pcap

package

v1.7.0 Latest Latest Go to latest Published: Mar 29, 2024 License: BSD-3-Clause Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/brimdata/brimcap

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func FindPacketSlice(e ranger.Envelope, span nano.Span) (slicer.Slice, error)
func GenerateSlices(index Index, span nano.Span) ([]slicer.Slice, error)
func NewSlicer(seeker io.ReadSeeker, index Index, span nano.Span) (*slicer.Reader, error)
type Flow
- func NewFlow(src net.IP, srcPort int, dst net.IP, dstPort int) Flow
- func ParseFlow(h0, h1 string) (Flow, error)
- func (f Flow) String() string
type Index
- func CreateIndex(r io.Reader, size int) (Index, error)
- func CreateIndexWithWarnings(r io.Reader, size int, w pcapio.Warner) (Index, error)
- func LoadIndex(path string) (Index, error)
- func (i Index) Span() nano.Span
type PacketFilter
type Search
- func NewICMPSearch(span nano.Span, src, dst net.IP) Search
- func NewRangeSearch(span nano.Span) Search
- func NewTCPSearch(span nano.Span, flow Flow) Search
- func NewUDPSearch(span nano.Span, flow Flow) Search
- func (s Search) Reader(ctx context.Context, r pcapio.Reader) (*SearchReader, error)
- func (s Search) Run(ctx context.Context, w io.Writer, r pcapio.Reader) error
- func (s Search) Span() nano.Span
type SearchReader
- func (s *SearchReader) Read(p []byte) (n int, err error)
type Section
type Socket
- func ParseSocket(s string) (Socket, error)
- func (s Socket) String() string

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNoPcapsFound = errors.New("no packets found")

ErrNoPcapsFound is an error indicating no packets have been found.

Functions ¶

func FindPacketSlice ¶

func FindPacketSlice(e ranger.Envelope, span nano.Span) (slicer.Slice, error)

func GenerateSlices ¶

func GenerateSlices(index Index, span nano.Span) ([]slicer.Slice, error)

GenerateSlices takes an index and time span and generates a list of slices that should be read to enumerate the relevant chunks of an underlying pcap file. Extra packets may appear in the resulting stream but all packets that fall within the time range will be produced, i.e., another layering of time filtering should be applied to resulting packets.

func NewSlicer ¶

func NewSlicer(seeker io.ReadSeeker, index Index, span nano.Span) (*slicer.Reader, error)

Types ¶

type Flow ¶

type Flow struct {
	S0 Socket
	S1 Socket
}

func NewFlow ¶

func NewFlow(src net.IP, srcPort int, dst net.IP, dstPort int) Flow

func ParseFlow ¶

func ParseFlow(h0, h1 string) (Flow, error)

func (Flow) String ¶

func (f Flow) String() string

type Index ¶

type Index []Section

func CreateIndex ¶

func CreateIndex(r io.Reader, size int) (Index, error)

CreateIndex creates an index for a pcap presented as an io.Reader. The size parameter indicates how many bins the index should contain.

func CreateIndexWithWarnings ¶

func CreateIndexWithWarnings(r io.Reader, size int, w pcapio.Warner) (Index, error)

func LoadIndex ¶

func LoadIndex(path string) (Index, error)

func (Index) Span ¶

func (i Index) Span() nano.Span

Span returns the entire time span covered by the index.

type PacketFilter ¶

type PacketFilter func(gopacket.Packet) bool

type Search ¶

type Search struct {
	// contains filtered or unexported fields
}

Search describes the parameters for a packet search over a pcap file.

func NewICMPSearch ¶

func NewICMPSearch(span nano.Span, src, dst net.IP) Search

func NewRangeSearch ¶

func NewRangeSearch(span nano.Span) Search

func NewTCPSearch ¶

func NewTCPSearch(span nano.Span, flow Flow) Search

func NewUDPSearch ¶

func NewUDPSearch(span nano.Span, flow Flow) Search

func (Search) Reader ¶

func (s Search) Reader(ctx context.Context, r pcapio.Reader) (*SearchReader, error)

func (Search) Run ¶

func (s Search) Run(ctx context.Context, w io.Writer, r pcapio.Reader) error

XXX need to handle searching over multiple pcap files

func (Search) Span ¶

func (s Search) Span() nano.Span

type SearchReader ¶

type SearchReader struct {
	Search
	// contains filtered or unexported fields
}

func (*SearchReader) Read ¶

func (s *SearchReader) Read(p []byte) (n int, err error)

type Section ¶

type Section struct {
	Blocks []slicer.Slice
	Index  ranger.Envelope
}

Section indicates the seek offset of a pcap section. For legacy pcaps, there is just one section at the beginning of the file. For nextgen pcaps, there can be multiple sections.

type Socket ¶

type Socket struct {
	net.IP
	Port int
}

func ParseSocket ¶

func ParseSocket(s string) (Socket, error)

func (Socket) String ¶

func (s Socket) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
pcapio

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL