Documentation
¶
Overview ¶
The pkt package provides access to the packet internals.
Index ¶
Constants ¶
const ( LinkLayer = 0 // Index for OSI Data Link Layer in Pkt.Headers NetworkLayer = 1 // Index for OSI Network Layer in Pkt.Headers TransportLayer = 2 // Index for OSI Transport Layer in Pkt.Headers )
These indices can be used with the []Hdr generated by NewPacket to access common headers.
const ( EtherTypeIPv4 = uint16(0x0800) // Internet Protocol version 4 EtherTypeIPv6 = uint16(0x86DD) // Internet Protocol version 6 EtherTypeARP = uint16(0x0806) // Address Resolution Protocol )
These two-octet constants can be compared with the captured value to indicate which protocol is encapsulated in the payload of an Ethernet Frame.
const ( IpProtoTCP = uint8(0x06) // Transmission Control Protocol (TCP) IpProtoUDP = uint8(0x11) // User Datagram Protocol (UDP) )
These IP protocol numbers are used in the Protocol field of the IPv4 header and the Next Header field of IPv6 header.
const ( TCP_NULL = uint16(0x0000) // No flags set TCP_FIN = uint16(0x0001) // No more data from sender TCP_SYN = uint16(0x0002) // Synchronize sequence numbers TCP_RST = uint16(0x0004) // Reset the connection TCP_PSH = uint16(0x0008) // Push the buffered data TCP_ACK = uint16(0x0010) // Acknowledgment field is significant TCP_URG = uint16(0x0020) // Urgent pointer field is significant TCP_ECE = uint16(0x0040) // ECN-Echo TCP_CWR = uint16(0x0080) // Congestion Window Reduced TCP_NS = uint16(0x0100) // ECN-nonce concealment protection )
TCP flags: use these constants bitwise with the TcpHdr.Flags field to detect the presence of a particular TCP flag.
const BSD_LO_IPV4 = C.AF_INET
const BSD_LO_IPV6 = 24
const ETHERTYPE_IP = C.ETHERTYPE_IP>>8 | C.ETHERTYPE_IP&0xFF<<8
FIXME: we are assuming little endian arch... everywhere
const ETHERTYPE_IPV6 = C.ETHERTYPE_IPV6>>8 | C.ETHERTYPE_IPV6&0xFF<<8
const FBSD_LO_IPV6 = 28
const IPV6_HEADER_LEN = 40 // fixed, unlike IPv4's
const OSX_LO_IPV6 = 30
Variables ¶
This section is empty.
Functions ¶
func NewPacketAllocless ¶
func NewPacketAllocless(pkthdr_ptr unsafe.Pointer, buf_ptr unsafe.Pointer, datalinkType int32, packet *TcpPacket) bool
NewPacketAllocless takes a libpcap buffer and extracts a TCP/IPv{4,6} packet into an existing TcpPacket. Payload isn't copied, it's mapped, use func Clone()/Save() to get a non-volatile copy. Returns false if error.
Types ¶
type EthHdr ¶
type EthHdr struct {
SrcAddr net.HardwareAddr // the sender's MAC address
DstAddr net.HardwareAddr // the receiver's MAC address
EtherType uint16 // packet type ID field
// contains filtered or unexported fields
}
The EthHdr struct is a wrapper for the ether_header struct in <net/ethernet.h>.
func NewEthHdr ¶
With an unsafe.Pointer to the block of C memory NewEthHdr returns a filled in EthHdr struct.
func (*EthHdr) CsvElement ¶
CsvElement returns a CSV encoding of the EthHdr struct. The string "ETH" signifies the beginning of the EthHdr.
func (*EthHdr) JsonElement ¶
JsonElement returns a JSON encoding of the EthHdr struct.
type HttpHdr ¶
type HttpHdr struct {
Proto string // e.g. "HTTP/1.0"
Method string // GET, POST, PUT, etc.
RequestURI string // The unmodified Request-URI
StatusCode int64 // e.g. 200
Status string // e.g. "OK"
}
The point of a HttpHdr is to ease the mapping of application level logs to pcap traces. Capturing the actual HTTP headers has not been implemented to keep this fast.
Since HTTP requests and responses can span multiple packets this is not perfect and as such your millage may vary.
func NewHttpHdr ¶
Given the payload of a transport layer packet NewHttpHdr will return a *HttpHdr struct is the bytes contain a valid HTTP header, or nil otherwise.
func (*HttpHdr) CsvElement ¶
CsvElement returns a CSV encoding of the HttpHdr struct. The string "HTTP_REQ" signifies the beginning of the HttpHdr generated on a HTTP request. The string "HTTP_RESP" signifies the beginning of the HttpHdr generated by a HTTP response.
func (*HttpHdr) JsonElement ¶
JsonElement returns a JSON encoding of the HttpHdr struct.
type InetProtoHdr ¶
The InetProtoHdr interface allows us to deal with IPv4 and IPv6 headers in aggregate.
type Ip6Hdr ¶
type Ip6Hdr struct {
SrcAddr net.IP // the sender's ip6 address
DstAddr net.IP // the receiver's ipv6 address
NextHeader uint8 // next header
PayloadLen uint16 // payload length
// contains filtered or unexported fields
}
The Ip6Hdr struct is a wrapper for the ip6_hdrstruct in <netinet/ip6.h>.
func NewIp6Hdr ¶
With an unsafe.Pointer to the block of C memory NewIp6Hdr returns a filled in Ip6Hdr struct.
func (*Ip6Hdr) CsvElement ¶
CsvElement returns a CSV encoding of the Ip6Hdr struct. The string "IP6" signifies the beginning of the Ip6Hdr.
func (*Ip6Hdr) JsonElement ¶
JsonElement returns a JSON encoding of the Ip6Hdr struct.
type IpHdr ¶
type IpHdr struct {
Ihl uint8 // header length (32bit words)
Version uint8 // version
SrcAddr net.IP // source address
DstAddr net.IP // dest address
Protocol uint8 // protocol
TotLen uint16 // total length (bytes)
PayloadLen uint16 // payload length (bytes)
// contains filtered or unexported fields
}
The IpHdr struct is a wrapper for the iphdr struct in <netinet/ip.h>.
func NewIpHdr ¶
With an unsafe.Pointer to the block of C memory NewIpHdr returns a filled in IpHdr struct.
func (*IpHdr) CsvElement ¶
CsvElement returns a CSV encoding of the IpHdr struct. The string "IP4" signifies the beginning of the IpHdr.
func (*IpHdr) JsonElement ¶
JsonElement returns a JSON encoding of the IpHdr struct.
type Packet ¶
type Packet struct {
Time time.Time // time stamp from the nic
Caplen uint32 // length of portion present
Len uint32 // length this packet (off wire)
Headers []Hdr // Go wrappers for C pkt headers
// contains filtered or unexported fields
}
The Packet struct is a wrapper for the pcap_pkthdr struct in <pcap.h>.
func NewPacket ¶
NewPacket returns a parsed and decoded Packet. pkthdr_ptr should be a *C.struct_pcap_pkthdr buf_ptr should be a *C.u_char
func (*Packet) CsvString ¶
CsvString returns a CSV encoding of the Packet struct. Each header type has a unique string that marks the beginning of the CSV fields for that particular header.
func (*Packet) JsonString ¶
JsonString returns a JSON encoding of the Packet struct.
type TcpHdr ¶
type TcpHdr struct {
Source uint16 // source port
Dest uint16 // destination port
Seq uint32 // sequence number
AckSeq uint32 // acknowledgement number
Doff uint8 // The length of the TCP header (data offset) in 32 bit words.
Flags uint16 // TCP flags per RFC 793, September, 1981
Window uint16 // window advertisement
Check uint16 // checksum
UrgPtr uint16 // urgent pointer
// contains filtered or unexported fields
}
The TcpHdr struct is a wrapper for the tcphdr struct in <netinet/tcp.h>.
func NewTcpHdr ¶
With an unsafe.Pointer to the block of C memory NewTcpHdr returns a filled in TcpHdr struct.
func (*TcpHdr) CsvElement ¶
CsvElement returns a CSV encoding of the TcpHdr struct. The string "TCP" signifies the beginning of the TcpHdr.
func (*TcpHdr) GetPayloadBytes ¶
GetPayloadBytes returns the bytes from the packet's payload. This is a Go slice backed by the C bytes. The result is that the Go slice uses very little extra memory.
func (*TcpHdr) JsonElement ¶
JsonElement returns a JSON encoding of the TcpHdr struct.
func (*TcpHdr) PayloadLen ¶
PayloadLen returns the length of the TCP packet's payload in bytes.
type TcpPacket ¶
type TcpPacket struct {
DstAddr0 uint32 // IPv4 uses only this one, others are 0
DstAddr1 uint32
DstAddr2 uint32
DstAddr3 uint32
SrcAddr0 uint32 // IPv4 uses only this one, others are 0
SrcAddr1 uint32
SrcAddr2 uint32
SrcAddr3 uint32
AckSeq uint32
Seq uint32
Source uint16
Dest uint16
Flags uint16
Payload []byte
Timestamp time.Time
IsRequest bool
Saved bool
}
func NewPacket2 ¶
NewPacket2 takes a libpcap buffer and extracts a TCP/IPv{4,6} packet into a new TcpPacket without creating additional data in the heap. If the recipient of this packet needs to keep it after returning to sniffer, it should call func Save() so the packet's payload becomes private instead of mapped into sniffer's buffers. Returns TcpPacket or nil if error.
type UdpHdr ¶
type UdpHdr struct {
Source uint16 // source port
Dest uint16 // destination port
Len uint16 // datagram length (header + payload) in bytes
Check uint16 // checksum
// contains filtered or unexported fields
}
The UdpHdr struct is a wrapper for the udphdr struct in <netinet/udp.h>.
func NewUdpHdr ¶
With an unsafe.Pointer to the block of C memory NewUdpHdr returns a filled in UdpHdr struct.
func (*UdpHdr) CsvElement ¶
CsvElement returns a CSV encoding of the UdpHdr struct. The string "UDP" signifies the beginning of the UdpHdr.
func (*UdpHdr) GetPayloadBytes ¶
GetPayloadBytes returns the bytes from the packet's payload. This is a Go slice backed by the C bytes. The result is that the Go slice uses very little extra memory.
func (*UdpHdr) JsonElement ¶
JsonElement returns a JSON encoding of the UdpHdr struct.
func (*UdpHdr) PayloadLen ¶
PayloadLen returns the length of the UDP packet's payload in bytes.
Source Files