Continuous pcapng export or streaming of data #841
Description
Hey,
I want to generate multiple pcapng files with tls pcapng mode. Curretnly ecapture generates a huge pcapang file over the time. What i wanted to do is, generate multiple pcapng files with master keys saved inside it. However i am not able to achieve it, Do you have any recommendation?
This is what i tried.
// ServePcap is used to serve pcapng file
func (t *MTCProbe) ServePcap() {
ti := time.NewTicker(2 * time.Second)
var rotationTicker *time.Ticker
// Setup rotation ticker if rotation is enabled
if t.rotationInterval > 0 && t.pcapngDirectory != "" {
rotationTicker = time.NewTicker(t.rotationInterval)
t.logger.Info().Str("pcapng directory", t.pcapngDirectory).Dur("rotation", t.rotationInterval).Msg("packets saved into pcapng files with rotation.")
} else {
t.logger.Info().Str("pcapng path", t.pcapngFilename).Msg("packets saved into pcapng file.")
}
var allCount int
defer func() {
if allCount == 0 {
t.logger.Warn().Msg("nothing captured, please check your network interface, see \"ecapture tls -h\" for more information.")
} else {
t.logger.Info().Int("count", allCount).Msg("packets saved into pcapng file.")
}
ti.Stop()
if rotationTicker != nil {
rotationTicker.Stop()
}
}()
var i int
// Create a channel that's either the rotation ticker or nil
var rotationChan <-chan time.Time
if rotationTicker != nil {
rotationChan = rotationTicker.C
}
for {
select {
case _ = <-rotationChan:
// This case is ignored when rotationChan is nil
t.logger.Info().Msg("rotation timer triggered")
if len(t.tcPackets) > 0 {
n, e := t.savePcapng()
if e != nil {
t.logger.Warn().Err(e).Msg("save pcapng before rotation failed")
} else {
t.logger.Info().Int("count", n).Msg("packets saved before rotation")
allCount += n
}
// Reset packets after saving
i = 0
t.tcPackets = t.tcPackets[:0]
}
// Rotate to new file
err := t.rotateFile()
if err != nil {
t.logger.Error().Err(err).Msg("failed to rotate pcap file")
}
case _ = <-ti.C:
if i == 0 || len(t.tcPackets) == 0 {
continue
}
n, e := t.savePcapng()
if e != nil {
t.logger.Warn().Err(e).Int("count", i).Msg("save pcapng err, maybe some packets lost.")
} else {
t.logger.Info().Int("count", n).Msg("packets saved into pcapng file.")
allCount += n
}
// reset counter, and reset tcPackets array
i = 0
t.tcPackets = t.tcPackets[:0]
case packet, ok := <-t.tcPacketsChan:
// append tcPackets to tcPackets Array from tcPacketsChan
if !ok {
t.logger.Warn().Msg("tcPacketsChan closed.")
}
t.tcPackets = append(t.tcPackets, packet)
i++
case _ = <-t.ctx.Done():
if i == 0 || len(t.tcPackets) == 0 {
return
}
n, e := t.savePcapng()
if e != nil {
t.logger.Info().Err(e).Int("count", i).Msg("save pcapng err, maybe some packets lost.")
} else {
t.logger.Info().Int("count", n).Msg("packets saved into pcapng file.")
allCount += n
}
return
}
}
}