Documentation

Overview

    Package ip4defrag implements a IPv4 defragmenter

    Index

    Constants

    View Source
    const (
    	IPv4MinimumFragmentSize    = 8     // Minimum size of a single fragment
    	IPv4MaximumSize            = 65535 // Maximum size of a fragment (2^16)
    	IPv4MaximumFragmentOffset  = 8183  // Maximum offset of a fragment
    	IPv4MaximumFragmentListLen = 8192  // Back out if we get more than this many fragments
    )

      Constants determining how to handle fragments. Reference RFC 791, page 25

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type IPv4Defragmenter

      type IPv4Defragmenter struct {
      	sync.RWMutex
      	// contains filtered or unexported fields
      }

        IPv4Defragmenter is a struct which embedded a map of all fragment/packet.

        func NewIPv4Defragmenter

        func NewIPv4Defragmenter() *IPv4Defragmenter

          NewIPv4Defragmenter returns a new IPv4Defragmenter with an initialized map.

          func (*IPv4Defragmenter) DefragIPv4

          func (d *IPv4Defragmenter) DefragIPv4(in *layers.IPv4) (*layers.IPv4, error)

          DefragIPv4 takes in an IPv4 packet with a fragment payload.

          It do not modify the IPv4 layer in place, 'in' remains untouched It returns a ready-to be used IPv4 layer.

          If the passed-in IPv4 layer is NOT fragmented, it will immediately return it without modifying the layer.

          If the IPv4 layer is a fragment and we don't have all fragments, it will return nil and store whatever internal information it needs to eventually defrag the packet.

          If the IPv4 layer is the last fragment needed to reconstruct the packet, a new IPv4 layer will be returned, and will be set to the entire defragmented packet,

          It use a map of all the running flows

          Usage example:

          func HandlePacket(in *layers.IPv4) err {

              defragger := ip4defrag.NewIPv4Defragmenter()
              in, err := defragger.DefragIPv4(in)
              if err != nil {
                  return err
              } else if in == nil {
                  return nil  // packet fragment, we don't have whole packet yet.
              }
              // At this point, we know that 'in' is defragmented.
              //It may be the same 'in' passed to
          	   // HandlePacket, or it may not, but we don't really care :)
          	   ... do stuff to 'in' ...
          

          }

          func (*IPv4Defragmenter) DefragIPv4WithTimestamp

          func (d *IPv4Defragmenter) DefragIPv4WithTimestamp(in *layers.IPv4, t time.Time) (*layers.IPv4, error)

            DefragIPv4WithTimestamp provides functionality of DefragIPv4 with an additional timestamp parameter which is used for discarding old fragments instead of time.Now()

            This is useful when operating on pcap files instead of live captured data

            func (*IPv4Defragmenter) DiscardOlderThan

            func (d *IPv4Defragmenter) DiscardOlderThan(t time.Time) int

              DiscardOlderThan forgets all packets without any activity since time t. It returns the number of FragmentList aka number of fragment packets it has discarded.

              Source Files