Scapy有一个sendpfast函数,可以使用tcpreplay发送数据包.但是,此函数首先创建一个临时pcap文件,然后在其上调用tcpreplay.这增加了太多的延迟.反正有没有绕过它并直接发送数据到tcpreplay.我知道tcpreplay可以从STDIN读取数据.
上下文:我希望每秒生成大量流量(使用不同的srcIP)并通过网络发送.一种选择是将所有带有时间戳的流量保存在一个巨大的pcap文件中并运行tcpreplay.另一种选择是每秒发送数据.
解决方法:
不确定是否避免临时文件就足够了,但仍然是这样的方法:
#! /usr/bin/env python
from scapy.all import *
def pkt2pcap(p):
sec = int(p.time)
usec = int(round((p.time-sec)*1000000))
s = str(p)
caplen = len(s)
return struct.pack("IIII", sec, usec, caplen, caplen) + s
# adapted from Scapy's sendpfast
def mysendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None):
"""Send packets at layer 2 using tcpreplay for performance
pps: packets per second
mpbs: MBits per second
realtime: use packet's timestamp, bending time with realtime value
loop: number of times to process the packet list
file_cache: cache packets in RAM instead of reading from disk at each iteration
iface: output interface """
if iface is None:
iface = conf.iface
argv = [conf.prog.tcpreplay, "--intf1=%s" % iface ]
if pps is not None:
argv.append("--pps=%i" % pps)
elif mbps is not None:
argv.append("--mbps=%i" % mbps)
elif realtime is not None:
argv.append("--multiplier=%i" % realtime)
else:
argv.append("--topspeed")
if loop:
argv.append("--loop=%i" % loop)
if file_cache:
argv.append("--enable-file-cache")
argv.append("-")
try:
f = subprocess.Popen(argv, stdin=subprocess.PIPE)
# PCAP header
p = x.next()
f.stdin.write(struct.pack("IHHIIII", 0xa1b2c3d4L,
2, 4, 0, 0, MTU,
conf.l2types[p.__class__]))
# Let's send
f.stdin.write(pkt2pcap(p))
for p in x:
f.stdin.write(pkt2pcap(p))
f.stdin.close()
f.communicate()
except KeyboardInterrupt:
log_interactive.info("Interrupted by user")
except Exception,e:
log_interactive.error("while trying to exec [%s]: %s" % (argv[0],e))