search

google / gopacket

Provides packet processing capabilities for Go
BSD 3-Clause "New" or "Revised" License
6.3k stars 1.13k forks source link

"flag redefined: assembly_memuse_log" when using both `reassembly` and `tcpassembly` #605

Open mastern2k3 opened 5 years ago

mastern2k3 commented 5 years ago

Using both packages:

"github.com/google/gopacket/reassembly"
"github.com/google/gopacket/tcpassembly"

Results in a crash upon initialization:

panic: .../debug flag redefined: assembly_memuse_log
goroutine 1 [running]:
flag.(*FlagSet).Var(0xc000094180, 0xaecae0, 0xc000026339, 0xa48516, 0x13, 0xa5c920, 0x80)
    /usr/local/go/src/flag/flag.go:805 +0x6e3
flag.(*FlagSet).BoolVar(0xc000094180, 0xc000026339, 0xa48516, 0x13, 0xaeb600, 0xa5c920, 0x80)
    /usr/local/go/src/flag/flag.go:578 +0x8c
flag.(*FlagSet).Bool(0xc000094180, 0xa48516, 0x13, 0xc00006a400, 0xa5c920, 0x80, 0x0)
    /usr/local/go/src/flag/flag.go:591 +0x8b
flag.Bool(0xa48516, 0x13, 0xa4ff00, 0xa5c920, 0x80, 0x0)
    /usr/local/go/src/flag/flag.go:598 +0x67
gconnell commented 5 years ago

Yep :)

'reassembly' is meant to act as a full replacement of 'tcpassembly', so the expectation was that they'd never be used together. May I ask what you're attempting to do that requires both packages to be used?

mastern2k3 commented 5 years ago

'reassembly' is meant to act as a full replacement of 'tcpassembly'

Oh! that's hard to hear, I just refactored our implementation to use tcpassembly instead of reassembly. My implementation is supposed to digest pcap files in order to find tcp communication streams. Initially I used the assembler from reassembly, but, using it for http streams for example, resulted in concatenated messages. e.g, instead of (in order):

A -> B HTTP Request 1
B -> A HTTP Response 1
A -> B HTTP Request 2
B -> A HTTP Response 2

I got:

A -> B HTTP Request 1 + 2
B -> A HTTP Response 1 + 2

Thad lead me to believe that reassembly wasn't meant for the intricacies of TCP assembly. After refactoring the assembly implementation to use tcpassembly I got the desired output (even though I missed the option of assembling with a context, which is a very helpful addition, thanks!).

If this is not the intended output I would like to go into the subject further.

May I ask what you're attempting to do that requires both packages to be used?

The refactor mentioned above was created specifically for TCP packets, since we also digest UDP. So when the logic detects a UDP packet my intention was that it will still use the reassembly assembler. working alongside the tcpassembly one.

mastern2k3 commented 5 years ago

Hey @gconnell, do you have an idea for why this concatenation happens? e.g.:

A -> B HTTP Request 1 + 2
B -> A HTTP Response 1 + 2

instead of:

A -> B HTTP Request 1
B -> A HTTP Response 1
A -> B HTTP Request 2
B -> A HTTP Response 2