Documentation
¶
Overview ¶
Package actions describes the actions that can be applied to a given packet.
See the top-level documentation for more details.
Index ¶
- Constants
- Variables
- func FragmentIPPacket(packet gopacket.Packet, fragSize int) ([]gopacket.Packet, error)
- func VerifyIPv4Checksum(header []byte) bool
- type Action
- type ActionTree
- type DropAction
- type DuplicateAction
- type FragmentAction
- type IPv4Field
- type IPv4TamperAction
- type SendAction
- type TCPField
- type TCPTamperAction
- type TamperAction
- type TamperMode
Constants ¶
const ( // TamperReplace replaces the value of a packet field with the given value. TamperReplace = iota // TamperCorrupt replaces the value of a packet field with a randomly-generated value. TamperCorrupt )
const ( // supported TCP options. The other options are apparently obsolete and not used. TCPOptionEol = layers.TCPOptionKindEndList TCPOptionNop = layers.TCPOptionKindNop TCPOptionMss = layers.TCPOptionKindMSS TCPOptionWscale = layers.TCPOptionKindWindowScale TCPOptionSackok = layers.TCPOptionKindSACKPermitted TCPOptionSack = layers.TCPOptionKindSACK TCPOptionTimestamp = layers.TCPOptionKindTimestamps // obsolete TCP options geneva uses and is in the strategies.md document: // https://github.com/Kkevsterrr/geneva/blob/master/strategies.md TCPOptionAltCkhsum = 14 TCPOptionMd5Header = 19 TCPOptionUto = 28 // putting fields after options so that we can use the gopacket.TCPOptionKind constants for options. // this lets us use the same map for both fields and options and also directly compare // tcpTamperAction.field == TCPOption when iterating over tcpPacket.Options. TCPFieldSrcPort = 9 TCPFieldDstPort = 10 TCPFieldSeq = 11 TCPFieldAck = 12 TCPFieldDataOff = 13 TCPFieldFlags = 15 TCPFieldWindow = 16 TCPFieldUrgent = 17 TCPFieldChecksum = 18 TCPLoad = 20 // TCP flag string representations for tamper rules. TCPFlagFin = "f" TCPFlagSyn = "s" TCPFlagRst = "r" TCPFlagPsh = "p" TCPFlagAck = "a" TCPFlagUrg = "u" TCPFlagEce = "e" TCPFlagCwr = "c" TCPFlagNop = "n" )
const ( // supported IPv4 fields. IPv4FieldSrcIP = iota IPv4FieldDstIP IPv4FieldVersion IPv4FieldIHL IPv4FieldTOS IPv4FieldLength IPv4FieldID IPv4FieldFlags IPv4FieldFragOffset IPv4FieldTTL IPv4FieldProtocol IPv4FieldChecksum IPv4Load )
Variables ¶
var ( ErrInvalidTamperMode = errors.New("invalid tamper mode") ErrInvalidTamperRule = errors.New("invalid tamper rule") ErrUDPNotSupported = errors.New("UDP tamper action not currently supported") )
var DefaultDropAction = &DropAction{}
DefaultDropAction is the default drop action.
(DropAction is so simple that there is no need to allocate more than one.)
var DefaultSendAction = &SendAction{}
DefaultSendAction is the default send action.
(SendAction is so simple that there is no need to allocate more than one.)
var ErrInvalidAction = errors.New("invalid action")
Functions ¶
func FragmentIPPacket ¶
FragmentIPPacket will fragment an IPv4 or IPv6 packet into two packets at the given 8-byte chunk offset.
The first fragment will include up to (fragSize * 8) bytes of the IP packet's payload, and the second fragment will include the rest.
func VerifyIPv4Checksum ¶
VerifyIPv4Checksum verifies whether an IPv4 header's checksum field is correct.
Types ¶
type Action ¶
type Action interface {
// Apply applies the action to the packet, returning zero or more potentially-modified
// packets.
Apply(gopacket.Packet) ([]gopacket.Packet, error)
fmt.Stringer
}
Action is implemented by any value that describes a Geneva action.
func ParseAction ¶
ParseAction parses a string representation of an action into the actual Action object.
If the string is malformed, an error will be returned instead.
func ParseDuplicateAction ¶
ParseDuplicateAction parses a string representation of a "duplicate" action.
If the string is malformed, an error will be returned instead.
func ParseFragmentAction ¶
ParseFragmentAction parses a string representation of a "fragment" action.
If the string is malformed, an error will be returned instead.
type ActionTree ¶
type ActionTree struct {
// Trigger is the trigger that will fire this action tree if matched.
Trigger triggers.Trigger
// RootAction is the root action of the tree and may have subordinate actions that it calls.
RootAction Action
}
ActionTree represents a Geneva (trigger, action) pair.
Technically, Geneva uses the term "action tree" to refer to the tree of actions in the tuple (trigger, action tree). In other words, RootAction here is what they call the "action tree". They have no name for the (trigger, action tree) tuple, which this type actually represents.
func ParseActionTree ¶
func ParseActionTree(s *scanner.Scanner) (*ActionTree, error)
ParseActionTree attempts to parse an action tree from its input.
func (*ActionTree) Apply ¶
Apply applies this action tree to the packet, returning zero or more potentially-modified packets.
func (*ActionTree) Matches ¶
func (at *ActionTree) Matches(packet gopacket.Packet) (bool, error)
Matches returns whether this action tree's trigger matches the packet.
func (*ActionTree) String ¶
func (at *ActionTree) String() string
String returns a string representation of this ActionTree.
type DropAction ¶
type DropAction struct{}
DropAction is a Geneva action that drops a packet.
func (*DropAction) String ¶
func (a *DropAction) String() string
String returns a string representing the "drop" action.
type DuplicateAction ¶
DuplicateAction is a Geneva action that duplicates a packet and applies separate action trees to each.
func (*DuplicateAction) Apply ¶
Apply duplicates packet, returning zero or more potentially-modified packets.
The number of returned packets depends on this action's sub-actions.
func (*DuplicateAction) String ¶
func (a *DuplicateAction) String() string
String returns a string representation of this Action.
type FragmentAction ¶
type FragmentAction struct {
// FragSize is the offset into the protocol's payload where fragmentation will happen.
FragSize int
// InOrder specifies whether to return the fragments in order.
InOrder bool
// FirstFragmentAction is the action to apply to the first fragment.
FirstFragmentAction Action
// SecondFragmentAction is the action to apply to the second fragment.
SecondFragmentAction Action
// contains filtered or unexported fields
}
FragmentAction is a Geneva action that splits a packet into two fragments and applies separate action trees to each.
As an example, if Proto is "IP" and FragSize is 8, this will fragment a 60-byte IP packet into two fragments: the first will contain the first eight bytes of the original packet's payload, and the second will contain the remaining 52 bytes. Each fragment will retain the original header (modulo the fields that must be updated to mark it as a fragmented packet). If the Proto's header includes a checksum, it will be recomputed.
func (*FragmentAction) Proto ¶
func (a *FragmentAction) Proto() string
func (*FragmentAction) String ¶
func (a *FragmentAction) String() string
String returns a string representation of this Action.
type IPv4Field ¶
type IPv4Field uint8
IPv4Field is an IPv4 field that can be modified by an IPv4TamperAction.
type IPv4TamperAction ¶
type IPv4TamperAction struct {
// TamperAction is the underlying action parsed from the tamper rule.
TamperAction
// contains filtered or unexported fields
}
IPv4TamperAction is a Geneva action that modifies IPv4 packets.
func NewIPv4TamperAction ¶
func NewIPv4TamperAction(ta TamperAction) (*IPv4TamperAction, error)
NewIPv4TamperAction returns a new IPv4TamperAction from the given TamperAction.
type SendAction ¶
type SendAction struct{}
SendAction is a Geneva action to send a packet.
func (*SendAction) String ¶
func (a *SendAction) String() string
String returns a string representing the "send" action.
type TCPField ¶
type TCPField uint8
TCPField is a TCP field that can be modified by a TCPTamperAction.
type TCPTamperAction ¶
type TCPTamperAction struct {
// TamperAction is the underlying action parsed from the tamper rule.
TamperAction
// contains filtered or unexported fields
}
TCPTamperAction is a Geneva action that modifies TCP packets.
func NewTCPTamperAction ¶
func NewTCPTamperAction(ta TamperAction) (*TCPTamperAction, error)
NewTCPTamperAction returns a new TCPTamperAction from the given TamperAction.
type TamperAction ¶
type TamperAction struct {
// Proto is the protocol layer where the modification will occur.
Proto string
// Field is the layer field to modify.
Field string
// NewValue is the new value to which the Field should be set. This is only relevant for
// "replace" mode.
NewValue string
// Mode indicates how the modification should happen.
Mode TamperMode
// Action is the action to apply to the packet after modification.
Action Action
}
TamperAction is a Geneva action that modifies a given field of a packet while always trying to keep the packet valid. This is done by updating the checksums and lengths unless the tamper rule is specifically for the checksum or length. If proto is TCP and the field is an option, the option will be added if it doesn't exist.
There are two modes for tampering:
"replace" - replace the field with the given value. "corrupt" - replace the field with a randomly-generated value of the same bitsize.
Currently, only TCP and IPv4 is supported. UDP support is planned for the future.
func (*TamperAction) String ¶
func (a *TamperAction) String() string
String returns a string representation of this Action.
type TamperMode ¶
type TamperMode int
TamperMode describes the way that the "tamper" action can manipulate a packet.
func (TamperMode) String ¶
func (tm TamperMode) String() string
String returns a string representation of the tamper mode.
Source Files