gopacket: github.com/google/gopacket/bsdbpf Index | Files

package bsdbpf

import "github.com/google/gopacket/bsdbpf"

Index

Package Files

bsd_bpf_sniffer.go

type BPFSniffer Uses

type BPFSniffer struct {
    // contains filtered or unexported fields
}

BPFSniffer is a struct used to track state of a BSD BPF ethernet sniffer such that gopacket's PacketDataSource interface is implemented.

func NewBPFSniffer Uses

func NewBPFSniffer(iface string, options *Options) (*BPFSniffer, error)

NewBPFSniffer is used to create BSD-only BPF ethernet sniffer iface is the network interface device name that you wish to sniff options can set to nil in order to utilize default values for everything. Each field of Options also have a default setting if left unspecified by the user's custome Options struct.

func (*BPFSniffer) Close Uses

func (b *BPFSniffer) Close() error

Close is used to close the file-descriptor of the BPF device file.

func (*BPFSniffer) GetReadBufLen Uses

func (b *BPFSniffer) GetReadBufLen() int

GetReadBufLen returns the BPF read buffer length

func (*BPFSniffer) ReadPacketData Uses

func (b *BPFSniffer) ReadPacketData() ([]byte, gopacket.CaptureInfo, error)

type Options Uses

type Options struct {
    // BPFDeviceName is name of the bpf device to use for sniffing
    // the network device. The default value of BPFDeviceName is empty string
    // which causes the first available BPF device file /dev/bpfX to be used.
    BPFDeviceName string
    // ReadBufLen specifies the size of the buffer used to read packets
    // off the wire such that multiple packets are buffered with each read syscall.
    // Note that an individual packet larger than the buffer size is necessarily truncated.
    // A larger buffer should increase performance because fewer read syscalls would be made.
    // If zero is used, the system's default buffer length will be used which depending on the
    // system may default to 4096 bytes which is not big enough to accomodate some link layers
    // such as WLAN (802.11).
    // ReadBufLen defaults to 32767... however typical BSD manual pages for BPF indicate that
    // if the requested buffer size cannot be accommodated, the closest allowable size will be
    // set and returned... hence our GetReadBufLen method.
    ReadBufLen int
    // Timeout is the length of time to wait before timing out on a read request.
    // Timeout defaults to nil which means no timeout is used.
    Timeout *syscall.Timeval
    // Promisc is set to true for promiscuous mode ethernet sniffing.
    // Promisc defaults to true.
    Promisc bool
    // Immediate is set to true to make our read requests return as soon as a packet becomes available.
    // Otherwise, a read will block until either the kernel buffer becomes full or a timeout occurs.
    // The default is true.
    Immediate bool
    // PreserveLinkAddr is set to false if the link level source address should be filled in automatically
    // by the interface output routine. Set to true if the link level source address will be written,
    // as provided, to the wire.
    // The default is true.
    PreserveLinkAddr bool
}

Options is used to configure various properties of the BPF sniffer. Default values are used when a nil Options pointer is passed to NewBPFSniffer.

Package bsdbpf imports 7 packages (graph). Updated 2018-11-15 with GOOS=darwin. Refresh now. Tools for package owners.