Documentation
¶
Index ¶
- Variables
- type Conversation
- type ConversationAddress
- type FCGIInfoGatherer
- type HTTPConversationReaders
- func (h *HTTPConversationReaders) GetConversations() []Conversation
- func (h *HTTPConversationReaders) ReadFCGIRequest(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
- func (h *HTTPConversationReaders) ReadHTTPRequest(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
- func (h *HTTPConversationReaders) ReadHTTPResponse(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
- func (h *HTTPConversationReaders) ReadStream(r tcp.Stream, a, b gopacket.Flow, completed chan interface{})
- type ReaderStreamOptions
- type TCPReaderStream
Constants ¶
This section is empty.
Variables ¶
var DataLost = errors.New("lost data")
DataLost is returned by the TCPReaderStream's Read function when it encounters a Reassembly with Skip != 0.
Functions ¶
This section is empty.
Types ¶
type Conversation ¶
type ConversationAddress ¶
type FCGIInfoGatherer ¶
type FCGIInfoGatherer struct {
// contains filtered or unexported fields
}
func NewFCGIInfoGatherer ¶
func NewFCGIInfoGatherer(h *HTTPConversationReaders, t *tcp.TimeCaptureReader, a, b gopacket.Flow) *FCGIInfoGatherer
func (*FCGIInfoGatherer) ErrorInfo ¶
func (d *FCGIInfoGatherer) ErrorInfo(errString string)
func (*FCGIInfoGatherer) RequestInfo ¶
func (d *FCGIInfoGatherer) RequestInfo(req *http.Request)
func (*FCGIInfoGatherer) ResponseInfo ¶
func (d *FCGIInfoGatherer) ResponseInfo(resp *http.Response, body []byte)
func (*FCGIInfoGatherer) ReturnValue ¶
func (d *FCGIInfoGatherer) ReturnValue(int)
type HTTPConversationReaders ¶
type HTTPConversationReaders struct {
// contains filtered or unexported fields
}
func New ¶
func New() *HTTPConversationReaders
func (*HTTPConversationReaders) GetConversations ¶
func (h *HTTPConversationReaders) GetConversations() []Conversation
func (*HTTPConversationReaders) ReadFCGIRequest ¶
func (h *HTTPConversationReaders) ReadFCGIRequest(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
func (*HTTPConversationReaders) ReadHTTPRequest ¶
func (h *HTTPConversationReaders) ReadHTTPRequest(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
ReadHTTPRequest try to read the stream as an HTTP request.
func (*HTTPConversationReaders) ReadHTTPResponse ¶
func (h *HTTPConversationReaders) ReadHTTPResponse(spr *tcp.SavePointReader, t *tcp.TimeCaptureReader, a, b gopacket.Flow) error
ReadHTTPResponse try to read the stream as an HTTP response.
func (*HTTPConversationReaders) ReadStream ¶
func (h *HTTPConversationReaders) ReadStream(r tcp.Stream, a, b gopacket.Flow, completed chan interface{})
ReadStream tries to read tcp connections and extract HTTP conversations.
type ReaderStreamOptions ¶
type ReaderStreamOptions struct {
// LossErrors determines whether this stream will return
// ReaderStreamDataLoss errors from its Read function whenever it
// determines data has been lost.
LossErrors bool
}
ReaderStreamOptions provides user-resettable options for a TCPReaderStream.
type TCPReaderStream ¶
type TCPReaderStream struct {
ReaderStreamOptions
// contains filtered or unexported fields
}
TCPReaderStream implements both tcpassembly.Stream and io.Reader. You can use it as a building block to make simple, easy stream handlers.
IMPORTANT: If you use a TCPReaderStream, you MUST read ALL BYTES from it, quickly. Not reading available bytes will block TCP stream reassembly. It's a common pattern to do this by starting a goroutine in the factory's New method:
type myStreamHandler struct {
r TCPReaderStream
}
func (m *myStreamHandler) run() {
// Do something here that reads all of the TCPReaderStream, or your assembly
// will block.
fmt.Println(tcpreader.DiscardBytesToEOF(&m.r))
}
func (f *myStreamFactory) New(a, b gopacket.Flow) tcpassembly.Stream {
s := &myStreamHandler{}
go s.run()
// Return the TCPReaderStream as the stream that assembly should populate.
return &s.r
}
func NewReaderStream ¶
func NewReaderStream() TCPReaderStream
NewReaderStream returns a new TCPReaderStream object.
func (*TCPReaderStream) Close ¶
func (r *TCPReaderStream) Close() error
Close implements io.Closer's Close function, making TCPReaderStream a io.ReadCloser. It discards all remaining bytes in the reassembly in a manner that's safe for the assembler (IE: it doesn't block).
func (*TCPReaderStream) Read ¶
func (r *TCPReaderStream) Read(p []byte) (int, error)
Read implements io.Reader's Read function. Given a byte slice, it will either copy a non-zero number of bytes into that slice and return the number of bytes and a nil error, or it will leave slice p as is and return 0, io.EOF.
func (*TCPReaderStream) Reassembled ¶
func (r *TCPReaderStream) Reassembled(reassembly []tcpassembly.Reassembly)
Reassembled implements tcpassembly.Stream's Reassembled function.
func (*TCPReaderStream) ReassemblyComplete ¶
func (r *TCPReaderStream) ReassemblyComplete()
ReassemblyComplete implements tcpassembly.Stream's ReassemblyComplete function.
func (*TCPReaderStream) Seen ¶
func (r *TCPReaderStream) Seen() (time.Time, error)
Seen returns the time the data returned by Read was seen on the wire. Returns io.EOF if no data was returned.
Note: this is likely to be time for the data seen. This is likely to not include time for initial connection. If you use something like a buffered reader, you are quite likely to see various data points dropped. Perhaps wrap it up in something to capture those times first.
Source Files