Hi,
package main import ( "fmt" "time" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "reflect" "net" "log" ) //var started_at time.Time //var rest_root_requests int64 = 0 func main() { fmt.Println("live test") defender_loop() } var ( device string = "eth0" snapshot_len int32 = 1024 promiscuous bool = false err error timeout time.Duration = 5 handle *pcap.Handle // Will reuse these for each packet ethLayer layers.Ethernet ipLayer layers.IPv4 tcpLayer layers.TCP ) func defender_loop() { //var dstIPstr string = "127.0.0.1" // //if handle, err := pcap.OpenOffline("test.pcap"); err != nil { // //panic() // fmt.Print("kjhk") //} if handle, err := pcap.OpenLive("eth0", 1600, false, 5); err != nil { panic(err) fmt.Println(err); } else { fmt.Print(handle) var filter string = "tcp and port 80" err = handle.SetBPFFilter(filter) if err != nil { log.Fatal(err) } fmt.Println("Only capturing TCP port 22 packets.") packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) for packet := range packetSource.Packets() { //handlePacket(packet) // Do something with a packet here. parser := gopacket.NewDecodingLayerParser( layers.LayerTypeEthernet, ðLayer, &ipLayer, &tcpLayer, ) foundLayerTypes := []gopacket.LayerType{} err := parser.DecodeLayers(packet.Data(), &foundLayerTypes) if err != nil { //fmt.Println("Trouble decoding layers: ", err) continue } //fmt.Printf("Founder Layer---->%+v\n", foundLayerTypes) for _, layerType := range foundLayerTypes { //fmt.Println(); //fmt.Printf("ipLayer-->%+v\n", ipLayer) //fmt.Println(); if(ipLayer.SrcIP.String() =="192.168.1.3") { //ipLayer.SrcIP=ipLayer.DstIP; //ipLayer.DstIP=ipLayer.SrcIP; //if(tcpLayer.SrcPort==61585) { fmt.Println("Inside IP"); if(tcpLayer.RST==false){ //fmt.Println("Before Update"); fmt.Printf("%+v\n", tcpLayer) //fmt.Println(); tcpLayer.RST=true; tcpLayer.Ack=0; tcpLayer.ACK=false; //fmt.Println("After Update"); } //fmt.Printf("%+v\n", tcpLayer) } if layerType == layers.LayerTypeIPv4 { //fmt.Println("IPv4: ", ipLayer.SrcIP, "->", ipLayer.DstIP) // fmt.Printf("ipLayer-->%+v\n", ipLayer) } payload := gopacket.Payload([]byte("testing")) buf := gopacket.NewSerializeBuffer() opts := gopacket.SerializeOptions{ // FixLengths: true, ComputeChecksums: true, } tcpLayer.SetNetworkLayerForChecksum(&ipLayer) err := gopacket.SerializeLayers(buf, opts, &ipLayer, &tcpLayer, payload) if err != nil { panic(err) } packetData := buf.Bytes() ipConn, err := net.ListenPacket("ip4:tcp", "0.0.0.0") if err != nil { panic(err) } dstIPaddr := net.IPAddr{ IP: ipLayer.SrcIP, } _, err = ipConn.WriteTo(packetData, &dstIPaddr) if err != nil { panic(err) } fmt.Printf("%+v\n", tcpLayer.RST) fmt.Print("packet sent!\n") } } } } above code i am trying to reset the tcp connection which coming from 192.168.1.3 address, now its not working its not resetting the connection , anythink wrong in the source code On Fri, Apr 13, 2018 at 11:47 PM, Juliusz Chroboczek <j...@irif.fr> wrote: > > i need to reset the tcp connection manually , if one request come from > > ipLayer.SrcIP > > = 10.2.3.1 then i need to sent the reset connection packet > > I could be wrong, but I don't think the sockets API makes this > possible -- RST segments are normally only sent by the kernel upon > receiving a segment that doesn't match the current state of the > connection. > > Since Go uses the kernel sockets support, there's probably nothing that > can be done about this with Go. > > You'll need to work at a lower layer: > > - the firewall code is normally able to send RST segments; under > Linux, you can achieve that with > > iptables ... -p tcp ... -j REJECT --reject-with tcp-reset > > - you could probably use raw sockets to inject RST segments, but that > would require building your own TCP header and running your program > as root. It's probably easier to interface with the firewall. > > As Jesper said, it would be helfpul if you told us what you're trying to > achieve. > > -- Juliusz > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.