Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.



    View Source
    const (
    	// IPProtocolTCP defines the constant for UDP protocol number
    	IPProtocolTCP = 6
    	// IPProtocolUDP defines the constant for UDP protocol number
    	IPProtocolUDP = 17

      IP Protocol numbers

      View Source
      const (
      	// TCPSynMask is a mask for the TCP Syn flags
      	TCPSynMask = 0x2
      	// TCPSynAckMask  mask idenitifies a TCP SYN-ACK packet
      	TCPSynAckMask = 0x12
      	// TCPRstMask mask that identifies RST packets
      	TCPRstMask = 0x4
      	// TCPAckMask mask that identifies ACK packets
      	TCPAckMask = 0x10
      	// TCPFinMask mask that identifies FIN packets
      	TCPFinMask = 0x1
      	// TCPPshMask = 0x8 mask that identifies PSH packets
      	TCPPshMask = 0x8

        TCP Header masks

        View Source
        const (
        	// TCPAuthenticationOption is the option number will be using
        	TCPAuthenticationOption = uint8(34)
        	// TCPMssOption is the type for MSS option
        	TCPMssOption = uint8(2)
        	// TCPMssOptionLen is the type for MSS option
        	TCPMssOptionLen = uint8(4)

          TCP Options Related constants

          View Source
          const (
          	// UDPLengthPos is the location of UDP length
          	UDPLengthPos = 24
          	// UDPChecksumPos is the location of UDP checksum
          	UDPChecksumPos = 26
          	// UDPDataPos is the location of UDP data
          	UDPDataPos = 28
          	// UDPBeginPos is the location of UDP Header
          	UDPBeginPos = 20
          	// UDPSynMask is a mask for the UDP Syn flags
          	UDPSynMask = 0x20
          	// UDPSynAckMask  mask idenitifies a UDP SYN-ACK packet
          	UDPSynAckMask = 0x40
          	// UDPAckMask mask that identifies ACK packets.
          	UDPAckMask = 0x60
          	// UDPPacketMask identifies type of UDP packet.
          	UDPPacketMask = 0x60

            UDP related constants.

            View Source
            const (
            	// UDPAuthMarker is 18 byte Aporeto signature for UDP
            	UDPAuthMarker = "n30njxq7bmiwr6dtxq"
            	// UDPAuthMarkerLen is the length of UDP marker.
            	UDPAuthMarkerLen = 18
            	// UDPSignatureLen is the length of signature on UDP control packet.
            	UDPSignatureLen = 20
            	// UDPAuthMarkerOffset is the beginning of UDPAuthMarker
            	UDPAuthMarkerOffset = 30
            	// UDPSignatureEnd is the end of UDPSignature.
            	UDPSignatureEnd = UDPDataPos + UDPSignatureLen
            	// UDPJwtTokenOffset is beginning of Jwt Token.
            	UDPJwtTokenOffset = 48
            View Source
            const (
            	// PacketTypeNetwork is enum for from-network packets
            	PacketTypeNetwork = 0x1000
            	// PacketTypeApplication is enum for from-application packets
            	PacketTypeApplication = 0x2000
            	// PacketStageIncoming is an enum for incoming stage
            	PacketStageIncoming = 0x0100
            	// PacketStageAuth is an enum for authentication stage
            	PacketStageAuth = 0x0200
            	// PacketStageService is an enum for crypto stage
            	PacketStageService = 0x0400
            	// PacketStageOutgoing is an enum for outgoing stage
            	PacketStageOutgoing = 0x0800
            	// PacketFailureCreate is the drop reason for packet
            	PacketFailureCreate = 0x0010
            	// PacketFailureAuth is a drop reason for packet due to authentication error
            	PacketFailureAuth = 0x0020
            	// PacketFailureService is a drop reason for packet due to crypto error
            	PacketFailureService = 0x00040
            View Source
            const (
            	// ipIDPos is location of IP Identifier
            	IPIDPos = 4

              IP Header field position constants

              View Source
              const (
              	// TCPChecksumPos is the location of TCP checksum
              	TCPChecksumPos = 36

                TCP Header field position constants


                View Source
                var (
                	// PacketLogLevel determines if packet logging is turned on
                	PacketLogLevel bool


                func TCPFlagsToStr

                func TCPFlagsToStr(flags uint8) string

                  TCPFlagsToStr converts the TCP Flags to a string value that is human readable


                  type Packet

                  type Packet struct {
                  	// Mark is the nfqueue Mark
                  	Mark string
                  	// Buffers : input/output buffer
                  	Buffer []byte
                  	IPProto       uint8
                  	IPTotalLength uint16
                  	SourceAddress      net.IP
                  	DestinationAddress net.IP
                  	// L4 Header Fields
                  	SourcePort      uint16
                  	DestinationPort uint16
                  	// TCP Specific fields
                  	TCPSeq uint32
                  	TCPAck uint32
                  	TCPFlags    uint8
                  	TCPChecksum uint16
                  	// UDP Specific fields.
                  	UDPChecksum uint16
                  	// Service Metadata
                  	SvcMetadata interface{}
                  	// Connection Metadata
                  	ConnectionMetadata interface{}
                  	// contains filtered or unexported fields

                    Packet is the main structure holding packet information

                    func New

                    func New(context uint64, bytes []byte, mark string, lengthValidate bool) (packet *Packet, err error)

                      New returns a pointer to Packet structure built from the provided bytes buffer which is expected to contain valid TCP/IP packet bytes.

                      func (*Packet) CheckTCPAuthenticationOption

                      func (p *Packet) CheckTCPAuthenticationOption(iOptionLength int) (err error)

                        CheckTCPAuthenticationOption ensures authentication option exists at the offset provided

                        func (*Packet) ConvertAcktoFinAck

                        func (p *Packet) ConvertAcktoFinAck() error

                          ConvertAcktoFinAck function removes the data from the packet It is called only if the packet is Ack or Psh/Ack converts psh/ack to fin/ack packet.

                          func (*Packet) CreateReverseFlowPacket

                          func (p *Packet) CreateReverseFlowPacket(destIP net.IP, destPort uint16)

                            CreateReverseFlowPacket modifies the packet for reverse flow.

                            func (*Packet) DecreaseTCPAck

                            func (p *Packet) DecreaseTCPAck(decr uint32)

                              DecreaseTCPAck decreases TCP ack number by decr

                              func (*Packet) DecreaseTCPSeq

                              func (p *Packet) DecreaseTCPSeq(decr uint32)

                                DecreaseTCPSeq decreases TCP seq number by decr

                                func (*Packet) DropDetachedBytes

                                func (p *Packet) DropDetachedBytes()

                                  DropDetachedBytes removes any bytes that have been detached and stored locally

                                  func (*Packet) DropDetachedDataBytes

                                  func (p *Packet) DropDetachedDataBytes()

                                    DropDetachedDataBytes removes any bytes that have been detached and stored locally

                                    func (*Packet) FixupIPHdrOnDataModify

                                    func (p *Packet) FixupIPHdrOnDataModify(old, new uint16)

                                      FixupIPHdrOnDataModify modifies the IP header fields and checksum

                                      func (*Packet) FixupTCPHdrOnTCPDataAttach

                                      func (p *Packet) FixupTCPHdrOnTCPDataAttach(tcpOptions []byte, tcpData []byte)

                                        FixupTCPHdrOnTCPDataAttach modifies the TCP header fields and checksum

                                        func (*Packet) FixupTCPHdrOnTCPDataDetach

                                        func (p *Packet) FixupTCPHdrOnTCPDataDetach(dataLength uint16, optionLength uint16)

                                          FixupTCPHdrOnTCPDataDetach modifies the TCP header fields and checksum

                                          func (*Packet) GetBytes

                                          func (p *Packet) GetBytes() []byte

                                            GetBytes returns the bytes in the packet. It consolidates in case of changes as well

                                            func (*Packet) GetIPLength

                                            func (p *Packet) GetIPLength() uint16

                                              GetIPLength returns the IP length

                                              func (*Packet) GetTCPData

                                              func (p *Packet) GetTCPData() []byte

                                                GetTCPData returns any additional data in the packet

                                                func (*Packet) GetTCPOptions

                                                func (p *Packet) GetTCPOptions() []byte

                                                  GetTCPOptions returns any additional options in the packet

                                                  func (*Packet) GetUDPData

                                                  func (p *Packet) GetUDPData() []byte

                                                    GetUDPData return additional data in packet

                                                    func (*Packet) GetUDPDataStartBytes

                                                    func (p *Packet) GetUDPDataStartBytes() uint16

                                                      GetUDPDataStartBytes return start of UDP data

                                                      func (*Packet) GetUDPType

                                                      func (p *Packet) GetUDPType() byte

                                                        GetUDPType returns udp type of packet.

                                                        func (*Packet) ID

                                                        func (p *Packet) ID() string

                                                          ID returns the IP ID of the packet

                                                          func (*Packet) IncreaseTCPAck

                                                          func (p *Packet) IncreaseTCPAck(incr uint32)

                                                            IncreaseTCPAck increases TCP ack number by incr

                                                            func (*Packet) IncreaseTCPSeq

                                                            func (p *Packet) IncreaseTCPSeq(incr uint32)

                                                              IncreaseTCPSeq increases TCP seq number by incr

                                                              func (*Packet) IsEmptyTCPPayload

                                                              func (p *Packet) IsEmptyTCPPayload() bool

                                                                IsEmptyTCPPayload returns the TCP data offset

                                                                func (*Packet) L4FlowHash

                                                                func (p *Packet) L4FlowHash() string

                                                                  L4FlowHash calculate a hash string based on the 4-tuple

                                                                  func (*Packet) L4ReverseFlowHash

                                                                  func (p *Packet) L4ReverseFlowHash() string

                                                                    L4ReverseFlowHash calculate a hash string based on the 4-tuple by reversing source and destination information

                                                                    func (*Packet) Print

                                                                    func (p *Packet) Print(context uint64)

                                                                      Print is a print helper function

                                                                      func (*Packet) ReadTCPData

                                                                      func (p *Packet) ReadTCPData() []byte

                                                                        ReadTCPData returns ths payload in a string variable It does not remove the payload from the packet

                                                                        func (*Packet) ReadTCPDataString

                                                                        func (p *Packet) ReadTCPDataString() string

                                                                          ReadTCPDataString returns ths payload in a string variable It does not remove the payload from the packet

                                                                          func (*Packet) ReadUDPToken

                                                                          func (p *Packet) ReadUDPToken() []byte

                                                                            ReadUDPToken returnthe UDP token. Gets called only during the handshake process.

                                                                            func (*Packet) SetTCPData

                                                                            func (p *Packet) SetTCPData(b []byte)

                                                                              SetTCPData returns any additional data in the packet

                                                                              func (*Packet) SetUDPData

                                                                              func (p *Packet) SetUDPData(b []byte)

                                                                                SetUDPData sets additional data in the packet

                                                                                func (*Packet) SourcePortHash

                                                                                func (p *Packet) SourcePortHash(stage uint64) string

                                                                                  SourcePortHash calculates a hash based on dest ip/port for net packet and src ip/port for app packet.

                                                                                  func (*Packet) String

                                                                                  func (p *Packet) String() string

                                                                                    String returns a string representation of fields contained in this packet.

                                                                                    func (*Packet) TCPDataAttach

                                                                                    func (p *Packet) TCPDataAttach(tcpOptions []byte, tcpData []byte) (err error)

                                                                                      TCPDataAttach modifies the TCP and IP header fields and checksum

                                                                                      func (*Packet) TCPDataDetach

                                                                                      func (p *Packet) TCPDataDetach(optionLength uint16) (err error)

                                                                                        TCPDataDetach performs the following:

                                                                                        - Removes all TCP data from Buffer to TCPData.
                                                                                        - Removes "optionLength" bytes of options from TCP header to tcpOptions
                                                                                        - Updates IP Hdr (lengths, checksums)
                                                                                        - Updates TCP header (checksums)

                                                                                        func (*Packet) TCPDataLength

                                                                                        func (p *Packet) TCPDataLength() int

                                                                                          TCPDataLength -- returns the length of tcp options

                                                                                          func (*Packet) TCPDataStartBytes

                                                                                          func (p *Packet) TCPDataStartBytes() uint16

                                                                                            TCPDataStartBytes provides the tcp data start offset in bytes

                                                                                            func (*Packet) TCPOptionLength

                                                                                            func (p *Packet) TCPOptionLength() int

                                                                                              TCPOptionLength returns the length of tcpoptions

                                                                                              func (*Packet) UDPDataAttach

                                                                                              func (p *Packet) UDPDataAttach(udpdata []byte)

                                                                                                UDPDataAttach Attaches UDP data post encryption.

                                                                                                func (*Packet) UDPDataDetach

                                                                                                func (p *Packet) UDPDataDetach()

                                                                                                  UDPDataDetach detaches UDP payload from the Buffer. Called only during Encrypt/Decrypt.

                                                                                                  func (*Packet) UDPTokenAttach

                                                                                                  func (p *Packet) UDPTokenAttach(udpdata []byte, udptoken []byte)

                                                                                                    UDPTokenAttach attached udp packet signature and tokens.

                                                                                                    func (*Packet) UpdateIPChecksum

                                                                                                    func (p *Packet) UpdateIPChecksum()

                                                                                                      UpdateIPChecksum computes the IP header checksum and updates the packet with the value.

                                                                                                      func (*Packet) UpdateTCPChecksum

                                                                                                      func (p *Packet) UpdateTCPChecksum()

                                                                                                        UpdateTCPChecksum computes the TCP header checksum and updates the packet with the value.

                                                                                                        func (*Packet) UpdateUDPChecksum

                                                                                                        func (p *Packet) UpdateUDPChecksum()

                                                                                                          UpdateUDPChecksum updates the UDP checksum field of packet

                                                                                                          func (*Packet) VerifyIPChecksum

                                                                                                          func (p *Packet) VerifyIPChecksum() bool

                                                                                                            VerifyIPChecksum returns true if the IP header checksum is correct for this packet, false otherwise. Note that the checksum is not modified.

                                                                                                            func (*Packet) VerifyTCPChecksum

                                                                                                            func (p *Packet) VerifyTCPChecksum() bool

                                                                                                              VerifyTCPChecksum returns true if the TCP header checksum is correct for this packet, false otherwise. Note that the checksum is not modified.