packet

package module
v0.0.0-...-88cdd03 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 17, 2023 License: MIT Imports: 31 Imported by: 0

README

packet

Implements layer 2, IPv4, IPv6, UDP, TCP and application level packet processing.

The motivation for this package is to enable fast, memory efficient parsing of network packets and tracking of LAN hosts. The package automatically track host IPs on the LAN and notifies when the IP is online offline.

Features

  • session: fast parsing of network packets without allocation
  • session: auto tracking of LAN hosts and host IP changes
  • session: notification of host online and offline
  • naming: host naming via various protocols dhcp, mdns, ssdp, nbns,
  • arp: module to spoof arp mac table
  • dhcp: module to spoof DHCP4 traffic on LAN
  • icmp6: module to spoof Local Link Address via Neigbour Discovery
  • fastlog: a custom log package to log network protocols

Fast parsing

The package is designed to operate in low power CPUs (i.e. ARM) and with limited memory. It uses memory mapped slices to provide direct access to protocol fields without copying to a new structure. This technique provides fast access to fields with zero allocation and the compiler inlines most protocol field functions to a memory reference.

Use Session to capture raw network packets

Session provides easy access to read raw packets from the wire. Session automatically places the nic in promiscuous mode so we receive all packets hiting the network card including packets sent by us.

	s, err := packet.NewSession("eth0")
	if err != nil {
		fmt.Printf("conn error: %s", err)
		return
	}
	defer s.Close()

	buffer := make([]byte, packet.EthMaxSize)
	for {
		n, _, err := s.ReadFrom(buffer)
		if err != nil {
			fmt.Println("error reading packet", err)
			return
		}
        // process packet...
    }

Use Parse() to map a raw packet into protocol types

Parse() provides a memory mapping of protocols to slices without copying or allocation. Given a network packet b that contains a udp frame inside an ip4 and ethernet frame, you can access all protocol fields after calling Parse(). Parse returns a Frame structure with accessor for all interesting bits.

  n, _, _ := s.ReadFrom(b)          // read network packet
  frame, err := session.Parse(b[:n]) // fast parse and set references
  ether := frame.Ether()            // memory mapped slice to access ether fields; return nil if not valid ethernet
  ip := frame.IP4()                 // memory mapped slice to access ipv4 fields; return nil if it does not contain IP4
  udp := frame.UDP()                // memory mapped slice to access udp fields; return nil if it does not contain UDP
  payload := frame.Payload()        // memory mapped slice to access payload

  fmt.Println("ether", ether.Src(), ether.Dst())
  fmt.Println("ip4", ip.Src(), ip.Dst())
  fmt.Println("udp", udp.SrcPort(), udp.DstPort())
  fmt.Printf("payloadID=%s payload=[%x]\n", frame.PayloadID, payload)

Payload identification

Frame contains a payload ID that identifies the last payload in the packet. In most cases, this will be the application protocol ID. For example, if the packet is a udp DHCP4 packet, PayloadID will return PayloadDHCP4 and Payload() will return a slice to the DHCP4 packet.

    frame, err := s.Parse(b[:n])
    // if err

    switch frame.PayloadID {
    case packet.PayloadARP: 
        // Process arp packets
    case packet.PayloadDHCP4: 
        // Process DHCPv4 packets
    }

IPv4 and IPv6 parsing

Working with IPv4, IPv6, UDP frames is fairly straight forward. For example:

  frame, err := packet.Parse(b[:n])
  if err != nil { panic(err)}
  
  // if you are only interested in mac and ip (either v4 or v6), 
  // frame.Src() and frame.Dst() are convenient structures to get this data.
  fmt.Println("srcAddr", frame.Src().MAC, frame.Src().IP) // will print source mac and ip
  fmt.Println("dstAddr", frame.Dst().MAC, frame.Dst().IP) // will print source mac and ip

  // if you are interested in the IPv4 fields
  if p := frame.IP4(); p != nil {
    // access ipv4 fields
    fmt.Println("version", p.Version(), "src", p.Src(), "dst", p.Dst(),"proto", p.Protocol(), "ttl", p.TTL())
  }

  // if you are intereste in the IPv6 fields
  if p := frame.IP6(); p != nil {
    fmt.Println("version", p.Version(), "src", p.Src(), "dst", p.Dst(),"nextHeader", p.NextHeader(), "hopLimit", p.HopLimit())
  }

  // if you are interested in UDP fields
  if p := frame.UDP(); p != nil {
    fmt.Println(p)
  }

Session provides notifications for Host online and offline

Session tracks when a host changes to online or offline and sends notifications via a go channel. The first time an IP is detected or when an existing host changes IP, Session sends an online notification via the notification channel. Similarly, if an IP is not seen on the network for 5 minutes or more, Session sends an offline notification via the notification channel.

s, err := packet.NewSession(*nic)
go func() {
    for {
        notification := <-s.C
        switch notification.Online {
        case true:
            fmt.Printf("is online: %s\n", notification)
        default:
            fmt.Printf("is offline: %s\n", notification)
        }
        s.PrintTable()
    }
}()

for {
    n, _, err := s.ReadFrom(buffer)
    if err != nil { panic(err) }

    frame, err := s.Parse(buffer[:n])
    // work on the packet...
}

arp spoofing

The package contains an arp_spoofer handler that can spoof the arp table on a target host. The handler will send poisoned arp packets continously to keep the arp cache pointing to us. See example arp_spoofer application.

If you like to spoof all hosts on a network, use the notification handler to start and stop the arp hunt for each host.

s, err := packet.NewSession(*nic)
defer s.Close()
arpSpoofer, err = arp.New(s)
defer arpSpoofer.Close()

go func() {
		for {
			notification := <-s.C
			switch notification.Online {
			case true:
				fmt.Printf("is online: %s\n", notification)
				arpSpoofer.StartHunt(notification.Addr)
			default:
				fmt.Printf("is offline: %s\n", notification)
				arpSpoofer.StopHunt(notification.Addr)
			}
			s.PrintTable()
		}
	}()
	
// In your main packet processing loop, call the s.Notify() function as the last action in the loop.
// See example here: https://github.com/deeGraYve/packet/tree/main/examples/hosts

IPv6 icmp spoofing

The package contains an icmpv6_spoofer handler that can spoof the neighgor discovery protocol on a target host making all IPv6 traffic redirect to us. The handler will send poisoned icmpv6 packets continously to keep the ndp cache pointing to us.

See example application below.

DHCP4 server and spoofing

need notes refer to example dhcp server.

DNS naming

The package includes a dns_naming handler that creates a map of names to a mac address to simplify host identification.

Examples

arp spoofer
dhcpd
dnslistener
hosts
tcpdump

Credits

Thanks to the following individuals for making their outstanding source code available to all to learn and re-use.

Many other packages contributed ideas or "code reuse" and references to these are mentioned in the source code.

Documentation

Index

Constants

View Source 
const (
	ARPOperationRequest = 1
	ARPOperationReply   = 2
)

ARP Operation types

View Source 
const (
	DHCP4ServerPort = 67
	DHCP4ClientPort = 68
)

DHCP4 port numbers

View Source 
const (
	EthType8021AD = 0x88a8 // VLAN 802.1ad

	// Maximum ethernet II frame size is 1518 = 14 header + 1500 data + 8 802.ad (2x802.1Q tags)
	// see: https://en.wikipedia.org/wiki/Ethernet_frame#Ethernet_II
	EthMaxSize = 14 + 1500 + 8

	// Length of a link-layer address for Ethernet networks.
	EthAddrLen   = 6
	EthHeaderLen = 14
)
View Source 
const (
	ICMP4TypeEchoReply   = 0   // Echo Request
	ICMP4TypeEchoRequest = 8   // Echo Reply
	ICMP6TypeEchoRequest = 128 // Echo Request
	ICMP6TypeEchoReply   = 129 // Echo Reply
)
View Source 
const (
	Version      = 4  // protocol version
	HeaderLen    = 20 // header length without extension headers
	UDPHeaderLen = 8
)
View Source 
const (
	DefaultProbeDeadline   = time.Minute * 2  // probe IP every two minutes
	DefaultOfflineDeadline = time.Minute * 5  // set offline if not IP not seen for this long
	DefaultPurgeDeadline   = time.Minute * 61 // purge from table if not seen for this long
)

Default dealines

View Source 
const ARPLen = 8 + 2*6 + 2*4

ARPLen length is header + 2 * MACs + 2 IPs in theory MAC and IP len can vary

View Source 
const (
	IP6HeaderLen = 40 // IP6 header len
)
View Source 
const Infinity = time.Duration(0xffffffff) * time.Second

Infinity indicates that a prefix is valid for an infinite amount of time, unless a new, finite, value is received in a subsequent router advertisement.

Variables

View Source 
var (
	EthernetBroadcast = net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
	EthernetZero      = net.HardwareAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
)

ARP global variables

View Source 
var (
	Logger = fastlog.New(module)

	IPv4bcast = netip.MustParseAddr("255.255.255.255") // limited broadcast
	IPv4zero  = netip.MustParseAddr("0.0.0.0")
	IPv6zero  = netip.MustParseAddr("::")

	IP4Broadcast     = netip.MustParseAddr("255.255.255.255")
	IP4BroadcastAddr = Addr{MAC: EthBroadcast, IP: IP4Broadcast}

	EthBroadcast          = net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
	IP4AllNodesMulticast  = netip.MustParseAddr("224.0.0.1")
	Eth4AllNodesMulticast = net.HardwareAddr{0x01, 0x00, 0x5e, 0, 0, 0x01} // Ethernet multicast 01-00-5E plus low-order 23-bits of the IP address.
	IP4AllNodesAddr       = Addr{MAC: Eth4AllNodesMulticast, IP: IP4AllNodesMulticast}

	IP4AllRoutersMulticast = netip.MustParseAddr("224.0.0.2")
	Eth4RoutersMulticast   = net.HardwareAddr{0x01, 0x00, 0x5e, 0, 0, 0x02}

	Eth6AllNodesMulticast = net.HardwareAddr{0x33, 0x33, 0, 0, 0, 0x01}
	IP6AllNodesMulticast  = netip.AddrFrom16([16]byte{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
	IP6AllNodesAddr       = Addr{MAC: Eth6AllNodesMulticast, IP: IP6AllNodesMulticast}

	Eth6AllRoutersMulticast = net.HardwareAddr{0x33, 0x33, 0, 0, 0, 0x02}
	IP6AllRoutersMulticast  = netip.AddrFrom16([16]byte{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
	IP6AllRoutersAddr       = Addr{MAC: Eth6AllRoutersMulticast, IP: IP6AllRoutersMulticast}

	IP6DefaultRouter = netip.AddrFrom16([16]byte{0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
)

Global variables

View Source 
var (
	ErrInvalidLen    = errors.New("invalid len")
	ErrPayloadTooBig = errors.New("payload too big")
	ErrParseFrame    = errors.New("failed to parse frame")
	ErrParseProtocol = errors.New("invalid protocol")
	ErrFrameLen      = errors.New("invalid frame length")
	ErrInvalidConn   = errors.New("invalid connection")
	ErrInvalidIP     = errors.New("invalid ip")
	ErrInvalidMAC    = errors.New("invalid mac")
	ErrInvalidIP6LLA = errors.New("invalid ip6 lla")
	ErrNotFound      = errors.New("not found")
	ErrTimeout       = errors.New("timeout")
	ErrNotRedirected = errors.New("not redirected")
	ErrIsRouter      = errors.New("host is router")
	ErrNoReader      = errors.New("no reader")
	ErrInvalidParam  = errors.New("invalid parameter")
	ErrMulticastMAC  = errors.New("mac is multicast")
	ErrHandlerClosed = errors.New("handler is closed")
)

Sentinel errors

View Source 
var (
	DNSv4CloudFlare1       = netip.MustParseAddr("1.1.1.2") // block malware
	DNSv6Cloudflare1       = netip.AddrFrom16([16]byte{0x26, 0x06, 0x47, 0x00, 0x47, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0x11, 0x11})
	DNSv4CloudFlare2       = netip.MustParseAddr("1.0.0.2") // block malware
	DNSv6Cloudflare2       = netip.AddrFrom16([16]byte{0x26, 0x06, 0x47, 0x00, 0x47, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0x10, 0x01})
	DNSv4CloudFlareFamily1 = netip.MustParseAddr("1.1.1.3") // block malware and adult sites
	DNSv4CloudFlareFamily2 = netip.MustParseAddr("1.0.0.3") // block malware and adult sites

	// OpenDNS
	OpenDNS1 = netip.MustParseAddr("208.67.222.123")
	OpenDNS2 = netip.MustParseAddr("208.67.220.123")
)

CLoudFlare family https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families

View Source 
var EtherBufferPool = sync.Pool{New: func() interface{} { return new([EthMaxSize]byte) }}

EtherBufferPool implemts a simple buffer pool for Ethernet packets

Functions

func Checksum 

func Checksum(b []byte) uint16

Checksum calculate IP4, ICMP6 checksum In network format already

func CopyBytes 

func CopyBytes(b []byte) []byte

CopyBytes simply copies a mac address to a new buffer with the same len

func CopyIP 

func CopyIP(srcIP net.IP) net.IP

CopyIP simply copies the IP to a new buffer Always return len 16 - using go internal 16 bytes for ipv4

func CopyMAC 

func CopyMAC(srcMAC net.HardwareAddr) net.HardwareAddr

CopyMAC simply copies a mac address to a new buffer with the same len

func Dial 

func Dial(ifi *net.Interface) (*packetConn, error)

Dial creates a net.PacketConn which can be used to send and receive data at the device driver level.

func EnableIP4Forwarding 

func EnableIP4Forwarding(nic string) error

func ExecPing 

func ExecPing(ip string) (err error)

ExecPing execute /usr/bin/ping

This is usefull when engine is not yet running and you need to populate the local arp/ndp cache If passing an IPv6 LLA, then must pass the scope as in "fe80::1%eth0"

func FindManufacturer 

func FindManufacturer(mac net.HardwareAddr) (name string)

FindManufacturer locates the manufacturer name using the first 24bits of the mac address.

func GetLinuxDefaultGateway 

func GetLinuxDefaultGateway() (gw netip.Addr, err error)

GetLinuxDefaultGateway read the default gateway from linux route file

file: /proc/net/route file: 

Iface   Destination Gateway     Flags   RefCnt  Use Metric  Mask
eth0    00000000    C900A8C0    0003    0   0   100 00000000    0   00
eth0    0000A8C0    00000000    0001    0   0   100 00FFFFFF    0   00

func ICMP6NeighborAdvertisementMarshal 

func ICMP6NeighborAdvertisementMarshal(router bool, solicited bool, override bool, targetAddr Addr) []byte

func ICMP6NeighborSolicitationMarshal 

func ICMP6NeighborSolicitationMarshal(targetAddr netip.Addr, sourceLLA net.HardwareAddr) ([]byte, error)

func IPv6NewLLA 

func IPv6NewLLA(mac net.HardwareAddr) net.IP

IPv6NewLLA produce a local link layer address with an EUI-64 value for mac. Reference: https://packetlife.net/blog/2008/aug/4/eui-64-ipv6/.

func IPv6NewULA 

func IPv6NewULA(mac net.HardwareAddr, subnet uint16) (*net.IPNet, error)

IPv6NewULA create a universal local address Usefule to create a IPv6 prefix when there is no global IPv6 routing

func IsUnicastMAC 

func IsUnicastMAC(mac net.HardwareAddr) bool

IsUnicastMAC return true if the mac address is unicast

Bit 0 in the first octet is reserved for broadcast or multicast traffic. When we have unicast traffic this bit will be set to 0. For broadcast or multicast traffic this bit will be set to 1.

func LinuxConfigureInterface 

func LinuxConfigureInterface(nic string, hostIP netip.Prefix, newIP netip.Prefix, gw netip.Prefix) error

func NewServerConn 

func NewServerConn(ifi *net.Interface, proto uint16, cfg SocketConfig) (*packetConn, error)

NewServerConn creates a net.PacketConn which can be used to send and receive data at the device driver level.

func OptionsLeaseTime 

func OptionsLeaseTime(d time.Duration) []byte

optionsLeaseTime - converts a time.Duration to a 4 byte slice, compatible with OptionIPAddressLeaseTime.

func Process8023Frame 

func Process8023Frame(frame Frame, pos int) (int, int, error)

process8023Frame handle general layer 2 packets in Ethernet 802.3 format.

see https://macaddress.io/faq/how-to-recognise-an-ieee-802-1x-mac-address-application see https://networkengineering.stackexchange.com/questions/64757/unknown-ethertype see https://www.mit.edu/~map/Ethernet/multicast.html

func ServerIsReacheable 

func ServerIsReacheable(ctx context.Context, serverIP net.IP) (err error)

ServerIsReacheable attemps to resolve "google.com" using the serverIP. It return nil if okay or error if server is unreachable.

func SrcMAC 

func SrcMAC(b []byte) net.HardwareAddr

SrcMAC returns the src mac address from an ethernet packet. This is convenience function with just length validation.

func TestNewBufferedConn 

func TestNewBufferedConn() (a *bufferedPacketConn, b *bufferedPacketConn)

TestNewBufferedConn create a mem conn for testing

func TestReadAndDiscardLoop 

func TestReadAndDiscardLoop(conn net.PacketConn) error

TestReadAndDiscardLoop is a helper function to cleanup buffer

Types

type ARP 

type ARP []byte

ARP provides access to ARP fields without copying the structure.

func EncodeARP 

func EncodeARP(b []byte, operation uint16, srcAddr Addr, dstAddr Addr) ARP

EncodeARP creates a wire ARP frame ready for transmission see format: https://en.wikipedia.org/wiki/Address_Resolution_Protocol

func (ARP) DstIP 

func (b ARP) DstIP() netip.Addr

func (ARP) DstMAC 

func (b ARP) DstMAC() net.HardwareAddr

func (ARP) FastLog 

func (b ARP) FastLog(line *fastlog.Line) *fastlog.Line

func (ARP) HLen 

func (b ARP) HLen() uint8

func (ARP) HType 

func (b ARP) HType() uint16

func (ARP) IsValid 

func (b ARP) IsValid() error

func (ARP) Operation 

func (b ARP) Operation() uint16

func (ARP) PLen 

func (b ARP) PLen() uint8

func (ARP) Proto 

func (b ARP) Proto() uint16

func (ARP) SrcIP 

func (b ARP) SrcIP() netip.Addr

func (ARP) SrcMAC 

func (b ARP) SrcMAC() net.HardwareAddr

func (ARP) String 

func (b ARP) String() string

type Addr 

type Addr struct {
	MAC  net.HardwareAddr
	IP   netip.Addr
	Port uint16
}

Addr is a common type to hold the IP and MAC pair

func GetIP4DefaultGatewayAddr 

func GetIP4DefaultGatewayAddr(nic string) (addr Addr, err error)

GetIP4DefaultGatewayAddr return the IP4 default gatewy for nic

func IPv6SolicitedNode 

func IPv6SolicitedNode(lla netip.Addr) Addr

func LoadLinuxARPTable 

func LoadLinuxARPTable(nic string) (list []Addr, err error)

LoadLinuxARPTable read arp entries from linux proc file

/proc/net/arp format: 

IP address       HW type     Flags       HW address            Mask     Device
192.168.0.1      0x1         0x2         20:0c:c8:23:f7:1a     *        eth0
192.168.0.4      0x1         0x2         4c:bb:58:f4:b2:d7     *        eth0
192.168.0.5      0x1         0x2         84:b1:53:ea:1f:40     *        eth0

func (Addr) FastLog 

func (a Addr) FastLog(l *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface.

func (Addr) Network 

func (a Addr) Network() string

Network returns the address's network name, "raw".

func (Addr) String 

func (a Addr) String() string

String returns the address's hardware address.

type AddrList 

type AddrList struct {
	// contains filtered or unexported fields
}

AddrList manages a goroutine safe set for adding and removing mac addresses

func (*AddrList) Add 

func (s *AddrList) Add(addr Addr) error

Add adds a mac to set

func (*AddrList) Del 

func (s *AddrList) Del(addr Addr) error

Del deletes the mac from set

func (*AddrList) Index 

func (s *AddrList) Index(mac net.HardwareAddr) int

Index returns -1 if mac is not found; otherwise returns the position in set

func (*AddrList) Len 

func (s *AddrList) Len() int

type Config 

type Config struct {
	Conn            net.PacketConn // override underlying connection - useful for testing
	NICInfo         *NICInfo       // override nic information - set to non nil to create a test Handler
	ProbeDeadline   time.Duration  // override probe deadline
	OfflineDeadline time.Duration  // override offline deadline
	PurgeDeadline   time.Duration  // override purge deadline
}

Config contains configurable parameters that overide package defaults

func (Config) NewSession 

func (config Config) NewSession(nic string) (session *Session, err error)

NewSession accepts a configuration structure and returns a session to read and write raw packets from the network interface card.

type DHCP4 

type DHCP4 []byte

DHCP4 represents a dhcp version 4 packet.

func EncodeDHCP4 

func EncodeDHCP4(b []byte, opcode DHCP4OpCode, mt DHCP4MessageType, chaddr net.HardwareAddr, ciaddr netip.Addr, yiaddr netip.Addr, xid []byte, broadcast bool, options DHCP4Options, order []byte) DHCP4

EncodeDHCP4 returns the underlying slice as a DHCP4 frame. The returned slice is adjusted to the length of the DHCP frame. When replying to a DHCP request, you can pass nil to chaddr, ciaddr, yiadd, and xid to keep the underlying values.

func (DHCP4) AppendOptions 

func (p DHCP4) AppendOptions(options DHCP4Options, order []byte) int

func (DHCP4) Broadcast 

func (p DHCP4) Broadcast() bool

func (DHCP4) CHAddr 

func (p DHCP4) CHAddr() net.HardwareAddr

func (DHCP4) CIAddr 

func (p DHCP4) CIAddr() netip.Addr

func (DHCP4) Cookie 

func (p DHCP4) Cookie() []byte

func (DHCP4) FastLog 

func (p DHCP4) FastLog(line *fastlog.Line) *fastlog.Line

func (DHCP4) File 

func (p DHCP4) File() []byte

func (DHCP4) Flags 

func (p DHCP4) Flags() uint16

func (DHCP4) GIAddr 

func (p DHCP4) GIAddr() netip.Addr

func (DHCP4) HLen 

func (p DHCP4) HLen() byte

func (DHCP4) HType 

func (p DHCP4) HType() byte

func (DHCP4) Hops 

func (p DHCP4) Hops() byte

func (DHCP4) IsValid 

func (p DHCP4) IsValid() error

func (DHCP4) OpCode 

func (p DHCP4) OpCode() DHCP4OpCode

DHCPv4 frame format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | op (1) | htype (1) | hlen (1) | hops (1) | +---------------+---------------+---------------+---------------+ | xid (4) | +-------------------------------+-------------------------------+ | secs (2) | flags (2) | +-------------------------------+-------------------------------+ | ciaddr (4) | +---------------------------------------------------------------+ | yiaddr (4) | +---------------------------------------------------------------+ | siaddr (4) | +---------------------------------------------------------------+ | giaddr (4) | +---------------------------------------------------------------+ | | | chaddr (16) | | | | | +---------------------------------------------------------------+ | | | sname (64) | +---------------------------------------------------------------+ | | | file (128) | +---------------------------------------------------------------+ |cookie(4bytes) | | options (variable) | +---------------------------------------------------------------+

func (DHCP4) Options 

func (p DHCP4) Options() []byte

func (DHCP4) ParseOptions 

func (p DHCP4) ParseOptions() DHCP4Options

Parses the packet's options into an Options map Caution: we return slices to the underlying byte array

func (DHCP4) SIAddr 

func (p DHCP4) SIAddr() netip.Addr

func (DHCP4) SName 

func (p DHCP4) SName() []byte

func (DHCP4) Secs 

func (p DHCP4) Secs() uint16

func (DHCP4) SetBroadcast 

func (p DHCP4) SetBroadcast(broadcast bool)

func (DHCP4) SetCHAddr 

func (p DHCP4) SetCHAddr(a net.HardwareAddr)

func (DHCP4) SetCIAddr 

func (p DHCP4) SetCIAddr(ip netip.Addr)

func (DHCP4) SetCookie 

func (p DHCP4) SetCookie(cookie []byte)

func (DHCP4) SetFile 

func (p DHCP4) SetFile(file []byte)

BOOTP legacy

func (DHCP4) SetFlags 

func (p DHCP4) SetFlags(flags uint16)

func (DHCP4) SetGIAddr 

func (p DHCP4) SetGIAddr(ip netip.Addr)

func (DHCP4) SetHLen 

func (p DHCP4) SetHLen(hLen byte)

func (DHCP4) SetHType 

func (p DHCP4) SetHType(hType byte)

func (DHCP4) SetHops 

func (p DHCP4) SetHops(hops byte)

func (DHCP4) SetOpCode 

func (p DHCP4) SetOpCode(c DHCP4OpCode)

func (DHCP4) SetSIAddr 

func (p DHCP4) SetSIAddr(ip netip.Addr)

func (DHCP4) SetSName 

func (p DHCP4) SetSName(sName []byte)

BOOTP legacy

func (DHCP4) SetSecs 

func (p DHCP4) SetSecs(secs uint16)

func (DHCP4) SetXId 

func (p DHCP4) SetXId(xId []byte)

func (DHCP4) SetYIAddr 

func (p DHCP4) SetYIAddr(ip netip.Addr)

func (DHCP4) String 

func (p DHCP4) String() string

func (DHCP4) XId 

func (p DHCP4) XId() []byte

func (DHCP4) YIAddr 

func (p DHCP4) YIAddr() netip.Addr

type DHCP4MessageType 

type DHCP4MessageType byte
const (
	DHCP4Discover DHCP4MessageType = 1
	DHCP4Offer    DHCP4MessageType = 2
	DHCP4Request  DHCP4MessageType = 3
	DHCP4Decline  DHCP4MessageType = 4
	DHCP4ACK      DHCP4MessageType = 5
	DHCP4NAK      DHCP4MessageType = 6
	DHCP4Release  DHCP4MessageType = 7
	DHCP4Inform   DHCP4MessageType = 8
)

DHCP Message Type 53

type DHCP4OpCode 

type DHCP4OpCode byte
const (
	DHCP4BootRequest DHCP4OpCode = 1 // From Client
	DHCP4BootReply   DHCP4OpCode = 2 // From Server
)

OpCodes

type DHCP4OptionCode 

type DHCP4OptionCode byte
const (
	DHCP4End                                      DHCP4OptionCode = 255
	DHCP4Pad                                      DHCP4OptionCode = 0
	DHCP4OptionSubnetMask                         DHCP4OptionCode = 1
	DHCP4OptionTimeOffset                         DHCP4OptionCode = 2
	DHCP4OptionRouter                             DHCP4OptionCode = 3
	DHCP4OptionTimeServer                         DHCP4OptionCode = 4
	DHCP4OptionNameServer                         DHCP4OptionCode = 5
	DHCP4OptionDomainNameServer                   DHCP4OptionCode = 6
	DHCP4OptionLogServer                          DHCP4OptionCode = 7
	DHCP4OptionCookieServer                       DHCP4OptionCode = 8
	DHCP4OptionLPRServer                          DHCP4OptionCode = 9
	DHCP4OptionImpressServer                      DHCP4OptionCode = 10
	DHCP4OptionResourceLocationServer             DHCP4OptionCode = 11
	DHCP4OptionHostName                           DHCP4OptionCode = 12
	DHCP4OptionBootFileSize                       DHCP4OptionCode = 13
	DHCP4OptionMeritDumpFile                      DHCP4OptionCode = 14
	DHCP4OptionDomainName                         DHCP4OptionCode = 15
	DHCP4OptionSwapServer                         DHCP4OptionCode = 16
	DHCP4OptionRootPath                           DHCP4OptionCode = 17
	DHCP4OptionExtensionsPath                     DHCP4OptionCode = 18
	DHCP4OptionIPForwardingEnableDisable          DHCP4OptionCode = 19 // IP Layer Parameters per Host
	DHCP4OptionNonLocalSourceRoutingEnableDisable DHCP4OptionCode = 20
	DHCP4OptionPolicyFilter                       DHCP4OptionCode = 21
	DHCP4OptionMaximumDatagramReassemblySize      DHCP4OptionCode = 22
	DHCP4OptionDefaultIPTimeToLive                DHCP4OptionCode = 23
	DHCP4OptionPathMTUAgingTimeout                DHCP4OptionCode = 24
	DHCP4OptionPathMTUPlateauTable                DHCP4OptionCode = 25
	DHCP4OptionInterfaceMTU                       DHCP4OptionCode = 26 // IP Layer Parameters per Interface
	DHCP4OptionAllSubnetsAreLocal                 DHCP4OptionCode = 27
	DHCP4OptionBroadcastAddress                   DHCP4OptionCode = 28
	DHCP4OptionPerformMaskDiscovery               DHCP4OptionCode = 29
	DHCP4OptionMaskSupplier                       DHCP4OptionCode = 30
	DHCP4OptionPerformRouterDiscovery             DHCP4OptionCode = 31
	DHCP4OptionRouterSolicitationAddress          DHCP4OptionCode = 32
	DHCP4OptionStaticRoute                        DHCP4OptionCode = 33
	DHCP4OptionTrailerEncapsulation               DHCP4OptionCode = 34
	DHCP4OptionARPCacheTimeout                    DHCP4OptionCode = 35
	DHCP4OptionEthernetEncapsulation              DHCP4OptionCode = 36
	DHCP4OptionRequestedIPAddress                 DHCP4OptionCode = 50 // DHCP Extensions
	DHCP4OptionIPAddressLeaseTime                 DHCP4OptionCode = 51
	DHCP4OptionOverload                           DHCP4OptionCode = 52
	DHCP4OptionDHCPMessageType                    DHCP4OptionCode = 53
	DHCP4OptionServerIdentifier                   DHCP4OptionCode = 54
	DHCP4OptionParameterRequestList               DHCP4OptionCode = 55
	DHCP4OptionMessage                            DHCP4OptionCode = 56
	DHCP4OptionMaximumDHCPMessageSize             DHCP4OptionCode = 57
	DHCP4OptionRenewalTimeValue                   DHCP4OptionCode = 58
	DHCP4OptionRebindingTimeValue                 DHCP4OptionCode = 59
	DHCP4OptionVendorClassIdentifier              DHCP4OptionCode = 60
	DHCP4OptionClientIdentifier                   DHCP4OptionCode = 61
	DHCP4OptionClasslessRouteFormat               DHCP4OptionCode = 121
)

DHCP Options see complete list here: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

type DHCP4Options 

type DHCP4Options map[DHCP4OptionCode][]byte

Map of DHCP options

func (DHCP4Options) HostName 

func (o DHCP4Options) HostName() string

func (DHCP4Options) RequestedIPAddress 

func (o DHCP4Options) RequestedIPAddress() net.IP

func (DHCP4Options) ServerID 

func (o DHCP4Options) ServerID() netip.Addr

type DNS 

type DNS []byte

DNS represents a DNS packet as specified in RFC 1034 / RFC 1035 see : https://github.com/google/gopacket/blob/master/layers/dns.go 

DNS packet format
0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                      ID                       |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    QDCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ANCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    NSCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ARCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func EncodeDNSQuery 

func EncodeDNSQuery(tranID uint16, flags uint16, encodedName []byte, questionType uint16) DNS

func (DNS) AA 

func (p DNS) AA() bool

func (DNS) ANCount 

func (p DNS) ANCount() uint16

func (DNS) ARCount 

func (p DNS) ARCount() uint16

func (DNS) FastLog 

func (p DNS) FastLog(l *fastlog.Line) *fastlog.Line

func (DNS) IsValid 

func (p DNS) IsValid() error

func (DNS) NSCount 

func (p DNS) NSCount() uint16

func (DNS) OpCode 

func (p DNS) OpCode() int

func (DNS) QDCount 

func (p DNS) QDCount() uint16

func (DNS) QR 

func (p DNS) QR() bool

func (DNS) RA 

func (p DNS) RA() bool

func (DNS) RD 

func (p DNS) RD() bool

func (DNS) ResponseCode 

func (p DNS) ResponseCode() int

func (DNS) String 

func (p DNS) String() string

func (DNS) TC 

func (p DNS) TC() bool

func (DNS) TransactionID 

func (p DNS) TransactionID() uint16

func (DNS) Z 

func (p DNS) Z() uint8

type DNSEntry 

type DNSEntry struct {
	Name         string
	IP4Records   map[netip.Addr]IPResourceRecord
	IP6Records   map[netip.Addr]IPResourceRecord
	CNameRecords map[string]NameResourceRecord
	PTRRecords   map[string]IPResourceRecord
}

func NewDNSEntry 

func NewDNSEntry() (entry DNSEntry)

func (DNSEntry) CNameList 

func (d DNSEntry) CNameList() []string

func (DNSEntry) Copy 

func (d DNSEntry) Copy() DNSEntry

copy returns a deep copy of DNSEntry

func (*DNSEntry) DecodeAnswers 

func (e *DNSEntry) DecodeAnswers(p DNS, offset int, buffer []byte) (int, bool, error)

decode decodes the resource record, returning the total length of the record.

not goroutine safe: 

must acquire lock before calling as function will update maps

func (DNSEntry) FastLog 

func (d DNSEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (DNSEntry) IP4List 

func (d DNSEntry) IP4List() []netip.Addr

func (DNSEntry) IP6List 

func (d DNSEntry) IP6List() []netip.Addr

type DNSNameEntry 

type DNSNameEntry struct {
	Addr         Addr
	Name         string
	Model        string
	Manufacturer string
	OS           string
}

NameEntry holds a name entry

func (DNSNameEntry) FastLog 

func (n DNSNameEntry) FastLog(l *fastlog.Line) *fastlog.Line

type DNSSearchList 

type DNSSearchList struct {
	Lifetime    time.Duration
	DomainNames []string
}

A DNSSearchList is a DNS search list option, as described in RFC 8106, Section 5.2.

func (*DNSSearchList) Code 

func (*DNSSearchList) Code() byte

Code implements Option.

type Direction 

type Direction int

A Direction specifies the direction of a LinkLayerAddress Option as a source or target. 

const (
	Source Direction = optSourceLLA
	Target Direction = optTargetLLA
)

Possible Direction values.

type Ether 

type Ether []byte

Ether provide access to ethernet II fields without copying the structure see: https://medium.com/@mdlayher/network-protocol-breakdown-ethernet-and-go-de985d726cc1

The header features destination and source MAC addresses (each six octets in length), the EtherType field and, optionally, an IEEE 802.1Q tag or IEEE 802.1ad tag.

The EtherType field is two octets long and it can be used for two different purposes. Values of 1500 and below mean that it is used to indicate the size of the payload in octets, while values of 1536 and above indicate that it is used as an EtherType, to indicate which protocol is encapsulated in the payload of the frame.

func EncodeEther 

func EncodeEther(b []byte, hType uint16, srcMAC net.HardwareAddr, dstMAC net.HardwareAddr) Ether

EncodeEther creates a ethernet frame at b using the parameters. It panic if b is nil or not sufficient to store a full len ethernet packet. In most cases this is a coding error.

func (Ether) AppendPayload 

func (p Ether) AppendPayload(payload []byte) (Ether, error)

AppendPayload copy payload after the ethernet header and returns the extended ether slice.

func (Ether) Dst 

func (p Ether) Dst() net.HardwareAddr

func (Ether) DstIP 

func (p Ether) DstIP() netip.Addr

DspIP i a convenience function to return the destination IP address. It returns nil if no IP packet is present.

func (Ether) EtherType 

func (p Ether) EtherType() uint16

func (Ether) FastLog 

func (p Ether) FastLog(line *fastlog.Line) *fastlog.Line

Fastlog implements fastlog struct interface

func (Ether) HeaderLen 

func (p Ether) HeaderLen() int

HeaderLen returns the header length.

func (Ether) IsValid 

func (p Ether) IsValid() error

func (Ether) Payload 

func (p Ether) Payload() []byte

Payload returns a slice to the payload after the header.

func (Ether) SetPayload 

func (p Ether) SetPayload(payload []byte) (Ether, error)

SetPayload extends the ether packet to include payload.

func (Ether) Src 

func (p Ether) Src() net.HardwareAddr

func (Ether) SrcIP 

func (p Ether) SrcIP() netip.Addr

SrcIP i a convenience function to return the source IP address. It returns nil if no IP packet is present.

func (Ether) String 

func (p Ether) String() string

type EthernetPause 

type EthernetPause []byte

EthernetPause provide access to Ethernet pause frame fields

func (EthernetPause) Duration 

func (p EthernetPause) Duration() uint16

func (EthernetPause) FastLog 

func (p EthernetPause) FastLog(line *fastlog.Line) *fastlog.Line

func (EthernetPause) IsValid 

func (p EthernetPause) IsValid() error

func (EthernetPause) Opcode 

func (p EthernetPause) Opcode() uint16

func (EthernetPause) Reserved 

func (p EthernetPause) Reserved() []byte

func (EthernetPause) String 

func (p EthernetPause) String() string

type Frame 

type Frame struct {
	PayloadID PayloadID // protocol ID for value in payload
	SrcAddr   Addr      // reference to source IP, MAC and Port number (if available)
	DstAddr   Addr      // reference to destination IP, MAC and Port number (if available)
	Session   *Session  // session where frame was capture
	Host      *Host     // pointer to Host entry for this IP address
	// contains filtered or unexported fields
}

Frame describes a network packet and the various protocol layers within it. It maintains a reference to common protocols like IP4, IP6, UDP, TCP.

func (Frame) Ether 

func (f Frame) Ether() Ether

func (Frame) HasIP 

func (f Frame) HasIP() bool

HasIP returns true if the packet contains either an IPv4 or IPv6 frame.

func (Frame) IP4 

func (f Frame) IP4() IP4

IP4 returns a reference to the IP4 packet or nil if this is not an IPv4 packet.

func (Frame) IP6 

func (f Frame) IP6() IP6

IP6 returns a reference to the IP6 packet or nil if this is not an IPv6 packet.

func (Frame) Log 

func (frame Frame) Log(line *fastlog.Line) *fastlog.Line

func (Frame) Payload 

func (f Frame) Payload() []byte

Payload retuns a reference to the last payload in the envelope. This is typically the application layer protocol in a UDP or TCP packet. Payload will always contain the last payload processed without errors. In case of protocol validation errors the Payload will return the last valid payload.

func (Frame) TCP 

func (f Frame) TCP() TCP

TCP returns a reference to the TCP packet or nil if this is not a TCP packet.

func (Frame) UDP 

func (f Frame) UDP() UDP

UDP returns a reference to the UDP packet or nil if this is not a UDP packet.

type HopByHopExtensionHeader 

type HopByHopExtensionHeader []byte

HopByHopExtensionHeader describes and IPv6 hop by hop extension see https://tools.ietf.org/html/rfc8200

func (HopByHopExtensionHeader) Data 

func (p HopByHopExtensionHeader) Data() []byte

func (HopByHopExtensionHeader) IsValid 

func (p HopByHopExtensionHeader) IsValid() bool

func (HopByHopExtensionHeader) Len 

func (p HopByHopExtensionHeader) Len() int

func (HopByHopExtensionHeader) NextHeader 

func (p HopByHopExtensionHeader) NextHeader() uint8

func (HopByHopExtensionHeader) ParseHopByHopExtensions 

func (p HopByHopExtensionHeader) ParseHopByHopExtensions() (ext map[int][]byte, err error)

ParseHopByHopExtensions returns a map of icmp6 hop by hop extensions TODO: finish parse ipv6 options

type Host 

type Host struct {
	Addr         Addr      // MAC and IP
	MACEntry     *MACEntry // pointer to mac entry
	Online       bool      // host online / offline state
	HuntStage    HuntStage // host huntStage
	LastSeen     time.Time // last packet time
	Manufacturer string    // Mac address manufacturer
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	// contains filtered or unexported fields
}

Host holds a pointer to the host record. The pointer is always valid and will be garbage collected when no longer in use.

CAUTION: Host has a RWMutex used to sync access to the record. This must be read locked to access fields or write locked for updating When locking the engine, you must lock the engine first then row lock to avoid deadlocks

func (*Host) Dirty 

func (host *Host) Dirty() bool

Dirty returns true if the host was updated by Parse and a notification is due.

func (Host) FastLog 

func (e Host) FastLog(l *fastlog.Line) *fastlog.Line

func (*Host) String 

func (e *Host) String() string

func (*Host) UpdateDHCP4Name 

func (host *Host) UpdateDHCP4Name(name NameEntry)

func (*Host) UpdateLLMNRName 

func (host *Host) UpdateLLMNRName(name NameEntry)

func (*Host) UpdateMDNSName 

func (host *Host) UpdateMDNSName(name NameEntry)

func (*Host) UpdateNBNSName 

func (host *Host) UpdateNBNSName(name NameEntry)

func (*Host) UpdateSSDPName 

func (host *Host) UpdateSSDPName(name NameEntry)

type HostTable 

type HostTable struct {
	Table map[netip.Addr]*Host
}

HostTable manages host entries

type HuntStage 

type HuntStage byte

HuntStage holds the host hunt stage 

const (
	StageNoChange   HuntStage = 0 // no change to stage - used as no op
	StageNormal     HuntStage = 1 // not captured
	StageHunt       HuntStage = 2 // host is not redirected
	StageRedirected HuntStage = 3 // host is redirected via dhcp
)

hunt stages

func (HuntStage) String 

func (s HuntStage) String() string

type ICMP 

type ICMP []byte

ICMP enable access to ICMP frame without copying

func (ICMP) Checksum 

func (p ICMP) Checksum() uint16

func (ICMP) Code 

func (p ICMP) Code() uint8

func (ICMP) FastLog 

func (p ICMP) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (ICMP) IsValid 

func (p ICMP) IsValid() error

IsValid validates the packet TODO: verify checksum?

func (ICMP) Payload 

func (p ICMP) Payload() []byte

func (ICMP) RestOfHeader 

func (p ICMP) RestOfHeader() []byte

func (ICMP) SetChecksum 

func (p ICMP) SetChecksum(cs uint16)

TODO: fix the order

func (ICMP) String 

func (p ICMP) String() string

func (ICMP) Type 

func (p ICMP) Type() uint8

type ICMP4Redirect 

type ICMP4Redirect []byte

func (ICMP4Redirect) AddrSize 

func (p ICMP4Redirect) AddrSize() uint8

func (ICMP4Redirect) Addrs 

func (p ICMP4Redirect) Addrs() []net.IP

func (ICMP4Redirect) Checksum 

func (p ICMP4Redirect) Checksum() uint16

func (ICMP4Redirect) Code 

func (p ICMP4Redirect) Code() byte

func (ICMP4Redirect) FastLog 

func (p ICMP4Redirect) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMP4Redirect) IsValid 

func (p ICMP4Redirect) IsValid() error

func (ICMP4Redirect) Lifetime 

func (p ICMP4Redirect) Lifetime() uint16

func (ICMP4Redirect) NumAddrs 

func (p ICMP4Redirect) NumAddrs() uint8

func (ICMP4Redirect) String 

func (p ICMP4Redirect) String() string

func (ICMP4Redirect) Type 

func (p ICMP4Redirect) Type() uint8

type ICMP6NeighborAdvertisement 

type ICMP6NeighborAdvertisement []byte

func (ICMP6NeighborAdvertisement) Checksum 

func (p ICMP6NeighborAdvertisement) Checksum() int

func (ICMP6NeighborAdvertisement) Code 

func (p ICMP6NeighborAdvertisement) Code() byte

func (ICMP6NeighborAdvertisement) FastLog 

func (p ICMP6NeighborAdvertisement) FastLog(line *fastlog.Line) *fastlog.Line

Print implements fastlog interface

func (ICMP6NeighborAdvertisement) IsValid 

func (p ICMP6NeighborAdvertisement) IsValid() error

func (ICMP6NeighborAdvertisement) Override 

func (p ICMP6NeighborAdvertisement) Override() bool

func (ICMP6NeighborAdvertisement) Router 

func (p ICMP6NeighborAdvertisement) Router() bool

func (ICMP6NeighborAdvertisement) Solicited 

func (p ICMP6NeighborAdvertisement) Solicited() bool

func (ICMP6NeighborAdvertisement) String 

func (p ICMP6NeighborAdvertisement) String() string

func (ICMP6NeighborAdvertisement) TargetAddress 

func (p ICMP6NeighborAdvertisement) TargetAddress() netip.Addr

func (ICMP6NeighborAdvertisement) TargetLLA 

func (p ICMP6NeighborAdvertisement) TargetLLA() net.HardwareAddr

func (ICMP6NeighborAdvertisement) Type 

func (p ICMP6NeighborAdvertisement) Type() uint8

type ICMP6NeighborSolicitation 

type ICMP6NeighborSolicitation []byte

func (ICMP6NeighborSolicitation) Checksum 

func (p ICMP6NeighborSolicitation) Checksum() int

func (ICMP6NeighborSolicitation) Code 

func (p ICMP6NeighborSolicitation) Code() byte

func (ICMP6NeighborSolicitation) FastLog 

func (p ICMP6NeighborSolicitation) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (ICMP6NeighborSolicitation) IsValid 

func (p ICMP6NeighborSolicitation) IsValid() error

func (ICMP6NeighborSolicitation) SourceLLA 

func (p ICMP6NeighborSolicitation) SourceLLA() net.HardwareAddr

func (ICMP6NeighborSolicitation) String 

func (p ICMP6NeighborSolicitation) String() string

func (ICMP6NeighborSolicitation) TargetAddress 

func (p ICMP6NeighborSolicitation) TargetAddress() netip.Addr

func (ICMP6NeighborSolicitation) Type 

func (p ICMP6NeighborSolicitation) Type() uint8

type ICMP6Redirect 

type ICMP6Redirect []byte

func (ICMP6Redirect) Checksum 

func (p ICMP6Redirect) Checksum() int

func (ICMP6Redirect) Code 

func (p ICMP6Redirect) Code() byte

func (ICMP6Redirect) DstAddress 

func (p ICMP6Redirect) DstAddress() net.IP

func (ICMP6Redirect) IsValid 

func (p ICMP6Redirect) IsValid() error

func (ICMP6Redirect) String 

func (p ICMP6Redirect) String() string

func (ICMP6Redirect) TargetAddress 

func (p ICMP6Redirect) TargetAddress() net.IP

func (ICMP6Redirect) TargetLinkLayerAddr 

func (p ICMP6Redirect) TargetLinkLayerAddr() net.HardwareAddr

func (ICMP6Redirect) Type 

func (p ICMP6Redirect) Type() uint8

type ICMP6RouterAdvertisement 

type ICMP6RouterAdvertisement []byte

func (ICMP6RouterAdvertisement) Checksum 

func (p ICMP6RouterAdvertisement) Checksum() int

func (ICMP6RouterAdvertisement) Code 

func (p ICMP6RouterAdvertisement) Code() byte

func (ICMP6RouterAdvertisement) CurrentHopLimit 

func (p ICMP6RouterAdvertisement) CurrentHopLimit() byte

func (ICMP6RouterAdvertisement) FastLog 

func (p ICMP6RouterAdvertisement) FastLog(l *fastlog.Line) *fastlog.Line

func (ICMP6RouterAdvertisement) Flags 

func (p ICMP6RouterAdvertisement) Flags() byte

func (ICMP6RouterAdvertisement) HomeAgent 

func (p ICMP6RouterAdvertisement) HomeAgent() bool

func (ICMP6RouterAdvertisement) IsValid 

func (p ICMP6RouterAdvertisement) IsValid() error

func (ICMP6RouterAdvertisement) Lifetime 

func (p ICMP6RouterAdvertisement) Lifetime() (seconds uint16)

func (ICMP6RouterAdvertisement) ManagedConfiguration 

func (p ICMP6RouterAdvertisement) ManagedConfiguration() bool

func (ICMP6RouterAdvertisement) Options 

func (p ICMP6RouterAdvertisement) Options() (NewOptions, error)

func (ICMP6RouterAdvertisement) OtherConfiguration 

func (p ICMP6RouterAdvertisement) OtherConfiguration() bool

func (ICMP6RouterAdvertisement) Preference 

func (p ICMP6RouterAdvertisement) Preference() byte

func (ICMP6RouterAdvertisement) ProxyFlag 

func (p ICMP6RouterAdvertisement) ProxyFlag() bool

func (ICMP6RouterAdvertisement) ReachableTime 

func (p ICMP6RouterAdvertisement) ReachableTime() (milliseconds uint32)

func (ICMP6RouterAdvertisement) RetransmitTimer 

func (p ICMP6RouterAdvertisement) RetransmitTimer() (milliseconds uint32)

func (ICMP6RouterAdvertisement) String 

func (p ICMP6RouterAdvertisement) String() string

func (ICMP6RouterAdvertisement) Type 

func (p ICMP6RouterAdvertisement) Type() uint8

type ICMP6RouterSolicitation 

type ICMP6RouterSolicitation []byte

func (ICMP6RouterSolicitation) Checksum 

func (p ICMP6RouterSolicitation) Checksum() int

func (ICMP6RouterSolicitation) Code 

func (p ICMP6RouterSolicitation) Code() byte

func (ICMP6RouterSolicitation) FastLog 

func (p ICMP6RouterSolicitation) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMP6RouterSolicitation) IsValid 

func (p ICMP6RouterSolicitation) IsValid() error

func (ICMP6RouterSolicitation) Options 

func (p ICMP6RouterSolicitation) Options() (NewOptions, error)

func (ICMP6RouterSolicitation) SourceLLA 

func (p ICMP6RouterSolicitation) SourceLLA() net.HardwareAddr

func (ICMP6RouterSolicitation) String 

func (p ICMP6RouterSolicitation) String() string

func (ICMP6RouterSolicitation) Type 

func (p ICMP6RouterSolicitation) Type() uint8

type ICMPEcho 

type ICMPEcho []byte

func EncodeICMPEcho 

func EncodeICMPEcho(b []byte, t uint8, code uint8, id uint16, seq uint16, data []byte) ICMPEcho

func (ICMPEcho) Checksum 

func (p ICMPEcho) Checksum() uint16

func (ICMPEcho) Code 

func (p ICMPEcho) Code() uint8

func (ICMPEcho) EchoData 

func (p ICMPEcho) EchoData() []byte

func (ICMPEcho) EchoID 

func (p ICMPEcho) EchoID() uint16

func (ICMPEcho) EchoSeq 

func (p ICMPEcho) EchoSeq() uint16

func (ICMPEcho) FastLog 

func (p ICMPEcho) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMPEcho) IsValid 

func (p ICMPEcho) IsValid() error

func (ICMPEcho) String 

func (p ICMPEcho) String() string

func (ICMPEcho) Type 

func (p ICMPEcho) Type() uint8

type IEEE1905 

type IEEE1905 []byte

IEEE1905 provide access to IEEE 1905 home networking frame fields

func (IEEE1905) FastLog 

func (p IEEE1905) FastLog(line *fastlog.Line) *fastlog.Line

func (IEEE1905) Flags 

func (p IEEE1905) Flags() uint8

func (IEEE1905) FragmentID 

func (p IEEE1905) FragmentID() uint8

func (IEEE1905) ID 

func (p IEEE1905) ID() uint16

func (IEEE1905) IsValid 

func (p IEEE1905) IsValid() error

func (IEEE1905) Reserved 

func (p IEEE1905) Reserved() uint8

func (IEEE1905) String 

func (p IEEE1905) String() string

func (IEEE1905) TLV 

func (p IEEE1905) TLV() []byte

func (IEEE1905) Type 

func (p IEEE1905) Type() uint16

func (IEEE1905) Version 

func (p IEEE1905) Version() uint8

type IP4 

type IP4 []byte

IP4 provide decoding and encoding of IPv4 packets. see: ipv4.ParseHeader in https://raw.githubusercontent.com/golang/net/master/ipv4/header.go

func EncodeIP4 

func EncodeIP4(p []byte, ttl byte, src netip.Addr, dst netip.Addr) IP4

func (IP4) AppendPayload 

func (p IP4) AppendPayload(b []byte, protocol byte) (IP4, error)

func (IP4) CalculateChecksum 

func (p IP4) CalculateChecksum() uint16

func (IP4) Checksum 

func (p IP4) Checksum() int

func (IP4) Dst 

func (p IP4) Dst() netip.Addr

func (IP4) FastLog 

func (p IP4) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (IP4) FlagDontFragment 

func (p IP4) FlagDontFragment() bool

func (IP4) FlagMoreFragments 

func (p IP4) FlagMoreFragments() bool

func (IP4) Flags 

func (p IP4) Flags() uint8

func (IP4) Fragment 

func (p IP4) Fragment() uint16

func (IP4) ID 

func (p IP4) ID() int

func (IP4) IHL 

func (p IP4) IHL() int

func (IP4) IsValid 

func (p IP4) IsValid() error

func (IP4) Payload 

func (p IP4) Payload() []byte

func (IP4) Protocol 

func (p IP4) Protocol() uint8

func (IP4) SetPayload 

func (p IP4) SetPayload(b []byte, protocol byte) IP4

func (IP4) Src 

func (p IP4) Src() netip.Addr

func (IP4) String 

func (p IP4) String() string

func (IP4) TOS 

func (p IP4) TOS() int

func (IP4) TTL 

func (p IP4) TTL() int

func (IP4) TotalLen 

func (p IP4) TotalLen() int

func (IP4) Version 

func (p IP4) Version() int

type IP6 

type IP6 []byte

IP6 provide decode and encoding of IPv6 packets. IP6 structure: see https://github.com/golang/net/blob/master/ipv6/header.go

func EncodeIP6 

func EncodeIP6(p []byte, hopLimit uint8, srcIP netip.Addr, dstIP netip.Addr) IP6

func (IP6) AppendPayload 

func (p IP6) AppendPayload(b []byte, nextHeader uint8) (IP6, error)

func (IP6) Dst 

func (p IP6) Dst() netip.Addr

func (IP6) FastLog 

func (p IP6) FastLog(line *fastlog.Line) *fastlog.Line

Print implements fastlog struct interface

func (IP6) FlowLabel 

func (p IP6) FlowLabel() int

func (IP6) HeaderLen 

func (p IP6) HeaderLen() int

func (IP6) HopLimit 

func (p IP6) HopLimit() uint8

func (IP6) IsValid 

func (p IP6) IsValid() error

func (IP6) NextHeader 

func (p IP6) NextHeader() uint8

func (IP6) Payload 

func (p IP6) Payload() []byte

func (IP6) PayloadLen 

func (p IP6) PayloadLen() uint16

func (IP6) SetPayload 

func (p IP6) SetPayload(b []byte, nextHeader uint8) IP6

func (IP6) Src 

func (p IP6) Src() netip.Addr

func (IP6) String 

func (p IP6) String() string

func (IP6) TrafficClass 

func (p IP6) TrafficClass() int

func (IP6) Version 

func (p IP6) Version() int

type IPNameEntry 

type IPNameEntry struct {
	Addr      Addr
	NameEntry NameEntry
}

IPNameEntry adds an Address to NameEntry

func (IPNameEntry) FastLog 

func (n IPNameEntry) FastLog(l *fastlog.Line) *fastlog.Line

type IPResourceRecord 

type IPResourceRecord struct {
	Name string
	IP   netip.Addr
	TTL  uint32
}

type LLC 

type LLC []byte

Local Link Control

func (LLC) Control 

func (p LLC) Control() uint8

func (LLC) DSAP 

func (p LLC) DSAP() uint8

func (LLC) FastLog 

func (p LLC) FastLog(line *fastlog.Line) *fastlog.Line

func (LLC) IsValid 

func (p LLC) IsValid() error

func (LLC) Payload 

func (p LLC) Payload() []byte

func (LLC) SSAP 

func (p LLC) SSAP() uint8

func (LLC) String 

func (p LLC) String() string

func (LLC) Type 

func (p LLC) Type() string

type LLDP 

type LLDP []byte

LLDP provides access to Local Link Discovery Protocol

func (LLDP) Capability 

func (p LLDP) Capability(v []byte) string

func (LLDP) ChassisID 

func (p LLDP) ChassisID() []byte

func (LLDP) FastLog 

func (p LLDP) FastLog(line *fastlog.Line) *fastlog.Line

func (LLDP) GetPDU 

func (p LLDP) GetPDU(pduType int) []byte

func (LLDP) IsValid 

func (p LLDP) IsValid() error

func (LLDP) PortID 

func (p LLDP) PortID() []byte

func (LLDP) String 

func (p LLDP) String() string

func (LLDP) Type 

func (p LLDP) Type(t int) string

type LinkLayerAddress 

type LinkLayerAddress struct {
	Direction Direction
	MAC       net.HardwareAddr
}

A LinkLayerAddress is a Source or Target Link-Layer Address option, as described in RFC 4861, Section 4.6.1.

func (*LinkLayerAddress) Code 

func (lla *LinkLayerAddress) Code() byte

Code implements Option.

type MACEntry 

type MACEntry struct {
	MAC          net.HardwareAddr // unique mac address
	Captured     bool             // true if mac is in capture mode
	IP4          netip.Addr       // keep current IP4 to detect ip changes
	IP4Offer     netip.Addr       // keep dhcp4 IP offer
	IP6GUA       netip.Addr       // keep current ip6 global unique address
	IP6LLA       netip.Addr       // keep current ip6 local link address
	IP6Offer     netip.Addr       // keep ip6 GUA offer
	Online       bool             // true is mac is online
	IsRouter     bool             // Set to true if this is a router
	HostList     []*Host          // IPs associated with this mac
	Row          sync.RWMutex     // Row level mutex - must lock/unlock if reading/updating MACEntry and Host entry
	Manufacturer string           // Ethernet card manufacturer name
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	LastSeen     time.Time
}

MACEntry stores mac details Each host has one MACEntry

func (*MACEntry) FastLog 

func (e *MACEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (*MACEntry) String 

func (e *MACEntry) String() string

type MACTable 

type MACTable struct {
	Table []*MACEntry
}

MACTable manages a goroutine safe set for adding and removing mac addresses

type MTU 

type MTU uint32

An MTU is an MTU option, as described in RFC 4861, Section 4.6.1.

func NewMTU 

func NewMTU(mtu uint32) *MTU

NewMTU creates an MTU Option from an MTU value.

func (*MTU) Code 

func (*MTU) Code() byte

Code implements Option.

type NICInfo 

type NICInfo struct {
	IFI          *net.Interface
	HomeLAN4     netip.Prefix // IPv4: home LAN netmask
	HostAddr4    Addr         // IPv4: host MAC and IPv4
	RouterAddr4  Addr         // IPv4: router MAC and IPv4
	HostLLA      netip.Prefix // IPv6: host LLA
	HostGUA      netip.Prefix // IPv6: host GUA
	RouterLLA    netip.Prefix // IPv6: router LLA
	RouterGUA    netip.Prefix // IPv6: router GUA
	RouterPrefix net.IP       // IPv6: router prefix
}

NICInfo stores the network interface info

func GetNICInfo 

func GetNICInfo(nic string) (info *NICInfo, err error)

GetNICInfo returns the interface configuration

TODO: use routing package to identify default router https://github.com/google/gopacket/tree/v1.1.19/routing

func (NICInfo) String 

func (e NICInfo) String() string

type NameEntry 

type NameEntry struct {
	Type         string
	Name         string
	Model        string
	Manufacturer string
	OS           string
	Expire       time.Time
}

NameEntry holds a name entry

func (NameEntry) FastLog 

func (n NameEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (NameEntry) Merge 

func (e NameEntry) Merge(nameEntry NameEntry) (newEntry NameEntry, modified bool)

type NameResourceRecord 

type NameResourceRecord struct {
	Name  string
	CName string
	TTL   uint32
}

type NeighborAdvertisement 

type NeighborAdvertisement struct {
	Router        bool
	Solicited     bool
	Override      bool
	TargetAddress net.IP
	TargetLLA     net.HardwareAddr // optional - TargetLLA option
}

A NeighborAdvertisement is a Neighbor Advertisement message as described in RFC 4861, Section 4.4.

type NewOptions 

type NewOptions struct {
	MTU              MTU
	Prefixes         []PrefixInformation
	FirstPrefix      net.IP
	RDNSS            RecursiveDNSServer
	SourceLLA        LinkLayerAddress
	TargetLLA        LinkLayerAddress
	DNSSearchList    DNSSearchList
	RouteInformation RouteInformation
}

type Notification 

type Notification struct {
	Addr         Addr
	Online       bool
	Manufacturer string
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	IsRouter     bool
}

func (Notification) FastLog 

func (n Notification) FastLog(l *fastlog.Line) *fastlog.Line

func (Notification) String 

func (n Notification) String() string

type Option 

type Option interface {
	// Code specifies the NDP option code for an Option.
	Code() uint8
	// contains filtered or unexported methods
}

An Option is a Neighbor Discovery Protocol option.

type PayloadID 

type PayloadID int
const (
	PayloadEther         PayloadID = 1
	Payload8023          PayloadID = 2
	PayloadARP           PayloadID = 3
	PayloadIP4           PayloadID = 4
	PayloadIP6           PayloadID = 5
	PayloadICMP4         PayloadID = 6
	PayloadICMP6         PayloadID = 7
	PayloadUDP           PayloadID = 8
	PayloadTCP           PayloadID = 9
	PayloadDHCP4         PayloadID = 10
	PayloadDHCP6         PayloadID = 11
	PayloadDNS           PayloadID = 12
	PayloadMDNS          PayloadID = 13
	PayloadSSL           PayloadID = 14
	PayloadNTP           PayloadID = 15
	PayloadSSDP          PayloadID = 16
	PayloadWSDP          PayloadID = 17
	PayloadNBNS          PayloadID = 18
	PayloadPlex          PayloadID = 19
	PayloadUbiquiti      PayloadID = 20
	PayloadLLMNR         PayloadID = 21
	PayloadIGMP          PayloadID = 22
	PayloadEthernetPause PayloadID = 23
	PayloadRRCP          PayloadID = 24
	PayloadLLDP          PayloadID = 25
	Payload802_11r       PayloadID = 26
	PayloadIEEE1905      PayloadID = 27
	PayloadSonos         PayloadID = 28
	Payload880a          PayloadID = 29
)

func (PayloadID) String 

func (i PayloadID) String() string

type Preference 

type Preference int

A Preference is a NDP router selection or route preference value as described in RFC 4191, Section 2.1. 

const (
	Medium Preference = 0
	High   Preference = 1

	Low Preference = 3
)

Possible Preference values.

type PrefixInformation 

type PrefixInformation struct {
	PrefixLength                   uint8
	OnLink                         bool
	AutonomousAddressConfiguration bool
	ValidLifetime                  time.Duration
	PreferredLifetime              time.Duration
	Prefix                         net.IP
}

A PrefixInformation is a a Prefix Information option, as described in RFC 4861, Section 4.6.1.

func (*PrefixInformation) Code 

func (*PrefixInformation) Code() byte

Code implements Option.

type ProtoStats 

type ProtoStats struct {
	Proto    PayloadID
	Count    int
	ErrCount int
	Last     time.Time
}

type Question 

type Question struct {
	Name  []byte
	Type  uint16
	Class uint16
}

func DecodeQuestion 

func DecodeQuestion(p DNS, index int, buffer []byte) (question Question, off int, err error)

DecodeQuestion returns the first question in the DNS packet

type RRCP 

type RRCP []byte

func (RRCP) AuthKey 

func (p RRCP) AuthKey() uint16

func (RRCP) FastLog 

func (p RRCP) FastLog(l *fastlog.Line) *fastlog.Line

func (RRCP) IsValid 

func (p RRCP) IsValid() error

func (RRCP) OpCode 

func (p RRCP) OpCode() uint8

func (RRCP) Protocol 

func (p RRCP) Protocol() uint8

Protocol 0x01 - the original format but not seen in logs yet. 

RRCP protocol description: http://realtek.info/pdf/rtl8324.pdf
                           http://openrrcp.org.ru/download/datasheets/RTL8326_8326S_DataSheet_3.1.pdf
some sample C code here: https://www.wireshark.org/lists/ethereal-dev/200409/msg00090.html
                         https://github.com/the-tcpdump-group/tcpdump/blob/master/print-rrcp.c

func (RRCP) RegisterAddr 

func (p RRCP) RegisterAddr() uint16

func (RRCP) RegisterData 

func (p RRCP) RegisterData() uint16

func (RRCP) Reply 

func (p RRCP) Reply() bool

func (RRCP) SixBytes 

func (p RRCP) SixBytes() []byte

Protocol 0x23 - Loop detection - RTL8305 

common in Arris router
see - https://www.openhacks.com/uploadsproductos/realtek-semicon-rtl8305nb-cg-qfn-48_c52146.pdf
          1byte                         1byte

+ * +---------------------------+---------------------------+ + * | Protocol number - 0x2300 | + * +-------------------------------------------------------+ + * | 12bits - 0x000 | 4bits TTL | + * +-------------------------------------------------------+ + * | 352 bits 0x00 | + * +-------------------------------------------------------+

func (RRCP) String 

func (p RRCP) String() string

func (RRCP) Zeros 

func (p RRCP) Zeros() []byte

type RawOption 

type RawOption struct {
	Type   uint8
	Length uint8
	Value  []byte
}

A RawOption is an Option in its raw and unprocessed format. Options which are not recognized by this package can be represented using a RawOption.

func (*RawOption) Code 

func (r *RawOption) Code() byte

Code implements Option.

type RecursiveDNSServer 

type RecursiveDNSServer struct {
	Lifetime time.Duration
	Servers  []net.IP
}

A RecursiveDNSServer is a Recursive DNS Server option, as described in RFC 8106, Section 5.1.

func (*RecursiveDNSServer) Code 

func (*RecursiveDNSServer) Code() byte

Code implements Option.

type RouteInformation 

type RouteInformation struct {
	PrefixLength  uint8
	Preference    Preference
	RouteLifetime time.Duration
	Prefix        net.IP
}

A RouteInformation is a Route Information option, as described in RFC 4191, Section 2.3.

func (*RouteInformation) Code 

func (*RouteInformation) Code() byte

Code implements Option.

type RouterAdvertisement 

type RouterAdvertisement struct {
	CurrentHopLimit           uint8
	ManagedConfiguration      bool
	OtherConfiguration        bool
	MobileIPv6HomeAgent       bool
	RouterSelectionPreference Preference
	NeighborDiscoveryProxy    bool
	RouterLifetime            time.Duration
	ReachableTime             time.Duration
	RetransmitTimer           time.Duration
	Options                   []Option
}

described in RFC 4861, Section 4.1.

func (*RouterAdvertisement) Type 

func (ra *RouterAdvertisement) Type() ipv6.ICMPType

Type implements Message.

type RouterSolicitation 

type RouterSolicitation struct {
	SourceLLA net.HardwareAddr
	Options   []Option
}

A RouterSolicitation is a Router Solicitation message as described in RFC 4861, Section 4.1.

func (*RouterSolicitation) Type 

func (rs *RouterSolicitation) Type() ipv6.ICMPType

Type implements Message.

type SNAP 

type SNAP []byte

Local Link Control - SNAP extension 

+-------+--------+--------+
|  MAC Header    (14 bytes)                                802.{3/4/5} MAC
+--------+--------+--------+
| DSAP=AA| SSAP=AA| Control|                               802.2 LLC - unnumbered (1 byte control = 0x03)
+--------+--------+---------+--------+--------+
|    OUI                    |    EtherType    |            802.2 SNAP - OUI is zero if using EtheryType otherwise it is an organisation ID
+--------+--------+---------+--------+--------+
The total length of the LLC Header and the SNAP header is 8-octets.
An organizationally unique identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization.
EtherType is zero if not carrying an registered EtherType

func (SNAP) Control 

func (p SNAP) Control() uint8

func (SNAP) DSAP 

func (p SNAP) DSAP() uint8

func (SNAP) EtherType 

func (p SNAP) EtherType() uint16

func (SNAP) FastLog 

func (p SNAP) FastLog(line *fastlog.Line) *fastlog.Line

func (SNAP) IsValid 

func (p SNAP) IsValid() error

func (SNAP) OrganisationID 

func (p SNAP) OrganisationID() []byte

func (SNAP) Payload 

func (p SNAP) Payload() []byte

func (SNAP) SSAP 

func (p SNAP) SSAP() uint8

func (SNAP) String 

func (p SNAP) String() string

type Session 

type Session struct {
	Conn            net.PacketConn // the underlaying raw connection used for all read and write
	NICInfo         *NICInfo       // keep interface information
	ProbeDeadline   time.Duration  // send IP probe if no traffic received for this long
	OfflineDeadline time.Duration  // mark Host offline if no traffic for this long
	PurgeDeadline   time.Duration  // delete Host if no traffic for this long
	HostTable       HostTable      // store MAC/IP list - one for each IP host
	MACTable        MACTable       // store mac list

	Statistics []ProtoStats      // keep per protocol statistics
	C          chan Notification // channel for online & offline notifications
	// contains filtered or unexported fields
}

Session holds the session context for a given network interface.

func NewSession 

func NewSession(nic string) (*Session, error)

NewSession returns a session to read and write raw packets from the network interface card.

func (*Session) Capture 

func (h *Session) Capture(mac net.HardwareAddr) error

Capture sets the mac to capture mode

func (*Session) Close 

func (h *Session) Close()

Close stop all session goroutines and close notification channel and the underlaying raw connection. The session is no longer valid after calling Close().

func (*Session) DHCPv4IPOffer 

func (h *Session) DHCPv4IPOffer(mac net.HardwareAddr) netip.Addr

DHCPv4Offer returns the dhcp v4 ip offer if one is available. This is used in the arp spoof module to reject announcements that conflict with the offered dhcp ip.

func (*Session) DHCPv4Update 

func (h *Session) DHCPv4Update(mac net.HardwareAddr, ip netip.Addr, name NameEntry) error

DHCPv4Update updates the mac and host entry with dhcp details. A DHCP processing module should call this when it encounters a new host in a DHCP discovery/request message.

A host using DHCP cannot use an IP address until it is confirmed by a dhcp server. Therefore various DHCP messages are transmitted with a zero IP and in particular the DHCP discover does not have a srcIP.

func (*Session) EnableIP4Forwarding 

func (h *Session) EnableIP4Forwarding() error

func (*Session) FindByMAC 

func (h *Session) FindByMAC(mac net.HardwareAddr) (list []Addr)

FindByMAC returns a list of IP addresses for mac

func (*Session) FindIP 

func (h *Session) FindIP(ip netip.Addr) *Host

FindIP returns the host entry for IP or nil othewise

func (*Session) FindMACEntry 

func (h *Session) FindMACEntry(mac net.HardwareAddr) *MACEntry

FindMACEntry returns pointer to macEntry or nil if not found

func (*Session) GetHosts 

func (h *Session) GetHosts() (list []*Host)

GetTable returns a shallow copy of the current table

func (*Session) ICMP4SendEchoRequest 

func (h *Session) ICMP4SendEchoRequest(srcAddr Addr, dstAddr Addr, id uint16, seq uint16) error

ICMP4SendEchoRequest transmit an icmp echo request Do not wait for response

func (*Session) ICMP6SendEchoRequest 

func (h *Session) ICMP6SendEchoRequest(srcAddr Addr, dstAddr Addr, id uint16, seq uint16) error

ICMP6SendEchoRequest transmit an icmp6 echo request and do not wait for response

func (*Session) ICMP6SendNeighborAdvertisement 

func (h *Session) ICMP6SendNeighborAdvertisement(srcAddr Addr, dstAddr Addr, targetAddr Addr) error

func (*Session) ICMP6SendNeighbourSolicitation 

func (h *Session) ICMP6SendNeighbourSolicitation(srcAddr Addr, dstAddr Addr, targetIP netip.Addr) error

SendNeighbourSolicitation send an ICMP6 NS

func (*Session) ICMP6SendRouterAdvertisement 

func (h *Session) ICMP6SendRouterAdvertisement(prefixes []PrefixInformation, rdnss *RecursiveDNSServer, dstAddr Addr) error

func (*Session) ICMP6SendRouterSolicitation 

func (h *Session) ICMP6SendRouterSolicitation() error

func (*Session) IPAddrs 

func (h *Session) IPAddrs(mac net.HardwareAddr) []Addr

IPAddrs retun the array of hosts for the mac.

func (*Session) IsCaptured 

func (h *Session) IsCaptured(mac net.HardwareAddr) bool

IsCaptured returns true is mac is in capture mode

func (*Session) Notify 

func (h *Session) Notify(frame Frame)

Notify generates the notification for host offline and online if required. The function is only required if the caller wants to receive notifications via the notification channel. If the caller is not interested in online/offline transitions, the function is not required to run.

Notify will only send a notification via the notification channel if a change is pending as a result of processing the packet. It returns silently if there is no notification pending.

func (*Session) Parse 

func (h *Session) Parse(p []byte) (frame Frame, err error)

Parse returns a Frame containing references to common layers and the payload. It will also create the host entry if this is a new IP. The function is fast as it will map to the underlying array. No copy and no allocation takes place.

Benchmark result: Jan 2021 cpu: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz Benchmark_Parse-8 25281475 47.58 ns/op 0 B/op 0 allocs/op

func (*Session) Ping 

func (h *Session) Ping(dstAddr Addr, timeout time.Duration) (err error)

Ping send a ping request and wait for a reply

func (*Session) Ping6 

func (h *Session) Ping6(srcAddr Addr, dstAddr Addr, timeout time.Duration) (err error)

Ping send a ping request and wait for a reply

func (*Session) PrintTable 

func (h *Session) PrintTable()

PrintTable logs the table to standard out.

func (*Session) ReadFrom 

func (h *Session) ReadFrom(b []byte) (int, net.Addr, error)

func (*Session) Release 

func (h *Session) Release(mac net.HardwareAddr) error

Release sets the mac to normal mode (not captured)

func (*Session) SetDHCPv4IPOffer 

func (h *Session) SetDHCPv4IPOffer(mac net.HardwareAddr, ip netip.Addr, name NameEntry)

SetDHCPv4IPOffer set an IPv4 offer for the mac. A DCP processing module should call this when it wants to record the IP it has offered for a given mac.

func (*Session) ValidateDefaultRouter 

func (h *Session) ValidateDefaultRouter(addr Addr) error

ValidateDefaultRouter validates the default route is pointing to us by pinging client using home router IP as source IP. The reply will come to us when the default route on client is netfilter. If not, the ping reply will not be received.

Note: the reply will also come to us if the client is undergoing an arp attack (hunt).

type SocketConfig 

type SocketConfig struct {
	// Linux only: call socket(7) with SOCK_DGRAM instead of SOCK_RAW.
	// Has no effect on other operating systems.
	LinuxSockDGRAM bool

	// Linux only: do not accumulate packet socket statistic counters.  Packet
	// socket statistics are reset on each call to retrieve them via getsockopt,
	// but this package's default behavior is to continue accumulating the
	// statistics internally per Conn.  To use the Linux default behavior of
	// resetting statistics on each call to Stats, set this value to true.
	NoCumulativeStats bool

	// Linux only: initial filter to apply to the connection. This avoids
	// capturing random packets before SetBPF is called.
	Filter []bpf.RawInstruction

	// BSD only: configure the BPF direction flag to allow selection of inbound
	// only (0 - default) or bidirectional (1) packet processing.
	// Has no effect on other operating systems.
	BPFDirection int

	// Set interface to promiscuous mode
	Promiscuous bool
}

A Config can be used to specify additional options for a Conn.

type TCP 

type TCP []byte

TCP provides decoding of tcp frames

func (TCP) ACK 

func (p TCP) ACK() bool

func (TCP) Ack 

func (p TCP) Ack() uint32

func (TCP) CWR 

func (p TCP) CWR() bool

func (TCP) Checksum 

func (p TCP) Checksum() uint16

func (TCP) DstPort 

func (p TCP) DstPort() uint16

func (TCP) ECE 

func (p TCP) ECE() bool

func (TCP) FIN 

func (p TCP) FIN() bool

func (TCP) HeaderLen 

func (p TCP) HeaderLen() int

func (TCP) IsValid 

func (p TCP) IsValid() error

func (TCP) NS 

func (p TCP) NS() bool

func (TCP) PSH 

func (p TCP) PSH() bool

func (TCP) Payload 

func (p TCP) Payload() []byte

func (TCP) RST 

func (p TCP) RST() bool

func (TCP) SYN 

func (p TCP) SYN() bool

func (TCP) Seq 

func (p TCP) Seq() uint32

func (TCP) SrcPort 

func (p TCP) SrcPort() uint16

func (TCP) URG 

func (p TCP) URG() bool

func (TCP) Urgent 

func (p TCP) Urgent() uint16

func (TCP) Window 

func (p TCP) Window() uint16

type UDP 

type UDP []byte

UDP provides decoding and encoding of udp frames

func EncodeUDP 

func EncodeUDP(p []byte, srcPort uint16, dstPort uint16) UDP

func (UDP) AppendPayload 

func (p UDP) AppendPayload(b []byte) (UDP, error)

func (UDP) Checksum 

func (p UDP) Checksum() uint16

func (UDP) DstPort 

func (p UDP) DstPort() uint16

func (UDP) FastLog 

func (p UDP) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (UDP) HeaderLen 

func (p UDP) HeaderLen() int

func (UDP) IsValid 

func (p UDP) IsValid() error

func (UDP) Len 

func (p UDP) Len() uint16

func (UDP) Payload 

func (p UDP) Payload() []byte

func (UDP) SetPayload 

func (p UDP) SetPayload(b []byte) UDP

func (UDP) SrcPort 

func (p UDP) SrcPort() uint16

func (UDP) String 

func (p UDP) String() string

type Unknown880a 

type Unknown880a []byte

unknown880a unkownn ether type 0x880a

func (Unknown880a) IsValid 

func (p Unknown880a) IsValid() error

Source Files

View all Source files

Directories

Path Synopsis
examples
arpspoofer
dhcpd
dnslistener
hosts
tcpdump
handlers
arp_spoofer
Package arp_spoofer provides a handler to spoof arp tables on a target host.
 Package arp_spoofer provides a handler to spoof arp tables on a target host.
dhcp4_spoofer
package dhcp4_spoofer implements a dhcp server designed to operate as a secondary dhcp server on the same lan.
 package dhcp4_spoofer implements a dhcp server designed to operate as a secondary dhcp server on the same lan.
dns_naming
Package dns_naming maps a name from the wire to a mac address.
 Package dns_naming maps a name from the wire to a mac address.
icmp_spoofer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.