Re: [go-nuts] Re: Tcp connection reset

2018-04-17 Thread Binu Paul 
Hi,



package main

import (
   "fmt"
   "time"
   "github.com/google/gopacket"
   "github.com/google/gopacket/layers"
   "github.com/google/gopacket/pcap"
   "reflect"
   "net"
   "log"
)

//var started_at time.Time
//var rest_root_requests int64 = 0


func main() {
   fmt.Println("live test")

   defender_loop()
}



var (
   device   string = "eth0"
   snapshot_len int32  = 1024
   promiscuous  bool   = false
   err  error
   timeout  time.Duration = 5
   handle   *pcap.Handle
   // Will reuse these for each packet
   ethLayer layers.Ethernet
   ipLayer  layers.IPv4
   tcpLayer layers.TCP
)


func defender_loop() {

   //var dstIPstr string = "127.0.0.1"
   //
   //if handle, err := pcap.OpenOffline("test.pcap"); err != nil {
   // //panic()
   // fmt.Print("kjhk")
   //}


   if handle, err := pcap.OpenLive("eth0", 1600, false, 5); err != nil {
  panic(err)
  fmt.Println(err);
   } else {
fmt.Print(handle)
  var filter string = "tcp and port 80"
  err = handle.SetBPFFilter(filter)
  if err != nil {
 log.Fatal(err)
  }
  fmt.Println("Only capturing TCP port 22 packets.")
  packetSource := gopacket.NewPacketSource(handle,
handle.LinkType())
  for packet := range packetSource.Packets() {
 //handlePacket(packet)  // Do something with a packet here.

 parser := gopacket.NewDecodingLayerParser(
layers.LayerTypeEthernet,
ðLayer,
&ipLayer,
&tcpLayer,
 )
 foundLayerTypes := []gopacket.LayerType{}

 err := parser.DecodeLayers(packet.Data(), &foundLayerTypes)
 if err != nil {
//fmt.Println("Trouble decoding layers: ", err)
continue
 }
 //fmt.Printf("Founder Layer>%+v\n", foundLayerTypes)
 for _, layerType := range foundLayerTypes {

//fmt.Println();
//fmt.Printf("ipLayer-->%+v\n", ipLayer)
//fmt.Println();
if(ipLayer.SrcIP.String() =="192.168.1.3") {
 //ipLayer.SrcIP=ipLayer.DstIP;
   //ipLayer.DstIP=ipLayer.SrcIP;
   //if(tcpLayer.SrcPort==61585) {
fmt.Println("Inside  IP");
   if(tcpLayer.RST==false){
  //fmt.Println("Before Update");
  fmt.Printf("%+v\n", tcpLayer)

  //fmt.Println();
  tcpLayer.RST=true;
  tcpLayer.Ack=0;
tcpLayer.ACK=false;
  //fmt.Println("After Update");

   }
   //fmt.Printf("%+v\n", tcpLayer)
}
if layerType == layers.LayerTypeIPv4 {
   //fmt.Println("IPv4: ",
ipLayer.SrcIP, "->", ipLayer.DstIP)
   // fmt.Printf("ipLayer-->%+v\n", ipLayer)

}


payload := gopacket.Payload([]byte("testing"))
buf := gopacket.NewSerializeBuffer()
opts := gopacket.SerializeOptions{
   //FixLengths:   true,
   ComputeChecksums: true,
}

tcpLayer.SetNetworkLayerForChecksum(&ipLayer)
err := gopacket.SerializeLayers(buf, opts,
   &ipLayer,
   &tcpLayer,
   payload)
if err != nil {
   panic(err)
}
packetData := buf.Bytes()
ipConn, err := net.ListenPacket("ip4:tcp",
"0.0.0.0")
if err != nil {
   panic(err)
}

dstIPaddr := net.IPAddr{
   IP: ipLayer.SrcIP,
}

_, err = ipConn.WriteTo(packetData, &dstIPaddr)
if err != nil {

[go-nuts] Re: Tcp connection reset

2018-04-13 Thread Juliusz Chroboczek 
> i need to reset the tcp connection manually , if one request come from
> ipLayer.SrcIP
> = 10.2.3.1 then i need to sent the reset connection packet

I could be wrong, but I don't think the sockets API makes this
possible -- RST segments are normally only sent by the kernel upon
receiving a segment that doesn't match the current state of the
connection.

Since Go uses the kernel sockets support, there's probably nothing that
can be done about this with Go.

You'll need to work at a lower layer:

  - the firewall code is normally able to send RST segments; under
Linux, you can achieve that with

   iptables ... -p tcp ... -j REJECT --reject-with tcp-reset

  - you could probably use raw sockets to inject RST segments, but that
would require building your own TCP header and running your program
as root.  It's probably easier to interface with the firewall.

As Jesper said, it would be helfpul if you told us what you're trying to
achieve.

-- Juliusz

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.