sniffer

package

v0.0.0-...-7a53ea4 Latest Latest Go to latest Published: Apr 20, 2020 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/honeycombio/honeycomb-tcpagent

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewStreamFactory(cf ConsumerFactory) *streamFactory
type Consumer
type ConsumerFactory
type Context
- func (c *Context) GetCaptureInfo() gopacket.CaptureInfo
type IPPortTuple
- func NewIPPortTuple(net_, transport gopacket.Flow) IPPortTuple
- func (t IPPortTuple) Reverse() IPPortTuple
type Message
type MessageStream
type Options
type Sniffer
- func New(options Options, cf ConsumerFactory) (*Sniffer, error)
- func (sniffer *Sniffer) Run() error
type Stream

Constants ¶

View Source

const (
	PCap     = "pcap"
	Afpacket = "af_packet"
	Offline  = "offline"
)

Variables ¶

This section is empty.

Functions ¶

func NewStreamFactory ¶

func NewStreamFactory(cf ConsumerFactory) *streamFactory

Types ¶

type Consumer ¶

type Consumer interface {
	On(MessageStream)
}

type ConsumerFactory ¶

type ConsumerFactory interface {
	New(flow IPPortTuple) Consumer
	BPFFilter() string
}

TODO: this is kind of a messy API

type Context ¶

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

func (*Context) GetCaptureInfo ¶

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

type IPPortTuple ¶

type IPPortTuple struct {
	SrcIP   net.IP
	DstIP   net.IP
	SrcPort uint16
	DstPort uint16
}

func NewIPPortTuple ¶

func NewIPPortTuple(net_, transport gopacket.Flow) IPPortTuple

func (IPPortTuple) Reverse ¶

func (t IPPortTuple) Reverse() IPPortTuple

type Message ¶

type Message interface {
	Timestamp() time.Time
	Flow() IPPortTuple
	io.Reader
}

A Message represents a concatenated sequence of one or more consecutive TCP segments in one direction.

type MessageStream ¶

type MessageStream interface {
	Next() (Message, bool)
}

type Options ¶

type Options struct {
	SourceType   string `long:"type" default:"pcap" description:"Packet capture mechanism (pcap, af_packet or offline)"`
	Device       string `long:"device" description:"Network interface to listen on"`
	SnapLen      int    `long:"snaplen" default:"65535" description:"Capture snapshot length"`
	BufSizeMb    int    `long:"bufsize" description:"buffer size in megabytes" default:"32"`
	FlushTimeout int    `long:"flushtimeout" description:"Time in seconds to wait before flushing buffered data for a connection" default:"5"`
	PcapFile     string `long:"pcapfile" description:"For offline packet captures, path to pcap file"`
}

type Sniffer ¶

type Sniffer struct {
	// contains filtered or unexported fields
}

func New ¶

func New(options Options, cf ConsumerFactory) (*Sniffer, error)

func (*Sniffer) Run ¶

func (sniffer *Sniffer) Run() error

type Stream ¶

type Stream struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*Stream) Accept ¶

func (s *Stream) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir reassembly.TCPFlowDirection,
	ackSeq reassembly.Sequence, start *bool, ac reassembly.AssemblerContext) bool

func (*Stream) Next ¶

func (s *Stream) Next() (Message, bool)

Implements the MessageStream interface

func (*Stream) ReassembledSG ¶

func (s *Stream) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.AssemblerContext)

func (*Stream) ReassemblyComplete ¶

func (s *Stream) ReassemblyComplete(ac reassembly.AssemblerContext) bool

TODO: ensure this fully handles completion

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL