pcap

apernet · May 8, 2024 · d6161e2 · d6161e2
1 parent c07def1
commit d6161e2
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/docs/docs/build-run.md b/docs/docs/build-run.md
@@ -5,7 +5,9 @@ title: Build & Run
 ### Build
 
 ```shell
-export CGO_ENABLED=0
+sudo apt install -y libpcap-dev
+# or whatever it takes to install libpcap-dev on your system
+
 go build
 ```
 
@@ -18,6 +20,14 @@ export OPENGFW_LOG_LEVEL=debug
 
 Where `config.yaml` is the config file and `rules.yaml` is the rules file.
 
+#### pcap file mode
+
+```shell
+./OpenGFW -p your.pcap -c config.yaml rules.yaml
+```
+
+In pcap mode, none of the actions in the rules have any effect. This is mainly for debugging purposes.
+
 #### OpenWrt
 
 OpenGFW has been tested to work on OpenWrt 23.05 (other versions should also work, just not verified).
@@ -51,9 +61,13 @@ workers:
 # ruleset:
 #   geoip: geoip.dat
 #   geosite: geosite.dat
+
+replay:
+  realtime: false # (5)!
 ```
 
 1. Set to false if you want to run OpenGFW on FORWARD chain (e.g. on a router)
 2. Set to true if you want to send RST for blocked TCP connections, **local=false only**
 3. Recommended to be no more than the number of CPU cores
 4. How long a connection is considered dead when no data is being transferred. Dead connections are purged from TCP reassembly pools once per minute.
+5. Set to true if you want to playback the packets in the pcap file in "real time" (instead of as fast as possible)
diff --git a/docs/docs/build-run.zh.md b/docs/docs/build-run.zh.md
@@ -5,7 +5,9 @@ title: 构建与运行
 ### 构建
 
 ```shell
-export CGO_ENABLED=0
+sudo apt install -y libpcap-dev
+# 或者在你使用的发行版上安装 libpcap-dev 的对应命令
+
 go build
 ```
 
@@ -18,6 +20,14 @@ export OPENGFW_LOG_LEVEL=debug
 
 其中 `config.yaml` 是配置文件，`rules.yaml` 是规则文件。
 
+#### pcap 文件模式
+
+```shell
+./OpenGFW -p your.pcap -c config.yaml rules.yaml
+```
+
+在 pcap 模式下，规则中的所有动作都没有任何效果。此模式主要用于调试。
+
 #### OpenWrt
 
 OpenGFW 在 OpenWrt 23.05 上测试可用（其他版本应该也可以，暂时未经验证）。
@@ -51,9 +61,13 @@ workers:
 # ruleset:
 #   geoip: geoip.dat
 #   geosite: geosite.dat
+
+replay:
+  realtime: false # (5)!
 ```
 
 1. 如果想在 FORWARD 链上运行（如在路由器上），设置为 false
 2. 如果想为被阻断的 TCP 连接发送 RST，设置为 true。**仅在 local=false 时有效**
 3. 建议不超过 CPU 核心数
 4. 一个连接多久没有数据传输后会被认为是死连接。TCP 重组的连接池会以每分钟一次的频率清理死连接
+5. 是否按照 pcap 文件中的时间戳以实时速度回放每个数据包