioTap } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 8 + uint16(len(p.Data)) } return 8 + uint16(len(p.Data)) } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteL(p.Version) buf.WriteL(uint8(0x00)) buf.WriteL(p.Length) buf.WriteL(p.Present) /* TODO: actually decode fields */ buf.Write(p.Data) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.Version) var pad uint8 buf.ReadL(&pad) buf.ReadL(&p.Length) buf.ReadL(&p.Present) /* TODO: actually decode fields */ p.Data = buf.Next(int(p.Length) - 8) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return packet.WiFi } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Length = p.GetLength() return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } func (p Present) String() string { return fmt.Sprintf("0x%x", uint32(p)) } ================================================ FILE: packet/radiotap/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package radiotap_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/radiotap" var test_simple = []byte{ 0x00, 0x00, 0x20, 0x00, 0x67, 0x08, 0x04, 0x00, 0x54, 0xc6, 0xb8, 0x24, 0x00, 0x00, 0x00, 0x00, 0x22, 0x0c, 0xda, 0xa0, 0x02, 0x00, 0x00, 0x00, 0x40, 0x01, 0x00, 0x00, 0x3c, 0x14, 0x24, 0x11, } func MakeTestSimple() *radiotap.Packet { return &radiotap.Packet{ Version: 0, Length: 32, Present: 264295, Data: []byte{0x54, 0xc6, 0xb8, 0x24, 0x00, 0x00, 0x00, 0x00, 0x22, 0x0c, 0xda, 0xa0, 0x02, 0x00, 0x00, 0x00, 0x40, 0x01, 0x00, 0x00, 0x3c, 0x14, 0x24, 0x11, }, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p radiotap.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p radiotap.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/raw/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for raw data packets. package raw import "fmt" import "github.com/ghedo/go.pkt/packet" type Packet struct { Data []byte `string:"skip"` } func Make() *Packet { return &Packet{ } } func (p *Packet) GetType() packet.Type { return packet.Raw } func (p *Packet) GetLength() uint16 { return uint16(len(p.Data)) } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.Write(p.Data) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { p.Data = buf.Next(buf.Len()) return nil } func (p *Packet) Payload() packet.Packet { return nil } func (p *Packet) GuessPayloadType() packet.Type { return packet.None } func (p *Packet) SetPayload(pl packet.Packet) error { return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return fmt.Sprintf("data(len=%d)", len(p.Data)) } ================================================ FILE: packet/raw/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package raw_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/raw" var test_simple = []byte{ 0x61, 0x73, 0x64, 0x61, 0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 0x73, } func MakeTestSimple() *raw.Packet { return &raw.Packet{ Data: []byte("asdasd asd asd as"), } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p raw.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p raw.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/sll/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for SLL (Linux cooked mode) packets. package sll import "net" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" type Packet struct { Type Type AddrType uint16 `string:"atype"` AddrLen uint16 `string:"alen"` SrcAddr net.HardwareAddr `string:"src"` EtherType eth.EtherType pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Type uint16 const ( Host Type = 0 Broadcast Type = 1 Multicast Type = 2 OtherHost Type = 3 Outgoing Type = 4 ) func Make() *Packet { return &Packet{ Type: Host, AddrType: 2, AddrLen: 6, } } func (p *Packet) GetType() packet.Type { return packet.SLL } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 16 } return p.AddrLen + 16 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.Type) buf.WriteN(p.AddrType) buf.WriteN(p.AddrLen) buf.WriteN(p.SrcAddr) for i := 0; i < 8 - int(p.AddrLen); i++ { buf.WriteN(uint8(0x00)) } buf.WriteN(p.EtherType) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.Type) buf.ReadN(&p.AddrType) buf.ReadN(&p.AddrLen) p.SrcAddr = net.HardwareAddr(buf.Next(int(p.AddrLen))) buf.Next(8 - int(p.AddrLen)) buf.ReadN(&p.EtherType) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return eth.EtherTypeToType(p.EtherType) } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.EtherType = eth.TypeToEtherType(pl.GetType()) return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } func (t Type) String() string { switch t { case Host: return "host" case Broadcast: return "broadcast" case Multicast: return "multicast" case OtherHost: return "other" case Outgoing: return "outgoing" default: return "unknown" } } ================================================ FILE: packet/sll/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package sll_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/sll" var hwsrc_str = "4c:72:b9:54:e5:3d" var test_simple = []byte{ 0x00, 0x04, 0x00, 0x01, 0x00, 0x06, 0x4c, 0x72, 0xb9, 0x54, 0xe5, 0x3d, 0x00, 0x00, 0x08, 0x00, } func MakeTestSimple() *sll.Packet { hwsrc, _ := net.ParseMAC(hwsrc_str) return &sll.Packet{ Type: sll.Outgoing, AddrType: 1, AddrLen: 6, SrcAddr: hwsrc, EtherType: eth.IPv4, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p sll.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p sll.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/snap/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for SNAP packets. package snap import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" type Packet struct { OUI [3]byte Type eth.EtherType pkt_payload packet.Packet `cmp:"skip" string:"skip"` } func Make() *Packet { return &Packet{ } } func (p *Packet) GetType() packet.Type { return packet.SNAP } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 5 } return 5 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { return false } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.OUI) buf.WriteN(p.Type) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.OUI) buf.ReadN(&p.Type) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { if p.OUI[0] == 0x00 && p.OUI[1] == 0x00 && p.OUI[2] == 0x00 { return eth.EtherTypeToType(p.Type) } else { return packet.Raw } } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Type = eth.TypeToEtherType(pl.GetType()) return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } ================================================ FILE: packet/snap/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package snap_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/snap" var test_simple = []byte{ 0x00, 0x00, 0x00, 0x08, 0x00, } func MakeTestSimple() *snap.Packet { return &snap.Packet{ Type: eth.IPv4, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p snap.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p snap.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: packet/tcp/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for TCP packets. package tcp import "strings" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" type Packet struct { SrcPort uint16 `string:"sport"` DstPort uint16 `string:"dport"` Seq uint32 Ack uint32 DataOff uint8 `string:"off"` Flags Flags WindowSize uint16 `string:"win"` Checksum uint16 `string:"sum"` Urgent uint16 `string:"urg"` Options []Option `cmp:"skip" string:"skip"` csum_seed uint32 `cmp:"skip" string:"skip"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } type Flags uint16 const ( Syn Flags = 1<<1 Fin = 1<<2 Rst = 1<<3 PSH = 1<<4 Ack = 1<<5 Urg = 1<<6 ECE = 1<<7 Cwr = 1<<8 NS = 1<<9 ) type Option struct { Type OptType Len uint8 Data []byte } type OptType uint8 const ( End OptType = 0x00 Nop = 0x01 MSS = 0x02 WindowScale = 0x03 SAckOk = 0x04 SAck = 0x05 Timestamp = 0x08 ) func Make() *Packet { return &Packet{ Flags: Syn, DataOff: 5, WindowSize: 5840, } } func (p *Packet) GetType() packet.Type { return packet.TCP } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + uint16(p.DataOff) * 4 } return uint16(p.DataOff) * 4 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.TCP { return false } if p.SrcPort != other.(*Packet).DstPort || p.DstPort != other.(*Packet).SrcPort { return false } return true } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.SrcPort) buf.WriteN(p.DstPort) buf.WriteN(p.Seq) buf.WriteN(p.Ack) flags := uint16(p.DataOff) << 12 if p.Flags & Fin != 0 { flags |= 0x0001 } if p.Flags & Syn != 0 { flags |= 0x0002 } if p.Flags & Rst != 0 { flags |= 0x0004 } if p.Flags & PSH != 0 { flags |= 0x0008 } if p.Flags & Ack != 0 { flags |= 0x0010 } if p.Flags & Urg != 0 { flags |= 0x0020 } if p.Flags & ECE != 0 { flags |= 0x0040 } if p.Flags & Cwr != 0 { flags |= 0x0080 } if p.Flags & NS != 0 { flags |= 0x0100 } buf.WriteN(flags) buf.WriteN(p.WindowSize) buf.WriteN(uint16(0x0000)) buf.WriteN(p.Urgent) for _, opt := range p.Options { buf.WriteN(opt.Type) buf.WriteN(opt.Len) buf.WriteN(opt.Data) } if p.csum_seed != 0 { p.Checksum = ipv4.CalculateChecksum(buf.LayerBytes(), p.csum_seed) } buf.PutUint16N(16, p.Checksum) /* add padding */ for buf.LayerLen() < int(p.DataOff) * 4 { buf.WriteN(uint8(0x00)) } return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.SrcPort) buf.ReadN(&p.DstPort) buf.ReadN(&p.Seq) buf.ReadN(&p.Ack) var offns uint8 buf.ReadN(&offns) p.DataOff = offns >> 4 if offns & 0x01 != 0 { p.Flags |= NS } var flags uint8 buf.ReadN(&flags) if flags & 0x01 != 0 { p.Flags |= Fin } if flags & 0x02 != 0 { p.Flags |= Syn } if flags & 0x04 != 0 { p.Flags |= Rst } if flags & 0x08 != 0 { p.Flags |= PSH } if flags & 0x10 != 0 { p.Flags |= Ack } if flags & 0x20 != 0 { p.Flags |= Urg } if flags & 0x40 != 0 { p.Flags |= ECE } if flags & 0x80 != 0 { p.Flags |= Cwr } buf.ReadN(&p.WindowSize) buf.ReadN(&p.Checksum) buf.ReadN(&p.Urgent) options: for buf.LayerLen() < int(p.DataOff) * 4 { var opt_type OptType buf.ReadN(&opt_type) switch opt_type { case End: /* end of options */ break options case Nop: /* padding */ continue default: opt := Option{ Type: opt_type } buf.ReadN(&opt.Len) opt.Data = buf.Next(int(opt.Len) - 2) p.Options = append(p.Options, opt) } } /* remove padding */ if buf.LayerLen() < int(p.DataOff) * 4 { buf.Next(int(p.DataOff) * 4 - buf.LayerLen()) } return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return packet.Raw } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl return nil } func (p *Packet) InitChecksum(csum uint32) { p.csum_seed = csum } func (p *Packet) String() string { return packet.Stringify(p) } func (f Flags) String() string { var flags []string if f & Fin != 0 { flags = append(flags, "fin") } if f & Syn != 0 { flags = append(flags, "syn") } if f & Rst != 0 { flags = append(flags, "rst") } if f & PSH != 0 { flags = append(flags, "psh") } if f & Ack != 0 { flags = append(flags, "ack") } if f & Urg != 0 { flags = append(flags, "urg") } if f & ECE != 0 { flags = append(flags, "ece") } if f & Cwr != 0 { flags = append(flags, "cwr") } if f & NS != 0 { flags = append(flags, "ns") } return strings.Join(flags, "|") } ================================================ FILE: packet/tcp/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package tcp_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/tcp" var test_simple = []byte{ 0x00, 0x14, 0x00, 0x50, 0x00, 0x00, 0x15, 0x18, 0x00, 0x00, 0x01, 0xb0, 0x50, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00, 0x28, } func MakeTestSimple() *tcp.Packet { return &tcp.Packet{ SrcPort: 20, DstPort: 80, Seq: 5400, Ack: 432, DataOff: 5, Flags: tcp.Syn, WindowSize: 8192, Urgent: 40, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p tcp.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p tcp.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } var test_with_ipv4 = []byte{ 0x00, 0x14, 0x00, 0x50, 0x00, 0x00, 0x15, 0x18, 0x00, 0x00, 0x01, 0xb0, 0x50, 0x02, 0x20, 0x00, 0xa6, 0x4f, 0x00, 0x28, } var ipsrc_str = "192.168.1.135" var ipdst_str = "8.8.8.8" func TestPackWithIPv4(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_with_ipv4))) ip4 := ipv4.Make() ip4.SrcAddr = net.ParseIP(ipsrc_str) ip4.DstAddr = net.ParseIP(ipdst_str) tcp := MakeTestSimple() ip4.SetPayload(tcp) err := tcp.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_with_ipv4, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func TestUnpackWithIPv4(t *testing.T) { var p tcp.Packet cmp := MakeTestSimple() cmp.Checksum = 0xa64f var b packet.Buffer b.Init(test_with_ipv4) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } var test_options = []byte{ 0x00, 0x14, 0x00, 0x50, 0x00, 0x00, 0x15, 0x18, 0x00, 0x00, 0x01, 0xb0, 0xa0, 0x02, 0x20, 0x00, 0x00, 0x00, 0x00, 0x28, 0x02, 0x04, 0x05, 0x78, 0x04, 0x02, 0x08, 0x0a, 0x61, 0x25, 0xe5, 0xb2, 0x00, 0x13, 0x15, 0x66, 0x03, 0x03, 0x0a, 0x00, } func TestPackOptions(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_options))) p := MakeTestSimple() p.DataOff = 10 p.Options = append(p.Options, tcp.Option{ Type: tcp.MSS, Len: 4, Data: []byte{0x05, 0x78}, }, ) p.Options = append(p.Options, tcp.Option{ Type: tcp.SAckOk, Len: 2, }, ) p.Options = append(p.Options, tcp.Option{ Type: tcp.Timestamp, Len: 10, Data: []byte{0x61, 0x25, 0xE5, 0xB2, 0x00, 0x13, 0x15, 0x66}, }, ) p.Options = append(p.Options, tcp.Option{ Type: tcp.WindowScale, Len: 3, Data: []byte{0x0A}, }, ) p.Options = append(p.Options, tcp.Option{ Type: tcp.End, }, ) err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_options, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func TestUnpackOptions(t *testing.T) { var p tcp.Packet var b packet.Buffer b.Init(test_options) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if len(p.Options) != 4 { t.Fatalf("Options number mismatch: %d", len(p.Options)) } if p.Options[0].Type != tcp.MSS { t.Fatalf("Option MSS mismatch: %x", p.Options[0].Data) } if p.Options[1].Type != tcp.SAckOk { t.Fatalf("Option SAckOk mismatch: %x", p.Options[1].Data) } if p.Options[2].Type != tcp.Timestamp { t.Fatalf("Option Timestamp mismatch: %x", p.Options[2].Data) } if p.Options[3].Type != tcp.WindowScale { t.Fatalf("Option WindowScale mismatch: %x", p.Options[3].Data) } } ================================================ FILE: packet/udp/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for UDP packets. package udp import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" type Packet struct { SrcPort uint16 `string:"sport"` DstPort uint16 `string:"dport"` Length uint16 `string:"len"` Checksum uint16 `string:"sum"` csum_seed uint32 `cmp:"skip" string:"skip"` pkt_payload packet.Packet `cmp:"skip" string:"skip"` } func Make() *Packet { return &Packet{ Length: 8, } } func (p *Packet) GetType() packet.Type { return packet.UDP } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 8 } return 8 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil || other.GetType() != packet.TCP { return false } if p.SrcPort != other.(*Packet).DstPort || p.DstPort != other.(*Packet).SrcPort { return false } return true } func (p *Packet) Pack(buf *packet.Buffer) error { buf.WriteN(p.SrcPort) buf.WriteN(p.DstPort) buf.WriteN(p.Length) if p.csum_seed != 0 { p.Checksum = ipv4.CalculateChecksum(buf.LayerBytes(), p.csum_seed) } buf.WriteN(p.Checksum) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { buf.ReadN(&p.SrcPort) buf.ReadN(&p.DstPort) buf.ReadN(&p.Length) buf.ReadN(&p.Checksum) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return packet.Raw } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Length = p.GetLength() return nil } func (p *Packet) InitChecksum(csum uint32) { p.csum_seed = csum } func (p *Packet) String() string { return packet.Stringify(p) } ================================================ FILE: packet/udp/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package udp_test import "bytes" import "net" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/ipv4" import "github.com/ghedo/go.pkt/packet/udp" var test_simple = []byte{ 0xcb, 0xa6, 0x00, 0x50, 0x00, 0x12, 0x00, 0x00, } func MakeTestSimple() *udp.Packet { return &udp.Packet{ SrcPort: 52134, DstPort: 80, Length: 18, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p udp.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p udp.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } var test_with_ipv4 = []byte{ 0xcb, 0xa6, 0x00, 0x50, 0x00, 0x12, 0x61, 0x9e, } var ipsrc_str = "192.168.1.135" var ipdst_str = "8.8.8.8" func TestPackWithIPv4(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_with_ipv4))) ip4 := ipv4.Make() ip4.SrcAddr = net.ParseIP(ipsrc_str) ip4.DstAddr = net.ParseIP(ipdst_str) udp := &udp.Packet{ SrcPort: 52134, DstPort: 80, Length: 18, } ip4.SetPayload(udp) err := udp.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_with_ipv4, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func TestUnpackWithIPv4(t *testing.T) { var p udp.Packet cmp := MakeTestSimple() cmp.Checksum = 0x619e var b packet.Buffer b.Init(test_with_ipv4) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } ================================================ FILE: packet/vlan/pkt.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides encoding and decoding for VLAN packets. package vlan import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" type Packet struct { Priority uint8 `string:"prio"` DropEligible bool `string:"drop"` VLAN uint16 Type eth.EtherType pkt_payload packet.Packet `cmp:"skip" string:"skip"` } func Make() *Packet { return &Packet{ } } func (p *Packet) GetType() packet.Type { return packet.VLAN } func (p *Packet) GetLength() uint16 { if p.pkt_payload != nil { return p.pkt_payload.GetLength() + 4 } return 4 } func (p *Packet) Equals(other packet.Packet) bool { return packet.Compare(p, other) } func (p *Packet) Answers(other packet.Packet) bool { if other == nil { return false } if other.GetType() == packet.VLAN && p.VLAN != other.(*Packet).VLAN { return false } if p.Payload() != nil { return p.Payload().Answers(other.Payload()) } return true } func (p *Packet) Pack(buf *packet.Buffer) error { tci := uint16(p.Priority) << 13 | p.VLAN if p.DropEligible { tci |= 0x10 } buf.WriteN(tci) buf.WriteN(p.Type) return nil } func (p *Packet) Unpack(buf *packet.Buffer) error { var tci uint16 buf.ReadN(&tci) p.Priority = (uint8(tci >> 8) & 0xE0) >> 5 p.DropEligible = uint8(tci) & 0x10 != 0 p.VLAN = tci & 0x0FFF buf.ReadN(&p.Type) return nil } func (p *Packet) Payload() packet.Packet { return p.pkt_payload } func (p *Packet) GuessPayloadType() packet.Type { return eth.EtherTypeToType(p.Type) } func (p *Packet) SetPayload(pl packet.Packet) error { p.pkt_payload = pl p.Type = eth.TypeToEtherType(pl.GetType()) return nil } func (p *Packet) InitChecksum(csum uint32) { } func (p *Packet) String() string { return packet.Stringify(p) } ================================================ FILE: packet/vlan/pkt_test.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package vlan_test import "bytes" import "testing" import "github.com/ghedo/go.pkt/packet" import "github.com/ghedo/go.pkt/packet/eth" import "github.com/ghedo/go.pkt/packet/vlan" var test_simple = []byte{ 0x64, 0x00, 0x08, 0x00, } func MakeTestSimple() *vlan.Packet { return &vlan.Packet{ Priority: 3, VLAN: 1024, Type: eth.IPv4, } } func TestPack(t *testing.T) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() err := p.Pack(&b) if err != nil { t.Fatalf("Error packing: %s", err) } if !bytes.Equal(test_simple, b.Buffer()) { t.Fatalf("Raw packet mismatch: %x", b.Buffer()) } } func BenchmarkPack(bn *testing.B) { var b packet.Buffer b.Init(make([]byte, len(test_simple))) p := MakeTestSimple() for n := 0; n < bn.N; n++ { p.Pack(&b) } } func TestUnpack(t *testing.T) { var p vlan.Packet cmp := MakeTestSimple() var b packet.Buffer b.Init(test_simple) err := p.Unpack(&b) if err != nil { t.Fatalf("Error unpacking: %s", err) } if !p.Equals(cmp) { t.Fatalf("Packet mismatch:\n%s\n%s", &p, cmp) } } func BenchmarkUnpack(bn *testing.B) { var p vlan.Packet var b packet.Buffer for n := 0; n < bn.N; n++ { b.Init(test_simple) p.Unpack(&b) } } ================================================ FILE: routing/routing.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Provides network routing information about the system. It can either return // all available routes or select a specific route depending on a destination // address. package routing import "fmt" import "net" import "sort" import "strings" type Route struct { Default bool SrcNet *net.IPNet DstNet *net.IPNet Gateway net.IP Iface *net.Interface } type route_slice []*Route func (r route_slice) Len() int { return len(r) } func (r route_slice) Swap(i, j int) { r[i], r[j] = r[j], r[i] } func (r route_slice) Less(i, j int) bool { a := r[i] b := r[j] if a.Default { return true } if b.Default { return false } a_len, _ := a.DstNet.Mask.Size() b_len, _ := b.DstNet.Mask.Size() if a_len < b_len { return false } return true } // Return the route that matches the given destination address. func RouteTo(dst net.IP) (*Route, error) { var def *Route routes, err := Routes() if err != nil { return nil, fmt.Errorf("Could not get routes: %s", err) } sort.Sort(route_slice(routes)) for _, r := range routes { if r.Default && r.Iface != nil && r.Iface.Flags & net.FlagLoopback == 0 { def = r continue } if r.DstNet != nil && r.DstNet.Contains(dst) { return r, nil } } return def, nil } // Return the default IPv4 address of a network interface. func (r *Route) GetIfaceIPv4Addr() (net.IP, error) { iface := r.Iface addrs, err := iface.Addrs(); if err != nil { return nil, err } for _, a := range addrs { if ipnet, ok := a.(*net.IPNet); ok { if ip4 := ipnet.IP.To4(); ip4 != nil { return ip4, nil } } } return nil, fmt.Errorf("No address found") } // Return the default IPv6 address of a network interface. func (r *Route) GetIfaceIPv6Addr() (net.IP, error) { iface := r.Iface addrs, err := iface.Addrs(); if err != nil { return nil, err } for _, a := range addrs { if ipnet, ok := a.(*net.IPNet); ok { if ip6 := ipnet.IP.To16(); ip6 != nil { return ip6, nil } } } return nil, fmt.Errorf("No address found") } func (r *Route) String() string { var parts []string if r.Default { parts = append(parts, "default") } else if r.DstNet != nil { parts = append(parts, r.DstNet.String()) } if r.SrcNet != nil { src := fmt.Sprintf("from %s", r.DstNet.String()) parts = append(parts, src) } if r.Gateway != nil { gateway := fmt.Sprintf("via %s", r.Gateway.String()) parts = append(parts, gateway) } if r.Iface != nil { iface := fmt.Sprintf("dev %s", r.Iface.Name) parts = append(parts, iface) } return strings.Join(parts, " ") } ================================================ FILE: routing/routing_linux.go ================================================ /* * Network packet analysis framework. * * Copyright (c) 2014, Alessandro Ghedini * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package routing import "fmt" import "net" import "syscall" import "unsafe" type rtmsg struct { family uint8 dst_len uint8 src_len uint8 tos uint8 table uint8 proto uint8 scope uint8 rtype uint8 flags uint32 } // List all available routes on the system. func Routes() ([]*Route, error) { var routes []*Route rib, err := syscall.NetlinkRIB(syscall.RTM_GETROUTE, syscall.AF_UNSPEC) if err != nil { return nil, fmt.Errorf("Could not retrieve RIB: %s", err) } msgs, err := syscall.ParseNetlinkMessage(rib) if err != nil { return nil, fmt.Errorf("Could not parse messages: %s", err) } for _, m := range msgs { if m.Header.Type == syscall.NLMSG_DONE { break } if m.Header.Type != syscall.RTM_NEWROUTE { continue } route := &Route{ Default: true } rtmsg := (*rtmsg)(unsafe.Pointer(&m.Data[0])) attrs, err := syscall.ParseNetlinkRouteAttr(&m) if err != nil { return nil, fmt.Errorf("Could not parse attr: %s", err) } for _, a := range attrs { switch a.Attr.Type { case syscall.RTA_SRC: route.SrcNet = &net.IPNet{ IP: net.IP(a.Value), Mask: net.CIDRMask( int(rtmsg.src_len), len(a.Value) * 8, ), } case syscall.RTA_DST: route.DstNet = &net.IPNet{ IP: net.IP(a.Value), Mask: net.CIDRMask( int(rtmsg.dst_len), len(a.Value) * 8, ), } route.Default = false case syscall.RTA_GATEWAY: route.Gateway = net.IP(a.Value) case syscall.RTA_OIF: oif := *(*uint32)(unsafe.Pointer(&a.Value[0])) iface, err := net.InterfaceByIndex(int(oif)) if err != nil { } route.Iface = iface case syscall.RTA_PRIORITY: } } routes = append(routes, route) } return routes, nil }