afpacket does not get GRE tunneled packets?
154 views
Skip to first unread message
Chun Zhang
Oct 17, 2017, 6:31:21 PM10/17/17
to golang-nuts
Hi, friends,
I am trying to create a very simple network sniffer. Initially I implemented it with libpcap, but I got not only performance issue, but also timing issue. Now I am trying to replace libpcap with afpacket. However, I am not able to get any packet from the GRE tunneled terminated at the listening NIC.
I know I have quite a few packets terminated at this NIC. If using pcap as below, then I see all those packets, decoded up to the GRE layer, and its payload.
But switching to afpacket, I can only get non-GRE packet, such as IGMP, ICMP, etc. (These packets are also seen in the above pcap version). I can see normal TCP packets as well, but no GRE packets, they are not even read from wire as far as I can see, since there is no decoding error at all.
So, my dear gophers, what have I done wrong? Any help is appreciated. I have googled quite a bit, but does not really get any useful answer.
Do I need to somehow magically enable the promiscuous mode? I don't see an option in afpacket.
Here is my code snippet
//pcap version
handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout)
if err == nil {
Info.Println("Open interface ", device, "successfully")
}
defer handle.Close()
//afpacket version
handle, err := afpacket.NewTPacket(afpacket.OptInterface(device))
if err != nil {
Error.Printf("Error opening afpacket interface: %s", err)
}
defer handle.Close()//create a source and listen to itpacketSource := gopacket.NewPacketSource(handle, layers.LinkTypeEthernet)for {packet, err := packetSource.NextPacket()
// Iterate over all layers, printing out each layer type
for _, layer := range packet.Layers() {
fmt.Println("PACKET LAYER:", layer.LayerType())
}Here is my code snippet,
Chun Zhang
Oct 18, 2017, 11:46:49 AM10/18/17
to golang-nuts
I just figured this out. I need to manually set the NIC to promiscuous mode.
Now the question is, is there a way to set the NIC to promiscuous mode in code, like in pcap.openlive?? I don't see that option with AF_packet.
Thanks,
Chun
Juliusz Chroboczek
Oct 18, 2017, 4:04:47 PM10/18/17
to golan...@googlegroups.com
This is not Go-specific, I hope I'm not breaking some unwritten rule by
replying.
> I just figured this out. I need to manually set the NIC to promiscuous
> mode.
> Now the question is, is there a way to set the NIC to promiscuous mode
> in code, like in pcap.openlive?
You want to call sysctl(SIOCGIFFLAGS), set the IFF_PROMISC flag in
ifr.ifr_flags, and pass the results back to sysctl(SIOCSIFFLAGS).
I guess one could also use rtnetlink, if one were so inclined.
If I were you, I'd cheat:
ifname := "eth0"
cmd := exec.Command("ip", "link", "set", "dev", ifname, "promisc", "on")
err := cmd.Run()
-- Juliusz
replying.
> I just figured this out. I need to manually set the NIC to promiscuous
> mode.
> Now the question is, is there a way to set the NIC to promiscuous mode
> in code, like in pcap.openlive?
ifr.ifr_flags, and pass the results back to sysctl(SIOCSIFFLAGS).
I guess one could also use rtnetlink, if one were so inclined.
If I were you, I'd cheat:
ifname := "eth0"
cmd := exec.Command("ip", "link", "set", "dev", ifname, "promisc", "on")
err := cmd.Run()
-- Juliusz
Reply all
Reply to author
Forward
0 new messages