Scapy and tcpreplay: bypass temporary file for per

2019-02-23 09:36发布

问题:

Scapy has a sendpfast function that sends packets using tcpreplay. However, this function first creates a temporary pcap file and then calls tcpreplay on that. This adds too much delay. Is there anyway to bypass it and directly send data to tcpreplay. I know that tcpreplay can read data from STDIN.

Context: I want to generate large traffic (with different srcIP) every second and send it through network. One option is to save all traffic with timestamps in a giant pcap file and run tcpreplay. Another option is to send data every second.

回答1:

Not sure whether or not avoiding temporary file will be enough, but still, here is a way:

#! /usr/bin/env python

from scapy.all import *

def pkt2pcap(p):
        sec = int(p.time)
        usec = int(round((p.time-sec)*1000000))
        s = str(p)
        caplen = len(s)
        return struct.pack("IIII", sec, usec, caplen, caplen) + s

# adapted from Scapy's sendpfast
def mysendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None):
    """Send packets at layer 2 using tcpreplay for performance
    pps:  packets per second
    mpbs: MBits per second
    realtime: use packet's timestamp, bending time with realtime value
    loop: number of times to process the packet list
    file_cache: cache packets in RAM instead of reading from disk at each iteration
    iface: output interface """
    if iface is None:
        iface = conf.iface
    argv = [conf.prog.tcpreplay, "--intf1=%s" % iface ]
    if pps is not None:
        argv.append("--pps=%i" % pps)
    elif mbps is not None:
        argv.append("--mbps=%i" % mbps)
    elif realtime is not None:
        argv.append("--multiplier=%i" % realtime)
    else:
        argv.append("--topspeed")
    if loop:
        argv.append("--loop=%i" % loop)
        if file_cache:
            argv.append("--enable-file-cache")
    argv.append("-")
    try:
        f = subprocess.Popen(argv, stdin=subprocess.PIPE)
        # PCAP header
        p = x.next()
        f.stdin.write(struct.pack("IHHIIII", 0xa1b2c3d4L,
                                  2, 4, 0, 0, MTU,
                                  conf.l2types[p.__class__]))
        # Let's send
        f.stdin.write(pkt2pcap(p))
        for p in x:
            f.stdin.write(pkt2pcap(p))
        f.stdin.close()
        f.communicate()
    except KeyboardInterrupt:
        log_interactive.info("Interrupted by user")
    except Exception,e:
        log_interactive.error("while trying to exec [%s]: %s" % (argv[0],e))