github.com/gopacket/gopacket@v1.1.0/examples/pfdump/main.go (about) 1 // Copyright 2012 Google, Inc. All rights reserved. 2 // 3 // Use of this source code is governed by a BSD-style license 4 // that can be found in the LICENSE file in the root of the source 5 // tree. 6 7 // The pfdump binary implements a tcpdump-like command line tool with gopacket 8 // using pfring as a backend data collection mechanism. 9 package main 10 11 import ( 12 "flag" 13 "fmt" 14 "log" 15 "os" 16 "strings" 17 18 "github.com/gopacket/gopacket/dumpcommand" 19 "github.com/gopacket/gopacket/examples/util" 20 "github.com/gopacket/gopacket/pfring" 21 ) 22 23 var iface = flag.String("i", "eth0", "Interface to read packets from") 24 var snaplen = flag.Int("s", 65536, "Snap length (number of bytes max to read per packet") 25 var cluster = flag.Int("cluster", -1, "If >= 0, sets the pfring cluster to this value") 26 var clustertype = flag.Int("clustertype", int(pfring.ClusterPerFlow), "Cluster type") 27 28 func main() { 29 defer util.Run()() 30 var ring *pfring.Ring 31 var err error 32 if ring, err = pfring.NewRing(*iface, uint32(*snaplen), pfring.FlagPromisc); err != nil { 33 log.Fatalln("pfring ring creation error:", err) 34 } 35 if len(flag.Args()) > 0 { 36 bpffilter := strings.Join(flag.Args(), " ") 37 fmt.Fprintf(os.Stderr, "Using BPF filter %q\n", bpffilter) 38 if err = ring.SetBPFFilter(bpffilter); err != nil { 39 log.Fatalln("BPF filter error:", err) 40 } 41 } 42 if *cluster >= 0 { 43 if err = ring.SetCluster(*cluster, pfring.ClusterType(*clustertype)); err != nil { 44 log.Fatalln("pfring SetCluster error:", err) 45 } 46 } 47 if err = ring.SetSocketMode(pfring.ReadOnly); err != nil { 48 log.Fatalln("pfring SetSocketMode error:", err) 49 } else if err = ring.Enable(); err != nil { 50 log.Fatalln("pfring Enable error:", err) 51 } 52 dumpcommand.Run(ring) 53 }