Documentation

Overview

Provides a mechanism to collect network packets from a network interface on macOS, linux and windows

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DumpProto

func DumpProto(pb proto.Message)

DumpProto prints a protobuff Message.

func IsPcap

func IsPcap(file string) (bool, error)

IsPcap checks wheter a file is a PCAP file

Types

type AtomicPcapGoWriter

type AtomicPcapGoWriter struct {
	sync.Mutex
	// contains filtered or unexported fields
}

AtomicPcapGoWriter is a symchronized PCAP writer that counts the number of packets written.

func NewAtomicPcapGoWriter

func NewAtomicPcapGoWriter(w *pcapgo.Writer) *AtomicPcapGoWriter

NewAtomicPcapGoWriter takes a pcapgo.Writer and returns an atomic version

func (*AtomicPcapGoWriter) WritePacket

func (a *AtomicPcapGoWriter) WritePacket(ci gopacket.CaptureInfo, data []byte) error

WritePacket writes a packet into the writer.

type BatchInfo

type BatchInfo struct {
	Type types.Type
	Chan <-chan []byte
}

BatchInfo contains information about a Batch source.

type Collector

type Collector struct {
	// contains filtered or unexported fields
}

Collector provides an interface to collect data from PCAP or a network interface.

func New

func New(config Config) *Collector

New returns a new Collector instance.

func (*Collector) CollectBPF

func (c *Collector) CollectBPF(path string, bpf string) error

CollectBPF open the named PCAP file and sets the specified BPF filter.

func (*Collector) CollectLive

func (c *Collector) CollectLive(i string, bpf string) error

CollectLive starts collection of data from the given interface. optionally a BPF can be supplied. this is the linux version that uses the pure go version from pcapgo to fetch packets live.

func (*Collector) CollectPcap

func (c *Collector) CollectPcap(path string) error

CollectPcap implements parallel decoding of incoming packets.

func (*Collector) CollectPcapNG

func (c *Collector) CollectPcapNG(path string) error

CollectPcapNG implements parallel decoding of incoming packets.

func (*Collector) FreeOSMemory

func (c *Collector) FreeOSMemory()

FreeOSMemory forces freeing memory

func (*Collector) GetNumPackets

func (c *Collector) GetNumPackets() int64

GetNumPackets returns the current number of processed packets

func (*Collector) Init

func (c *Collector) Init() (err error)

Init sets up the collector and starts the configured number of workers must be called prior to usage of the collector instance.

func (*Collector) InitBatching

func (c *Collector) InitBatching(maxSize int, bpf string, in string) ([]BatchInfo, *pcap.Handle, error)

InitBatching initializes batching mode and returns an array of Batchinfos and the pcap handle closing the handle must be done by the caller.

func (*Collector) PrintConfiguration

func (c *Collector) PrintConfiguration()

PrintConfiguration dumps the current collector config to stdout

func (*Collector) Stats

func (c *Collector) Stats()

Stats prints collector statistics.

type Config

type Config struct {
	Live                bool
	WriteUnknownPackets bool
	Workers             int
	PacketBufferSize    int
	SnapLen             int
	Promisc             bool
	EncoderConfig       encoder.Config
	BaseLayer           gopacket.LayerType
	DecodeOptions       gopacket.DecodeOptions
}

Config contains configuration parameters for the Collector instance.