Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithMaxBufferedPagesPerConnection ¶
func WithMaxBufferedPagesPerConnection(m int) option
WithMaxBufferedPagesPerConnection 单个连接缓冲的page最大值 如果达到上限,则将刷新最小序列号以及任何连续数据。 如果<= 0,这将被忽略。
func WithMaxBufferedPagesTotal ¶
func WithMaxBufferedPagesTotal(m int) option
WithMaxBufferedPagesTotal 等待无序包时要缓冲的page总数最大值 一旦达到这个上限值, Assembler将会降级刷新每个连接的 如果<=0将被忽略。
Types ¶
type Assembler ¶
type Assembler struct {
// contains filtered or unexported fields
}
func NewAssembler ¶
func NewAssembler(pool *StreamPool, opts ...option) *Assembler
func (*Assembler) AssembleWithContext ¶
type AssemblerContext ¶
type AssemblerContext interface {
GetCaptureInfo() gopacket.CaptureInfo
}
AssemblerContext provides method to get metadata
type ScatterGather ¶
type ScatterGather interface {
// Returns the length of available bytes and saved bytes
Lengths() (int, int)
// Returns the bytes up to length (shall be <= available bytes)
Fetch(length int) []byte
// Tell to keep from offset
KeepFrom(offset int)
// Return CaptureInfo of packet corresponding to given offset
CaptureInfo(offset int) gopacket.CaptureInfo
// Return some info about the reassembled chunks
Info() (direction TCPFlowDirection, start bool, end bool, skip int)
// Return some stats regarding the state of the stream
Stats() TCPAssemblyStats
}
ScatterGather is used to pass reassembled data and metadata of reassembled packets to a Stream via ReassembledSG
type Sequence ¶
type Sequence int64
Sequence is a TCP sequence number. It provides a few convenience functions for handling TCP wrap-around. The sequence should always be in the range [0,0xFFFFFFFF]... its other bits are simply used in wrap-around calculations and should never be set.
func (Sequence) Difference ¶
Difference defines an ordering for comparing TCP sequences that's safe for roll-overs. It returns:
> 0 : if t comes after s < 0 : if t comes before s 0 : if t == s
The number returned is the sequence difference, so 4.Difference(8) will return 4.
It handles rollovers by considering any sequence in the first quarter of the uint32 space to be after any sequence in the last quarter of that space, thus wrapping the uint32 space.
type Stream ¶
type Stream interface {
Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir TCPFlowDirection, nextSeq Sequence, start bool, ac AssemblerContext) bool
// ReassembledSG is called zero or more times.
// ScatterGather is reused after each Reassembled call,
// so it's important to copy anything you need out of it,
// especially bytes (or use KeepFrom())
ReassembledSG(sg ScatterGather, ac AssemblerContext)
// ReassemblyComplete is called when assembly decides there is
// no more data for this Stream, either because a FIN or RST packet
// was seen, or because the stream has timed out without any new
// packet data (due to a call to FlushCloseOlderThan).
// It should return true if the connection should be removed from the pool
// It can return false if it want to see subsequent packets with Accept(), e.g. to
// see FIN-ACK, for deeper state-machine analysis.
ReassemblyComplete(ac AssemblerContext) bool
}
Stream is implemented by the caller to handle incoming reassembled TCP data. Callers create a StreamFactory, then StreamPool uses it to create a new Stream for every TCP stream.
assembly will, in order:
- Create the stream via StreamFactory.New
- Call ReassembledSG 0 or more times, passing in reassembled TCP data in order
- Call ReassemblyComplete one time, after which the stream is dereferenced by assembly.
type StreamFactory ¶
type StreamFactory interface {
// New should return a new stream for the given TCP key.
New(netFlow, tcpFlow gopacket.Flow, tcp *layers.TCP, ac AssemblerContext) Stream
}
StreamFactory is used by assembly to create a new stream for each new TCP session.
type StreamPool ¶
type StreamPool struct {
// contains filtered or unexported fields
}
func NewStreamPool ¶
func NewStreamPool(factory StreamFactory) *StreamPool
func (*StreamPool) GetConnection ¶
func (self *StreamPool) GetConnection(k key, end bool, ts time.Time, tcp *layers.TCP, ac AssemblerContext) (*connection, *halfconnection, *halfconnection)
func (*StreamPool) Remove ¶
func (p *StreamPool) Remove(conn *connection)
type TCPAssemblyStats ¶
type TCPAssemblyStats struct {
// For this ScatterGather
Chunks int
Packets int
// For the half connection, since last call to ReassembledSG()
QueuedBytes int
QueuedPackets int
OverlapBytes int
OverlapPackets int
}
TCPAssemblyStats provides some figures for a ScatterGather
type TCPFlowDirection ¶
type TCPFlowDirection bool
TCPFlowDirection distinguish the two half-connections directions.
TCPDirClientToServer is assigned to half-connection for the first received packet, hence might be wrong if packets are not received in order. It's up to the caller (e.g. in Accept()) to decide if the direction should be interpretted differently.
const ( TCPDirClientToServer TCPFlowDirection = false TCPDirServerToClient TCPFlowDirection = true )
Value are not really useful
func (TCPFlowDirection) Reverse ¶
func (dir TCPFlowDirection) Reverse() TCPFlowDirection
Reverse returns the reversed direction
func (TCPFlowDirection) String ¶
func (dir TCPFlowDirection) String() string
Source Files