func BenchmarkDecodeToDNS(b *testing.B) {
	var ethLayer layers.Ethernet
	var ipLayer layers.IPv4
	var udpLayer layers.UDP
	var tcpLayer layers.TCP
	var dns layers.DNS
	var payload gopacket.Payload

	parser := gopacket.NewDecodingLayerParser(
		layers.LayerTypeEthernet,
		&ethLayer,
		&ipLayer,
		&udpLayer,
		&tcpLayer,
		&dns,
		&payload,
	)

	foundLayerTypes := []gopacket.LayerType{}
	packetSource := getPacketData("a")
	packetSource.DecodeOptions.Lazy = true
	packet := <-packetSource.Packets()

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		parser.DecodeLayers(packet.Data(), &foundLayerTypes)
	}

}

/*
    FUNCTION: mangleDNS(){
    RETURNS: Nothing
    ARGUMENTS: None
    ABOUT:
    Performs the DNS spoofing against the victims machine. Sets all dns traffic to redirect to the host
		machines IP address.
*/
func mangleDNS() {

	var ethernetLayer layers.Ethernet
	var ipLayer layers.IPv4
	var dnsLayer layers.DNS
	var udpLayer layers.UDP

	decoder := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &ethernetLayer, &ipLayer, &udpLayer, &dnsLayer)
	decoded := make([]gopacket.LayerType, 0, 4)

	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
	for {
		packet, err := packetSource.NextPacket()
		checkError(err)

		err = decoder.DecodeLayers(packet.Data(), &decoded)
		checkError(err)

		if len(decoded) != 4 {
			fmt.Print("Not enough layers\n")
			continue
		}

		buffer := craftAnswer(&ethernetLayer, &ipLayer, &dnsLayer, &udpLayer)
		if buffer == nil { // if original query was invalid
			fmt.Print("Buffer error, returned nil.\n")
			continue
		}

		err = handle.WritePacketData(buffer)
		checkError(err)
	}
}

func (i *Sniffer) decodePackets() {
	var eth layers.Ethernet
	var ip layers.IPv4
	var tcp layers.TCP
	var payload gopacket.Payload

	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &eth, &ip, &tcp, &payload)
	decoded := make([]gopacket.LayerType, 0, 4)

	for {
		select {
		case <-i.stopDecodeChan:
			return
		case timedRawPacket := <-i.decodePacketChan:
			newPayload := new(gopacket.Payload)
			payload = *newPayload
			err := parser.DecodeLayers(timedRawPacket.RawPacket, &decoded)
			if err != nil {
				continue
			}
			flow := types.NewTcpIpFlowFromFlows(ip.NetworkFlow(), tcp.TransportFlow())
			packetManifest := types.PacketManifest{
				Timestamp: timedRawPacket.Timestamp,
				Flow:      flow,
				RawPacket: timedRawPacket.RawPacket,
				IP:        ip,
				TCP:       tcp,
				Payload:   payload,
			}
			i.dispatcher.ReceivePacket(&packetManifest)
		}
	}
}

func (b *Bridge) snooper() {
	var (
		dot1q layers.Dot1Q
		eth   layers.Ethernet
		ip4   layers.IPv4
		ip6   layers.IPv6
		arp   layers.ARP
	)

	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet,
		&dot1q,
		&eth,
		&ip4,
		&ip6,
		&arp,
	)

	decodedLayers := []gopacket.LayerType{}

	for {
		data, _, err := b.handle.ReadPacketData()
		if err != nil {
			if err != io.EOF {
				log.Error("error reading packet data: ", err)
			}
			break
		}

		if err := parser.DecodeLayers(data, &decodedLayers); err != nil {
			if err2, ok := err.(gopacket.UnsupportedLayerType); ok {
				switch gopacket.LayerType(err2) {
				case layers.LayerTypeICMPv6, gopacket.LayerTypePayload:
					// ignore
					err = nil
				default:
					continue
				}
			}

			if err != nil {
				log.Error("error parsing packet: %v", err)
				continue
			}
		}

		for _, layerType := range decodedLayers {
			switch layerType {
			case layers.LayerTypeICMPv6:
				b.updateIP(eth.SrcMAC.String(), ip6.SrcIP)
			case layers.LayerTypeARP:
				b.updateIP(eth.SrcMAC.String(), net.IP(arp.SourceProtAddress))
			}
		}
	}

	log.Info("%v snoop out", b.Name)
}

func NewMetroDecoder() *MetroDecoder {
	d := &MetroDecoder{
		decoded: make([]gopacket.LayerType, 0, 4),
	}
	d.parser = gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet,
		&d.eth, &d.dot1q, &d.ip4, &d.ip6,
		&d.ip6extensions, &d.tcp, &d.payload)

	return d
}

func NewSession(c Config) *Session {
	s := &Session{
		Config:       c,
		streams:      map[streamID]*stream{},
		nextCleaning: time.Now().Add(cleanInterval),
	}
	s.source = gopacket.NewPacketSource(s.Handle, s.Handle.LinkType())
	s.parser = gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &s.eth, &s.ip4, &s.ip6, &s.tcp, &s.payload)
	return s
}

func (pd *packetData) Parse() error {

	if pd.datatype == "tcp" {
		pd.dns = &layers.DNS{}
		pd.payload = &gopacket.Payload{}
		//for parsing the reassembled TCP streams
		dnsParser := gopacket.NewDecodingLayerParser(
			layers.LayerTypeDNS,
			pd.dns,
			pd.payload,
		)

		dnsParser.DecodeLayers(pd.tcpdata.DnsData, &pd.foundLayerTypes)

		return nil
	} else if pd.datatype == "packet" {
		pd.ethLayer = &layers.Ethernet{}
		pd.ipLayer = &layers.IPv4{}
		pd.udpLayer = &layers.UDP{}
		pd.tcpLayer = &layers.TCP{}
		pd.dns = &layers.DNS{}
		pd.payload = &gopacket.Payload{}
		//we're constraining the set of layer decoders that gopacket will apply
		//to this traffic. this MASSIVELY speeds up the parsing phase
		parser := gopacket.NewDecodingLayerParser(
			layers.LayerTypeEthernet,
			pd.ethLayer,
			pd.ipLayer,
			pd.udpLayer,
			pd.tcpLayer,
			pd.dns,
			pd.payload,
		)

		parser.DecodeLayers(pd.packet.Data(), &pd.foundLayerTypes)

		return nil

	} else {
		return errors.New("Bad packet type: " + pd.datatype)
	}
}

// SequenceFromPacket returns a Sequence number and nil error if the given
// packet is able to be parsed. Otherwise returns 0 and an error.
func SequenceFromPacket(packet []byte) (uint32, error) {
	var ip layers.IPv4
	var tcp layers.TCP
	decoded := []gopacket.LayerType{}
	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ip, &tcp)
	err := parser.DecodeLayers(packet, &decoded)
	if err != nil {
		return 0, err
	}
	return tcp.Seq, nil
}

// New returns a new sniffing reporter that samples traffic by turning its
// packet capture facilities on and off. Note that the on and off durations
// represent a way to bound CPU burn. Effective sample rate needs to be
// calculated as (packets decoded / packets observed).
func New(hostID string, localNets report.Networks, src gopacket.ZeroCopyPacketDataSource, on, off time.Duration) *Sniffer {
	s := &Sniffer{
		hostID:    hostID,
		localNets: localNets,
		reports:   make(chan chan report.Report),
	}
	s.parser = gopacket.NewDecodingLayerParser(
		layers.LayerTypeEthernet,
		&s.eth, &s.ip4, &s.ip6, &s.tcp, &s.udp, &s.icmp4, &s.icmp6,
	)
	go s.loop(src, on, off)
	return s
}

// getPacketFlow returns a TcpIpFlow struct given a byte array packet
func NewTcpIpFlowFromPacket(packet []byte) (*TcpIpFlow, error) {
	var ip layers.IPv4
	var tcp layers.TCP
	decoded := []gopacket.LayerType{}
	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ip, &tcp)
	err := parser.DecodeLayers(packet, &decoded)
	if err != nil {
		return &TcpIpFlow{}, err
	}
	return &TcpIpFlow{
		ipFlow:  ip.NetworkFlow(),
		tcpFlow: tcp.TransportFlow(),
	}, nil
}

// Listen in an infinite loop for new packets
func Listen(config *Config) error {
	// Array to store which layers were decoded
	decoded := []gopacket.LayerType{}

	// Faster, predefined layer parser that doesn't make copies of the layer slices
	parser := gopacket.NewDecodingLayerParser(
		layers.LayerTypeEthernet,
		&eth,
		&ip,
		&tcp,
		&udp,
		&icmp,
		&dns,
		&payload)

	// Infinite loop that reads incoming packets
	for config.isRunning {
		data, ci, err := config.sniffer.ReadPacket()
		if err != nil {
			log.Printf("Error getting packet: %v %s", err, ci)
			continue
		}
		err = parser.DecodeLayers(data, &decoded)
		if err != nil {
			log.Printf("Error decoding packet: %v", err)
			continue
		}
		if len(decoded) == 0 {
			log.Print("Packet contained no valid layers")
			continue
		}

		// Example of how to get data out of specific layers
		for _, layerType := range decoded {
			switch layerType {
			case layers.LayerTypeIPv4:
				log.Printf("src: %v, dst: %v, proto: %v", ip.SrcIP, ip.DstIP, ip.Protocol)
			}
		}

		if config.pcapWriter != nil {
			config.pcapWriter.WritePacket(ci, data)
		}
	}

	return nil
}

func setupSpoofingSocket(config Config) {
	var err error
	ipv4Parser = gopacket.NewDecodingLayerParser(layers.LayerTypeIPv4, &ipv4Layer)

	handle, err = pcap.OpenLive(config.Device, 1024, false, 30*time.Second)
	if err != nil {
		panic(err)
	}

	srcBytes, _ := hex.DecodeString(config.Src)
	dstBytes, _ := hex.DecodeString(config.Dst)
	linkHeader = append(dstBytes, srcBytes...)
	linkHeader = append(linkHeader, 0x08, 0) // IPv4 EtherType

	//  var ipv6Layer layers.ipv6
	//  ipv6Parser := gopacket.NewDecodingLayerParser(layers.LayerTypeIPv6, &ipv6Layer)
}

func main() {
	//get local ip
	localip, err := checkLocalip(device)

	// Open device
	handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout)
	if err != nil {
		log.Fatal(err)
	}
	defer handle.Close()

	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
	for packet := range packetSource.Packets() {
		parser := gopacket.NewDecodingLayerParser(
			layers.LayerTypeEthernet,
			&ethLayer,
			&ipLayer,
			&tcpLayer,
		)
		foundLayerTypes := []gopacket.LayerType{}

		err := parser.DecodeLayers(packet.Data(), &foundLayerTypes)
		if err != nil {
			fmt.Println("Trouble decoding layers: ", err)
		}

		for _, layerType := range foundLayerTypes {
			if layerType == layers.LayerTypeIPv4 {
				fmt.Println("IPV4 found")
			}
			if ipLayer.DstIP.String() == localip || ipLayer.SrcIP.String() == localip {
				fmt.Println("IPv4 go through this machine: ", ipLayer.SrcIP, "->", ipLayer.DstIP)
				applicationLayer := packet.ApplicationLayer()
				if strings.Contains(string(applicationLayer.Payload()), "HTTP") {
					fmt.Println("HTTP found!")
					fmt.Println("layer content", string(applicationLayer.LayerContents()))
					fmt.Println("layer payload", string(applicationLayer.Payload()))
					fmt.Println("layer type", string(applicationLayer.LayerType()))
				}
			}

		}

	}
}

/*
   FUNCTION: fileWait(ip, filename string, lport uint16)
   RETURNS: Nothing
   ARGUMENTS:
               string ip - the ip address of the server
               string filename - the file we are waiting for
               uint16 lport - the port we're listening on
   ABOUT:
   Waits as a seperate thread for incoming file data on the lport + 1. Upon recieving a
   FSND_COMPLETE packet, saves the recieved file and shuts the thread down.
*/
func fileWait(ip, filename string, lport uint16) {

	var ipLayer layers.IPv4
	var ethLayer layers.Ethernet
	var udpLayer layers.UDP
	var payload gopacket.Payload

	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &ethLayer, &ipLayer, &udpLayer, &payload)
	decoded := make([]gopacket.LayerType, 0, 4)
	fBuffer := new(bytes.Buffer)

	packetSource := gopacket.NewPacketSource(fhandle, fhandle.LinkType())
	for {
		packet, err := packetSource.NextPacket()
		checkError(err)

		err = parser.DecodeLayers(packet.Data(), &decoded)
		if err != nil {
			continue
		}

		if len(decoded) < 3 {
			fmt.Println("Not enough layers!")
			continue
		}

		incomingIP := ipLayer.SrcIP.String()

		if incomingIP == ip && uint16(udpLayer.DstPort) == lport+1 {
			err = binary.Write(fBuffer, binary.BigEndian, MAX_PORT-uint16(udpLayer.SrcPort))
			checkError(err)
		} else if incomingIP == ip && uint16(udpLayer.DstPort) == FSND_CMPLETE {
			data := decrypt_data(fBuffer.Bytes())

			err := ioutil.WriteFile(filename, data, 0644)
			checkError(err)

			fmt.Printf("File transfer %s completed. Transfered: %d bytes", filename, fBuffer.Len())
			return
		}
	}
}

func BenchmarkDecodeToIP(b *testing.B) {
	var ethLayer layers.Ethernet
	var ipLayer layers.IPv4

	parser := gopacket.NewDecodingLayerParser(
		layers.LayerTypeEthernet,
		&ethLayer,
		&ipLayer,
	)

	foundLayerTypes := []gopacket.LayerType{}
	packetSource := getPacketData("a")
	packetSource.DecodeOptions.Lazy = true
	packet := <-packetSource.Packets()

	b.ResetTimer()
	for i := 0; i < b.N; i++ {
		parser.DecodeLayers(packet.Data(), &foundLayerTypes)
	}

}

func (s *SloppyTrace) CollectProbes() {
	var eth layers.Ethernet
	var ip layers.IPv4
	var tcp layers.TCP
	var payload gopacket.Payload

	log.Print("probe collection started")

	handle, err := pcap.OpenLive(s.Interface, int32(s.Snaplen), true, pcap.BlockForever)
	if err != nil {
		log.Fatal("error opening pcap handle: ", err)
	}
	if err = handle.SetBPFFilter(s.CollectBPF); err != nil {
		log.Fatal("error setting BPF filter: ", err)
	}

	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet,
		&eth, &ip, &tcp, &payload)
	decoded := make([]gopacket.LayerType, 0, 4)

	for {
		data, ci, err := handle.ZeroCopyReadPacketData()
		if err != nil {
			log.Printf("error getting packet: %v %s", err, ci)
			continue
		}
		err = parser.DecodeLayers(data, &decoded)
		if err != nil {
			log.Printf("error decoding packet: %v", err)
			continue
		}

		flow := NewTcpIpFlowFromLayers(ip, tcp)
		log.Printf("packet flow %s\n", flow)
		log.Printf("IP TTL %d\n", ip.TTL)
	}

	// XXX
	log.Print("probe collection neverending?")
}

func benchmarkLayerDecode(source *BufferPacketSource, assemble bool) {
	var tcp layers.TCP
	var ip layers.IPv4
	var eth layers.Ethernet
	var udp layers.UDP
	var icmp layers.ICMPv4
	var payload gopacket.Payload
	parser := gopacket.NewDecodingLayerParser(
		layers.LayerTypeEthernet,
		&eth, &ip, &icmp, &tcp, &udp, &payload)
	pool := tcpassembly.NewStreamPool(&streamFactory{})
	assembler := tcpassembly.NewAssembler(pool)
	var decoded []gopacket.LayerType
	start := time.Now()
	packets, decodedlayers, assembled := 0, 0, 0
	for {
		packets++
		data, ci, err := source.ReadPacketData()
		if err == io.EOF {
			break
		} else if err != nil {
			fmt.Println("Error reading packet: ", err)
			continue
		}
		err = parser.DecodeLayers(data, &decoded)
		for _, typ := range decoded {
			decodedlayers++
			if typ == layers.LayerTypeTCP && assemble {
				assembled++
				assembler.AssembleWithTimestamp(ip.NetworkFlow(), &tcp, ci.Timestamp)
			}
		}
	}
	if assemble {
		assembler.FlushAll()
	}
	duration := time.Since(start)
	fmt.Printf("\tRead in %d packets in %v, decoded %v layers, assembled %v packets: %v per packet\n", packets, duration, decodedlayers, assembled, duration/time.Duration(packets))
}

func (b PCAPBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error) {
	packets := uint64(0)

	pr, err := pcapgo.NewReader(reader)
	if err != nil {
		return 0, err
	}
	var eth layers.Ethernet
	var dot1q layers.Dot1Q
	var ip4 layers.IPv4
	var ip6 layers.IPv6
	var tcp layers.TCP
	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &eth, &dot1q, &ip4, &ip6, &tcp)
	decoded := []gopacket.LayerType{}
	for {
		packetData, _, err := pr.ReadPacketData()
		packets++
		if err == io.EOF {
			break
		}
		if err != nil {
			return packets, err
		}
		err = parser.DecodeLayers(packetData, &decoded)
		for _, layerType := range decoded {
			switch layerType {
			case layers.LayerTypeIPv6:
				ips.AddIP(ip6.SrcIP)
				ips.AddIP(ip6.DstIP)
			case layers.LayerTypeIPv4:
				ips.AddIP(ip4.SrcIP)
				ips.AddIP(ip4.DstIP)
			}
		}
	}

	return packets, nil
}

func main() {
	// Open device
	handle, err = pcap.OpenLive(device, snapshot_len, promiscuous, timeout)
	if err != nil {
		log.Fatal(err)
	}
	defer handle.Close()

	packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
	for packet := range packetSource.Packets() {

		// Do something with a packet here.

		parser := gopacket.NewDecodingLayerParser(
			layers.LayerTypeEthernet,
			&ethLayer,
			&ipLayer,
			&tcpLayer,
		)
		decoded := []gopacket.LayerType{}

		err := parser.DecodeLayers(packet.Data(), &decoded)
		if err != nil {
			fmt.Println("Trouble decoding layers: ", err)
		}

		for _, layerType := range decoded {
			if layerType == layers.LayerTypeIPv4 {
				fmt.Println("IPv4: ", ipLayer.SrcIP, "->", ipLayer.DstIP)
			}
			if layerType == layers.LayerTypeTCP {
				fmt.Println("TCP Port: ", tcpLayer.SrcPort, "->", tcpLayer.DstPort)
				fmt.Println("TCP SYN:", tcpLayer.SYN, " | ACK:", tcpLayer.ACK)
			}
		}
	}

}

func handlePacket(packet gopacket.Packet) {
	var eth layers.Ethernet
	var ip4 layers.IPv4
	var udp layers.UDP
	var payload gopacket.Payload
	parser := gopacket.NewDecodingLayerParser(layers.LayerTypeEthernet, &eth, &ip4, &udp, &payload)
	decoded := []gopacket.LayerType{}

	err := parser.DecodeLayers(packet.Data(), &decoded)
	if err != nil {
		log.Printf("Decoding error:%v\n", err)
	}
	for _, layerType := range decoded {
		switch layerType {
		case layers.LayerTypeEthernet:
			fmt.Println("    Eth ", eth.SrcMAC, eth.DstMAC)
		case layers.LayerTypeIPv4:
			fmt.Println("    IP4 ", ip4.SrcIP, ip4.DstIP)
		case layers.LayerTypeUDP:
			fmt.Println("    UDP ", udp.SrcPort, udp.DstPort, payload.GoString())
		}

	}
}