├── .gitignore ├── .travis.yml ├── Dockerfile ├── LICENSE ├── README.md ├── bin └── .gitkeep ├── docker_build.sh ├── docker_run.sh ├── docs └── teecp.png ├── forwarder ├── conf.go ├── forwarder.go ├── payload.go ├── payload_header.go ├── payload_header_test.go ├── raw_listener.go ├── server.go └── stats.go ├── go.mod ├── go.sum ├── include └── .gitkeep ├── lib └── .gitkeep ├── main.go ├── teecp_test.go └── test.sh /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, build with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | .idea 14 | teecp 15 | 16 | # folders 17 | gopath/* 18 | lib/* 19 | include/* 20 | !.gitignore 21 | !.gitkeep 22 | .DS_Store 23 | src/src 24 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: go 2 | 3 | go: 4 | - "1.12" 5 | 6 | services: 7 | - docker 8 | 9 | before_install: 10 | - "wget https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip && unzip WpdPack_4_1_2.zip && cd WpdPack && ls -lah && cp -r Lib/x64/* $TRAVIS_BUILD_DIR/lib/ && cp -r Include/* $TRAVIS_BUILD_DIR/include/ && ls -lah $TRAVIS_BUILD_DIR && cd .. && rm -rf WpdPack*" 11 | - "echo $TRAVIS_BUILD_DIR && pwd && ls -lah && ls -lah $TRAVIS_BUILD_DIR && ls -lah lib && ls -lah include" 12 | - "sudo apt-get install -y libpcap-dev" 13 | 14 | install: go get "github.com/google/gopacket" && go get "github.com/google/gopacket/pcap" && go get "github.com/pkg/errors" 15 | 16 | script: "./docker_build.sh && ./docker_run.sh" 17 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 2 | MAINTAINER Loc Tran 3 | 4 | # Update 5 | RUN apt-get update && \ 6 | apt-get dist-upgrade -y 7 | 8 | RUN apt-get update && \ 9 | apt-get install software-properties-common -y && \ 10 | add-apt-repository ppa:longsleep/golang-backports && \ 11 | apt-get update && \ 12 | apt-get install -y golang-1.12 && \ 13 | apt-get install -y ca-certificates && \ 14 | apt-get install -y gcc-multilib && \ 15 | apt-get install -y gcc-mingw-w64 && \ 16 | apt-get install -y git && \ 17 | apt-get install -y libpcap-dev 18 | 19 | # Config 20 | VOLUME ["/usr/local/src"] 21 | 22 | RUN mkdir -p /usr/local/app 23 | ENV GOPATH=/root 24 | ENV GOBIN=/usr/local/app/forwarder/ 25 | 26 | WORKDIR /usr/local/app/ 27 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # teecp [![Build Status](https://travis-ci.org/RobinUS2/teecp.svg?branch=master)](https://travis-ci.org/RobinUS2/teecp) 2 | TCP tee implementation (Linux, Mac OS X, Windows) - duplicate TCP packets 3 | 4 | ## Purpose 5 | Run outside of the regular traffic flow, listen to the TCP packets and duplicate them 6 | to other sources with minimal impact. This means it needs no changes in the 7 | existing applications that run there. For example you run a process on port 8 | 1234 TCP. You can start the copying process teecp that monitors that TCP port 9 | and copies all the individual packets to another location. 10 | 11 | ## How does it work? 12 | It relies on the promiscuous mode ethernet sniffing mode which is also used by 13 | tools like [WireShark](https://www.wireshark.org/), 14 | [WinPcap](https://www.winpcap.org/), 15 | [tcpdump](https://www.tcpdump.org/), etc. 16 | 17 | It is built around Google's [gopacket](https://github.com/google/gopacket) library and written in GoLang. 18 | 19 | ![](https://raw.githubusercontent.com/RobinUS2/teecp/master/docs/teecp.png) 20 | 21 | By default the payload of the packet is forwarded (without the encapsulating layers). 22 | It is however possible to forward the entire packet payload without any filters. 23 | 24 | ## How to run? 25 | The below will listen on interface `lo0`, filter traffic on port 1234, log 26 | all details (very verbose, turn off in production), and copy it's packet payloads 27 | (by default TCP & UDP) towards localhost port 8080. 28 | ``` 29 | ./teecp --device=lo0 --bpf='port 1234' --verbose=true --output-tcp 'localhost:8080' 30 | ``` 31 | 32 | The `--bpf` flag can handle [Berkeley Packet Filter](https://en.wikipedia.org/wiki/Berkeley_Packet_Filter) syntax. 33 | 34 | A handful of examples: 35 | 36 | | Example | Syntax | 37 | |-------------------------|------------------------------------------------| 38 | | TCP only | tcp | 39 | | TCP for a specific port | tcp port 1234 | 40 | | + specific source | tcp port 1234 and src 1.2.3.4 | 41 | | + specific destination | tcp port 1234 and src 1.2.3.4 and dst 10.0.0.1 | 42 | 43 | # Keep alive 44 | By default TCP connections are closed after forwarding a packet. It is possible to enable 45 | keep alive like this: 46 | 47 | ``` 48 | --output-tcp 'localhost:8080|keepalive' 49 | ``` 50 | 51 | ## Build & test 52 | The application relies upon libpcap (for compiling Windows binaries, [download developer pack](https://www.winpcap.org/devel.htm)) and [GoLang](https://golang.org/doc/install). 53 | 54 | OS X via Homebrew 55 | ``` 56 | brew install libpcap 57 | ``` 58 | 59 | Ubuntu, Debian via APT 60 | ``` 61 | apt-get install -y libpcap-dev 62 | ``` 63 | 64 | Putting it all together 65 | ``` 66 | go vet . && go fmt . && go test -v . && go build . && ./teecp --device=lo0 --bpf='port 1234' --verbose=true --output-tcp "test.com:123" 67 | ``` 68 | 69 | ## Used by 70 | - [Route42](https://route42.nl/) 71 | - open a PR and add YourCompany! 72 | 73 | ## Related projects 74 | - GoReplay HTTP(S) https://github.com/buger/goreplay 75 | - TCPCopy https://github.com/session-replay-tools/tcpcopy 76 | - Duplicator https://github.com/agnoster/duplicator 77 | - IPTables `iptables -t mangle -A POSTROUTING -p tcp --dport 1234 -j TEE --gateway IP_HOST_B` -------------------------------------------------------------------------------- /bin/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RobinUS2/teecp/abce8fba4f7bc102f5e16e0b33bc9acd10ea3ab3/bin/.gitkeep -------------------------------------------------------------------------------- /docker_build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | # Docker 4 | docker build --tag teecp . -------------------------------------------------------------------------------- /docker_run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Run 3 | docker run \ 4 | -it \ 5 | -v `pwd`:/usr/local/app teecp \ 6 | sh -c 'export PATH=$PATH:/usr/lib/go-1.12/bin && go get "github.com/google/gopacket" && go get "github.com/google/gopacket/pcap" && go get "github.com/pkg/errors" && /usr/local/app/test.sh && GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CXX=x86_64-w64-mingw32-g++ CC=x86_64-w64-mingw32-gcc CGO_CFLAGS="-I/usr/local/app/include" CGO_LDFLAGS="-L/usr/local/app/lib" go build -o teecp.exe .' 7 | -------------------------------------------------------------------------------- /docs/teecp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RobinUS2/teecp/abce8fba4f7bc102f5e16e0b33bc9acd10ea3ab3/docs/teecp.png -------------------------------------------------------------------------------- /forwarder/conf.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "encoding/json" 5 | "github.com/google/gopacket/pcap" 6 | "github.com/pkg/errors" 7 | "log" 8 | "runtime" 9 | "strconv" 10 | "strings" 11 | ) 12 | 13 | const ConfSeparator = "|" 14 | const protocolTcp = "tcp" 15 | const optKeepAlive = "keepalive" 16 | const DefaultMaxPacketSize = 65536 17 | const DefaultLayers = "44,45" 18 | 19 | type Opts struct { 20 | Device string 21 | BpfFilter string 22 | Output string 23 | MaxPacketSize int32 24 | QueueSize int 25 | NumForwarders int 26 | StatsPrinter bool 27 | StatsHealthCheck bool // true will verify that it keeps sending and os.Exit(1) if nothing send for certain period 28 | StatsIntervalMilliseconds int 29 | MaxRetries int 30 | Verbose bool 31 | PrefixHeader bool 32 | 33 | // output 34 | outputProtocol string 35 | outputAddress string 36 | outputKeepAlive bool 37 | 38 | layers map[int]bool 39 | } 40 | 41 | func NewOpts() *Opts { 42 | return &Opts{ 43 | MaxPacketSize: DefaultMaxPacketSize, 44 | StatsIntervalMilliseconds: DefaultStatsIntervalMilliseconds, 45 | QueueSize: 1000, 46 | MaxRetries: 3, 47 | NumForwarders: runtime.NumCPU(), 48 | } 49 | } 50 | 51 | func (opts *Opts) Print() { 52 | j, _ := json.Marshal(opts) 53 | log.Printf("config %s", string(j)) 54 | } 55 | 56 | func (opts *Opts) Validate() { 57 | // @todo check that it's valid configuration 58 | } 59 | 60 | func (opts *Opts) ParseLayers(layerStr string) { 61 | opts.layers = make(map[int]bool) 62 | for _, str := range strings.Split(layerStr, ",") { 63 | i, _ := strconv.ParseInt(strings.TrimSpace(str), 10, 64) 64 | if i > 0 { 65 | opts.layers[int(i)] = true 66 | } 67 | } 68 | if len(opts.layers) < 1 { 69 | // no filter 70 | opts.layers = nil 71 | } 72 | } 73 | 74 | func (opts *Opts) ParseOutput() error { 75 | tokens := strings.Split(opts.Output, ConfSeparator) 76 | if len(tokens) < 2 { 77 | return errors.New("output should at least be protocol|hostname:port") 78 | } 79 | protocol := tokens[0] 80 | if protocol != protocolTcp { 81 | return errors.New("only supports TCP currently") 82 | } 83 | 84 | opts.outputProtocol = protocol 85 | opts.outputAddress = tokens[1] 86 | for _, token := range tokens { 87 | switch token { 88 | case optKeepAlive: 89 | opts.outputKeepAlive = true 90 | break 91 | } 92 | } 93 | 94 | return nil 95 | } 96 | 97 | func (opts *Opts) AutoDiscover() { 98 | if len(strings.TrimSpace(opts.Device)) > 0 { 99 | // already configured 100 | return 101 | } 102 | 103 | devices, err := pcap.FindAllDevs() 104 | if err != nil { 105 | log.Fatal(err) 106 | } 107 | 108 | // Print device information 109 | if opts.Verbose { 110 | log.Println("Devices found:") 111 | for _, device := range devices { 112 | log.Printf("Name: %s", device.Name) 113 | log.Printf("Description: %s", device.Description) 114 | for _, address := range device.Addresses { 115 | log.Printf("- IP address: %s", address.IP.String()) 116 | log.Printf("- Subnet mask: %s", address.Netmask.String()) 117 | } 118 | } 119 | } 120 | 121 | opts.Device = devices[0].Name 122 | } 123 | -------------------------------------------------------------------------------- /forwarder/forwarder.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "github.com/pkg/errors" 5 | "log" 6 | "net" 7 | "strings" 8 | "sync" 9 | "sync/atomic" 10 | "time" 11 | ) 12 | 13 | type Forwarder struct { 14 | opts *Opts 15 | queue chan Payload 16 | stop bool 17 | 18 | packetsForwarded uint64 19 | packetsFailed uint64 20 | packetAttemptsFailed uint64 21 | bytesForwarded uint64 22 | } 23 | 24 | func (forwarder *Forwarder) Queue(payload Payload) { 25 | if payload.data == nil || len(payload.data) < 1 { 26 | return 27 | } 28 | if forwarder.opts.Verbose { 29 | log.Printf("queued %x %s", payload.data, strings.TrimSpace(string(payload.data))) 30 | } 31 | forwarder.queue <- payload 32 | } 33 | 34 | func (forwarder *Forwarder) Start() { 35 | for i := 0; i < forwarder.opts.NumForwarders; i++ { 36 | go func() { 37 | forwarder.Run() 38 | }() 39 | } 40 | 41 | forwarder.printStats() 42 | } 43 | 44 | type ForwarderInstance struct { 45 | forwarder *Forwarder 46 | 47 | conn *net.TCPConn 48 | connMux sync.RWMutex 49 | } 50 | 51 | func (instance *ForwarderInstance) Conn() *net.TCPConn { 52 | if instance.forwarder.opts.outputKeepAlive { 53 | // keep alive 54 | instance.connMux.RLock() 55 | v := instance.conn 56 | instance.connMux.RUnlock() 57 | if v != nil { 58 | // already existing 59 | return v 60 | } 61 | } 62 | 63 | // @todo cache name resolution? 64 | // @todo UDP support 65 | // resolve 66 | tcpAddr, err := net.ResolveTCPAddr("tcp", instance.forwarder.opts.outputAddress) 67 | if err != nil { 68 | log.Printf("could not resolve target %s", err) 69 | return nil 70 | } 71 | if instance.forwarder.opts.Verbose { 72 | log.Printf("tcpAddr %v", tcpAddr) 73 | } 74 | 75 | // connect 76 | conn, err := net.DialTCP("tcp", nil, tcpAddr) 77 | if err != nil { 78 | log.Printf("could not resolve target %s", err) 79 | return nil 80 | } 81 | 82 | // keep? 83 | if instance.forwarder.opts.outputKeepAlive { 84 | instance.connMux.Lock() 85 | instance.conn = conn 86 | instance.connMux.Unlock() 87 | } 88 | 89 | return conn 90 | } 91 | 92 | func (forwarder *Forwarder) Run() *ForwarderInstance { 93 | instance := &ForwarderInstance{ 94 | forwarder: forwarder, 95 | } 96 | for { 97 | payload := <-forwarder.queue 98 | instance.handlePayload(payload) 99 | 100 | // stop 101 | if forwarder.stop { 102 | break 103 | } 104 | } 105 | return instance 106 | } 107 | 108 | func (forwarder *Forwarder) send(conn *net.TCPConn, payload Payload) error { 109 | if conn == nil { 110 | return errors.New("no connection") 111 | } 112 | b := payload.Bytes() 113 | if forwarder.opts.Verbose { 114 | log.Printf("sending %x", b) 115 | } 116 | // @todo option to prefix with length of data => byte bs := make([]byte, 4) binary.LittleEndian.PutUint32(bs, 31415926) 117 | n, err := conn.Write(b) 118 | if err != nil { 119 | return err 120 | } 121 | // stats 122 | atomic.AddUint64(&forwarder.bytesForwarded, uint64(n)) 123 | atomic.AddUint64(&forwarder.packetsForwarded, 1) 124 | 125 | if forwarder.opts.Verbose { 126 | log.Printf("sent %d bytes to %s", n, conn.RemoteAddr().String()) 127 | } 128 | 129 | // close? 130 | if forwarder.opts.outputKeepAlive == false { 131 | // close without keepalive 132 | if err := conn.Close(); err != nil { 133 | return err 134 | } 135 | } 136 | 137 | return nil 138 | } 139 | 140 | func (instance *ForwarderInstance) handlePayload(payload Payload) { 141 | // recover errors 142 | defer func() { 143 | if err := recover(); err != nil { 144 | log.Printf("recovered error in handlePayload: %s", err) 145 | } 146 | }() 147 | 148 | // retry support 149 | var err error 150 | for i := 0; i < instance.forwarder.opts.MaxRetries; i++ { 151 | // reset connection? 152 | if i > 0 { 153 | // sleep a bit 154 | time.Sleep(time.Duration(100+(i*i*1000)) * time.Millisecond) 155 | 156 | // reset connection on error 157 | instance.resetConnection() 158 | } 159 | 160 | // attempt 161 | conn := instance.Conn() 162 | if conn == nil { 163 | // try to connect again 164 | continue 165 | } 166 | // send 167 | err = instance.forwarder.send(conn, payload) 168 | if err != nil { 169 | if instance.forwarder.opts.Verbose { 170 | log.Printf("failed attempt to send %s (payload %x)", err, payload.data) 171 | } 172 | atomic.AddUint64(&instance.forwarder.packetAttemptsFailed, 1) 173 | 174 | // try again 175 | continue 176 | } 177 | break 178 | } 179 | // fatal, after retries still not sent 180 | if err != nil { 181 | log.Printf("failed to send %s (payload %x)", err, payload.data) 182 | atomic.AddUint64(&instance.forwarder.packetsFailed, 1) 183 | } 184 | } 185 | 186 | func (instance *ForwarderInstance) resetConnection() { 187 | if instance.forwarder.opts.outputKeepAlive { 188 | instance.connMux.Lock() 189 | instance.conn = nil 190 | instance.connMux.Unlock() 191 | } 192 | } 193 | 194 | func NewForwarder(opts *Opts) *Forwarder { 195 | forwarder := &Forwarder{ 196 | opts: opts, 197 | queue: make(chan Payload, opts.QueueSize), 198 | } 199 | return forwarder 200 | } 201 | -------------------------------------------------------------------------------- /forwarder/payload.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "bytes" 5 | "github.com/google/gopacket" 6 | "net" 7 | ) 8 | 9 | type Payload struct { 10 | data []byte 11 | header PayloadHeader 12 | } 13 | 14 | func (payload Payload) Bytes() []byte { 15 | if payload.header.PayloadSize < 1 { 16 | // no header 17 | return payload.data 18 | } 19 | 20 | // join header 21 | buf := bytes.Buffer{} 22 | buf.Write(payload.header.Bytes()) 23 | // payload 24 | buf.Write(payload.data) 25 | return buf.Bytes() 26 | } 27 | 28 | func NewPayload(payload []byte) Payload { 29 | return Payload{ 30 | data: payload, 31 | } 32 | } 33 | 34 | func (payload *Payload) SetHeader(header PayloadHeader) { 35 | payload.header = header 36 | } 37 | 38 | func PayloadHeaderFromPacket(payloadLen int, packet gopacket.Packet) PayloadHeader { 39 | return NewPayloadHeader(payloadLen, net.ParseIP(packet.NetworkLayer().NetworkFlow().Src().String()), strToInt(packet.TransportLayer().TransportFlow().Src().String()), net.ParseIP(packet.NetworkLayer().NetworkFlow().Dst().String()), strToInt(packet.TransportLayer().TransportFlow().Dst().String())) 40 | } 41 | -------------------------------------------------------------------------------- /forwarder/payload_header.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "bytes" 5 | "encoding/binary" 6 | "net" 7 | ) 8 | 9 | type PayloadHeader struct { 10 | PayloadSize uint32 // 4 bytes : number of bytes of the actual payload (excludes the fixed length payload fields below) 11 | Src []byte // 16 bytes 12 | SrcPort uint32 // 4 bytes 13 | Dst []byte // 16 bytes 14 | DstPort uint32 // 4 bytes 15 | } 16 | 17 | func NewPayloadHeader(payloadSize int, src net.IP, srcPort int, dst net.IP, dstPort int) PayloadHeader { 18 | return PayloadHeader{ 19 | PayloadSize: uint32(payloadSize), 20 | Src: toBytes(src), 21 | SrcPort: uint32(srcPort), 22 | Dst: toBytes(dst), 23 | DstPort: uint32(dstPort), 24 | } 25 | } 26 | 27 | func (header PayloadHeader) SrcIP() net.IP { 28 | return net.IP(header.Src) 29 | } 30 | 31 | func (header PayloadHeader) DstIP() net.IP { 32 | return net.IP(header.Dst) 33 | } 34 | 35 | func (header PayloadHeader) Bytes() []byte { 36 | if header.PayloadSize < 1 { 37 | panic("missing payload size") 38 | } 39 | buf := bytes.Buffer{} 40 | 41 | // payload length 42 | writeUint32(header.PayloadSize, &buf) 43 | 44 | // src 45 | buf.Write(header.Src) 46 | 47 | // src port 48 | writeUint32(header.SrcPort, &buf) 49 | 50 | // dst 51 | buf.Write(header.Dst) 52 | 53 | // dst port 54 | writeUint32(header.DstPort, &buf) 55 | 56 | return buf.Bytes() 57 | } 58 | 59 | func PayloadHeaderFromBytes(b []byte) PayloadHeader { 60 | buf := bytes.NewBuffer(b) 61 | payloadSize := readUint32(buf) 62 | 63 | // src 64 | src := make([]byte, 16) 65 | buf.Read(src) 66 | 67 | // src port 68 | srcPort := readUint32(buf) 69 | 70 | // dst 71 | dst := make([]byte, 16) 72 | buf.Read(dst) 73 | 74 | // dst port 75 | dstPort := readUint32(buf) 76 | 77 | // dst port 78 | return PayloadHeader{ 79 | PayloadSize: payloadSize, 80 | Src: src, 81 | SrcPort: srcPort, 82 | Dst: dst, 83 | DstPort: dstPort, 84 | } 85 | } 86 | 87 | func toBytes(ip net.IP) []byte { 88 | return ip.To16() 89 | } 90 | 91 | func writeUint32(v uint32, buf *bytes.Buffer) { 92 | bs := make([]byte, 4) 93 | binary.BigEndian.PutUint32(bs, v) 94 | buf.Write(bs) 95 | } 96 | 97 | func readUint32(buf *bytes.Buffer) uint32 { 98 | bs := make([]byte, 4) 99 | buf.Read(bs) 100 | return binary.BigEndian.Uint32(bs) 101 | } 102 | -------------------------------------------------------------------------------- /forwarder/payload_header_test.go: -------------------------------------------------------------------------------- 1 | package forwarder_test 2 | 3 | import ( 4 | "github.com/RobinUS2/teecp/forwarder" 5 | "log" 6 | "net" 7 | "testing" 8 | ) 9 | 10 | func TestNewPayloadHeader(t *testing.T) { 11 | header := forwarder.NewPayloadHeader(len([]byte("test")), net.ParseIP("127.0.0.1"), 1234, net.ParseIP("10.0.0.4"), 9999) 12 | log.Printf("%+v", header) 13 | b := header.Bytes() 14 | log.Printf("%d %x", len(b), b) 15 | 16 | { 17 | readHeader := forwarder.PayloadHeaderFromBytes(b) 18 | log.Printf("%+v", readHeader) 19 | src := readHeader.SrcIP() 20 | if src.String() != "127.0.0.1" { 21 | t.Error(src.String()) 22 | } 23 | 24 | if readHeader.SrcPort != 1234 { 25 | t.Error(readHeader.SrcPort) 26 | } 27 | 28 | dst := readHeader.DstIP() 29 | if dst.String() != "10.0.0.4" { 30 | t.Error(dst.String()) 31 | } 32 | 33 | if readHeader.DstPort != 9999 { 34 | t.Error(readHeader.DstPort) 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /forwarder/raw_listener.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "github.com/google/gopacket" 5 | "github.com/google/gopacket/pcap" 6 | "log" 7 | "strconv" 8 | ) 9 | 10 | type RawListener struct { 11 | opts *Opts 12 | forwarder *Forwarder 13 | } 14 | 15 | func (listener *RawListener) Forwarder() *Forwarder { 16 | return listener.forwarder 17 | } 18 | 19 | func (listener *RawListener) SetForwarder(forwarder *Forwarder) { 20 | listener.forwarder = forwarder 21 | } 22 | 23 | func (listener *RawListener) Listen() error { 24 | if listener.opts.Verbose { 25 | log.Printf("start listening at %s", listener.opts.Device) 26 | } 27 | if handle, err := pcap.OpenLive(listener.opts.Device, listener.opts.MaxPacketSize, true, pcap.BlockForever); err != nil { 28 | return err 29 | } else if err := handle.SetBPFFilter(listener.opts.BpfFilter); err != nil { // optional 30 | return err 31 | } else { 32 | packetSource := gopacket.NewPacketSource(handle, handle.LinkType()) 33 | for packet := range packetSource.Packets() { 34 | go listener.handlePacket(packet) 35 | } 36 | } 37 | return nil 38 | } 39 | 40 | func (listener *RawListener) handlePacket(packet gopacket.Packet) { 41 | if listener.opts.Verbose { 42 | log.Printf("recv packet %+v", packet) // Do something with a packet here. 43 | } 44 | 45 | // specific layer? 46 | var payload *Payload 47 | if listener.opts.layers != nil { 48 | for _, layer := range packet.Layers() { 49 | if listener.opts.Verbose { 50 | log.Printf(" layer type=%d payload=%x (%s) content=%x", layer.LayerType(), layer.LayerPayload(), string(layer.LayerPayload()), layer.LayerContents()) 51 | } 52 | if listener.opts.layers != nil && !listener.opts.layers[int(layer.LayerType())] { 53 | // not in expected layers 54 | continue 55 | } 56 | // just this layer's payload 57 | p := NewPayload(layer.LayerPayload()) 58 | payload = &p 59 | } 60 | } else { 61 | // full packet 62 | p := NewPayload(packet.Data()) 63 | payload = &p 64 | } 65 | 66 | // queue 67 | if payload != nil { 68 | p := payload 69 | // header 70 | if listener.opts.PrefixHeader { 71 | p.SetHeader(PayloadHeaderFromPacket(len(payload.data), packet)) 72 | } 73 | listener.Forwarder().Queue(*p) 74 | } 75 | } 76 | 77 | func strToInt(v string) int { 78 | i, _ := strconv.ParseInt(v, 10, 64) 79 | return int(i) 80 | } 81 | 82 | func NewRawListener(opts *Opts) *RawListener { 83 | return &RawListener{ 84 | opts: opts, 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /forwarder/server.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "sync" 5 | ) 6 | 7 | type Server struct { 8 | opts *Opts 9 | forwarder *Forwarder 10 | mux sync.RWMutex 11 | } 12 | 13 | func (server *Server) Forwarder() *Forwarder { 14 | server.mux.RLock() 15 | defer server.mux.RUnlock() 16 | return server.forwarder 17 | } 18 | 19 | func (server *Server) Stats() Stats { 20 | return server.Forwarder().Stats() 21 | } 22 | 23 | func (server *Server) Start() error { 24 | // opts 25 | server.opts.AutoDiscover() 26 | err := server.opts.ParseOutput() 27 | if err != nil { 28 | return err 29 | } 30 | server.opts.Print() 31 | server.opts.Validate() 32 | 33 | // listener 34 | listener := NewRawListener(server.opts) 35 | 36 | //forwarder 37 | server.mux.Lock() 38 | server.forwarder = NewForwarder(server.opts) 39 | server.mux.Unlock() 40 | server.forwarder.Start() 41 | 42 | // inject into listener 43 | listener.SetForwarder(server.forwarder) 44 | 45 | // start 46 | return listener.Listen() 47 | } 48 | 49 | func NewServer(opts *Opts) *Server { 50 | return &Server{ 51 | opts: opts, 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /forwarder/stats.go: -------------------------------------------------------------------------------- 1 | package forwarder 2 | 3 | import ( 4 | "log" 5 | "os" 6 | "sync/atomic" 7 | "time" 8 | ) 9 | 10 | const DefaultStatsIntervalMilliseconds = 10 * 1000 11 | 12 | func (forwarder *Forwarder) printStats() { 13 | interval := DefaultStatsIntervalMilliseconds 14 | if forwarder.opts.StatsIntervalMilliseconds > 0 { 15 | interval = forwarder.opts.StatsIntervalMilliseconds 16 | } 17 | ticker := time.NewTicker(time.Duration(interval) * time.Millisecond) 18 | go func() { 19 | timeSinceLastForward := time.Now() 20 | var previousStats Stats 21 | for _ = range ticker.C { 22 | // obtain stats 23 | stats := forwarder.Stats() 24 | 25 | // print 26 | if forwarder.opts.StatsPrinter { 27 | log.Printf("stats %+v", stats) 28 | } 29 | 30 | // health 31 | if forwarder.opts.StatsHealthCheck { 32 | numForwarded := stats.PacketsForwarded - previousStats.PacketsForwarded 33 | if numForwarded > 0 { 34 | // increase means we forwarded 35 | timeSinceLastForward = time.Now() 36 | } 37 | 38 | // long time no forward? 39 | secondsSinceForward := int(time.Now().Sub(timeSinceLastForward).Seconds()) 40 | if secondsSinceForward > 30*60 { 41 | log.Printf("time since last forward is %d seconds ago, exiting", secondsSinceForward) 42 | os.Exit(1) 43 | } 44 | } 45 | 46 | // assign previous 47 | previousStats = stats 48 | } 49 | }() 50 | } 51 | 52 | type Stats struct { 53 | BytesForwarded uint64 54 | PacketsForwarded uint64 55 | PacketAttemptsFailed uint64 56 | PacketsFailed uint64 57 | } 58 | 59 | func (forwarder *Forwarder) Stats() Stats { 60 | return Stats{ 61 | BytesForwarded: atomic.LoadUint64(&forwarder.bytesForwarded), 62 | PacketsForwarded: atomic.LoadUint64(&forwarder.packetsForwarded), 63 | PacketAttemptsFailed: atomic.LoadUint64(&forwarder.packetAttemptsFailed), 64 | PacketsFailed: atomic.LoadUint64(&forwarder.packetsFailed), 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/RobinUS2/teecp 2 | 3 | go 1.12 4 | 5 | require ( 6 | github.com/google/gopacket v1.1.17 7 | github.com/pkg/errors v0.8.1 8 | golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f 9 | golang.org/x/net v0.0.0-20190520210107-018c4d40a106 10 | golang.org/x/sys v0.0.0-20190520201301-c432e742b0af 11 | golang.org/x/text v0.3.2 12 | golang.org/x/tools v0.0.0-20190520220859-26647e34d3c0 13 | ) 14 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/google/gopacket v0.0.0-20190211013929-f86faeb88894 h1:uLlIRilC25T6VC/ePgHc2Oo1+AWlsrbmbMYUeEHfZAs= 2 | github.com/google/gopacket v0.0.0-20190211013929-f86faeb88894/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= 3 | github.com/google/gopacket v1.1.16-0.20181204164255-d5dee4e2f7c6 h1:1NIx0HsUkRLw5A3M2XGFzfymhqKfO+gqtneZrzKr1Gw= 4 | github.com/google/gopacket v1.1.16-0.20181204164255-d5dee4e2f7c6/go.mod h1:UCLx9mCmAwsVbn6qQl1WIEt2SO7Nd2fD0th1TBAsqBw= 5 | github.com/google/gopacket v1.1.17 h1:rMrlX2ZY2UbvT+sdz3+6J+pp2z+msCq9MxTU6ymxbBY= 6 | github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= 7 | github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= 8 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 9 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 10 | golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPlt9tHXFfw5kvc0yqlxRPWo= 11 | golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 12 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 13 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 14 | golang.org/x/net v0.0.0-20190520210107-018c4d40a106 h1:EZofHp/BzEf3j39/+7CX1JvH0WaPG+ikBrqAdAPf+GM= 15 | golang.org/x/net v0.0.0-20190520210107-018c4d40a106/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 16 | golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= 17 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 18 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 19 | golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 20 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 21 | golang.org/x/sys v0.0.0-20190520201301-c432e742b0af h1:NXfmMfXz6JqGfG3ikSxcz2N93j6DgScr19Oo2uwFu88= 22 | golang.org/x/sys v0.0.0-20190520201301-c432e742b0af/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 23 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 24 | golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= 25 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 26 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 27 | golang.org/x/tools v0.0.0-20190520220859-26647e34d3c0 h1:lvPfJvgU8ph6AjkvFjGFZaot/UyeyrJZA0jr2T3x6oI= 28 | golang.org/x/tools v0.0.0-20190520220859-26647e34d3c0/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 29 | -------------------------------------------------------------------------------- /include/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RobinUS2/teecp/abce8fba4f7bc102f5e16e0b33bc9acd10ea3ab3/include/.gitkeep -------------------------------------------------------------------------------- /lib/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/RobinUS2/teecp/abce8fba4f7bc102f5e16e0b33bc9acd10ea3ab3/lib/.gitkeep -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "github.com/RobinUS2/teecp/forwarder" 6 | "log" 7 | ) 8 | 9 | var device *string 10 | var bpfFilter *string 11 | var verbose *bool 12 | var layerStr *string 13 | var outputTcp *string 14 | var statsPrinter *bool 15 | var statsHealthCheck *bool 16 | var prefixHeader *bool 17 | 18 | func init() { 19 | { 20 | str := "" 21 | device = &str 22 | } 23 | flag.StringVar(device, "device", "", "device") 24 | 25 | { 26 | str := "" 27 | bpfFilter = &str 28 | } 29 | flag.StringVar(bpfFilter, "bpf", "icmp", "BPF filter (e.g. tcp port 1234)") 30 | 31 | { 32 | str := "" 33 | layerStr = &str 34 | } 35 | flag.StringVar(layerStr, "layers", forwarder.DefaultLayers, "layers comma separated - 44 = TCP, 45 = UDP https://github.com/google/gopacket/blob/master/layers/layertypes.go") 36 | 37 | { 38 | str := "" 39 | outputTcp = &str 40 | } 41 | flag.StringVar(outputTcp, "output-tcp", "", "TCP output configuration (e.g. your-host:1234") 42 | 43 | { 44 | b := false 45 | verbose = &b 46 | } 47 | flag.BoolVar(verbose, "verbose", false, "verbose logging") 48 | 49 | { 50 | b := false 51 | statsPrinter = &b 52 | } 53 | flag.BoolVar(statsPrinter, "stats", true, "print stats") 54 | 55 | { 56 | b := false 57 | statsHealthCheck = &b 58 | } 59 | flag.BoolVar(statsHealthCheck, "health-check", true, "health check") 60 | 61 | { 62 | b := false 63 | prefixHeader = &b 64 | } 65 | flag.BoolVar(prefixHeader, "prefix-header", false, "prefix header (include payload size, src, src port, dst, dst port)") 66 | 67 | // parse 68 | flag.Parse() 69 | } 70 | 71 | func main() { 72 | opts := forwarder.NewOpts() 73 | opts.Device = *device 74 | opts.Output = "tcp" + forwarder.ConfSeparator + *outputTcp 75 | opts.BpfFilter = *bpfFilter 76 | opts.Verbose = *verbose 77 | opts.StatsPrinter = *statsPrinter 78 | opts.StatsHealthCheck = *statsHealthCheck 79 | opts.PrefixHeader = *prefixHeader 80 | opts.ParseLayers(*layerStr) 81 | 82 | // prevent usage of non opts 83 | unsetLocal() 84 | 85 | // start 86 | server := forwarder.NewServer(opts) 87 | err := server.Start() 88 | if err != nil { 89 | log.Fatalf("failed to start: %s", err) 90 | } 91 | } 92 | 93 | func unsetLocal() { 94 | device = nil 95 | bpfFilter = nil 96 | layerStr = nil 97 | outputTcp = nil 98 | verbose = nil 99 | statsPrinter = nil 100 | } 101 | -------------------------------------------------------------------------------- /teecp_test.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "github.com/RobinUS2/teecp/forwarder" 6 | "log" 7 | "net" 8 | "strings" 9 | "sync" 10 | "sync/atomic" 11 | "testing" 12 | "time" 13 | ) 14 | 15 | const startPort = 9000 16 | const protocol = "tcp" 17 | const host = "127.0.0.1" 18 | const testDevice = "lo" 19 | 20 | func TestAutoDiscover(t *testing.T) { 21 | opts := forwarder.NewOpts() 22 | opts.Verbose = true 23 | opts.AutoDiscover() 24 | if len(opts.Device) < 1 { 25 | t.Error(opts.Device) 26 | } 27 | } 28 | 29 | func TestNewForwarder(t *testing.T) { 30 | const primaryPort = startPort + 1 31 | const teePort = startPort + 2 32 | opts := forwarder.NewOpts() 33 | opts.Device = testDevice 34 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 35 | opts.ParseLayers(forwarder.DefaultLayers) 36 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 37 | opts.Verbose = true 38 | opts.StatsPrinter = true 39 | opts.StatsIntervalMilliseconds = 500 40 | controls := runTest(t, opts, primaryPort, teePort, nil) 41 | // await 42 | <-controls.shutdown 43 | } 44 | 45 | func TestNewForwarderSilent(t *testing.T) { 46 | const primaryPort = startPort + 3 47 | const teePort = startPort + 4 48 | opts := forwarder.NewOpts() 49 | opts.Device = testDevice 50 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 51 | opts.ParseLayers(forwarder.DefaultLayers) 52 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 53 | opts.Verbose = false 54 | opts.StatsPrinter = false 55 | opts.StatsIntervalMilliseconds = 500 56 | controls := runTest(t, opts, primaryPort, teePort, nil) 57 | // await 58 | <-controls.shutdown 59 | } 60 | 61 | func TestNewForwarderTeeDown(t *testing.T) { 62 | const primaryPort = startPort + 5 63 | const teePort = startPort + 6 64 | opts := forwarder.NewOpts() 65 | opts.Device = testDevice 66 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 67 | opts.ParseLayers(forwarder.DefaultLayers) 68 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 69 | opts.Verbose = false 70 | opts.StatsPrinter = false 71 | opts.StatsIntervalMilliseconds = 500 72 | counter := uint64(0) 73 | 74 | testOpts := &TestOpts{} 75 | controls := runTest(t, opts, primaryPort, teePort, testOpts) 76 | 77 | // inject on message hook 78 | testOpts.mux.Lock() 79 | testOpts.onMsg = func(port int, msg []byte) { 80 | if atomic.AddUint64(&counter, 1) == 5 { 81 | // in middle, close connection of tee 82 | if err := controls.conTee.Close(); err != nil { 83 | t.Error(err) 84 | } 85 | } 86 | } 87 | testOpts.mux.Unlock() 88 | 89 | // await a bit for the retries, but don't wait for final shutdown 90 | time.Sleep(1 * time.Second) 91 | } 92 | 93 | func TestNewForwarderPrimaryDown(t *testing.T) { 94 | const primaryPort = startPort + 7 95 | const teePort = startPort + 8 96 | opts := forwarder.NewOpts() 97 | opts.Device = testDevice 98 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 99 | opts.ParseLayers(forwarder.DefaultLayers) 100 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 101 | opts.Verbose = false 102 | opts.StatsPrinter = false 103 | opts.StatsIntervalMilliseconds = 500 104 | counter := uint64(0) 105 | 106 | testOpts := &TestOpts{ 107 | AllowFailedSending: true, 108 | } 109 | controls := runTest(t, opts, primaryPort, teePort, testOpts) 110 | 111 | // inject on message hook 112 | testOpts.mux.Lock() 113 | testOpts.onMsg = func(port int, msg []byte) { 114 | if atomic.AddUint64(&counter, 1) == 5 { 115 | // in middle, close connection of primary 116 | if err := controls.conPrimary.Close(); err != nil { 117 | t.Error(err) 118 | } 119 | } 120 | } 121 | testOpts.mux.Unlock() 122 | 123 | // await a bit for the retries, but don't wait for final shutdown 124 | time.Sleep(1 * time.Second) 125 | 126 | // stats 127 | stats := controls.fw.Stats() 128 | if stats.PacketsFailed > 0 { 129 | t.Errorf("missing packets %+v", stats) 130 | } 131 | } 132 | 133 | func TestNewForwarderNoLayerFilter(t *testing.T) { 134 | const primaryPort = startPort + 9 135 | const teePort = startPort + 10 136 | opts := forwarder.NewOpts() 137 | opts.Device = testDevice 138 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 139 | opts.ParseLayers("") 140 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 141 | opts.Verbose = false 142 | opts.StatsPrinter = false 143 | opts.StatsIntervalMilliseconds = 500 144 | controls := runTest(t, opts, primaryPort, teePort, &TestOpts{ 145 | ValidateMsgString: false, 146 | }) 147 | 148 | // await a bit for the retries, but don't wait for final shutdown 149 | time.Sleep(1 * time.Second) 150 | 151 | // stats 152 | stats := controls.fw.Forwarder().Stats() 153 | if stats.PacketsFailed > 0 { 154 | t.Errorf("missing packets %+v", stats) 155 | } 156 | } 157 | 158 | func TestNewForwarderPrefixHeader(t *testing.T) { 159 | const primaryPort = startPort + 11 160 | const teePort = startPort + 12 161 | opts := forwarder.NewOpts() 162 | opts.Device = testDevice 163 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 164 | opts.ParseLayers(forwarder.DefaultLayers) 165 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 166 | opts.Verbose = false 167 | opts.StatsPrinter = false 168 | opts.StatsIntervalMilliseconds = 500 169 | opts.PrefixHeader = true 170 | controls := runTest(t, opts, primaryPort, teePort, &TestOpts{ 171 | ValidateMsgString: false, 172 | }) 173 | // await 174 | <-controls.shutdown 175 | } 176 | 177 | func TestNewForwarderHealth(t *testing.T) { 178 | const primaryPort = startPort + 13 179 | const teePort = startPort + 14 180 | opts := forwarder.NewOpts() 181 | opts.Device = testDevice 182 | opts.BpfFilter = fmt.Sprintf("port %d and dst %s", primaryPort, host) 183 | opts.ParseLayers(forwarder.DefaultLayers) 184 | opts.Output = fmt.Sprintf("tcp|%s:%d", host, teePort) 185 | opts.Verbose = true 186 | opts.StatsPrinter = true 187 | opts.StatsHealthCheck = true 188 | opts.StatsIntervalMilliseconds = 500 189 | controls := runTest(t, opts, primaryPort, teePort, nil) 190 | // await 191 | <-controls.shutdown 192 | } 193 | 194 | type TestControls struct { 195 | shutdown chan bool 196 | conPrimary *net.TCPListener 197 | conTee *net.TCPListener 198 | fw *forwarder.Server 199 | } 200 | 201 | type TestOpts struct { 202 | onMsg func(port int, msg []byte) 203 | mux sync.RWMutex 204 | AllowFailedSending bool 205 | ValidateMsgString bool 206 | KeepAlive bool 207 | } 208 | 209 | func (testOpts *TestOpts) OnMsg() func(port int, msg []byte) { 210 | testOpts.mux.RLock() 211 | defer testOpts.mux.RUnlock() 212 | return testOpts.onMsg 213 | } 214 | 215 | func runTest(t *testing.T, opts *forwarder.Opts, primaryPort int, teePort int, testOpts *TestOpts) *TestControls { 216 | shutdown := make(chan bool, 1) 217 | payload := fmt.Sprintf("test-msg-%d", time.Now().UnixNano()) 218 | numTee := uint64(0) 219 | numPrimary := uint64(0) 220 | 221 | // primary receiver (e.g. your web server) 222 | conPrimary := getConnection(t, primaryPort) 223 | readConnection(t, testOpts, conPrimary, func(msg []byte) { 224 | // test hook 225 | if testOpts != nil && testOpts.OnMsg() != nil { 226 | testOpts.OnMsg()(primaryPort, msg) 227 | } 228 | // validate 229 | if testOpts == nil || testOpts.ValidateMsgString { 230 | str := string(msg) 231 | log.Printf("primary %s", str) 232 | if !strings.HasPrefix(str, payload) { 233 | return 234 | } 235 | } 236 | atomic.AddUint64(&numPrimary, 1) 237 | }) 238 | 239 | // tee receiver (e.g. your staging environment) 240 | conTee := getConnection(t, teePort) 241 | readConnection(t, testOpts, conTee, func(msg []byte) { 242 | // test hook 243 | if testOpts != nil && testOpts.OnMsg() != nil { 244 | testOpts.OnMsg()(teePort, msg) 245 | } 246 | // validate 247 | if testOpts == nil || testOpts.ValidateMsgString { 248 | str := string(msg) 249 | log.Printf("tee %s", str) 250 | if !strings.HasPrefix(str, payload) { 251 | return 252 | } 253 | } 254 | atomic.AddUint64(&numTee, 1) 255 | }) 256 | 257 | // tee forwarder 258 | fw := forwarder.NewServer(opts) 259 | go func() { 260 | err := fw.Start() 261 | if err != nil { 262 | t.Error(err) 263 | } 264 | }() 265 | 266 | time.Sleep(500 * time.Millisecond) 267 | 268 | // send to primary 269 | go func() { 270 | for i := 0; i < 10; i++ { 271 | addr, err := net.ResolveTCPAddr(protocol, fmt.Sprintf("%s:%d", host, primaryPort)) 272 | if err != nil { 273 | t.Error(err) 274 | } 275 | con, err := net.DialTCP(protocol, nil, addr) 276 | if testOpts != nil && testOpts.AllowFailedSending { 277 | if err != nil && con == nil { 278 | continue 279 | } 280 | } 281 | if err != nil { 282 | t.Error(err) 283 | } 284 | _, err = con.Write([]byte(payload + fmt.Sprintf("-%d", i))) 285 | if err != nil { 286 | t.Error(err) 287 | } 288 | } 289 | }() 290 | 291 | // wait for at least 1 stats print 292 | go func() { 293 | for i := 0; i < 10; i++ { 294 | time.Sleep(500 * time.Millisecond) 295 | 296 | // done :) 297 | if atomic.LoadUint64(&numTee) == 10 && atomic.LoadUint64(&numPrimary) == 10 { 298 | shutdown <- true 299 | } 300 | } 301 | }() 302 | 303 | return &TestControls{ 304 | shutdown: shutdown, 305 | conPrimary: conPrimary, 306 | conTee: conTee, 307 | fw: fw, 308 | } 309 | } 310 | 311 | func getConnection(t *testing.T, port int) *net.TCPListener { 312 | addr, err := net.ResolveTCPAddr(protocol, fmt.Sprintf("%s:%d", host, port)) 313 | if err != nil { 314 | t.Error(err) 315 | } 316 | con, err := net.ListenTCP(protocol, addr) 317 | if err != nil { 318 | t.Error(err) 319 | } 320 | return con 321 | } 322 | 323 | func readConnection(t *testing.T, testOpts *TestOpts, listener *net.TCPListener, onMsg func(msg []byte)) { 324 | go func() { 325 | for { 326 | con, err := listener.Accept() 327 | if con == nil { 328 | break 329 | } 330 | if err != nil { 331 | t.Error(err) 332 | } 333 | buf := make([]byte, forwarder.DefaultMaxPacketSize) 334 | n, err := con.Read(buf) 335 | if err != nil { 336 | t.Error(err) 337 | } 338 | buf = buf[0:n] 339 | log.Printf("con %v %v %s", con, buf, string(buf)) 340 | onMsg(buf) 341 | } 342 | }() 343 | } 344 | -------------------------------------------------------------------------------- /test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | # go to this file 4 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 5 | cd ${DIR} 6 | 7 | # vet 8 | go vet -v . 9 | cd forwarder && go vet -v . && cd .. 10 | echo "OK vetting" 11 | 12 | # test 13 | go test -v -race -cover . 14 | echo "OK tests" --------------------------------------------------------------------------------