我正在尝试使用Windows 7上的Node.js(4.5.0)的cap模块侦听websocket流量。我能够解析/解码正在捕获的有效载荷,但当有效载荷超过一定长度时,它的一部分被切断。
我用这个例子来解码websocket帧(wsDecoded函数),我认为问题是我从cap模块得到的响应是在一个缓冲区中返回整个响应,但是这个例子(和其他一些websocket库的我看过)似乎期望处理多个帧时,有效载荷超过一定的大小。
我试过把缓冲区从和分解成更小的块,但当我这样做的有效载荷只是看起来像随机的垃圾。
var Cap = require('cap').Cap;
var decoders = require('cap').decoders;
var PROTOCOL = decoders.PROTOCOL;
var c = new Cap();
var device = Cap.findDevice(LOCAL_IP);
var filter = 'port 8088';
var bufSize = 10 * 1024 * 1024;
var buffer = new Buffer(65535);
var linkType = c.open(device, filter, bufSize, buffer);
c.setMinBytes && c.setMinBytes(0);
c.on('packet', function(nbytes, trunc) {
if (linkType === 'ETHERNET') {
var ret = decoders.Ethernet(buffer);
if (ret.info.type === PROTOCOL.ETHERNET.IPV4) {
ret = decoders.IPV4(buffer, ret.offset);
if (ret.info.protocol === PROTOCOL.IP.TCP) {
var datalen = ret.info.totallen - ret.hdrlen;
ret = decoders.TCP(buffer, ret.offset);
datalen -= ret.hdrlen;
var payload = wsDecoded(buffer, ret.offset, ret.offset + datalen);
console.log(payload.toString());
}
}
}
});
function wsDecoded (data, start, end) {
var message = data.slice(start, end);
var FIN = (message[0] & 0x80);
var RSV1 = (message[0] & 0x40);
var RSV2 = (message[0] & 0x20);
var RSV3 = (message[0] & 0x10);
var Opcode = message[0] & 0x0F;
var mask = (message[1] & 0x80);
var length = (message[1] & 0x7F);
var nextByte = 2;
if (length === 126) {
// length = next 2 bytes
nextByte += 2;
} else if (length === 127){
// length = next 8 bytes
nextByte += 8;
}
var maskingKey = null;
if (mask){
maskingKey = message.slice(nextByte, nextByte + 4);
nextByte += 4;
}
var payload = message.slice(nextByte, nextByte + length);
if (maskingKey){
for (var i = 0; i < payload.length; i++){
payload[i] = payload[i] ^ maskingKey[i % 4];
}
}
return payload;
}
未被截断的示例结果:
{"Command":"FoldCards","Table":"Ring Game #02","Type":"R","Ghost":"No"}
截断的示例结果:
{"Command":"Buttons","Table":"Ring Game #02","Type":"R","Button1":"","Button2":"Ready","Button3":"","Preflop":"No","Call":0,"M
使用缓冲区时,来自on('packet')回调的有效负载。toString('binary', ret.offset, datalen)。这是非常接近我需要的,但它没有揭开有效载荷,并留下一些随机字符(我认为这是帧的开始和停止,但不是100%确定)
?'{"Command":"TablesSitting","Tables":[]}?'{"Command":"TablesWaiting","Tables":[]}?~☺({"Command":"RingGameLobby","Clear":"Yes","Count":2,"ID":["Ring Game #01","Ring Game #02"],"Game":["NL Hold'em","NL Hold'em"],"GameIndex":[2,2],"Seats":[10,10],"StakesLo":[10,10],"StakesHi":[20,20],"BuyinMin":[400,400],"BuyinMax":[2000,2000],"Players":[0,0],"Waiting":[0,0],"Password":["No","No"]}?~☺{"Command":"TournamentLobby","Clear":"Yes","Count":0,"ID":[],"SnG":[],"Shootout":[],"Game":[],"GameIndex":[],"Buyin":[],"EntryFee":[],"Rebuy":[],"TS":[],"PreReg":[],"Reg":[],"Max":[],"Starts":[],"StartMin":[],"StartTime":[],"Running":[],"Tables":[],"Password":[]}?~ ?{"Command":"Logins","Clear":"Yes","Total":1,"Player":["harrythree"],"Name":[""],"Location":["Greenville"],"Login":["2016-08-27 13:26:45"]}
你得到截断的消息,因为你没有正确读取payloadLength。看一下:
var length = (message[1] & 0x7F);
var nextByte = 2;
if (length === 126) {
// in this case next 2 bytes store lengths. you have to read ones from the buffer
nextByte += 2;
} else if (length === 127){
// in this case next 8 bytes store lengths. you have to read ones from the buffer
nextByte += 8;
}
当消息大小超过125字节时,您必须使用RFC所说的下一个2或8字节来读取正确的payloadLength。在您的示例中,您只需跳过这些字节,以便您的"长度"始终为<= 127,因此以下行生成截断的有效负载数据:
var payload = message.slice(nextByte, nextByte + length);
^
always <= 127
var Cap = require('cap').Cap;
var decoders = require('cap').decoders;
var PROTOCOL = decoders.PROTOCOL;
var c = new Cap();
var device = Cap.findDevice('127.0.0.1');
var filter = 'port 3001';
var bufSize = 10 * 1024 * 1024;
var buffer = new Buffer(bufSize);
var linkType = c.open(device, filter, bufSize, buffer);
c.setMinBytes && c.setMinBytes(0);
c.on('packet', function(nbytes, trunc) {
console.log('************ packet: length ' + nbytes + ' bytes, truncated? '
+ (trunc ? 'yes' : 'no'));
if (linkType === 'ETHERNET') {
var ret = decoders.Ethernet(buffer);
if (ret.info.type === PROTOCOL.ETHERNET.IPV4) {
ret = decoders.IPV4(buffer, ret.offset);
if (ret.info.protocol === PROTOCOL.IP.TCP) {
var datalen = ret.info.totallen - ret.hdrlen;
ret = decoders.TCP(buffer, ret.offset);
datalen -= ret.hdrlen;
console.log('from: ' + ret.info.srcport + ' to ' + ret.info.dstport);
console.log("Data len: " + datalen);
var payload = wsDecoded(buffer, ret.offset, ret.offset + datalen);
if (payload) {
console.log("MSG:" + payload.toString());
} else {
console.log("Invalid message");
}
}
}
}
});
function wsDecoded (data, start, end) {
var message = data.slice(start, end);
var index = 0;
var FIN = (message[index] & 0x80);
var RSV1 = (message[index] & 0x40);
var RSV2 = (message[index] & 0x20);
var RSV3 = (message[index] & 0x10);
var Opcode = message[index] & 0x0F;
index++;
var masked = (message[index] & 0x80);
var payloadLength = message[index] & (~0x80);
index++;
if (payloadLength === 126){
// length = next 2 bytes
payloadLength = message.readUInt16BE(index);
index+=2;
} else if (payloadLength === 127) {
// read uint64
throw new Error("Implement me");
}
console.log("Opcode: " + Opcode + ", fin: " + FIN + ", masked: " + masked);
var maskingKey = null;
if (masked){
maskingKey = message.slice(index, index + 4);
index += 4;
}
console.log("Payload length: " + payloadLength);
var payload = message.slice(index, index + payloadLength);
if (payload.length != payloadLength) {
console.warn("Length mismatch");
return false;
}
if (maskingKey){
for (var i = 0; i < payload.length; i++){
payload[i] = payload[i] ^ maskingKey[i % 4];
}
}
return payload;
}