golibwireshark

package module
Version: v0.0.0-...-ad7b8e2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 24, 2017 License: MIT Imports: 3 Imported by: 0

README

golibwireshark

GoDoc

Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

This package can only be used in OS linux with CPU x86_64. If you want to use it on other CPU structure, you need compile library in libs folder from source code.

Dependencies
  • libwireshark library (version 1.12.8)

  • libglib2.0

Install
  • ubuntu
apt-get install libglib2.0-dev
go get github.com/sunwxg/golibwireshark

cd $GOPATH/src/github.com/sunwxg/golibwireshark
cat libs/libwireshark.{00,01,02,03} > libs/libwireshark.so
chmod 775 libs/libwireshark.so

go build
go test
Examples
file := "1.pcap"
outfile := "o.pcap"
key := "ip.addr"

err := golibwireshark.Init(file, outfile)
if err != nil {
	fmt.Printf("open file failed\n")
	return
}
defer golibwireshark.Clean()

var p golibwireshark.Packet

for {
	p.GetPacket()
	if p.Edt == nil {
		break
	}

	if _, ok := p.IsKey(key); ok {
		p.WriteToFile()
	}

	p.FreePacket()
}

Documentation

Overview

Package golibwireshark use libwireshark library to decode pcap file and analyse dissection data.

Example
package main

import (
	"fmt"

	"github.com/sunwxg/golibwireshark"
)

func main() {
	file := "1.pcap"
	outfile := "o.pcap"
	key := "ip.addr"

	err := golibwireshark.Init(file, outfile)
	if err != nil {
		fmt.Printf("open file failed\n")
		return
	}
	defer golibwireshark.Clean()

	var p golibwireshark.Packet

	for {
		p.GetPacket()
		if p.Edt == nil {
			break
		}

		if _, ok := p.IsKey(key); ok {
			p.WriteToFile()
		}

		p.FreePacket()
	}
}
Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Clean

func Clean()

Clean to end the dissection.

func CloseInputFile

func CloseInputFile()

CloseInputFile close input file. Using ReOpenInputFile to open a new input file.

func CloseOutputFile

func CloseOutputFile()

CloseOutputFile close output file. Using ReOpenOutputFile to open a new output file.

func Init

func Init(inputfile, outputfile string) error

Init initializing the dissection. If opening inputfile or savefile fail, return err. After dissection finish, should use Clean() to end the dissection.

func ReOpenInputFile

func ReOpenInputFile(filename string) error

ReOpenInputFile open a new input file after CloseInputFile. If open file failed, return error.

func ReOpenOutputFile

func ReOpenOutputFile(filename string) error

ReOpenOutputFile open a new output file after CloseOutputFile. if open file failed, return error.

Types

type Packet

type Packet struct {
	Edt   *C.struct_epan_dissect //packet data index after dissected
	Field *C.struct__proto_node  //packet field index
}

Packet data index after dissection

func (*Packet) FreePacket

func (p *Packet) FreePacket()

FreePacket to release packet memory

func (*Packet) GetField

func (p *Packet) GetField(key string) bool

GetField get field index by key. If key exists, return true, Field item equal index, otherwise return false and Field item equal nil.

func (*Packet) GetPacket

func (p *Packet) GetPacket()

GetPacket get one packet data index which has been dissected. If no more packet to be dissected, Edt return nil. After analysing packet data, should use FreePacket() to free packet data.

func (Packet) IsKey

func (p Packet) IsKey(key string) (values []string, ok bool)

IsKey find a key in packet dissection data. If key exists, ok=ture, value is key value, otherwise ok=false.

func (Packet) String

func (p Packet) String() string

String do human readable printout. If Field equal nil, print out the packet. If Field doesn't equal nil, print out the Field.

func (*Packet) WriteToFile

func (p *Packet) WriteToFile() error

WriteToFile write a packet to file. If Output file are not initialized, return error.

Directories

Path Synopsis
example

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL