types

package
v0.0.0-...-53421ca Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2019 License: GPL-3.0 Imports: 8 Imported by: 43

Documentation

Overview

Honeybadger types package

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Event 

type Event struct {
	Type        string
	PacketCount uint64
	Flow        TcpIpFlow
	Time        time.Time
	HijackSeq   uint32
	HijackAck   uint32
	Payload     []byte
	Winner      []byte
	Loser       []byte
	Base        Sequence
	Start       Sequence
	End         Sequence
}

type HashedTcpIpv4Flow 

type HashedTcpIpv4Flow struct {
	Src uint64
	Dst uint64
}

func NewHashedTcpIpv4Flow 

func NewHashedTcpIpv4Flow(flow *TcpIpFlow) HashedTcpIpv4Flow

NewHashedTcpIpv4Flow returns a comparable struct given a flow struct

type HashedTcpIpv6Flow 

type HashedTcpIpv6Flow struct {
	// ipv6 16 bytes + tcp port 2 bytes == 18
	Src [18]byte
	Dst [18]byte
}

func NewHashedTcpIpv6Flow 

func NewHashedTcpIpv6Flow(flow *TcpIpFlow) HashedTcpIpv6Flow

NewHashedTcpIpv6Flow returns a comparable struct given a flow struct

type Logger 

type Logger interface {
	Log(r *Event)
}

type PacketDataSourceCloser 

type PacketDataSourceCloser interface {
	// ReadPacketData returns the next packet available from this data source.
	// It returns:
	//  data:  The bytes of an individual packet.
	//  ci:  Metadata about the capture
	//  err:  An error encountered while reading packet data.  If err != nil,
	//    then data/ci will be ignored.
	ReadPacketData() (data []byte, ci gopacket.CaptureInfo, err error)
	// Close closes the ethernet sniffer and returns nil if no error was found.
	Close() error
}

PacketDataSource is an interface for some source of packet data.

type PacketLogger 

type PacketLogger interface {
	WritePacket(rawPacket []byte, timestamp time.Time)
	Start()
	Stop()
	Remove()
	Archive()
	SetFileWriter(io.WriteCloser)
}

type PacketLoggerFactory 

type PacketLoggerFactory interface {
	Build(*TcpIpFlow) PacketLogger
}

type PacketManifest 

type PacketManifest struct {
	Timestamp time.Time
	Flow      *TcpIpFlow
	RawPacket []byte
	Ethernet  *layers.Ethernet
	IPv4      *layers.IPv4
	IPv6      *layers.IPv6
	TCP       *layers.TCP
	Payload   gopacket.Payload
}

PacketManifest is used to send parsed packets via channels to other goroutines

func (PacketManifest) String 

func (p PacketManifest) String() string

type PacketSource 

type PacketSource interface {
	Start()
	Stop()
	SetSupervisor(Supervisor)
	GetStartedChan() chan bool // used for unit tests
}

type Reassembly 

type Reassembly struct {
	// Seq is the TCP sequence number for this segment
	Seq Sequence

	// Bytes is the next set of bytes in the stream.  May be empty.
	Bytes []byte
	// Skip is set to non-zero if bytes were skipped between this and the
	// last Reassembly.  If this is the first packet in a connection and we
	// didn't see the start, we have no idea how many bytes we skipped, so
	// we set it to -1.  Otherwise, it's set to the number of bytes skipped.
	Skip int
	// Start is set if this set of bytes has a TCP SYN accompanying it.
	Start bool
	// End is set if this set of bytes has a TCP FIN or RST accompanying it.
	End bool
	// IsOrderCoalesce is set if this stream segment was originally received
	// out of order and the later coalesced into the stream.
	IsCoalesce bool
	// IsCoalesceGap is set if this stream segment was the catalyzing segment
	// for triggering the coalescing of latent out-of-order packets.
	IsCoalesceGap bool
	// Seen is the timestamp this set of bytes was pulled off the wire.
	Seen time.Time
}

Reassembly is used to represent a TCP segment

func (Reassembly) String 

func (r Reassembly) String() string

String returns a string representation of Reassembly

type Ring 

type Ring struct {
	Reassembly *Reassembly
	// contains filtered or unexported fields
}

A Ring is an element of a circular list, or ring. Rings do not have a beginning or end; a pointer to any ring element serves as reference to the entire ring. Empty rings are represented as nil Ring pointers.

func NewRing 

func NewRing(n int) *Ring

NewRing creates a ring of n elements.

func (*Ring) Count 

func (r *Ring) Count() int

Count computes the number of none nil Reassembly structs populating the ring

func (*Ring) Len 

func (r *Ring) Len() int

Len computes the number of elements in ring r. It executes in time proportional to the number of elements.

func (*Ring) Next 

func (r *Ring) Next() *Ring

Next returns the next ring element. r must not be empty.

func (*Ring) Prev 

func (r *Ring) Prev() *Ring

Prev returns the previous ring element. r must not be empty.

type Sequence 

type Sequence int64

Sequence is a TCP sequence number. It provides a few convenience functions for handling TCP wrap-around. The sequence should always be in the range [0,0xFFFFFFFF]... its other bits are simply used in wrap-around calculations and should never be set. 

const (
	InvalidSequence Sequence = Sequence(-1)
)

func (Sequence) Add 

func (s Sequence) Add(t int) Sequence

Add adds an integer to a sequence and returns the resulting sequence.

func (Sequence) Difference 

func (s Sequence) Difference(t Sequence) int

Difference defines an ordering for comparing TCP sequences that's safe for roll-overs. It returns: 

> 0 : if t comes after s
< 0 : if t comes before s
  0 : if t == s

The number returned is the sequence difference, so 4.Difference(8) will return 4.

It handles rollovers by considering any sequence in the first quarter of the uint32 space to be after any sequence in the last quarter of that space, thus wrapping the uint32 space.

func (Sequence) Equals 

func (s Sequence) Equals(t Sequence) bool

Equals returns true if s == t

func (Sequence) GreaterThan 

func (s Sequence) GreaterThan(t Sequence) bool

GreaterThan returns true if s > t

func (Sequence) GreaterThanOrEqual 

func (s Sequence) GreaterThanOrEqual(t Sequence) bool

GreaterThanOrEqual returns true if s >= t

func (Sequence) LessThan 

func (s Sequence) LessThan(t Sequence) bool

LessThan returns true if s < t

func (Sequence) LessThanOrEqual 

func (s Sequence) LessThanOrEqual(t Sequence) bool

LessThanOrEqual returns true if s <= t

type SnifferDriverOptions 

type SnifferDriverOptions struct {
	DAQ          string
	Filename     string
	Device       string
	Snaplen      int32
	WireDuration time.Duration
	Filter       string
}

type Supervisor 

type Supervisor interface {
	Stopped()
	Run()
}

type TcpIpFlow 

type TcpIpFlow struct {
	// contains filtered or unexported fields
}

TcpIpFlow is used for tracking unidirectional TCP flows

func NewTcpIp4FlowFromLayers 

func NewTcpIp4FlowFromLayers(ipLayer layers.IPv4, tcpLayer layers.TCP) *TcpIpFlow

NewTcpIp4FlowFromLayers given IPv4 and TCP layers it returns a TcpIpFlow

func NewTcpIp6FlowFromLayers 

func NewTcpIp6FlowFromLayers(ipLayer layers.IPv6, tcpLayer layers.TCP) *TcpIpFlow

NewTcpIp6FlowFromLayers given IPv6 and TCP layers it returns a TcpIpFlow

func NewTcpIpFlowFromFlows 

func NewTcpIpFlowFromFlows(netFlow gopacket.Flow, tcpFlow gopacket.Flow) TcpIpFlow

NewTcpIpFlowFromFlows given a net flow (either ipv4 or ipv6) and TCP flow returns a TcpIpFlow

func NewTcpIpFlowFromPacket 

func NewTcpIpFlowFromPacket(packet []byte) (*TcpIpFlow, error)

getPacketFlow returns a TcpIpFlow struct given a byte array packet

func (*TcpIpFlow) Equal 

func (t *TcpIpFlow) Equal(s *TcpIpFlow) bool

Equal returns true if TcpIpFlow structs t and s are equal. False otherwise.

func (*TcpIpFlow) Flows 

func (t *TcpIpFlow) Flows() (gopacket.Flow, gopacket.Flow)

Flows returns the component flow structs IPv4, TCP

func (*TcpIpFlow) Reverse 

func (t *TcpIpFlow) Reverse() TcpIpFlow

Reverse returns a reversed TcpIpFlow, that is to say the resulting TcpIpFlow flow will be made up of a reversed IP flow and a reversed TCP flow.

func (TcpIpFlow) String 

func (t TcpIpFlow) String() string

String returns the string representation of a TcpIpFlow

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.