• goreplay~tcpdump


    goreplay几种engine的区别

    capture.go中的引擎类型

    func (eng *EngineType) Set(v string) error {
        switch v {
        case "", "libpcap":
            *eng = EnginePcap
        case "pcap_file":
            *eng = EnginePcapFile
        case "raw_socket":
            *eng = EngineRawSocket
        case "af_packet":
            *eng = EngineAFPacket
        default:
            return fmt.Errorf("invalid engine %s", v)
        }
        return nil
    }

    引擎处理 pcap

    func (l *Listener) activatePcap() error {
        var e error
        var msg string
        for _, ifi := range l.Interfaces {
            var handle *pcap.Handle
            handle, e = l.PcapHandle(ifi)
            if e != nil {
                msg += ("
    " + e.Error())
                continue
            }
            l.Handles[ifi.Name] = packetHandle{
                handler: handle,
                ips:     interfaceIPs(ifi),
            }
        }
        if len(l.Handles) == 0 {
            return fmt.Errorf("pcap handles error:%s", msg)
        }
        return nil
    }

    不同的handler

    func (l *Listener) PcapHandle(ifi pcap.Interface) (handle *pcap.Handle, err error) {
        var inactive *pcap.InactiveHandle
        inactive, err = pcap.NewInactiveHandle(ifi.Name)
        if err != nil {
            return nil, fmt.Errorf("inactive handle error: %q, interface: %q", err, ifi.Name)
        }
        defer inactive.CleanUp()
    
        if l.TimestampType != "" && l.TimestampType != "go" {
            var ts pcap.TimestampSource
            ts, err = pcap.TimestampSourceFromString(l.TimestampType)
            fmt.Println("Setting custom Timestamp Source. Supported values: `go`, ", inactive.SupportedTimestamps())
            err = inactive.SetTimestampSource(ts)
            if err != nil {
                return nil, fmt.Errorf("%q: supported timestamps: %q, interface: %q", err, inactive.SupportedTimestamps(), ifi.Name)
            }
        }
        if l.Promiscuous {
            if err = inactive.SetPromisc(l.Promiscuous); err != nil {
                return nil, fmt.Errorf("promiscuous mode error: %q, interface: %q", err, ifi.Name)
            }
        }
        if l.Monitor {
            if err = inactive.SetRFMon(l.Monitor); err != nil && !errors.Is(err, pcap.CannotSetRFMon) {
                return nil, fmt.Errorf("monitor mode error: %q, interface: %q", err, ifi.Name)
            }
        }
    
        var snap int
    
        if !l.Snaplen {
            infs, _ := net.Interfaces()
            for _, i := range infs {
                if i.Name == ifi.Name {
                    snap = i.MTU + 200
                }
            }
        }
    
        if snap == 0 {
            snap = 64<<10 + 200
        }
    
        err = inactive.SetSnapLen(snap)
        if err != nil {
            return nil, fmt.Errorf("snapshot length error: %q, interface: %q", err, ifi.Name)
        }
        if l.BufferSize > 0 {
            err = inactive.SetBufferSize(int(l.BufferSize))
            if err != nil {
                return nil, fmt.Errorf("handle buffer size error: %q, interface: %q", err, ifi.Name)
            }
        }
        if l.BufferTimeout == 0 {
            l.BufferTimeout = 2000 * time.Millisecond
        }
        err = inactive.SetTimeout(l.BufferTimeout)
        if err != nil {
            return nil, fmt.Errorf("handle buffer timeout error: %q, interface: %q", err, ifi.Name)
        }
        handle, err = inactive.Activate()
        if err != nil {
            return nil, fmt.Errorf("PCAP Activate device error: %q, interface: %q", err, ifi.Name)
        }
    
        bpfFilter := l.BPFFilter
        if bpfFilter == "" {
            bpfFilter = l.Filter(ifi)
        }
        fmt.Println("Interface:", ifi.Name, ". BPF Filter:", bpfFilter)
        err = handle.SetBPFFilter(bpfFilter)
        if err != nil {
            handle.Close()
            return nil, fmt.Errorf("BPF filter error: %q%s, interface: %q", err, bpfFilter, ifi.Name)
        }
        return
    }

     表现 --input-raw-engine raw_socket 

     --input-raw-engine libpcap

     --input-raw-engine af_packet 

     tcpdump监听

    tcpdump tcp -i eth0 -t -s 0 -c 100 and dst port 8080 and (dst host 172.29.246.151 or dst host fe80::216:3eff:fe00:7e1)

    三次请求结果

  • 相关阅读:
    Mimblewimble:新型的隐私保护协议
    权益证明生态系统
    理解去中心化身份
    TPS 是一种糟糕的评价标准
    以太坊 2.0 :双生以太奇谭
    以太坊 2.0:信标链
    以太坊 2.0:验证者详解
    论共识机制
    以太坊钱包开发系列
    将不确定变成确定~LINQ DBML模型可以对应多个数据库吗
  • 原文地址:https://www.cnblogs.com/it-worker365/p/15121088.html
Copyright © 2020-2023  润新知