Hi,
package main
import (
"fmt"
"time"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
"reflect"
"net"
"log"
)
//var started_at time.Time
//var rest_root_requests int64 = 0
func main() {
fmt.Println("live test")
defender_loop()
}
var (
device string = "eth0"
snapshot_len int32 = 1024
promiscuous bool = false
err error
timeout time.Duration = 5
handle *pcap.Handle
// Will reuse these for each packet
ethLayer layers.Ethernet
ipLayer layers.IPv4
tcpLayer layers.TCP
)
func defender_loop() {
//var dstIPstr string = "127.0.0.1"
//
//if handle, err := pcap.OpenOffline("test.pcap"); err != nil {
// //panic()
// fmt.Print("kjhk")
//}
if handle, err := pcap.OpenLive("eth0", 1600, false, 5); err != nil {
panic(err)
fmt.Println(err);
} else {
fmt.Print(handle)
var filter string = "tcp and port 80"
err = handle.SetBPFFilter(filter)
if err != nil {
log.Fatal(err)
}
fmt.Println("Only capturing TCP port 22 packets.")
packetSource := gopacket.NewPacketSource(handle,
handle.LinkType())
for packet := range packetSource.Packets() {
//handlePacket(packet) // Do something with a packet here.
parser := gopacket.NewDecodingLayerParser(
layers.LayerTypeEthernet,
ðLayer,
&ipLayer,
&tcpLayer,
)
foundLayerTypes := []gopacket.LayerType{}
err := parser.DecodeLayers(packet.Data(), &foundLayerTypes)
if err != nil {
//fmt.Println("Trouble decoding layers: ", err)
continue
}
//fmt.Printf("Founder Layer---->%+v\n", foundLayerTypes)
for _, layerType := range foundLayerTypes {
//fmt.Println();
//fmt.Printf("ipLayer-->%+v\n", ipLayer)
//fmt.Println();
if(ipLayer.SrcIP.String() =="192.168.1.3") {
//ipLayer.SrcIP=ipLayer.DstIP;
//ipLayer.DstIP=ipLayer.SrcIP;
//if(tcpLayer.SrcPort==61585) {
fmt.Println("Inside IP");
if(tcpLayer.RST==false){
//fmt.Println("Before Update");
fmt.Printf("%+v\n", tcpLayer)
//fmt.Println();
tcpLayer.RST=true;
tcpLayer.Ack=0;
tcpLayer.ACK=false;
//fmt.Println("After Update");
}
//fmt.Printf("%+v\n", tcpLayer)
}
if layerType == layers.LayerTypeIPv4 {
//fmt.Println("IPv4: ",
ipLayer.SrcIP, "->", ipLayer.DstIP)
// fmt.Printf("ipLayer-->%+v\n", ipLayer)
}
payload := gopacket.Payload([]byte("testing"))
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{
// FixLengths: true,
ComputeChecksums: true,
}
tcpLayer.SetNetworkLayerForChecksum(&ipLayer)
err := gopacket.SerializeLayers(buf, opts,
&ipLayer,
&tcpLayer,
payload)
if err != nil {
panic(err)
}
packetData := buf.Bytes()
ipConn, err := net.ListenPacket("ip4:tcp",
"0.0.0.0")
if err != nil {
panic(err)
}
dstIPaddr := net.IPAddr{
IP: ipLayer.SrcIP,
}
_, err = ipConn.WriteTo(packetData, &dstIPaddr)
if err != nil {
panic(err)
}
fmt.Printf("%+v\n", tcpLayer.RST)
fmt.Print("packet sent!\n")
}
}
}
}
above code i am trying to reset the tcp connection which coming from
192.168.1.3 address, now its not working its not resetting the
connection , anythink wrong in the source code
On Fri, Apr 13, 2018 at 11:47 PM, Juliusz Chroboczek <[email protected]> wrote:
> > i need to reset the tcp connection manually , if one request come from
> > ipLayer.SrcIP
> > = 10.2.3.1 then i need to sent the reset connection packet
>
> I could be wrong, but I don't think the sockets API makes this
> possible -- RST segments are normally only sent by the kernel upon
> receiving a segment that doesn't match the current state of the
> connection.
>
> Since Go uses the kernel sockets support, there's probably nothing that
> can be done about this with Go.
>
> You'll need to work at a lower layer:
>
> - the firewall code is normally able to send RST segments; under
> Linux, you can achieve that with
>
> iptables ... -p tcp ... -j REJECT --reject-with tcp-reset
>
> - you could probably use raw sockets to inject RST segments, but that
> would require building your own TCP header and running your program
> as root. It's probably easier to interface with the firewall.
>
> As Jesper said, it would be helfpul if you told us what you're trying to
> achieve.
>
> -- Juliusz
>
> --
> You received this message because you are subscribed to the Google Groups
> "golang-nuts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
