|
|
|
|
//go:build !windows
|
|
|
|
|
|
|
|
|
|
package tcm
|
|
|
|
|
|
|
|
|
|
import "github.com/spf13/cobra"
|
|
|
|
|
|
|
|
|
|
var nf = NewNfCap()
|
|
|
|
|
|
|
|
|
|
var Cmd = &cobra.Command{
|
|
|
|
|
Use: "tcm",
|
|
|
|
|
Short: "TCP连接监视工具",
|
|
|
|
|
Run: func(cmd *cobra.Command, args []string) {
|
|
|
|
|
nf.Run()
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.monitorPort, "port", "p", 0, "nft转发端口地址,如果启用此参数,将会自动设置iptables,需要安装iptables")
|
|
|
|
|
Cmd.Flags().StringSliceVarP(&nf.target, "target", "t", []string{}, "监控的ip地址,可多个,本工具各类延迟等tcp操作仅对此类ip生效")
|
|
|
|
|
Cmd.Flags().StringSliceVarP(&nf.targetCmd, "cmd", "c", []string{}, "触发报文drop的关键词,utf8格式,如:show variables")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.targetAsHex, "cmd-as-hex", "x", false, "启用此选项,cmd选项请传入hex字符,而不是utf-8")
|
|
|
|
|
Cmd.Flags().StringVarP(&nf.saveFile, "save", "w", "", "保存文件路径,将会保存所有报文到此文件")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.interactive, "interactive", "i", false, "启用交互模式,可输入命令:allow <ip>,drop <ip>,delay <ms>,loss <number%>")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.showAll, "display-all", "D", false, "显示所有报文,包括非target对象")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.showAsHex, "as-hex", "a", false, "显示报文的hex内容")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.showPayload, "show-payload", "S", false, "显示报文的payload")
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.maxShowPayloadSize, "payload-maxlen", "m", 200, "显示payload的最大长度")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.noShowMode, "no-show", "N", false, "不显示任何tcp报文,只统计数量")
|
|
|
|
|
Cmd.Flags().Float64VarP(&nf.loss, "loss", "l", 0, "丢包率,0-100之间,如10表示10%丢包")
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.delay, "delay", "d", 0, "延迟时间,单位ms")
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.packetDelay, "packet-delay-num", "n", 0, "触发封禁关键词后,延迟n个包再封禁")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.useRST, "rst", "r", false, "触发封禁关键词后,同步发送RST报文")
|
|
|
|
|
Cmd.Flags().StringVarP(&nf.rstMode, "rstmode", "R", "reverse", "RST报文发送模式,可选值:both,target,reverse")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.fastMode, "fastmode", "F", false, "快速模式,仅在模拟延迟或丢包时使用")
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.NFQNums, "nfqueue-num", "q", 2, "nfqueue队列号")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.allowRandomAck, "random-ack", "A", false, "允许并行乱序处理报文,如果需要模拟延迟,此选项需开启,但封禁功能可能受到乱序影响")
|
|
|
|
|
Cmd.Flags().BoolVarP(&nf.singlePacketMode, "signle-packet", "o", false, "仅对匹配到的单报文操作,此模式下,packetDelay会失效")
|
|
|
|
|
Cmd.Flags().StringSliceVarP(&nf.cuePktMethod, "cue-pkt-method", "O", []string{}, "单报文匹配下,执行的报文操作,可选值:drop,delay ms,allow,reset")
|
|
|
|
|
Cmd.Flags().StringSliceVarP(&nf.Flags, "flags", "f", nil, "tcp flags匹配,如:SYN,ACK")
|
|
|
|
|
Cmd.Flags().IntVarP(&nf.CapFileCacheNum, "write-cache", "W", 0, "命中匹配写入文件报文缓存,如果为0 ,则忽略匹配条件")
|
|
|
|
|
}
|