Documentation ¶
Overview ¶
Package afpacket implements a capture.Source that allows reading network packets from Linux network interfaces via the AF_PACKET mechanism. This implementation relies on performing repeated `recvfrom()` calls to the allocated socket to fetch packets one by one. Consequently, the performance / trhoughput is limited and it should only be used for educational / experimental purposed. For production-level packet capture, use the `afring` package instead.
Index ¶
- Constants
- type MockSource
- func (m *MockSource) AddPacket(pkt capture.Packet) error
- func (m *MockSource) AddPacketFromSource(src capture.Source) error
- func (m *MockSource) CanAddPackets() bool
- func (m *MockSource) Close() error
- func (m *MockSource) Done()
- func (m *MockSource) PacketAddCallbackFn(fn func(payload []byte, totalLen uint32, pktType, ipLayerOffset byte)) *MockSource
- func (m *MockSource) Pipe(src capture.Source, doneReadingChan chan struct{}) chan error
- func (m *MockSource) Run() chan error
- func (m *MockSource) RunNoDrain() chan error
- type Option
- type Source
- func (s *Source) Close() error
- func (s *Source) Link() *link.Link
- func (s *Source) NewPacket() capture.Packet
- func (s *Source) NextIPPacket(pBuf capture.IPLayer) (capture.IPLayer, capture.PacketType, uint32, error)
- func (s *Source) NextPacket(pBuf capture.Packet) (capture.Packet, error)
- func (s *Source) NextPacketFn(...) error
- func (s *Source) NextPayload(pBuf []byte) ([]byte, byte, uint32, error)
- func (s *Source) Stats() (capture.Stats, error)
- func (s *Source) Unblock() error
Constants ¶
const (
DefaultSnapLen = (1 << 16) // DefaultSnapLen : 64 kiB
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type MockSource ¶
type MockSource struct { *Source MockFd *socket.MockFileDescriptor // contains filtered or unexported fields }
MockSource denotes a fully mocked direct AF_PACKET source, behaving just like one Since it wraps a regular Source, it can be used as a stand-in replacement without any further code modifications:
src, err := afpacket.NewSource("eth0", <options>...) ==> src, err := afpacket.NewMockSource("eth0", <options>...)
func NewMockSource ¶
func NewMockSource(_ string, options ...Option) (*MockSource, error)
NewMockSource instantiates a new mock direct AF_PACKET source, wrapping a regular Source
func (*MockSource) AddPacket ¶
func (m *MockSource) AddPacket(pkt capture.Packet) error
AddPacket adds a new mock packet to the source This can happen prior to calling run or continuously while consuming data
func (*MockSource) AddPacketFromSource ¶
func (m *MockSource) AddPacketFromSource(src capture.Source) error
AddPacketFromSource consumes a single packet from the provided source and adds it to the source This can happen prior to calling run or continuously while consuming data
func (*MockSource) CanAddPackets ¶
func (m *MockSource) CanAddPackets() bool
CanAddPackets returns if any more packets can be added to the mock source (allowing to non-blockingly assert if the buffer / channel is full or will be on the next operation)
func (*MockSource) Close ¶
func (m *MockSource) Close() error
Close stops / closes the capture source
func (*MockSource) Done ¶
func (m *MockSource) Done()
Done notifies the mock source that no more mock packets will be added, causing the ring buffer filling routine / channel to terminate once all packets have been written to the ring buffer
func (*MockSource) PacketAddCallbackFn ¶
func (m *MockSource) PacketAddCallbackFn(fn func(payload []byte, totalLen uint32, pktType, ipLayerOffset byte)) *MockSource
PacketAddCallbackFn provides an optional callback function that is called when a packet is added to the mock source (e.g. to build a reference for comparison)
func (*MockSource) Pipe ¶
func (m *MockSource) Pipe(src capture.Source, doneReadingChan chan struct{}) chan error
Pipe continuously pipes packets from the provided source through this one
func (*MockSource) Run ¶
func (m *MockSource) Run() chan error
Run executes processing of packets in the background, mimicking the function of an actual kernel packet ring buffer
func (*MockSource) RunNoDrain ¶
func (m *MockSource) RunNoDrain() chan error
RunNoDrain acts as a high-throughput mode to allow continuous reading the same data currently in the mock buffer without consuming it and with minimal overhead from handling the mock socket / semaphore It is intended to be used in benchmarks using the mock source to minimize measurement noise from the mock implementation itself
type Option ¶
type Option func(*Source)
Option denotes a functional option for the Source
func CaptureLength ¶
func CaptureLength(strategy link.CaptureLengthStrategy) Option
CaptureLength sets a snapLen / capture length (max. number of bytes captured per packet)
func Promiscuous ¶
Promiscuous enables / disables promiscuous capture mode
type Source ¶
Source denotes a plain AF_PACKET capture source
func NewSourceFromLink ¶
NewSourceFromLink instantiates a new AF_PACKET capture source taking an existing link instance
func (*Source) NewPacket ¶
NewPacket creates an empty "buffer" packet to be used as destination for the NextPacket() / NextPayload() / NextIPPacket() methods (the latter two by calling .Payload() / .IPLayer() on the created buffer). It ensures that a valid packet of appropriate structure / length is created
func (*Source) NextIPPacket ¶
func (s *Source) NextIPPacket(pBuf capture.IPLayer) (capture.IPLayer, capture.PacketType, uint32, error)
NextIPPacket receives the IP layer of the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" IPLayer is provided it will be populated with the data (and returned). The buffer can be reused. Otherwise a new IPLayer is allocated.
func (*Source) NextPacket ¶
NextPacket receives the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" Packet is provided it will be populated with the data (and returned). The buffer packet can be reused. Otherwise a new Packet is allocated.
func (*Source) NextPacketFn ¶
func (s *Source) NextPacketFn(fn func(payload []byte, totalLen uint32, pktType capture.PacketType, ipLayerOffset byte) error) error
NextPacketFn executes the provided function on the next packet received on the source. If possible, the operation should provide a zero-copy way of interaction with the payload / metadata. All operations on the data must be completed prior to any subsequent call to any Next*() method.
func (*Source) NextPayload ¶
NextPayload receives the raw payload of the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" byte slice / payload is provided it will be populated with the data (and returned). The buffer can be reused. Otherwise a new byte slice / payload is allocated.