afpacket

package

v1.0.4 Latest Latest Go to latest Published: Apr 9, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fako1024/slimcap

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package afpacket implements a capture.Source that allows reading network packets from Linux network interfaces via the AF_PACKET mechanism. This implementation relies on performing repeated `recvfrom()` calls to the allocated socket to fetch packets one by one. Consequently, the performance / trhoughput is limited and it should only be used for educational / experimental purposed. For production-level packet capture, use the `afring` package instead.

Index ¶

Constants
type MockSource
- func NewMockSource(_ string, options ...Option) (*MockSource, error)
type Option
- func CaptureLength(strategy link.CaptureLengthStrategy) Option
- func Promiscuous(enable bool) Option
type Source
- func NewSource(iface string, options ...Option) (*Source, error)
- func NewSourceFromLink(link *link.Link, options ...Option) (*Source, error)

Constants ¶

View Source

const (
	DefaultSnapLen = (1 << 16) // DefaultSnapLen : 64 kiB
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MockSource ¶

type MockSource struct {
	*Source

	MockFd *socket.MockFileDescriptor
	// contains filtered or unexported fields
}

MockSource denotes a fully mocked direct AF_PACKET source, behaving just like one Since it wraps a regular Source, it can be used as a stand-in replacement without any further code modifications:

src, err := afpacket.NewSource("eth0", <options>...) ==> src, err := afpacket.NewMockSource("eth0", <options>...)

func NewMockSource ¶

func NewMockSource(_ string, options ...Option) (*MockSource, error)

NewMockSource instantiates a new mock direct AF_PACKET source, wrapping a regular Source

func (*MockSource) AddPacket ¶

func (m *MockSource) AddPacket(pkt capture.Packet) error

AddPacket adds a new mock packet to the source This can happen prior to calling run or continuously while consuming data

func (*MockSource) AddPacketFromSource ¶

func (m *MockSource) AddPacketFromSource(src capture.Source) error

AddPacketFromSource consumes a single packet from the provided source and adds it to the source This can happen prior to calling run or continuously while consuming data

func (*MockSource) CanAddPackets ¶

func (m *MockSource) CanAddPackets() bool

CanAddPackets returns if any more packets can be added to the mock source (allowing to non-blockingly assert if the buffer / channel is full or will be on the next operation)

func (*MockSource) Close ¶

func (m *MockSource) Close() error

Close stops / closes the capture source

func (*MockSource) Done ¶

func (m *MockSource) Done()

Done notifies the mock source that no more mock packets will be added, causing the ring buffer filling routine / channel to terminate once all packets have been written to the ring buffer

func (*MockSource) PacketAddCallbackFn ¶

func (m *MockSource) PacketAddCallbackFn(fn func(payload []byte, totalLen uint32, pktType, ipLayerOffset byte)) *MockSource

PacketAddCallbackFn provides an optional callback function that is called when a packet is added to the mock source (e.g. to build a reference for comparison)

func (*MockSource) Pipe ¶

func (m *MockSource) Pipe(src capture.Source, doneReadingChan chan struct{}) chan error

Pipe continuously pipes packets from the provided source through this one

func (*MockSource) Run ¶

func (m *MockSource) Run() chan error

Run executes processing of packets in the background, mimicking the function of an actual kernel packet ring buffer

func (*MockSource) RunNoDrain ¶

func (m *MockSource) RunNoDrain() chan error

RunNoDrain acts as a high-throughput mode to allow continuous reading the same data currently in the mock buffer without consuming it and with minimal overhead from handling the mock socket / semaphore It is intended to be used in benchmarks using the mock source to minimize measurement noise from the mock implementation itself

type Option ¶

type Option func(*Source)

Option denotes a functional option for the Source

func CaptureLength ¶

func CaptureLength(strategy link.CaptureLengthStrategy) Option

CaptureLength sets a snapLen / capture length (max. number of bytes captured per packet)

func Promiscuous ¶

func Promiscuous(enable bool) Option

Promiscuous enables / disables promiscuous capture mode

type Source ¶

type Source struct {
	sync.Mutex
	// contains filtered or unexported fields
}

Source denotes a plain AF_PACKET capture source

func NewSource ¶

func NewSource(iface string, options ...Option) (*Source, error)

NewSource instantiates a new AF_PACKET capture source

func NewSourceFromLink ¶

func NewSourceFromLink(link *link.Link, options ...Option) (*Source, error)

NewSourceFromLink instantiates a new AF_PACKET capture source taking an existing link instance

func (*Source) Close ¶

func (s *Source) Close() error

Close stops / closes the capture source

func (*Source) Link ¶

func (s *Source) Link() *link.Link

Link returns the underlying link

func (*Source) NewPacket ¶

func (s *Source) NewPacket() capture.Packet

NewPacket creates an empty "buffer" packet to be used as destination for the NextPacket() / NextPayload() / NextIPPacket() methods (the latter two by calling .Payload() / .IPLayer() on the created buffer). It ensures that a valid packet of appropriate structure / length is created

func (*Source) NextIPPacket ¶

func (s *Source) NextIPPacket(pBuf capture.IPLayer) (capture.IPLayer, capture.PacketType, uint32, error)

NextIPPacket receives the IP layer of the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" IPLayer is provided it will be populated with the data (and returned). The buffer can be reused. Otherwise a new IPLayer is allocated.

func (*Source) NextPacket ¶

func (s *Source) NextPacket(pBuf capture.Packet) (capture.Packet, error)

NextPacket receives the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" Packet is provided it will be populated with the data (and returned). The buffer packet can be reused. Otherwise a new Packet is allocated.

func (*Source) NextPacketFn ¶

func (s *Source) NextPacketFn(fn func(payload []byte, totalLen uint32, pktType capture.PacketType, ipLayerOffset byte) error) error

NextPacketFn executes the provided function on the next packet received on the source. If possible, the operation should provide a zero-copy way of interaction with the payload / metadata. All operations on the data must be completed prior to any subsequent call to any Next*() method.

func (*Source) NextPayload ¶

func (s *Source) NextPayload(pBuf []byte) ([]byte, byte, uint32, error)

NextPayload receives the raw payload of the next packet from the source and returns it. The operation is blocking. In case a non-nil "buffer" byte slice / payload is provided it will be populated with the data (and returned). The buffer can be reused. Otherwise a new byte slice / payload is allocated.

func (*Source) Stats ¶

func (s *Source) Stats() (capture.Stats, error)

Stats returns (and clears) the packet counters of the underlying source

func (*Source) Unblock ¶

func (s *Source) Unblock() error

Unblock ensures that a potentially ongoing blocking poll operation is released (returning an ErrCaptureUnblock from any potentially ongoing call to Next*() that might currently be blocked)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL