Documentation ¶
Index ¶
- Constants
- Variables
- func CIDRinit()
- func GetFirstInterface() (string, error)
- func GetRandomIP() string
- func GetRandomMac() net.HardwareAddr
- func GetRandomPort() uint16
- func IsRFC1918(ip net.IP) bool
- func ToNets(strNets []string) []net.IPNet
- type AFHandle
- type Cryptopan
- type DNSPacketData
- type DNSParser
- type DNSTrace
- type Handle
- type HandleConfig
- type IfStats
- type KeySizeError
- type NetworkInterface
- type NetworkInterfaceConfiguration
- type Packet
- type PacketData
- type PacketProcessor
- type PacketTrace
- type PcapHandle
- type RingHandle
- type TrafficParser
Constants ¶
const ( TrafficIn = 0 TrafficOut = 1 )
const ( HandleTypePFRing = 0 HandleTypePcap = 1 HandleTypeAFPacket = 2 )
const DNSFilter = "udp and port 53"
BPF Filter for capturing DNS traffic only
const NotDNSFilter = "tcp or (udp and not port 53)"
BPF Filter for capturing DNS all traffic but DNS const NotDNSFilter = "tcp or (udp and not port 53)"
const (
// Size is the length of the Crypto-PAn keying material.
Size = keySize + blockSize
)
Variables ¶
var RFC1918 = []string{"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"}
var RFC1918Nets []net.IPNet = ToNets(RFC1918)
Functions ¶
func CIDRinit ¶
func CIDRinit()
CIDRinit fills privateIPBlocks with the CIDR ranges for RFC1918 and loopback checking
func GetFirstInterface ¶
func GetRandomIP ¶
func GetRandomIP() string
func GetRandomMac ¶
func GetRandomMac() net.HardwareAddr
func GetRandomPort ¶
func GetRandomPort() uint16
Types ¶
type AFHandle ¶
type AFHandle struct { }
func (*AFHandle) Init ¶
func (h *AFHandle) Init(conf *HandleConfig) error
func (*AFHandle) ReadPacketData ¶
func (h *AFHandle) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)
type Cryptopan ¶
type Cryptopan struct {
// contains filtered or unexported fields
}
Cryptopan is an instance of the Crypto-PAn algorithm, initialized with a given key.
func NewCryptoPAn ¶
NewCryptoPAn constructs and initializes Crypto-PAn with a given key.
type DNSPacketData ¶
type DNSParser ¶
type DNSParser struct {
// contains filtered or unexported fields
}
DNSParser
func (*DNSParser) NewDNSParser ¶
func (dp *DNSParser) NewDNSParser(netif *NetworkInterface, sm *servicemap.ServiceMap)
type DNSTrace ¶
type DNSTrace struct { Trace []*DNSPacketData Count int64 }
DNSTrace is a container of ordered DNS responses
func GetDNSTrace ¶
GetDNSTrace preparses a list of DNS packets to process in sequence for testing
type Handle ¶
type Handle interface { Init(conf *HandleConfig) error ReadPacketData() ([]byte, gopacket.CaptureInfo, error) Stats() IfStats }
type HandleConfig ¶
type KeySizeError ¶
type KeySizeError int
KeySizeError is the error returned when the provided key is an invalid length.
func (KeySizeError) Error ¶
func (e KeySizeError) Error() string
type NetworkInterface ¶
type NetworkInterface struct { Mode string Name string HwAddr net.HardwareAddr LocalNetv4 net.IPNet LocalNetv6 net.IPNet HandleType uint8 IfHandle Handle }
NetworkInterface is a structure that carries information on the interface it maps to and pointers to the underlying packet processing tool (PFRing or Pcap)
func (*NetworkInterface) NewNetworkInterface ¶
func (ni *NetworkInterface) NewNetworkInterface(conf NetworkInterfaceConfiguration)
func (*NetworkInterface) ReadPacketData ¶
func (ni *NetworkInterface) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)
type NetworkInterfaceConfiguration ¶
type NetworkInterfaceConfiguration struct { // name, filter, mode string, snaplen uint32 Driver string Name string Mode string Filter string SnapLen uint32 Clustered bool ClusterID int Replay bool ReplayMAC string ZeroCopy bool FanOut bool }
NetworkInterfaceConfiguration is a support structure used to configure an interface
type Packet ¶
type Packet struct { RawData []byte Eth *layers.Ethernet Ip4 *layers.IPv4 Ip6 *layers.IPv6 Tcp *layers.TCP Udp *layers.UDP Dns *layers.DNS TStamp int64 Dir int HwAddr string IsIPv4 bool IsLocal bool Length int64 ServiceIP string MyIP string IsTCP bool DataLength int64 ServicePort uint16 MyPort uint16 SeqNumber uint32 IsDNS bool }
type PacketData ¶
PacketData contains packet and its metadata
func GetRandomPacket ¶
func GetRandomPacket(len int) (pktData *PacketData)
GenerateRandomPacket creates a random packet of length len with given packet size
type PacketProcessor ¶
General Packet Processor interface. Implement to receive packets from parsers
type PacketTrace ¶
type PacketTrace struct { Trace []*PacketData Count int64 }
PacketTrace is a container of ordered packets
func GetRandomTrace ¶
func GetRandomTrace(n, len int) *PacketTrace
GetRandomTrace creates a list of random packets to process in sequence for testing
func GetTrace ¶
func GetTrace(pcapfile string) *PacketTrace
GetTrace preparse a list of packets to process in sequence for testing
func GetTraceWithServices ¶
func GetTraceWithServices(pcapfile string, sm *servicemap.ServiceMap) *PacketTrace
GetTraceWithServices preparse a list of packets to process in sequence for testing
type PcapHandle ¶
type PcapHandle struct { Name string Filter string SnapLen uint32 ZeroCopy bool Clustered bool ClusterID int FanOut bool PHandle *pcap.Handle }
func (*PcapHandle) Init ¶
func (h *PcapHandle) Init(conf *HandleConfig) error
func (*PcapHandle) NewPcapInterface ¶
func (h *PcapHandle) NewPcapInterface()
func (*PcapHandle) ReadPacketData ¶
func (h *PcapHandle) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)
func (*PcapHandle) Stats ¶
func (h *PcapHandle) Stats() IfStats
type RingHandle ¶
type RingHandle struct { }
func (*RingHandle) Init ¶
func (h *RingHandle) Init(conf *HandleConfig) error
func (*RingHandle) ReadPacketData ¶
func (h *RingHandle) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)
func (*RingHandle) Stats ¶
func (h *RingHandle) Stats() IfStats
type TrafficParser ¶
type TrafficParser struct {
// contains filtered or unexported fields
}
func (*TrafficParser) NewTrafficParser ¶
func (tp *TrafficParser) NewTrafficParser(netif *NetworkInterface, packetProcessor PacketProcessor)
func (*TrafficParser) Parse ¶
func (tp *TrafficParser) Parse(wg *sync.WaitGroup, stop chan struct{})
TrafficParser is the worker function for parsing network traffic. Each worker reads directly from the ring that is passed The waitgroup is used to cleanly shut down. Each worker listen on the stop chan to know when to stop processing