Search code examples
pythonnetwork-programmingpcapscapynetwork-traffic

Scapy and tcpreplay: bypass temporary file for performance


Scapy has a sendpfast function that sends packets using tcpreplay. However, this function first creates a temporary pcap file and then calls tcpreplay on that. This adds too much delay. Is there anyway to bypass it and directly send data to tcpreplay. I know that tcpreplay can read data from STDIN.

Context: I want to generate large traffic (with different srcIP) every second and send it through network. One option is to save all traffic with timestamps in a giant pcap file and run tcpreplay. Another option is to send data every second.


Solution

  • Not sure whether or not avoiding temporary file will be enough, but still, here is a way:

    #! /usr/bin/env python
    
    from scapy.all import *
    
    def pkt2pcap(p):
            sec = int(p.time)
            usec = int(round((p.time-sec)*1000000))
            s = str(p)
            caplen = len(s)
            return struct.pack("IIII", sec, usec, caplen, caplen) + s
    
    # adapted from Scapy's sendpfast
    def mysendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None):
        """Send packets at layer 2 using tcpreplay for performance
        pps:  packets per second
        mpbs: MBits per second
        realtime: use packet's timestamp, bending time with realtime value
        loop: number of times to process the packet list
        file_cache: cache packets in RAM instead of reading from disk at each iteration
        iface: output interface """
        if iface is None:
            iface = conf.iface
        argv = [conf.prog.tcpreplay, "--intf1=%s" % iface ]
        if pps is not None:
            argv.append("--pps=%i" % pps)
        elif mbps is not None:
            argv.append("--mbps=%i" % mbps)
        elif realtime is not None:
            argv.append("--multiplier=%i" % realtime)
        else:
            argv.append("--topspeed")
        if loop:
            argv.append("--loop=%i" % loop)
            if file_cache:
                argv.append("--enable-file-cache")
        argv.append("-")
        try:
            f = subprocess.Popen(argv, stdin=subprocess.PIPE)
            # PCAP header
            p = x.next()
            f.stdin.write(struct.pack("IHHIIII", 0xa1b2c3d4L,
                                      2, 4, 0, 0, MTU,
                                      conf.l2types[p.__class__]))
            # Let's send
            f.stdin.write(pkt2pcap(p))
            for p in x:
                f.stdin.write(pkt2pcap(p))
            f.stdin.close()
            f.communicate()
        except KeyboardInterrupt:
            log_interactive.info("Interrupted by user")
        except Exception,e:
            log_interactive.error("while trying to exec [%s]: %s" % (argv[0],e))