percybolmer
commented
5 years ago Its pretty hard for tcp based protocols, as discussed in other issues as the stream has to be assembled first. (See https://github.com/google/gopacket/blob/master/examples/httpassembly/main.go) Or look at the /reassembly, its the new tcp assembler, and combine that with the regular http package.
Since DecodingLayerParser works packet per packet the way to go would to build a parse to the tcplayer then assemble after. (Not sure if you somehow could make it easier, but I doubt at the moment.
Etc var ethLayer layers.Ethernet var ipLayer layers.IPv4 var tcpLayer layers.TCP PacketSource := gopacket.NewPacketSource(handle, handle.LinkType()) for packet := range packetSource.Packets() { parser := gopacket.NewDecodingLayerParser( layers.LayerTypeEthernet, ðLayer, &ipLayer, &tcpLayer, ) detectedLayerTypes := []gopacket.LayerType{}
err := parser.DecodeLayers(packet.Data(), &detectedLayerTypes)
if err != nil {
log.Println("Decoding went wrong: ", err)
}for _, lt := range detectedLayerTypes { if lt == layers.LayerTypeTCP { // Sent packet to tcp assembler } }
Sorry about format, wrote this on the mobile. Will edit later. Also provided code is not recommended for production since its not tested, more a example of how the logic would be. Also, I might be wrong, so there is that!:)
Is there any examples for using DecodingLayerParser and assemble the payloads to http?