Documentation
¶
Overview ¶
Honeybadger types package
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SequenceFromPacket ¶
SequenceFromPacket returns a Sequence number and nil error if the given packet is able to be parsed. Otherwise returns 0 and an error.
Types ¶
type ConnectionHash ¶
type ConnectionHash struct {
IpFlowHash, TcpFlowHash uint64
}
ConnectionHash struct value will be used as the result of gopacket's variant of Fowler-Noll-Vo hashing which guarantees collisions of a flow's reverse: A->B == B->A https://github.com/google/gopacket/blob/master/flows.go
type PacketLogger ¶
type PacketManifest ¶
type PacketManifest struct {
Timestamp time.Time
Flow *TcpIpFlow
RawPacket []byte
IP layers.IPv4
TCP layers.TCP
Payload gopacket.Payload
}
PacketManifest is used to send parsed packets via channels to other goroutines
type PacketSource ¶
type PacketSource interface {
Start()
Stop()
SetSupervisor(Supervisor)
GetStartedChan() chan bool // used for unit tests
}
type Reassembly ¶
type Reassembly struct {
// Seq is the TCP sequence number for this segment
Seq Sequence
// Bytes is the next set of bytes in the stream. May be empty.
Bytes []byte
// Skip is set to non-zero if bytes were skipped between this and the
// last Reassembly. If this is the first packet in a connection and we
// didn't see the start, we have no idea how many bytes we skipped, so
// we set it to -1. Otherwise, it's set to the number of bytes skipped.
Skip int
// Start is set if this set of bytes has a TCP SYN accompanying it.
Start bool
// End is set if this set of bytes has a TCP FIN or RST accompanying it.
End bool
// Seen is the timestamp this set of bytes was pulled off the wire.
Seen time.Time
}
Reassembly is used to represent a TCP segment
func (Reassembly) String ¶
func (r Reassembly) String() string
String returns a string representation of Reassembly
type Ring ¶
type Ring struct {
Reassembly *Reassembly
// contains filtered or unexported fields
}
A Ring is an element of a circular list, or ring. Rings do not have a beginning or end; a pointer to any ring element serves as reference to the entire ring. Empty rings are represented as nil Ring pointers.
func (*Ring) Len ¶
Len computes the number of elements in ring r. It executes in time proportional to the number of elements.
type Sequence ¶
type Sequence int64
Sequence is a TCP sequence number. It provides a few convenience functions for handling TCP wrap-around. The sequence should always be in the range [0,0xFFFFFFFF]... its other bits are simply used in wrap-around calculations and should never be set.
func (Sequence) Difference ¶
Difference defines an ordering for comparing TCP sequences that's safe for roll-overs. It returns:
> 0 : if t comes after s < 0 : if t comes before s 0 : if t == s
The number returned is the sequence difference, so 4.Difference(8) will return 4.
It handles rollovers by considering any sequence in the first quarter of the uint32 space to be after any sequence in the last quarter of that space, thus wrapping the uint32 space.
type Supervisor ¶
type Supervisor interface {
Stopped()
Run()
}
type TcpIpFlow ¶
type TcpIpFlow struct {
// contains filtered or unexported fields
}
TcpIpFlow is used for tracking unidirectional TCP flows
func NewTcpIpFlowFromFlows ¶
NewTcpIpFlowFromFlows given an IP flow and TCP flow returns a TcpIpFlow
func NewTcpIpFlowFromLayers ¶
NewTcpIpFlowFromLayers given IPv4 and TCP layers it returns a TcpIpFlow
func NewTcpIpFlowFromPacket ¶
getPacketFlow returns a TcpIpFlow struct given a byte array packet
func (*TcpIpFlow) ConnectionHash ¶
func (t *TcpIpFlow) ConnectionHash() ConnectionHash
ConnectionHash returns a hash of the flow A->B such that it is guaranteed to collide with flow B->A
XXX Is it possible to make this function more efficient by computing a single hash value instead of two?
func (*TcpIpFlow) Equal ¶
Equal returns true if TcpIpFlow structs t and s are equal. False otherwise.
Source Files