README
¶
go-pcap-filter
Compile tcpdump-style filters in pure go.
This library wraps a WebAssembly build of pcap_compile from libpcap transpiled to Go using wasm2go.
It can be used with libraries like github.com/gopacket/gopacket/afpacket to implement CGO-less packet capture.
The wasm2go blob is fully reproducible and verified.
To have working IDE integration while working on the bindings, use bear -- make -C src distclean download all CC=/path/to/wasi-sdk/bin/wasm32-wasip1-clang to download the libpcap source and generate the compile_commands.json.
Documentation
¶
Index ¶
Constants ¶
View Source
const ( DLT_NULL = LinkType(bpf_wasm.DLT_NULL) DLT_EN10MB = LinkType(bpf_wasm.DLT_EN10MB) DLT_EN3MB = LinkType(bpf_wasm.DLT_EN3MB) DLT_AX25 = LinkType(bpf_wasm.DLT_AX25) DLT_PRONET = LinkType(bpf_wasm.DLT_PRONET) DLT_CHAOS = LinkType(bpf_wasm.DLT_CHAOS) DLT_IEEE802 = LinkType(bpf_wasm.DLT_IEEE802) DLT_ARCNET = LinkType(bpf_wasm.DLT_ARCNET) DLT_SLIP = LinkType(bpf_wasm.DLT_SLIP) DLT_PPP = LinkType(bpf_wasm.DLT_PPP) DLT_FDDI = LinkType(bpf_wasm.DLT_FDDI) DLT_ATM_RFC1483 = LinkType(bpf_wasm.DLT_ATM_RFC1483) DLT_RAW = LinkType(bpf_wasm.DLT_RAW) DLT_SLIP_BSDOS = LinkType(bpf_wasm.DLT_SLIP_BSDOS) DLT_PPP_BSDOS = LinkType(bpf_wasm.DLT_PPP_BSDOS) DLT_ATM_CLIP = LinkType(bpf_wasm.DLT_ATM_CLIP) DLT_REDBACK_SMARTEDGE = LinkType(bpf_wasm.DLT_REDBACK_SMARTEDGE) DLT_PPP_SERIAL = LinkType(bpf_wasm.DLT_PPP_SERIAL) DLT_PPP_ETHER = LinkType(bpf_wasm.DLT_PPP_ETHER) DLT_SYMANTEC_FIREWALL = LinkType(bpf_wasm.DLT_SYMANTEC_FIREWALL) DLT_C_HDLC = LinkType(bpf_wasm.DLT_C_HDLC) DLT_IEEE802_11 = LinkType(bpf_wasm.DLT_IEEE802_11) DLT_FRELAY = LinkType(bpf_wasm.DLT_FRELAY) DLT_LOOP = LinkType(bpf_wasm.DLT_LOOP) DLT_ENC = LinkType(bpf_wasm.DLT_ENC) DLT_HDLC = LinkType(bpf_wasm.DLT_HDLC) DLT_LINUX_SLL = LinkType(bpf_wasm.DLT_LINUX_SLL) DLT_LTALK = LinkType(bpf_wasm.DLT_LTALK) DLT_ECONET = LinkType(bpf_wasm.DLT_ECONET) DLT_IPFILTER = LinkType(bpf_wasm.DLT_IPFILTER) DLT_PFLOG = LinkType(bpf_wasm.DLT_PFLOG) DLT_CISCO_IOS = LinkType(bpf_wasm.DLT_CISCO_IOS) DLT_PRISM_HEADER = LinkType(bpf_wasm.DLT_PRISM_HEADER) DLT_AIRONET_HEADER = LinkType(bpf_wasm.DLT_AIRONET_HEADER) DLT_HHDLC = LinkType(bpf_wasm.DLT_HHDLC) DLT_IP_OVER_FC = LinkType(bpf_wasm.DLT_IP_OVER_FC) DLT_SUNATM = LinkType(bpf_wasm.DLT_SUNATM) DLT_RIO = LinkType(bpf_wasm.DLT_RIO) DLT_PCI_EXP = LinkType(bpf_wasm.DLT_PCI_EXP) DLT_AURORA = LinkType(bpf_wasm.DLT_AURORA) DLT_IEEE802_11_RADIO = LinkType(bpf_wasm.DLT_IEEE802_11_RADIO) DLT_TZSP = LinkType(bpf_wasm.DLT_TZSP) DLT_ARCNET_LINUX = LinkType(bpf_wasm.DLT_ARCNET_LINUX) DLT_JUNIPER_MLPPP = LinkType(bpf_wasm.DLT_JUNIPER_MLPPP) DLT_JUNIPER_MLFR = LinkType(bpf_wasm.DLT_JUNIPER_MLFR) DLT_JUNIPER_ES = LinkType(bpf_wasm.DLT_JUNIPER_ES) DLT_JUNIPER_GGSN = LinkType(bpf_wasm.DLT_JUNIPER_GGSN) DLT_JUNIPER_MFR = LinkType(bpf_wasm.DLT_JUNIPER_MFR) DLT_JUNIPER_ATM2 = LinkType(bpf_wasm.DLT_JUNIPER_ATM2) DLT_JUNIPER_SERVICES = LinkType(bpf_wasm.DLT_JUNIPER_SERVICES) DLT_JUNIPER_ATM1 = LinkType(bpf_wasm.DLT_JUNIPER_ATM1) DLT_APPLE_IP_OVER_IEEE1394 = LinkType(bpf_wasm.DLT_APPLE_IP_OVER_IEEE1394) DLT_MTP2_WITH_PHDR = LinkType(bpf_wasm.DLT_MTP2_WITH_PHDR) DLT_MTP2 = LinkType(bpf_wasm.DLT_MTP2) DLT_MTP3 = LinkType(bpf_wasm.DLT_MTP3) DLT_SCCP = LinkType(bpf_wasm.DLT_SCCP) DLT_DOCSIS = LinkType(bpf_wasm.DLT_DOCSIS) DLT_LINUX_IRDA = LinkType(bpf_wasm.DLT_LINUX_IRDA) DLT_IBM_SP = LinkType(bpf_wasm.DLT_IBM_SP) DLT_IBM_SN = LinkType(bpf_wasm.DLT_IBM_SN) DLT_USER0 = LinkType(bpf_wasm.DLT_USER0) DLT_USER1 = LinkType(bpf_wasm.DLT_USER1) DLT_USER2 = LinkType(bpf_wasm.DLT_USER2) DLT_USER3 = LinkType(bpf_wasm.DLT_USER3) DLT_USER4 = LinkType(bpf_wasm.DLT_USER4) DLT_USER5 = LinkType(bpf_wasm.DLT_USER5) DLT_USER6 = LinkType(bpf_wasm.DLT_USER6) DLT_USER7 = LinkType(bpf_wasm.DLT_USER7) DLT_USER8 = LinkType(bpf_wasm.DLT_USER8) DLT_USER9 = LinkType(bpf_wasm.DLT_USER9) DLT_USER10 = LinkType(bpf_wasm.DLT_USER10) DLT_USER11 = LinkType(bpf_wasm.DLT_USER11) DLT_USER12 = LinkType(bpf_wasm.DLT_USER12) DLT_USER13 = LinkType(bpf_wasm.DLT_USER13) DLT_USER14 = LinkType(bpf_wasm.DLT_USER14) DLT_USER15 = LinkType(bpf_wasm.DLT_USER15) DLT_IEEE802_11_RADIO_AVS = LinkType(bpf_wasm.DLT_IEEE802_11_RADIO_AVS) DLT_JUNIPER_MONITOR = LinkType(bpf_wasm.DLT_JUNIPER_MONITOR) DLT_BACNET_MS_TP = LinkType(bpf_wasm.DLT_BACNET_MS_TP) DLT_PPP_PPPD = LinkType(bpf_wasm.DLT_PPP_PPPD) DLT_JUNIPER_PPPOE = LinkType(bpf_wasm.DLT_JUNIPER_PPPOE) DLT_JUNIPER_PPPOE_ATM = LinkType(bpf_wasm.DLT_JUNIPER_PPPOE_ATM) DLT_GPRS_LLC = LinkType(bpf_wasm.DLT_GPRS_LLC) DLT_GPF_T = LinkType(bpf_wasm.DLT_GPF_T) DLT_GPF_F = LinkType(bpf_wasm.DLT_GPF_F) DLT_GCOM_T1E1 = LinkType(bpf_wasm.DLT_GCOM_T1E1) DLT_GCOM_SERIAL = LinkType(bpf_wasm.DLT_GCOM_SERIAL) DLT_JUNIPER_PIC_PEER = LinkType(bpf_wasm.DLT_JUNIPER_PIC_PEER) DLT_ERF_ETH = LinkType(bpf_wasm.DLT_ERF_ETH) DLT_ERF_POS = LinkType(bpf_wasm.DLT_ERF_POS) DLT_LINUX_LAPD = LinkType(bpf_wasm.DLT_LINUX_LAPD) DLT_JUNIPER_ETHER = LinkType(bpf_wasm.DLT_JUNIPER_ETHER) DLT_JUNIPER_PPP = LinkType(bpf_wasm.DLT_JUNIPER_PPP) DLT_JUNIPER_FRELAY = LinkType(bpf_wasm.DLT_JUNIPER_FRELAY) DLT_JUNIPER_CHDLC = LinkType(bpf_wasm.DLT_JUNIPER_CHDLC) DLT_MFR = LinkType(bpf_wasm.DLT_MFR) DLT_JUNIPER_VP = LinkType(bpf_wasm.DLT_JUNIPER_VP) DLT_A429 = LinkType(bpf_wasm.DLT_A429) DLT_A653_ICM = LinkType(bpf_wasm.DLT_A653_ICM) DLT_USB = LinkType(bpf_wasm.DLT_USB) DLT_USB_FREEBSD = LinkType(bpf_wasm.DLT_USB_FREEBSD) DLT_BLUETOOTH_HCI_H4 = LinkType(bpf_wasm.DLT_BLUETOOTH_HCI_H4) DLT_IEEE802_16_MAC_CPS = LinkType(bpf_wasm.DLT_IEEE802_16_MAC_CPS) DLT_USB_LINUX = LinkType(bpf_wasm.DLT_USB_LINUX) DLT_CAN20B = LinkType(bpf_wasm.DLT_CAN20B) DLT_IEEE802_15_4_LINUX = LinkType(bpf_wasm.DLT_IEEE802_15_4_LINUX) DLT_PPI = LinkType(bpf_wasm.DLT_PPI) DLT_IEEE802_16_MAC_CPS_RADIO = LinkType(bpf_wasm.DLT_IEEE802_16_MAC_CPS_RADIO) DLT_JUNIPER_ISM = LinkType(bpf_wasm.DLT_JUNIPER_ISM) DLT_IEEE802_15_4_WITHFCS = LinkType(bpf_wasm.DLT_IEEE802_15_4_WITHFCS) DLT_SITA = LinkType(bpf_wasm.DLT_SITA) DLT_ERF = LinkType(bpf_wasm.DLT_ERF) DLT_RAIF1 = LinkType(bpf_wasm.DLT_RAIF1) DLT_IPMB_KONTRON = LinkType(bpf_wasm.DLT_IPMB_KONTRON) DLT_JUNIPER_ST = LinkType(bpf_wasm.DLT_JUNIPER_ST) DLT_BLUETOOTH_HCI_H4_WITH_PHDR = LinkType(bpf_wasm.DLT_BLUETOOTH_HCI_H4_WITH_PHDR) DLT_AX25_KISS = LinkType(bpf_wasm.DLT_AX25_KISS) DLT_LAPD = LinkType(bpf_wasm.DLT_LAPD) DLT_PPP_WITH_DIR = LinkType(bpf_wasm.DLT_PPP_WITH_DIR) DLT_C_HDLC_WITH_DIR = LinkType(bpf_wasm.DLT_C_HDLC_WITH_DIR) DLT_FRELAY_WITH_DIR = LinkType(bpf_wasm.DLT_FRELAY_WITH_DIR) DLT_LAPB_WITH_DIR = LinkType(bpf_wasm.DLT_LAPB_WITH_DIR) DLT_I2C_LINUX = LinkType(bpf_wasm.DLT_I2C_LINUX) DLT_IPMB_LINUX = LinkType(bpf_wasm.DLT_IPMB_LINUX) DLT_FLEXRAY = LinkType(bpf_wasm.DLT_FLEXRAY) DLT_MOST = LinkType(bpf_wasm.DLT_MOST) DLT_LIN = LinkType(bpf_wasm.DLT_LIN) DLT_X2E_SERIAL = LinkType(bpf_wasm.DLT_X2E_SERIAL) DLT_X2E_XORAYA = LinkType(bpf_wasm.DLT_X2E_XORAYA) DLT_IEEE802_15_4_NONASK_PHY = LinkType(bpf_wasm.DLT_IEEE802_15_4_NONASK_PHY) DLT_LINUX_EVDEV = LinkType(bpf_wasm.DLT_LINUX_EVDEV) DLT_GSMTAP_UM = LinkType(bpf_wasm.DLT_GSMTAP_UM) DLT_GSMTAP_ABIS = LinkType(bpf_wasm.DLT_GSMTAP_ABIS) DLT_MPLS = LinkType(bpf_wasm.DLT_MPLS) DLT_USB_LINUX_MMAPPED = LinkType(bpf_wasm.DLT_USB_LINUX_MMAPPED) DLT_DECT = LinkType(bpf_wasm.DLT_DECT) DLT_AOS = LinkType(bpf_wasm.DLT_AOS) DLT_WIHART = LinkType(bpf_wasm.DLT_WIHART) DLT_FC_2 = LinkType(bpf_wasm.DLT_FC_2) DLT_FC_2_WITH_FRAME_DELIMS = LinkType(bpf_wasm.DLT_FC_2_WITH_FRAME_DELIMS) DLT_IPNET = LinkType(bpf_wasm.DLT_IPNET) DLT_CAN_SOCKETCAN = LinkType(bpf_wasm.DLT_CAN_SOCKETCAN) DLT_IPV4 = LinkType(bpf_wasm.DLT_IPV4) DLT_IPV6 = LinkType(bpf_wasm.DLT_IPV6) DLT_IEEE802_15_4_NOFCS = LinkType(bpf_wasm.DLT_IEEE802_15_4_NOFCS) DLT_DBUS = LinkType(bpf_wasm.DLT_DBUS) DLT_JUNIPER_VS = LinkType(bpf_wasm.DLT_JUNIPER_VS) DLT_JUNIPER_SRX_E2E = LinkType(bpf_wasm.DLT_JUNIPER_SRX_E2E) DLT_JUNIPER_FIBRECHANNEL = LinkType(bpf_wasm.DLT_JUNIPER_FIBRECHANNEL) DLT_DVB_CI = LinkType(bpf_wasm.DLT_DVB_CI) DLT_MUX27010 = LinkType(bpf_wasm.DLT_MUX27010) DLT_STANAG_5066_D_PDU = LinkType(bpf_wasm.DLT_STANAG_5066_D_PDU) DLT_JUNIPER_ATM_CEMIC = LinkType(bpf_wasm.DLT_JUNIPER_ATM_CEMIC) DLT_NFLOG = LinkType(bpf_wasm.DLT_NFLOG) DLT_NETANALYZER = LinkType(bpf_wasm.DLT_NETANALYZER) DLT_NETANALYZER_TRANSPARENT = LinkType(bpf_wasm.DLT_NETANALYZER_TRANSPARENT) DLT_IPOIB = LinkType(bpf_wasm.DLT_IPOIB) DLT_MPEG_2_TS = LinkType(bpf_wasm.DLT_MPEG_2_TS) DLT_NG40 = LinkType(bpf_wasm.DLT_NG40) DLT_NFC_LLCP = LinkType(bpf_wasm.DLT_NFC_LLCP) DLT_PFSYNC = LinkType(bpf_wasm.DLT_PFSYNC) DLT_INFINIBAND = LinkType(bpf_wasm.DLT_INFINIBAND) DLT_SCTP = LinkType(bpf_wasm.DLT_SCTP) DLT_USBPCAP = LinkType(bpf_wasm.DLT_USBPCAP) DLT_RTAC_SERIAL = LinkType(bpf_wasm.DLT_RTAC_SERIAL) DLT_BLUETOOTH_LE_LL = LinkType(bpf_wasm.DLT_BLUETOOTH_LE_LL) DLT_WIRESHARK_UPPER_PDU = LinkType(bpf_wasm.DLT_WIRESHARK_UPPER_PDU) DLT_NETLINK = LinkType(bpf_wasm.DLT_NETLINK) DLT_BLUETOOTH_LINUX_MONITOR = LinkType(bpf_wasm.DLT_BLUETOOTH_LINUX_MONITOR) DLT_BLUETOOTH_BREDR_BB = LinkType(bpf_wasm.DLT_BLUETOOTH_BREDR_BB) DLT_BLUETOOTH_LE_LL_WITH_PHDR = LinkType(bpf_wasm.DLT_BLUETOOTH_LE_LL_WITH_PHDR) DLT_PROFIBUS_DL = LinkType(bpf_wasm.DLT_PROFIBUS_DL) DLT_PKTAP = LinkType(bpf_wasm.DLT_PKTAP) DLT_EPON = LinkType(bpf_wasm.DLT_EPON) DLT_IPMI_HPM_2 = LinkType(bpf_wasm.DLT_IPMI_HPM_2) DLT_ZWAVE_R1_R2 = LinkType(bpf_wasm.DLT_ZWAVE_R1_R2) DLT_ZWAVE_R3 = LinkType(bpf_wasm.DLT_ZWAVE_R3) DLT_WATTSTOPPER_DLM = LinkType(bpf_wasm.DLT_WATTSTOPPER_DLM) DLT_ISO_14443 = LinkType(bpf_wasm.DLT_ISO_14443) DLT_RDS = LinkType(bpf_wasm.DLT_RDS) DLT_USB_DARWIN = LinkType(bpf_wasm.DLT_USB_DARWIN) DLT_OPENFLOW = LinkType(bpf_wasm.DLT_OPENFLOW) DLT_SDLC = LinkType(bpf_wasm.DLT_SDLC) DLT_TI_LLN_SNIFFER = LinkType(bpf_wasm.DLT_TI_LLN_SNIFFER) DLT_LORATAP = LinkType(bpf_wasm.DLT_LORATAP) DLT_VSOCK = LinkType(bpf_wasm.DLT_VSOCK) DLT_NORDIC_BLE = LinkType(bpf_wasm.DLT_NORDIC_BLE) DLT_DOCSIS31_XRA31 = LinkType(bpf_wasm.DLT_DOCSIS31_XRA31) DLT_ETHERNET_MPACKET = LinkType(bpf_wasm.DLT_ETHERNET_MPACKET) DLT_DISPLAYPORT_AUX = LinkType(bpf_wasm.DLT_DISPLAYPORT_AUX) DLT_LINUX_SLL2 = LinkType(bpf_wasm.DLT_LINUX_SLL2) DLT_SERCOS_MONITOR = LinkType(bpf_wasm.DLT_SERCOS_MONITOR) DLT_OPENVIZSLA = LinkType(bpf_wasm.DLT_OPENVIZSLA) DLT_EBHSCR = LinkType(bpf_wasm.DLT_EBHSCR) DLT_VPP_DISPATCH = LinkType(bpf_wasm.DLT_VPP_DISPATCH) DLT_DSA_TAG_BRCM = LinkType(bpf_wasm.DLT_DSA_TAG_BRCM) DLT_DSA_TAG_BRCM_PREPEND = LinkType(bpf_wasm.DLT_DSA_TAG_BRCM_PREPEND) DLT_IEEE802_15_4_TAP = LinkType(bpf_wasm.DLT_IEEE802_15_4_TAP) DLT_DSA_TAG_DSA = LinkType(bpf_wasm.DLT_DSA_TAG_DSA) DLT_DSA_TAG_EDSA = LinkType(bpf_wasm.DLT_DSA_TAG_EDSA) DLT_ELEE = LinkType(bpf_wasm.DLT_ELEE) DLT_Z_WAVE_SERIAL = LinkType(bpf_wasm.DLT_Z_WAVE_SERIAL) DLT_USB_2_0 = LinkType(bpf_wasm.DLT_USB_2_0) DLT_ATSC_ALP = LinkType(bpf_wasm.DLT_ATSC_ALP) DLT_ETW = LinkType(bpf_wasm.DLT_ETW) DLT_NETANALYZER_NG = LinkType(bpf_wasm.DLT_NETANALYZER_NG) DLT_ZBOSS_NCP = LinkType(bpf_wasm.DLT_ZBOSS_NCP) DLT_USB_2_0_LOW_SPEED = LinkType(bpf_wasm.DLT_USB_2_0_LOW_SPEED) DLT_USB_2_0_FULL_SPEED = LinkType(bpf_wasm.DLT_USB_2_0_FULL_SPEED) DLT_USB_2_0_HIGH_SPEED = LinkType(bpf_wasm.DLT_USB_2_0_HIGH_SPEED) DLT_AUERSWALD_LOG = LinkType(bpf_wasm.DLT_AUERSWALD_LOG) DLT_ZWAVE_TAP = LinkType(bpf_wasm.DLT_ZWAVE_TAP) DLT_SILABS_DEBUG_CHANNEL = LinkType(bpf_wasm.DLT_SILABS_DEBUG_CHANNEL) DLT_FIRA_UCI = LinkType(bpf_wasm.DLT_FIRA_UCI) DLT_MDB = LinkType(bpf_wasm.DLT_MDB) DLT_DECT_NR = LinkType(bpf_wasm.DLT_DECT_NR) DLT_EDK2_MM = LinkType(bpf_wasm.DLT_EDK2_MM) DLT_DEBUG_ONLY = LinkType(bpf_wasm.DLT_DEBUG_ONLY) )
Variables ¶
View Source
var ( DefaultLinkType = DLT_EN10MB DefaultSnaplen = 65535 )
Functions ¶
func Compile ¶
func Compile(filter string, opts *Options) (raw []bpf.RawInstruction, err error)
Compile compiles a tcpdump filter expression to a BPF program.
func LookupDefaultResolver ¶
LookupDefaultResolver looks up a host using net.DefaultResolver.
Types ¶
type EthersFunc ¶
type EthersFunc func(name string) (net.HardwareAddr, error)
EthersFunc looks up MAC addresses for "ether host name" expressions.
type LinkType ¶
type LinkType int
LinkType is an opaque DLT_ link-layer type constant. Use the DLT_* constants defined in this package rather than raw integers.
type LookupFunc ¶
LookupFunc resolves hostnames for "host name" expressions. It should return all IPv4 and IPv6 addresses for the specified hostname. The first address matching the family will be used.
type Options ¶
type Options struct {
// LinkType identifies the kind of packet the filter will be used for, which
// affects the offsets and the valid expressions. If zero, [DLT_EN10MB] is
// used, which is suitable for ethernet packet captures.
LinkType LinkType
// Snaplen is the maximum number of bytes to look at in each packet. If nil,
// 65535 is used.
Snaplen int
// Netmask, is the IPv4 netmask of the local network, used by "broadcast" in
// expressions. If zero, broadcast checks are skipped.
Netmask netip.Addr
// Optimize enables the BPF optimizer.
Optimize bool
// Lookup is the lookup function to use for host ip addresses. If nil,
// address lookup is disabled.
Lookup LookupFunc
// Ethers is the lookup function to use for hardware addresses. If nil,
// hardware address lookup is disabled.
Ethers EthersFunc
}
Options contains compilation options for a filter expression.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.