Apabila saya mendapat fail pcap daripada klien s3, saya perlu menjana sumber paket gopacket untuk membaca paket di dalamnya. Tetapi saya hanya menemui fungsi openofflinefile dalam dokumentasi gopacket, bagaimana saya boleh menjana sumber paket dengan []byte (baca daripada fail s3).
Saya telah membaca kod sumber fungsi openofflinefile dalam gopacket, tetapi saya masih keliru kerana saya tidak biasa dengan uintptr, bolehkah saya terus menjana unitptr dengan []byte dan kemudian menggunakannya untuk menjana sumber paket?
func openOffline(file string) (handle *Handle, err error) {
err = LoadWinPCAP()
if err != nil {
return nil, err
}
buf := make([]byte, errorBufferSize)
f, err := syscall.BytePtrFromString(file)
if err != nil {
return nil, err
}
var cptr uintptr
if pcapOpenOfflineWithTstampPrecisionPtr == 0 {
cptr, _, _ = syscall.Syscall(pcapOpenOfflinePtr, 2, uintptr(unsafe.Pointer(f)), uintptr(unsafe.Pointer(&buf[0])), 0)
} else {
cptr, _, _ = syscall.Syscall(pcapOpenOfflineWithTstampPrecisionPtr, 3, uintptr(unsafe.Pointer(f)), uintptr(pcapTstampPrecisionNano), uintptr(unsafe.Pointer(&buf[0])))
}
if cptr == 0 {
return nil, errors.New(byteSliceToString(buf))
}
h := &Handle{cptr: pcapTPtr(cptr)}
return h, nil
}
github.com/google/gopacket/pcapgoJika pakej github.com/google/gopacket/pcapgo menyokong format fail ini, pertimbangkan untuk menggunakannya kerana ia mudah:
package main
import (
"bytes"
"io"
"log"
"os"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcapgo"
)
func main() {
f, err := os.open("test.pcap")
if err != nil {
panic(err)
}
// as described in the question, buf is read from s3 file. in order to
// make this demo simple and executable, we read it from a local file.
buf, err := io.readall(f)
if err != nil {
panic(err)
}
// convert []byte into a reader. the s3 client should give us a reader
// that we can use directly in the place of the filereader. try the best
// to avoid reading the response as []byte and then convert it into a reader.
filereader := bytes.newreader(buf)
r, err := pcapgo.newreader(filereader)
if err != nil {
panic(err)
}
source := gopacket.newpacketsource(r, layers.layertypeethernet)
for packet := range source.packets() {
log.printf("%v", packet)
}
}
os.pipe 与 github.com/google/gopacket/pcap bersamaJika github.com/google/gopacket/pcapgo 不支持该文件格式,而我们必须使用 github.com/google/gopacket/pcap,解决方法是创建一个管道,并将 r 文件传递给pcap.openofflinefile format fail tidak disokong dan kami perlu menggunakan github.com/google/gopacket/pcap, penyelesaiannya ialah dengan membuat paip dan menghantar fail r Ke pcap.openofflinefile:
package main
import (
"bytes"
"io"
"log"
"os"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/google/gopacket/pcap"
)
func main() {
f, err := os.Open("test.pcap")
if err != nil {
panic(err)
}
// As described in the question, buf is read from S3 file. In order to
// make this demo simple and executable, we read it from a local file.
buf, err := io.ReadAll(f)
if err != nil {
panic(err)
}
r, w, err := os.Pipe()
if err != nil {
panic(err)
}
go func() {
// Convert []byte into a reader. The S3 client should give us a reader
// that we can use directly in the place of the fileReader. Try the best
// to avoid reading the response as []byte and then convert it into a reader.
fileReader := bytes.NewReader(buf)
_, err := io.Copy(w, fileReader)
defer w.Close()
if err != nil {
panic(err)
}
}()
handle, err := pcap.OpenOfflineFile(r)
if err != nil {
panic(err)
}
source := gopacket.NewPacketSource(handle, layers.LayerTypeEthernet)
for packet := range source.Packets() {
log.Printf("%v", packet)
}
}
Nota:
github.com/google/gopacket/pcap 是 libpcap(或 windows 上的 winpcap 或 npcap)的包装器。这就是为什么使用 []byte 或 io.reader Ia agak rumit. Atas ialah kandungan terperinci Cipta packetSource gopacket menggunakan fail s3. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!
![[Web front-end] Permulaan pantas Node.js](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
