HoneyBadger: github.com/david415/HoneyBadger/types Index | Files

package types

import "github.com/david415/HoneyBadger/types"

Honeybadger types package


Package Files

events.go flow.go packet_source.go reassembly.go ring.go sequence.go

type Event Uses

type Event struct {
    Type        string
    PacketCount uint64
    Flow        TcpIpFlow
    Time        time.Time
    HijackSeq   uint32
    HijackAck   uint32
    Payload     []byte
    Winner      []byte
    Loser       []byte
    Base        Sequence
    Start       Sequence
    End         Sequence

type HashedTcpIpv4Flow Uses

type HashedTcpIpv4Flow struct {
    Src uint64
    Dst uint64

func NewHashedTcpIpv4Flow Uses

func NewHashedTcpIpv4Flow(flow *TcpIpFlow) HashedTcpIpv4Flow

NewHashedTcpIpv4Flow returns a comparable struct given a flow struct

type HashedTcpIpv6Flow Uses

type HashedTcpIpv6Flow struct {
    // ipv6 16 bytes + tcp port 2 bytes == 18
    Src [18]byte
    Dst [18]byte

func NewHashedTcpIpv6Flow Uses

func NewHashedTcpIpv6Flow(flow *TcpIpFlow) HashedTcpIpv6Flow

NewHashedTcpIpv6Flow returns a comparable struct given a flow struct

type Logger Uses

type Logger interface {
    Log(r *Event)

type PacketDataSourceCloser Uses

type PacketDataSourceCloser interface {
    // ReadPacketData returns the next packet available from this data source.
    // It returns:
    //  data:  The bytes of an individual packet.
    //  ci:  Metadata about the capture
    //  err:  An error encountered while reading packet data.  If err != nil,
    //    then data/ci will be ignored.
    ReadPacketData() (data []byte, ci gopacket.CaptureInfo, err error)
    // Close closes the ethernet sniffer and returns nil if no error was found.
    Close() error

PacketDataSource is an interface for some source of packet data.

type PacketLogger Uses

type PacketLogger interface {
    WritePacket(rawPacket []byte, timestamp time.Time)

type PacketLoggerFactory Uses

type PacketLoggerFactory interface {
    Build(*TcpIpFlow) PacketLogger

type PacketManifest Uses

type PacketManifest struct {
    Timestamp time.Time
    Flow      *TcpIpFlow
    RawPacket []byte
    Ethernet  *layers.Ethernet
    IPv4      *layers.IPv4
    IPv6      *layers.IPv6
    TCP       *layers.TCP
    Payload   gopacket.Payload

PacketManifest is used to send parsed packets via channels to other goroutines

func (PacketManifest) String Uses

func (p PacketManifest) String() string

type PacketSource Uses

type PacketSource interface {
    GetStartedChan() chan bool // used for unit tests

type Reassembly Uses

type Reassembly struct {
    // Seq is the TCP sequence number for this segment
    Seq Sequence

    // Bytes is the next set of bytes in the stream.  May be empty.
    Bytes []byte
    // Skip is set to non-zero if bytes were skipped between this and the
    // last Reassembly.  If this is the first packet in a connection and we
    // didn't see the start, we have no idea how many bytes we skipped, so
    // we set it to -1.  Otherwise, it's set to the number of bytes skipped.
    Skip int
    // Start is set if this set of bytes has a TCP SYN accompanying it.
    Start bool
    // End is set if this set of bytes has a TCP FIN or RST accompanying it.
    End bool
    // IsOrderCoalesce is set if this stream segment was originally received
    // out of order and the later coalesced into the stream.
    IsCoalesce bool
    // IsCoalesceGap is set if this stream segment was the catalyzing segment
    // for triggering the coalescing of latent out-of-order packets.
    IsCoalesceGap bool
    // Seen is the timestamp this set of bytes was pulled off the wire.
    Seen time.Time

Reassembly is used to represent a TCP segment

func (Reassembly) String Uses

func (r Reassembly) String() string

String returns a string representation of Reassembly

type Ring Uses

type Ring struct {
    Reassembly *Reassembly
    // contains filtered or unexported fields

A Ring is an element of a circular list, or ring. Rings do not have a beginning or end; a pointer to any ring element serves as reference to the entire ring. Empty rings are represented as nil Ring pointers.

func NewRing Uses

func NewRing(n int) *Ring

NewRing creates a ring of n elements.

func (*Ring) Count Uses

func (r *Ring) Count() int

Count computes the number of none nil Reassembly structs populating the ring

func (*Ring) Len Uses

func (r *Ring) Len() int

Len computes the number of elements in ring r. It executes in time proportional to the number of elements.

func (*Ring) Next Uses

func (r *Ring) Next() *Ring

Next returns the next ring element. r must not be empty.

func (*Ring) Prev Uses

func (r *Ring) Prev() *Ring

Prev returns the previous ring element. r must not be empty.

type Sequence Uses

type Sequence int64

Sequence is a TCP sequence number. It provides a few convenience functions for handling TCP wrap-around. The sequence should always be in the range [0,0xFFFFFFFF]... its other bits are simply used in wrap-around calculations and should never be set.

const (
    InvalidSequence Sequence = Sequence(-1)

func (Sequence) Add Uses

func (s Sequence) Add(t int) Sequence

Add adds an integer to a sequence and returns the resulting sequence.

func (Sequence) Difference Uses

func (s Sequence) Difference(t Sequence) int

Difference defines an ordering for comparing TCP sequences that's safe for roll-overs. It returns:

> 0 : if t comes after s
< 0 : if t comes before s
  0 : if t == s

The number returned is the sequence difference, so 4.Difference(8) will return 4.

It handles rollovers by considering any sequence in the first quarter of the uint32 space to be after any sequence in the last quarter of that space, thus wrapping the uint32 space.

func (Sequence) Equals Uses

func (s Sequence) Equals(t Sequence) bool

Equals returns true if s == t

func (Sequence) GreaterThan Uses

func (s Sequence) GreaterThan(t Sequence) bool

GreaterThan returns true if s > t

func (Sequence) GreaterThanOrEqual Uses

func (s Sequence) GreaterThanOrEqual(t Sequence) bool

GreaterThanOrEqual returns true if s >= t

func (Sequence) LessThan Uses

func (s Sequence) LessThan(t Sequence) bool

LessThan returns true if s < t

func (Sequence) LessThanOrEqual Uses

func (s Sequence) LessThanOrEqual(t Sequence) bool

LessThanOrEqual returns true if s <= t

type SnifferDriverOptions Uses

type SnifferDriverOptions struct {
    DAQ          string
    Filename     string
    Device       string
    Snaplen      int32
    WireDuration time.Duration
    Filter       string

type Supervisor Uses

type Supervisor interface {

type TcpIpFlow Uses

type TcpIpFlow struct {
    // contains filtered or unexported fields

TcpIpFlow is used for tracking unidirectional TCP flows

func NewTcpIp4FlowFromLayers Uses

func NewTcpIp4FlowFromLayers(ipLayer layers.IPv4, tcpLayer layers.TCP) *TcpIpFlow

NewTcpIp4FlowFromLayers given IPv4 and TCP layers it returns a TcpIpFlow

func NewTcpIp6FlowFromLayers Uses

func NewTcpIp6FlowFromLayers(ipLayer layers.IPv6, tcpLayer layers.TCP) *TcpIpFlow

NewTcpIp6FlowFromLayers given IPv6 and TCP layers it returns a TcpIpFlow

func NewTcpIpFlowFromFlows Uses

func NewTcpIpFlowFromFlows(netFlow gopacket.Flow, tcpFlow gopacket.Flow) TcpIpFlow

NewTcpIpFlowFromFlows given a net flow (either ipv4 or ipv6) and TCP flow returns a TcpIpFlow

func NewTcpIpFlowFromPacket Uses

func NewTcpIpFlowFromPacket(packet []byte) (*TcpIpFlow, error)

getPacketFlow returns a TcpIpFlow struct given a byte array packet

func (*TcpIpFlow) Equal Uses

func (t *TcpIpFlow) Equal(s *TcpIpFlow) bool

Equal returns true if TcpIpFlow structs t and s are equal. False otherwise.

func (*TcpIpFlow) Flows Uses

func (t *TcpIpFlow) Flows() (gopacket.Flow, gopacket.Flow)

Flows returns the component flow structs IPv4, TCP

func (*TcpIpFlow) Reverse Uses

func (t *TcpIpFlow) Reverse() TcpIpFlow

Reverse returns a reversed TcpIpFlow, that is to say the resulting TcpIpFlow flow will be made up of a reversed IP flow and a reversed TCP flow.

func (TcpIpFlow) String Uses

func (t TcpIpFlow) String() string

String returns the string representation of a TcpIpFlow

Package types imports 8 packages (graph) and is imported by 10 packages. Updated 2016-09-10. Refresh now. Tools for package owners.