packet

package module
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 21, 2022 License: MIT Imports: 31 Imported by: 2

README

packet

Implements layer 2, IPv4, IPv6, UDP, TCP and application level packet processing.

The motivation for this package is to enable fast, memory efficient parsing of network packets and tracking of LAN hosts. The package automatically track host IPs on the LAN and notifies when the IP is online offline.

Features

  • session: fast parsing of network packets without allocation
  • session: auto tracking of LAN hosts and host IP changes
  • session: notification of host online and offline
  • naming: host naming via various protocols dhcp, mdns, ssdp, nbns,
  • arp: module to spoof arp mac table
  • dhcp: module to spoof DHCP4 traffic on LAN
  • icmp6: module to spoof Local Link Address via Neigbour Discovery
  • fastlog: a custom log package to log network protocols

Fast parsing

The package is designed to operate in low power CPUs (i.e. ARM) and with limited memory. It uses memory mapped slices to provide direct access to protocol fields without copying to a new structure. This technique provides fast access to fields with zero allocation and the compiler inlines most protocol field functions to a memory reference.

Use Session to capture raw network packets

Session provides easy access to read raw packets from the wire. Session automatically places the nic in promiscuous mode so we receive all packets hiting the network card including packets sent by us.

	s, err := packet.NewSession("eth0")
	if err != nil {
		fmt.Printf("conn error: %s", err)
		return
	}
	defer s.Close()

	buffer := make([]byte, packet.EthMaxSize)
	for {
		n, _, err := s.ReadFrom(buffer)
		if err != nil {
			fmt.Println("error reading packet", err)
			return
		}
        // process packet...
    }

Use Parse() to map a raw packet into protocol types

Parse() provides a memory mapping of protocols to slices without copying or allocation. Given a network packet b that contains a udp frame inside an ip4 and ethernet frame, you can access all protocol fields after calling Parse(). Parse returns a Frame structure with accessor for all interesting bits.

  n, _, _ := s.ReadFrom(b)          // read network packet
  frame, err := session.Parse(b[:n]) // fast parse and set references
  ether := frame.Ether()            // memory mapped slice to access ether fields; return nil if not valid ethernet
  ip := frame.IP4()                 // memory mapped slice to access ipv4 fields; return nil if it does not contain IP4
  udp := frame.UDP()                // memory mapped slice to access udp fields; return nil if it does not contain UDP
  payload := frame.Payload()        // memory mapped slice to access payload

  fmt.Println("ether", ether.Src(), ether.Dst())
  fmt.Println("ip4", ip.Src(), ip.Dst())
  fmt.Println("udp", udp.SrcPort(), udp.DstPort())
  fmt.Printf("payloadID=%s payload=[%x]\n", frame.PayloadID, payload)

Payload identification

Frame contains a payload ID that identifies the last payload in the packet. In most cases, this will be the application protocol ID. For example, if the packet is a udp DHCP4 packet, PayloadID will return PayloadDHCP4 and Payload() will return a slice to the DHCP4 packet.

    frame, err := s.Parse(b[:n])
    // if err

    switch frame.PayloadID {
    case packet.PayloadARP: 
        // Process arp packets
    case packet.PayloadDHCP4: 
        // Process DHCPv4 packets
    }

IPv4 and IPv6 parsing

Working with IPv4, IPv6, UDP frames is fairly straight forward. For example:

  frame, err := packet.Parse(b[:n])
  if err != nil { panic(err)}
  
  // if you are only interested in mac and ip (either v4 or v6), 
  // frame.Src() and frame.Dst() are convenient structures to get this data.
  fmt.Println("srcAddr", frame.Src().MAC, frame.Src().IP) // will print source mac and ip
  fmt.Println("dstAddr", frame.Dst().MAC, frame.Dst().IP) // will print source mac and ip

  // if you are interested in the IPv4 fields
  if p := frame.IP4(); p != nil {
    // access ipv4 fields
    fmt.Println("version", p.Version(), "src", p.Src(), "dst", p.Dst(),"proto", p.Protocol(), "ttl", p.TTL())
  }

  // if you are intereste in the IPv6 fields
  if p := frame.IP6(); p != nil {
    fmt.Println("version", p.Version(), "src", p.Src(), "dst", p.Dst(),"nextHeader", p.NextHeader(), "hopLimit", p.HopLimit())
  }

  // if you are interested in UDP fields
  if p := frame.UDP(); p != nil {
    fmt.Println(p)
  }

Session provides notifications for Host online and offline

Session tracks when a host changes to online or offline and sends notifications via a go channel. The first time an IP is detected or when an existing host changes IP, Session sends an online notification via the notification channel. Similarly, if an IP is not seen on the network for 5 minutes or more, Session sends an offline notification via the notification channel.

s, err := packet.NewSession(*nic)
go func() {
    for {
        notification := <-s.C
        switch notification.Online {
        case true:
            fmt.Printf("is online: %s\n", notification)
        default:
            fmt.Printf("is offline: %s\n", notification)
        }
        s.PrintTable()
    }
}()

for {
    n, _, err := s.ReadFrom(buffer)
    if err != nil { panic(err) }

    frame, err := s.Parse(buffer[:n])
    // work on the packet...
}

arp spoofing

The package contains an arp_spoofer handler that can spoof the arp table on a target host. The handler will send poisoned arp packets continously to keep the arp cache pointing to us.

See example application below.

IPv6 icmp spoofing

The package contains an icmpv6_spoofer handler that can spoof the neighgor discovery protocol on a target host making all IPv6 traffic redirect to us. The handler will send poisoned icmpv6 packets continously to keep the ndp cache pointing to us.

See example application below.

DHCP4 server and spoofing

need notes refer to example dhcp server.

DNS naming

The package includes a dns_naming handler that creates a map of names to a mac address to simplify host identification.

Examples

arp spoofer
dhcpd
dnslistener
hosts
tcpdump

Credits

Thanks to the following individuals for making their outstanding source code available to all to learn and re-use.

Many other packages contributed ideas or "code reuse" and references to these are mentioned in the source code.

Documentation

Index

Constants

View Source 
const (
	ARPOperationRequest = 1
	ARPOperationReply   = 2
)

ARP Operation types

View Source 
const (
	DHCP4ServerPort = 67
	DHCP4ClientPort = 68
)

DHCP4 port numbers

View Source 
const (
	EthType8021AD = 0x88a8 // VLAN 802.1ad

	// Maximum ethernet II frame size is 1518 = 14 header + 1500 data + 8 802.ad (2x802.1Q tags)
	// see: https://en.wikipedia.org/wiki/Ethernet_frame#Ethernet_II
	EthMaxSize = 14 + 1500 + 8

	// Length of a link-layer address for Ethernet networks.
	EthAddrLen   = 6
	EthHeaderLen = 14
)
View Source 
const (
	ICMP4TypeEchoReply   = 0   // Echo Request
	ICMP4TypeEchoRequest = 8   // Echo Reply
	ICMP6TypeEchoRequest = 128 // Echo Request
	ICMP6TypeEchoReply   = 129 // Echo Reply
)
View Source 
const (
	Version      = 4  // protocol version
	HeaderLen    = 20 // header length without extension headers
	UDPHeaderLen = 8
)
View Source 
const (
	DefaultProbeDeadline   = time.Minute * 2  // probe IP every two minutes
	DefaultOfflineDeadline = time.Minute * 5  // set offline if not IP not seen for this long
	DefaultPurgeDeadline   = time.Minute * 61 // purge from table if not seen for this long
)

Default dealines

View Source 
const ARPLen = 8 + 2*6 + 2*4

ARPLen length is header + 2 * MACs + 2 IPs in theory MAC and IP len can vary

View Source 
const (
	IP6HeaderLen = 40 // IP6 header len
)
View Source 
const Infinity = time.Duration(0xffffffff) * time.Second

Infinity indicates that a prefix is valid for an infinite amount of time, unless a new, finite, value is received in a subsequent router advertisement.

Variables

View Source 
var (
	EthernetBroadcast = net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
	EthernetZero      = net.HardwareAddr{0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
)

ARP global variables

View Source 
var (
	Logger = fastlog.New(module)

	IPv4bcast = netip.MustParseAddr("255.255.255.255") // limited broadcast
	IPv4zero  = netip.MustParseAddr("0.0.0.0")
	IPv6zero  = netip.MustParseAddr("::")

	IP4Broadcast     = netip.MustParseAddr("255.255.255.255")
	IP4BroadcastAddr = Addr{MAC: EthBroadcast, IP: IP4Broadcast}

	EthBroadcast          = net.HardwareAddr{0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
	IP4AllNodesMulticast  = netip.MustParseAddr("224.0.0.1")
	Eth4AllNodesMulticast = net.HardwareAddr{0x01, 0x00, 0x5e, 0, 0, 0x01} // Ethernet multicast 01-00-5E plus low-order 23-bits of the IP address.
	IP4AllNodesAddr       = Addr{MAC: Eth4AllNodesMulticast, IP: IP4AllNodesMulticast}

	IP4AllRoutersMulticast = netip.MustParseAddr("224.0.0.2")
	Eth4RoutersMulticast   = net.HardwareAddr{0x01, 0x00, 0x5e, 0, 0, 0x02}

	Eth6AllNodesMulticast = net.HardwareAddr{0x33, 0x33, 0, 0, 0, 0x01}
	IP6AllNodesMulticast  = netip.AddrFrom16([16]byte{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
	IP6AllNodesAddr       = Addr{MAC: Eth6AllNodesMulticast, IP: IP6AllNodesMulticast}

	Eth6AllRoutersMulticast = net.HardwareAddr{0x33, 0x33, 0, 0, 0, 0x02}
	IP6AllRoutersMulticast  = netip.AddrFrom16([16]byte{0xff, 0x02, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
	IP6AllRoutersAddr       = Addr{MAC: Eth6AllRoutersMulticast, IP: IP6AllRoutersMulticast}

	IP6DefaultRouter = netip.AddrFrom16([16]byte{0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x01})
)

Global variables

View Source 
var (
	ErrInvalidLen    = errors.New("invalid len")
	ErrPayloadTooBig = errors.New("payload too big")
	ErrParseFrame    = errors.New("failed to parse frame")
	ErrParseProtocol = errors.New("invalid protocol")
	ErrFrameLen      = errors.New("invalid frame length")
	ErrInvalidConn   = errors.New("invalid connection")
	ErrInvalidIP     = errors.New("invalid ip")
	ErrInvalidMAC    = errors.New("invalid mac")
	ErrInvalidIP6LLA = errors.New("invalid ip6 lla")
	ErrNotFound      = errors.New("not found")
	ErrTimeout       = errors.New("timeout")
	ErrNotRedirected = errors.New("not redirected")
	ErrIsRouter      = errors.New("host is router")
	ErrNoReader      = errors.New("no reader")
	ErrInvalidParam  = errors.New("invalid parameter")
	ErrMulticastMAC  = errors.New("mac is multicast")
	ErrHandlerClosed = errors.New("handler is closed")
)

Sentinel errors

View Source 
var (
	DNSv4CloudFlare1       = netip.MustParseAddr("1.1.1.2") // malware
	DNSv6Cloudflare1       = netip.AddrFrom16([16]byte{0x26, 0x06, 0x47, 0x00, 0x47, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0x11, 0x11})
	DNSv4CloudFlare2       = netip.MustParseAddr("1.0.0.2") // malware
	DNSv6Cloudflare2       = netip.AddrFrom16([16]byte{0x26, 0x06, 0x47, 0x00, 0x47, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0x10, 0x01})
	DNSv4CloudFlareFamily1 = netip.MustParseAddr("1.1.1.3") // malware and adult sites
	DNSv4CloudFlareFamily2 = netip.MustParseAddr("1.0.0.3") // malware and adult sites

	// OpenDNS
	OpenDNS1 = netip.MustParseAddr("208.67.222.123")
	OpenDNS2 = netip.MustParseAddr("208.67.220.123")
)

CLoudFlare family https://developers.cloudflare.com/1.1.1.1/1.1.1.1-for-families

View Source 
var EtherBufferPool = sync.Pool{New: func() interface{} { return new([EthMaxSize]byte) }}

EtherBufferPool implemts a simple buffer pool for Ethernet packets

Functions

func Checksum 

func Checksum(b []byte) uint16

Checksum calculate IP4, ICMP6 checksum In network format already

func CopyBytes 

func CopyBytes(b []byte) []byte

CopyBytes simply copies a mac address to a new buffer with the same len

func CopyIP 

func CopyIP(srcIP net.IP) net.IP

CopyIP simply copies the IP to a new buffer Always return len 16 - using go internal 16 bytes for ipv4

func CopyMAC 

func CopyMAC(srcMAC net.HardwareAddr) net.HardwareAddr

CopyMAC simply copies a mac address to a new buffer with the same len

func Dial added in v0.3.0 

func Dial(ifi *net.Interface) (*packetConn, error)

Dial creates a net.PacketConn which can be used to send and receive data at the device driver level.

func EnableIP4Forwarding added in v0.3.1 

func EnableIP4Forwarding(nic string) error

func ExecPing added in v0.3.0 

func ExecPing(ip string) (err error)

ExecPing execute /usr/bin/ping

This is usefull when engine is not yet running and you need to populate the local arp/ndp cache If passing an IPv6 LLA, then must pass the scope as in "fe80::1%eth0"

func FindManufacturer added in v0.3.0 

func FindManufacturer(mac net.HardwareAddr) (name string)

FindManufacturer locates the manufacturer name using the first 24bits of the mac address.

func GetLinuxDefaultGateway added in v0.3.0 

func GetLinuxDefaultGateway() (gw netip.Addr, err error)

GetLinuxDefaultGateway read the default gateway from linux route file

file: /proc/net/route file: 

Iface   Destination Gateway     Flags   RefCnt  Use Metric  Mask
eth0    00000000    C900A8C0    0003    0   0   100 00000000    0   00
eth0    0000A8C0    00000000    0001    0   0   100 00FFFFFF    0   00

func ICMP6NeighborAdvertisementMarshal added in v0.3.0 

func ICMP6NeighborAdvertisementMarshal(router bool, solicited bool, override bool, targetAddr Addr) []byte

func ICMP6NeighborSolicitationMarshal added in v0.3.0 

func ICMP6NeighborSolicitationMarshal(targetAddr netip.Addr, sourceLLA net.HardwareAddr) ([]byte, error)

func IPv6NewLLA 

func IPv6NewLLA(mac net.HardwareAddr) net.IP

IPv6NewLLA produce a local link layer address with an EUI-64 value for mac. Reference: https://packetlife.net/blog/2008/aug/4/eui-64-ipv6/.

func IPv6NewULA 

func IPv6NewULA(mac net.HardwareAddr, subnet uint16) (*net.IPNet, error)

IPv6NewULA create a universal local address Usefule to create a IPv6 prefix when there is no global IPv6 routing

func IsUnicastMAC added in v0.3.0 

func IsUnicastMAC(mac net.HardwareAddr) bool

IsUnicastMAC return true if the mac address is unicast

Bit 0 in the first octet is reserved for broadcast or multicast traffic. When we have unicast traffic this bit will be set to 0. For broadcast or multicast traffic this bit will be set to 1.

func LinuxConfigureInterface added in v0.3.0 

func LinuxConfigureInterface(nic string, hostIP netip.Prefix, newIP netip.Prefix, gw netip.Prefix) error

func NewServerConn added in v0.3.0 

func NewServerConn(ifi *net.Interface, proto uint16, cfg SocketConfig) (*packetConn, error)

NewServerConn creates a net.PacketConn which can be used to send and receive data at the device driver level.

func OptionsLeaseTime added in v0.4.0 

func OptionsLeaseTime(d time.Duration) []byte

optionsLeaseTime - converts a time.Duration to a 4 byte slice, compatible with OptionIPAddressLeaseTime.

func Process8023Frame added in v0.3.0 

func Process8023Frame(frame Frame, pos int) (int, int, error)

process8023Frame handle general layer 2 packets in Ethernet 802.3 format.

see https://macaddress.io/faq/how-to-recognise-an-ieee-802-1x-mac-address-application see https://networkengineering.stackexchange.com/questions/64757/unknown-ethertype see https://www.mit.edu/~map/Ethernet/multicast.html

func ServerIsReacheable added in v0.3.0 

func ServerIsReacheable(ctx context.Context, serverIP net.IP) (err error)

ServerIsReacheable attemps to resolve "google.com" using the serverIP. It return nil if okay or error if server is unreachable.

func SrcMAC added in v0.3.0 

func SrcMAC(b []byte) net.HardwareAddr

SrcMAC returns the src mac address from an ethernet packet. This is convenience function with just length validation.

func TestNewBufferedConn 

func TestNewBufferedConn() (a *bufferedPacketConn, b *bufferedPacketConn)

TestNewBufferedConn create a mem conn for testing

func TestReadAndDiscardLoop 

func TestReadAndDiscardLoop(conn net.PacketConn) error

TestReadAndDiscardLoop is a helper function to cleanup buffer

Types

type ARP added in v0.4.0 

type ARP []byte

ARP provides access to ARP fields without copying the structure.

func EncodeARP added in v0.4.0 

func EncodeARP(b []byte, operation uint16, srcAddr Addr, dstAddr Addr) ARP

EncodeARP creates a wire ARP frame ready for transmission see format: https://en.wikipedia.org/wiki/Address_Resolution_Protocol

func (ARP) DstIP added in v0.4.0 

func (b ARP) DstIP() netip.Addr

func (ARP) DstMAC added in v0.4.0 

func (b ARP) DstMAC() net.HardwareAddr

func (ARP) FastLog added in v0.4.0 

func (b ARP) FastLog(line *fastlog.Line) *fastlog.Line

func (ARP) HLen added in v0.4.0 

func (b ARP) HLen() uint8

func (ARP) HType added in v0.4.0 

func (b ARP) HType() uint16

func (ARP) IsValid added in v0.4.0 

func (b ARP) IsValid() error

func (ARP) Operation added in v0.4.0 

func (b ARP) Operation() uint16

func (ARP) PLen added in v0.4.0 

func (b ARP) PLen() uint8

func (ARP) Proto added in v0.4.0 

func (b ARP) Proto() uint16

func (ARP) SrcIP added in v0.4.0 

func (b ARP) SrcIP() netip.Addr

func (ARP) SrcMAC added in v0.4.0 

func (b ARP) SrcMAC() net.HardwareAddr

func (ARP) String added in v0.4.0 

func (b ARP) String() string

type Addr 

type Addr struct {
	MAC  net.HardwareAddr
	IP   netip.Addr
	Port uint16
}

Addr is a common type to hold the IP and MAC pair

func GetIP4DefaultGatewayAddr added in v0.3.0 

func GetIP4DefaultGatewayAddr(nic string) (addr Addr, err error)

GetIP4DefaultGatewayAddr return the IP4 default gatewy for nic

func IPv6SolicitedNode 

func IPv6SolicitedNode(lla netip.Addr) Addr

func LoadLinuxARPTable added in v0.3.0 

func LoadLinuxARPTable(nic string) (list []Addr, err error)

LoadLinuxARPTable read arp entries from linux proc file

/proc/net/arp format: 

IP address       HW type     Flags       HW address            Mask     Device
192.168.0.1      0x1         0x2         20:0c:c8:23:f7:1a     *        eth0
192.168.0.4      0x1         0x2         4c:bb:58:f4:b2:d7     *        eth0
192.168.0.5      0x1         0x2         84:b1:53:ea:1f:40     *        eth0

func (Addr) FastLog added in v0.2.0 

func (a Addr) FastLog(l *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface.

func (Addr) Netip added in v0.3.0 

func (a Addr) Netip() netip.Addr

func (Addr) Network 

func (a Addr) Network() string

Network returns the address's network name, "raw".

func (Addr) String 

func (a Addr) String() string

String returns the address's hardware address.

type AddrList 

type AddrList struct {
	// contains filtered or unexported fields
}

AddrList manages a goroutine safe set for adding and removing mac addresses

func (*AddrList) Add 

func (s *AddrList) Add(addr Addr) error

Add adds a mac to set

func (*AddrList) Del 

func (s *AddrList) Del(addr Addr) error

Del deletes the mac from set

func (*AddrList) Index 

func (s *AddrList) Index(mac net.HardwareAddr) int

Index returns -1 if mac is not found; otherwise returns the position in set

func (*AddrList) Len 

func (s *AddrList) Len() int

type Config added in v0.3.0 

type Config struct {
	Conn            net.PacketConn // override underlying connection - useful for testing
	NICInfo         *NICInfo       // override nic information - set to non nil to create a test Handler
	ProbeDeadline   time.Duration  // override probe deadline
	OfflineDeadline time.Duration  // override offline deadline
	PurgeDeadline   time.Duration  // override purge deadline
}

Config contains configurable parameters that overide package defaults

func (Config) NewSession added in v0.3.0 

func (config Config) NewSession(nic string) (session *Session, err error)

NewSession accepts a configuration structure and returns a session to read and write raw packets from the network interface card.

type DHCP4 added in v0.4.0 

type DHCP4 []byte

DHCP4 represents a dhcp version 4 packet.

func EncodeDHCP4 added in v0.4.0 

func EncodeDHCP4(b []byte, opcode DHCP4OpCode, mt DHCP4MessageType, chaddr net.HardwareAddr, ciaddr netip.Addr, yiaddr netip.Addr, xid []byte, broadcast bool, options DHCP4Options, order []byte) DHCP4

EncodeDHCP4 returns the underlying slice as a DHCP4 frame. The returned slice is adjusted to the length of the DHCP frame. When replying to a DHCP request, you can pass nil to chaddr, ciaddr, yiadd, and xid to keep the underlying values.

func (DHCP4) AppendOptions added in v0.4.0 

func (p DHCP4) AppendOptions(options DHCP4Options, order []byte) int

func (DHCP4) Broadcast added in v0.4.0 

func (p DHCP4) Broadcast() bool

func (DHCP4) CHAddr added in v0.4.0 

func (p DHCP4) CHAddr() net.HardwareAddr

func (DHCP4) CIAddr added in v0.4.0 

func (p DHCP4) CIAddr() netip.Addr

func (DHCP4) Cookie added in v0.4.0 

func (p DHCP4) Cookie() []byte

func (DHCP4) FastLog added in v0.4.0 

func (p DHCP4) FastLog(line *fastlog.Line) *fastlog.Line

func (DHCP4) File added in v0.4.0 

func (p DHCP4) File() []byte

func (DHCP4) Flags added in v0.4.0 

func (p DHCP4) Flags() uint16

func (DHCP4) GIAddr added in v0.4.0 

func (p DHCP4) GIAddr() netip.Addr

func (DHCP4) HLen added in v0.4.0 

func (p DHCP4) HLen() byte

func (DHCP4) HType added in v0.4.0 

func (p DHCP4) HType() byte

func (DHCP4) Hops added in v0.4.0 

func (p DHCP4) Hops() byte

func (DHCP4) IsValid added in v0.4.0 

func (p DHCP4) IsValid() error

func (DHCP4) OpCode added in v0.4.0 

func (p DHCP4) OpCode() DHCP4OpCode

DHCPv4 frame format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | op (1) | htype (1) | hlen (1) | hops (1) | +---------------+---------------+---------------+---------------+ | xid (4) | +-------------------------------+-------------------------------+ | secs (2) | flags (2) | +-------------------------------+-------------------------------+ | ciaddr (4) | +---------------------------------------------------------------+ | yiaddr (4) | +---------------------------------------------------------------+ | siaddr (4) | +---------------------------------------------------------------+ | giaddr (4) | +---------------------------------------------------------------+ | | | chaddr (16) | | | | | +---------------------------------------------------------------+ | | | sname (64) | +---------------------------------------------------------------+ | | | file (128) | +---------------------------------------------------------------+ |cookie(4bytes) | | options (variable) | +---------------------------------------------------------------+

func (DHCP4) Options added in v0.4.0 

func (p DHCP4) Options() []byte

func (DHCP4) ParseOptions added in v0.4.0 

func (p DHCP4) ParseOptions() DHCP4Options

Parses the packet's options into an Options map Caution: we return slices to the underlying byte array

func (DHCP4) SIAddr added in v0.4.0 

func (p DHCP4) SIAddr() netip.Addr

func (DHCP4) SName added in v0.4.0 

func (p DHCP4) SName() []byte

func (DHCP4) Secs added in v0.4.0 

func (p DHCP4) Secs() uint16

func (DHCP4) SetBroadcast added in v0.4.0 

func (p DHCP4) SetBroadcast(broadcast bool)

func (DHCP4) SetCHAddr added in v0.4.0 

func (p DHCP4) SetCHAddr(a net.HardwareAddr)

func (DHCP4) SetCIAddr added in v0.4.0 

func (p DHCP4) SetCIAddr(ip netip.Addr)

func (DHCP4) SetCookie added in v0.4.0 

func (p DHCP4) SetCookie(cookie []byte)

func (DHCP4) SetFile added in v0.4.0 

func (p DHCP4) SetFile(file []byte)

BOOTP legacy

func (DHCP4) SetFlags added in v0.4.0 

func (p DHCP4) SetFlags(flags uint16)

func (DHCP4) SetGIAddr added in v0.4.0 

func (p DHCP4) SetGIAddr(ip netip.Addr)

func (DHCP4) SetHLen added in v0.4.0 

func (p DHCP4) SetHLen(hLen byte)

func (DHCP4) SetHType added in v0.4.0 

func (p DHCP4) SetHType(hType byte)

func (DHCP4) SetHops added in v0.4.0 

func (p DHCP4) SetHops(hops byte)

func (DHCP4) SetOpCode added in v0.4.0 

func (p DHCP4) SetOpCode(c DHCP4OpCode)

func (DHCP4) SetSIAddr added in v0.4.0 

func (p DHCP4) SetSIAddr(ip netip.Addr)

func (DHCP4) SetSName added in v0.4.0 

func (p DHCP4) SetSName(sName []byte)

BOOTP legacy

func (DHCP4) SetSecs added in v0.4.0 

func (p DHCP4) SetSecs(secs uint16)

func (DHCP4) SetXId added in v0.4.0 

func (p DHCP4) SetXId(xId []byte)

func (DHCP4) SetYIAddr added in v0.4.0 

func (p DHCP4) SetYIAddr(ip netip.Addr)

func (DHCP4) String added in v0.4.0 

func (p DHCP4) String() string

func (DHCP4) XId added in v0.4.0 

func (p DHCP4) XId() []byte

func (DHCP4) YIAddr added in v0.4.0 

func (p DHCP4) YIAddr() netip.Addr

type DHCP4MessageType added in v0.4.0 

type DHCP4MessageType byte
const (
	DHCP4Discover DHCP4MessageType = 1
	DHCP4Offer    DHCP4MessageType = 2
	DHCP4Request  DHCP4MessageType = 3
	DHCP4Decline  DHCP4MessageType = 4
	DHCP4ACK      DHCP4MessageType = 5
	DHCP4NAK      DHCP4MessageType = 6
	DHCP4Release  DHCP4MessageType = 7
	DHCP4Inform   DHCP4MessageType = 8
)

DHCP Message Type 53

type DHCP4OpCode added in v0.4.0 

type DHCP4OpCode byte
const (
	DHCP4BootRequest DHCP4OpCode = 1 // From Client
	DHCP4BootReply   DHCP4OpCode = 2 // From Server
)

OpCodes

type DHCP4OptionCode added in v0.4.0 

type DHCP4OptionCode byte
const (
	DHCP4End                                      DHCP4OptionCode = 255
	DHCP4Pad                                      DHCP4OptionCode = 0
	DHCP4OptionSubnetMask                         DHCP4OptionCode = 1
	DHCP4OptionTimeOffset                         DHCP4OptionCode = 2
	DHCP4OptionRouter                             DHCP4OptionCode = 3
	DHCP4OptionTimeServer                         DHCP4OptionCode = 4
	DHCP4OptionNameServer                         DHCP4OptionCode = 5
	DHCP4OptionDomainNameServer                   DHCP4OptionCode = 6
	DHCP4OptionLogServer                          DHCP4OptionCode = 7
	DHCP4OptionCookieServer                       DHCP4OptionCode = 8
	DHCP4OptionLPRServer                          DHCP4OptionCode = 9
	DHCP4OptionImpressServer                      DHCP4OptionCode = 10
	DHCP4OptionResourceLocationServer             DHCP4OptionCode = 11
	DHCP4OptionHostName                           DHCP4OptionCode = 12
	DHCP4OptionBootFileSize                       DHCP4OptionCode = 13
	DHCP4OptionMeritDumpFile                      DHCP4OptionCode = 14
	DHCP4OptionDomainName                         DHCP4OptionCode = 15
	DHCP4OptionSwapServer                         DHCP4OptionCode = 16
	DHCP4OptionRootPath                           DHCP4OptionCode = 17
	DHCP4OptionExtensionsPath                     DHCP4OptionCode = 18
	DHCP4OptionIPForwardingEnableDisable          DHCP4OptionCode = 19 // IP Layer Parameters per Host
	DHCP4OptionNonLocalSourceRoutingEnableDisable DHCP4OptionCode = 20
	DHCP4OptionPolicyFilter                       DHCP4OptionCode = 21
	DHCP4OptionMaximumDatagramReassemblySize      DHCP4OptionCode = 22
	DHCP4OptionDefaultIPTimeToLive                DHCP4OptionCode = 23
	DHCP4OptionPathMTUAgingTimeout                DHCP4OptionCode = 24
	DHCP4OptionPathMTUPlateauTable                DHCP4OptionCode = 25
	DHCP4OptionInterfaceMTU                       DHCP4OptionCode = 26 // IP Layer Parameters per Interface
	DHCP4OptionAllSubnetsAreLocal                 DHCP4OptionCode = 27
	DHCP4OptionBroadcastAddress                   DHCP4OptionCode = 28
	DHCP4OptionPerformMaskDiscovery               DHCP4OptionCode = 29
	DHCP4OptionMaskSupplier                       DHCP4OptionCode = 30
	DHCP4OptionPerformRouterDiscovery             DHCP4OptionCode = 31
	DHCP4OptionRouterSolicitationAddress          DHCP4OptionCode = 32
	DHCP4OptionStaticRoute                        DHCP4OptionCode = 33
	DHCP4OptionTrailerEncapsulation               DHCP4OptionCode = 34
	DHCP4OptionARPCacheTimeout                    DHCP4OptionCode = 35
	DHCP4OptionEthernetEncapsulation              DHCP4OptionCode = 36
	DHCP4OptionRequestedIPAddress                 DHCP4OptionCode = 50 // DHCP Extensions
	DHCP4OptionIPAddressLeaseTime                 DHCP4OptionCode = 51
	DHCP4OptionOverload                           DHCP4OptionCode = 52
	DHCP4OptionDHCPMessageType                    DHCP4OptionCode = 53
	DHCP4OptionServerIdentifier                   DHCP4OptionCode = 54
	DHCP4OptionParameterRequestList               DHCP4OptionCode = 55
	DHCP4OptionMessage                            DHCP4OptionCode = 56
	DHCP4OptionMaximumDHCPMessageSize             DHCP4OptionCode = 57
	DHCP4OptionRenewalTimeValue                   DHCP4OptionCode = 58
	DHCP4OptionRebindingTimeValue                 DHCP4OptionCode = 59
	DHCP4OptionVendorClassIdentifier              DHCP4OptionCode = 60
	DHCP4OptionClientIdentifier                   DHCP4OptionCode = 61
	DHCP4OptionClasslessRouteFormat               DHCP4OptionCode = 121
)

DHCP Options see complete list here: https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

type DHCP4Options added in v0.4.0 

type DHCP4Options map[DHCP4OptionCode][]byte

Map of DHCP options

func (DHCP4Options) HostName added in v0.4.0 

func (o DHCP4Options) HostName() string

func (DHCP4Options) RequestedIPAddress added in v0.4.0 

func (o DHCP4Options) RequestedIPAddress() net.IP

func (DHCP4Options) ServerID added in v0.4.0 

func (o DHCP4Options) ServerID() netip.Addr

type DNS 

type DNS []byte

DNS represents a DNS packet as specified in RFC 1034 / RFC 1035 see : https://github.com/google/gopacket/blob/master/layers/dns.go 

DNS packet format
0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                      ID                       |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    QDCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ANCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    NSCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
|                    ARCOUNT                    |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func EncodeDNSQuery added in v0.4.0 

func EncodeDNSQuery(tranID uint16, flags uint16, encodedName []byte, questionType uint16) DNS

func (DNS) AA 

func (p DNS) AA() bool

func (DNS) ANCount 

func (p DNS) ANCount() uint16

func (DNS) ARCount 

func (p DNS) ARCount() uint16

func (DNS) FastLog added in v0.4.0 

func (p DNS) FastLog(l *fastlog.Line) *fastlog.Line

func (DNS) IsValid 

func (p DNS) IsValid() error

func (DNS) NSCount 

func (p DNS) NSCount() uint16

func (DNS) OpCode 

func (p DNS) OpCode() int

func (DNS) QDCount 

func (p DNS) QDCount() uint16

func (DNS) QR 

func (p DNS) QR() bool

func (DNS) RA 

func (p DNS) RA() bool

func (DNS) RD 

func (p DNS) RD() bool

func (DNS) ResponseCode 

func (p DNS) ResponseCode() int

func (DNS) String 

func (p DNS) String() string

func (DNS) TC 

func (p DNS) TC() bool

func (DNS) TransactionID 

func (p DNS) TransactionID() uint16

func (DNS) Z 

func (p DNS) Z() uint8

type DNSEntry 

type DNSEntry struct {
	Name         string
	IP4Records   map[netip.Addr]IPResourceRecord
	IP6Records   map[netip.Addr]IPResourceRecord
	CNameRecords map[string]NameResourceRecord
	PTRRecords   map[string]IPResourceRecord
}

func NewDNSEntry added in v0.4.0 

func NewDNSEntry() (entry DNSEntry)

func (DNSEntry) CNameList 

func (d DNSEntry) CNameList() []string

func (DNSEntry) Copy added in v0.4.0 

func (d DNSEntry) Copy() DNSEntry

copy returns a deep copy of DNSEntry

func (*DNSEntry) DecodeAnswers added in v0.4.0 

func (e *DNSEntry) DecodeAnswers(p DNS, offset int, buffer []byte) (int, bool, error)

decode decodes the resource record, returning the total length of the record.

not goroutine safe: 

must acquire lock before calling as function will update maps

func (DNSEntry) FastLog added in v0.4.0 

func (d DNSEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (DNSEntry) IP4List 

func (d DNSEntry) IP4List() []netip.Addr

func (DNSEntry) IP6List 

func (d DNSEntry) IP6List() []netip.Addr

type DNSNameEntry added in v0.4.0 

type DNSNameEntry struct {
	Addr         Addr
	Name         string
	Model        string
	Manufacturer string
	OS           string
}

NameEntry holds a name entry

func (DNSNameEntry) FastLog added in v0.4.0 

func (n DNSNameEntry) FastLog(l *fastlog.Line) *fastlog.Line

type DNSSearchList added in v0.3.0 

type DNSSearchList struct {
	Lifetime    time.Duration
	DomainNames []string
}

A DNSSearchList is a DNS search list option, as described in RFC 8106, Section 5.2.

func (*DNSSearchList) Code added in v0.3.0 

func (*DNSSearchList) Code() byte

Code implements Option.

type Direction added in v0.3.0 

type Direction int

A Direction specifies the direction of a LinkLayerAddress Option as a source or target. 

const (
	Source Direction = optSourceLLA
	Target Direction = optTargetLLA
)

Possible Direction values.

type Ether 

type Ether []byte

Ether provide access to ethernet II fields without copying the structure see: https://medium.com/@mdlayher/network-protocol-breakdown-ethernet-and-go-de985d726cc1

The header features destination and source MAC addresses (each six octets in length), the EtherType field and, optionally, an IEEE 802.1Q tag or IEEE 802.1ad tag.

The EtherType field is two octets long and it can be used for two different purposes. Values of 1500 and below mean that it is used to indicate the size of the payload in octets, while values of 1536 and above indicate that it is used as an EtherType, to indicate which protocol is encapsulated in the payload of the frame.

func EncodeEther added in v0.3.0 

func EncodeEther(b []byte, hType uint16, srcMAC net.HardwareAddr, dstMAC net.HardwareAddr) Ether

EncodeEther creates a ethernet frame at b using the parameters. It panic if b is nil or not sufficient to store a full len ethernet packet. In most cases this is a coding error.

func (Ether) AppendPayload 

func (p Ether) AppendPayload(payload []byte) (Ether, error)

AppendPayload copy payload after the ethernet header and returns the extended ether slice.

func (Ether) Dst 

func (p Ether) Dst() net.HardwareAddr

func (Ether) DstIP added in v0.2.0 

func (p Ether) DstIP() netip.Addr

DspIP i a convenience function to return the destination IP address. It returns nil if no IP packet is present.

func (Ether) EtherType 

func (p Ether) EtherType() uint16

func (Ether) FastLog added in v0.2.0 

func (p Ether) FastLog(line *fastlog.Line) *fastlog.Line

Fastlog implements fastlog struct interface

func (Ether) HeaderLen added in v0.3.0 

func (p Ether) HeaderLen() int

HeaderLen returns the header length.

func (Ether) IsValid 

func (p Ether) IsValid() error

func (Ether) Payload 

func (p Ether) Payload() []byte

Payload returns a slice to the payload after the header.

func (Ether) SetPayload 

func (p Ether) SetPayload(payload []byte) (Ether, error)

SetPayload extends the ether packet to include payload.

func (Ether) Src 

func (p Ether) Src() net.HardwareAddr

func (Ether) SrcIP added in v0.2.0 

func (p Ether) SrcIP() netip.Addr

SrcIP i a convenience function to return the source IP address. It returns nil if no IP packet is present.

func (Ether) String 

func (p Ether) String() string

type EthernetPause added in v0.2.2 

type EthernetPause []byte

EthernetPause provide access to Ethernet pause frame fields

func (EthernetPause) Duration added in v0.2.2 

func (p EthernetPause) Duration() uint16

func (EthernetPause) FastLog added in v0.2.2 

func (p EthernetPause) FastLog(line *fastlog.Line) *fastlog.Line

func (EthernetPause) IsValid added in v0.2.2 

func (p EthernetPause) IsValid() error

func (EthernetPause) Opcode added in v0.2.2 

func (p EthernetPause) Opcode() uint16

func (EthernetPause) Reserved added in v0.2.2 

func (p EthernetPause) Reserved() []byte

func (EthernetPause) String added in v0.2.2 

func (p EthernetPause) String() string

type Frame added in v0.3.0 

type Frame struct {
	PayloadID PayloadID // protocol ID for value in payload
	SrcAddr   Addr      // reference to source IP, MAC and Port number (if available)
	DstAddr   Addr      // reference to destination IP, MAC and Port number (if available)
	Session   *Session  // session where frame was capture
	Host      *Host     // pointer to Host entry for this IP address
	// contains filtered or unexported fields
}

Frame describes a network packet and the various protocol layers within it. It maintains a reference to common protocols like IP4, IP6, UDP, TCP.

func (Frame) Ether added in v0.3.0 

func (f Frame) Ether() Ether

func (Frame) HasIP added in v0.3.0 

func (f Frame) HasIP() bool

HasIP returns true if the packet contains either an IPv4 or IPv6 frame.

func (Frame) IP4 added in v0.3.0 

func (f Frame) IP4() IP4

IP4 returns a reference to the IP4 packet or nil if this is not an IPv4 packet.

func (Frame) IP6 added in v0.3.0 

func (f Frame) IP6() IP6

IP6 returns a reference to the IP6 packet or nil if this is not an IPv6 packet.

func (Frame) Log added in v0.3.0 

func (frame Frame) Log(line *fastlog.Line) *fastlog.Line

func (Frame) Payload added in v0.3.0 

func (f Frame) Payload() []byte

Payload retuns a reference to the last payload in the envelope. This is typically the application layer protocol in a UDP or TCP packet. Payload will always contain the last payload processed without errors. In case of protocol validation errors the Payload will return the last valid payload.

func (Frame) TCP added in v0.3.0 

func (f Frame) TCP() TCP

TCP returns a reference to the TCP packet or nil if this is not a TCP packet.

func (Frame) UDP added in v0.3.0 

func (f Frame) UDP() UDP

UDP returns a reference to the UDP packet or nil if this is not a UDP packet.

type HopByHopExtensionHeader 

type HopByHopExtensionHeader []byte

HopByHopExtensionHeader describes and IPv6 hop by hop extension see https://tools.ietf.org/html/rfc8200

func (HopByHopExtensionHeader) Data 

func (p HopByHopExtensionHeader) Data() []byte

func (HopByHopExtensionHeader) IsValid 

func (p HopByHopExtensionHeader) IsValid() bool

func (HopByHopExtensionHeader) Len 

func (p HopByHopExtensionHeader) Len() int

func (HopByHopExtensionHeader) NextHeader 

func (p HopByHopExtensionHeader) NextHeader() uint8

func (HopByHopExtensionHeader) ParseHopByHopExtensions added in v0.3.0 

func (p HopByHopExtensionHeader) ParseHopByHopExtensions() (ext map[int][]byte, err error)

ParseHopByHopExtensions returns a map of icmp6 hop by hop extensions TODO: finish parse ipv6 options

type Host 

type Host struct {
	Addr         Addr      // MAC and IP
	MACEntry     *MACEntry // pointer to mac entry
	Online       bool      // host online / offline state
	HuntStage    HuntStage // host huntStage
	LastSeen     time.Time // last packet time
	Manufacturer string    // Mac address manufacturer
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	// contains filtered or unexported fields
}

Host holds a pointer to the host record. The pointer is always valid and will be garbage collected when no longer in use.

CAUTION: Host has a RWMutex used to sync access to the record. This must be read locked to access fields or write locked for updating When locking the engine, you must lock the engine first then row lock to avoid deadlocks

func (*Host) Dirty added in v0.3.0 

func (host *Host) Dirty() bool

Dirty returns true if the host was updated by Parse and a notification is due.

func (Host) FastLog added in v0.2.0 

func (e Host) FastLog(l *fastlog.Line) *fastlog.Line

func (*Host) String 

func (e *Host) String() string

func (*Host) UpdateDHCP4Name added in v0.3.0 

func (host *Host) UpdateDHCP4Name(name NameEntry)

func (*Host) UpdateLLMNRName added in v0.3.0 

func (host *Host) UpdateLLMNRName(name NameEntry)

func (*Host) UpdateMDNSName added in v0.3.0 

func (host *Host) UpdateMDNSName(name NameEntry)

func (*Host) UpdateNBNSName added in v0.3.0 

func (host *Host) UpdateNBNSName(name NameEntry)

func (*Host) UpdateSSDPName added in v0.3.0 

func (host *Host) UpdateSSDPName(name NameEntry)

type HostTable 

type HostTable struct {
	Table map[netip.Addr]*Host
}

HostTable manages host entries

type HuntStage 

type HuntStage byte

HuntStage holds the host hunt stage 

const (
	StageNoChange   HuntStage = 0 // no change to stage - used as no op
	StageNormal     HuntStage = 1 // not captured
	StageHunt       HuntStage = 2 // host is not redirected
	StageRedirected HuntStage = 3 // host is redirected via dhcp
)

hunt stages

func (HuntStage) String 

func (s HuntStage) String() string

type ICMP added in v0.3.0 

type ICMP []byte

ICMP enable access to ICMP frame without copying

func (ICMP) Checksum added in v0.3.0 

func (p ICMP) Checksum() uint16

func (ICMP) Code added in v0.3.0 

func (p ICMP) Code() uint8

func (ICMP) FastLog added in v0.3.0 

func (p ICMP) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (ICMP) IsValid added in v0.3.0 

func (p ICMP) IsValid() error

IsValid validates the packet TODO: verify checksum?

func (ICMP) Payload added in v0.3.0 

func (p ICMP) Payload() []byte

func (ICMP) RestOfHeader added in v0.3.0 

func (p ICMP) RestOfHeader() []byte

func (ICMP) SetChecksum added in v0.3.0 

func (p ICMP) SetChecksum(cs uint16)

TODO: fix the order

func (ICMP) String added in v0.3.0 

func (p ICMP) String() string

func (ICMP) Type added in v0.3.0 

func (p ICMP) Type() uint8

type ICMP4Redirect added in v0.3.0 

type ICMP4Redirect []byte

func (ICMP4Redirect) AddrSize added in v0.3.0 

func (p ICMP4Redirect) AddrSize() uint8

func (ICMP4Redirect) Addrs added in v0.3.0 

func (p ICMP4Redirect) Addrs() []net.IP

func (ICMP4Redirect) Checksum added in v0.3.0 

func (p ICMP4Redirect) Checksum() uint16

func (ICMP4Redirect) Code added in v0.3.0 

func (p ICMP4Redirect) Code() byte

func (ICMP4Redirect) FastLog added in v0.3.0 

func (p ICMP4Redirect) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMP4Redirect) IsValid added in v0.3.0 

func (p ICMP4Redirect) IsValid() error

func (ICMP4Redirect) Lifetime added in v0.3.0 

func (p ICMP4Redirect) Lifetime() uint16

func (ICMP4Redirect) NumAddrs added in v0.3.0 

func (p ICMP4Redirect) NumAddrs() uint8

func (ICMP4Redirect) String added in v0.3.0 

func (p ICMP4Redirect) String() string

func (ICMP4Redirect) Type added in v0.3.0 

func (p ICMP4Redirect) Type() uint8

type ICMP6NeighborAdvertisement added in v0.3.0 

type ICMP6NeighborAdvertisement []byte

func (ICMP6NeighborAdvertisement) Checksum added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Checksum() int

func (ICMP6NeighborAdvertisement) Code added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Code() byte

func (ICMP6NeighborAdvertisement) FastLog added in v0.3.0 

func (p ICMP6NeighborAdvertisement) FastLog(line *fastlog.Line) *fastlog.Line

Print implements fastlog interface

func (ICMP6NeighborAdvertisement) IsValid added in v0.3.0 

func (p ICMP6NeighborAdvertisement) IsValid() error

func (ICMP6NeighborAdvertisement) Override added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Override() bool

func (ICMP6NeighborAdvertisement) Router added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Router() bool

func (ICMP6NeighborAdvertisement) Solicited added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Solicited() bool

func (ICMP6NeighborAdvertisement) String added in v0.3.0 

func (p ICMP6NeighborAdvertisement) String() string

func (ICMP6NeighborAdvertisement) TargetAddress added in v0.3.0 

func (p ICMP6NeighborAdvertisement) TargetAddress() netip.Addr

func (ICMP6NeighborAdvertisement) TargetLLA added in v0.3.0 

func (p ICMP6NeighborAdvertisement) TargetLLA() net.HardwareAddr

func (ICMP6NeighborAdvertisement) Type added in v0.3.0 

func (p ICMP6NeighborAdvertisement) Type() uint8

type ICMP6NeighborSolicitation added in v0.3.0 

type ICMP6NeighborSolicitation []byte

func (ICMP6NeighborSolicitation) Checksum added in v0.3.0 

func (p ICMP6NeighborSolicitation) Checksum() int

func (ICMP6NeighborSolicitation) Code added in v0.3.0 

func (p ICMP6NeighborSolicitation) Code() byte

func (ICMP6NeighborSolicitation) FastLog added in v0.3.0 

func (p ICMP6NeighborSolicitation) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (ICMP6NeighborSolicitation) IsValid added in v0.3.0 

func (p ICMP6NeighborSolicitation) IsValid() error

func (ICMP6NeighborSolicitation) SourceLLA added in v0.3.0 

func (p ICMP6NeighborSolicitation) SourceLLA() net.HardwareAddr

func (ICMP6NeighborSolicitation) String added in v0.3.0 

func (p ICMP6NeighborSolicitation) String() string

func (ICMP6NeighborSolicitation) TargetAddress added in v0.3.0 

func (p ICMP6NeighborSolicitation) TargetAddress() netip.Addr

func (ICMP6NeighborSolicitation) Type added in v0.3.0 

func (p ICMP6NeighborSolicitation) Type() uint8

type ICMP6Redirect added in v0.3.0 

type ICMP6Redirect []byte

func (ICMP6Redirect) Checksum added in v0.3.0 

func (p ICMP6Redirect) Checksum() int

func (ICMP6Redirect) Code added in v0.3.0 

func (p ICMP6Redirect) Code() byte

func (ICMP6Redirect) DstAddress added in v0.3.0 

func (p ICMP6Redirect) DstAddress() net.IP

func (ICMP6Redirect) IsValid added in v0.3.0 

func (p ICMP6Redirect) IsValid() error

func (ICMP6Redirect) String added in v0.3.0 

func (p ICMP6Redirect) String() string

func (ICMP6Redirect) TargetAddress added in v0.3.0 

func (p ICMP6Redirect) TargetAddress() net.IP

func (ICMP6Redirect) TargetLinkLayerAddr added in v0.3.0 

func (p ICMP6Redirect) TargetLinkLayerAddr() net.HardwareAddr

func (ICMP6Redirect) Type added in v0.3.0 

func (p ICMP6Redirect) Type() uint8

type ICMP6RouterAdvertisement added in v0.3.0 

type ICMP6RouterAdvertisement []byte

func (ICMP6RouterAdvertisement) Checksum added in v0.3.0 

func (p ICMP6RouterAdvertisement) Checksum() int

func (ICMP6RouterAdvertisement) Code added in v0.3.0 

func (p ICMP6RouterAdvertisement) Code() byte

func (ICMP6RouterAdvertisement) CurrentHopLimit added in v0.3.0 

func (p ICMP6RouterAdvertisement) CurrentHopLimit() byte

func (ICMP6RouterAdvertisement) FastLog added in v0.3.0 

func (p ICMP6RouterAdvertisement) FastLog(l *fastlog.Line) *fastlog.Line

func (ICMP6RouterAdvertisement) Flags added in v0.3.0 

func (p ICMP6RouterAdvertisement) Flags() byte

func (ICMP6RouterAdvertisement) HomeAgent added in v0.3.0 

func (p ICMP6RouterAdvertisement) HomeAgent() bool

func (ICMP6RouterAdvertisement) IsValid added in v0.3.0 

func (p ICMP6RouterAdvertisement) IsValid() error

func (ICMP6RouterAdvertisement) Lifetime added in v0.3.0 

func (p ICMP6RouterAdvertisement) Lifetime() (seconds uint16)

func (ICMP6RouterAdvertisement) ManagedConfiguration added in v0.3.0 

func (p ICMP6RouterAdvertisement) ManagedConfiguration() bool

func (ICMP6RouterAdvertisement) Options added in v0.3.0 

func (p ICMP6RouterAdvertisement) Options() (NewOptions, error)

func (ICMP6RouterAdvertisement) OtherConfiguration added in v0.3.0 

func (p ICMP6RouterAdvertisement) OtherConfiguration() bool

func (ICMP6RouterAdvertisement) Preference added in v0.3.0 

func (p ICMP6RouterAdvertisement) Preference() byte

func (ICMP6RouterAdvertisement) ProxyFlag added in v0.3.0 

func (p ICMP6RouterAdvertisement) ProxyFlag() bool

func (ICMP6RouterAdvertisement) ReachableTime added in v0.3.0 

func (p ICMP6RouterAdvertisement) ReachableTime() (milliseconds uint32)

func (ICMP6RouterAdvertisement) RetransmitTimer added in v0.3.0 

func (p ICMP6RouterAdvertisement) RetransmitTimer() (milliseconds uint32)

func (ICMP6RouterAdvertisement) String added in v0.3.0 

func (p ICMP6RouterAdvertisement) String() string

func (ICMP6RouterAdvertisement) Type added in v0.3.0 

func (p ICMP6RouterAdvertisement) Type() uint8

type ICMP6RouterSolicitation added in v0.3.0 

type ICMP6RouterSolicitation []byte

func (ICMP6RouterSolicitation) Checksum added in v0.3.0 

func (p ICMP6RouterSolicitation) Checksum() int

func (ICMP6RouterSolicitation) Code added in v0.3.0 

func (p ICMP6RouterSolicitation) Code() byte

func (ICMP6RouterSolicitation) FastLog added in v0.3.0 

func (p ICMP6RouterSolicitation) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMP6RouterSolicitation) IsValid added in v0.3.0 

func (p ICMP6RouterSolicitation) IsValid() error

func (ICMP6RouterSolicitation) Options added in v0.3.0 

func (p ICMP6RouterSolicitation) Options() (NewOptions, error)

func (ICMP6RouterSolicitation) SourceLLA added in v0.3.0 

func (p ICMP6RouterSolicitation) SourceLLA() net.HardwareAddr

func (ICMP6RouterSolicitation) String added in v0.3.0 

func (p ICMP6RouterSolicitation) String() string

func (ICMP6RouterSolicitation) Type added in v0.3.0 

func (p ICMP6RouterSolicitation) Type() uint8

type ICMPEcho 

type ICMPEcho []byte

func EncodeICMPEcho added in v0.3.0 

func EncodeICMPEcho(b []byte, t uint8, code uint8, id uint16, seq uint16, data []byte) ICMPEcho

func (ICMPEcho) Checksum 

func (p ICMPEcho) Checksum() uint16

func (ICMPEcho) Code 

func (p ICMPEcho) Code() uint8

func (ICMPEcho) EchoData 

func (p ICMPEcho) EchoData() []byte

func (ICMPEcho) EchoID 

func (p ICMPEcho) EchoID() uint16

func (ICMPEcho) EchoSeq 

func (p ICMPEcho) EchoSeq() uint16

func (ICMPEcho) FastLog added in v0.3.0 

func (p ICMPEcho) FastLog(line *fastlog.Line) *fastlog.Line

func (ICMPEcho) IsValid 

func (p ICMPEcho) IsValid() error

func (ICMPEcho) String 

func (p ICMPEcho) String() string

func (ICMPEcho) Type 

func (p ICMPEcho) Type() uint8

type IEEE1905 added in v0.2.2 

type IEEE1905 []byte

IEEE1905 provide access to IEEE 1905 home networking frame fields

func (IEEE1905) FastLog added in v0.2.2 

func (p IEEE1905) FastLog(line *fastlog.Line) *fastlog.Line

func (IEEE1905) Flags added in v0.2.2 

func (p IEEE1905) Flags() uint8

func (IEEE1905) FragmentID added in v0.2.2 

func (p IEEE1905) FragmentID() uint8

func (IEEE1905) ID added in v0.2.2 

func (p IEEE1905) ID() uint16

func (IEEE1905) IsValid added in v0.2.2 

func (p IEEE1905) IsValid() error

func (IEEE1905) Reserved added in v0.2.2 

func (p IEEE1905) Reserved() uint8

func (IEEE1905) String added in v0.2.2 

func (p IEEE1905) String() string

func (IEEE1905) TLV added in v0.2.2 

func (p IEEE1905) TLV() []byte

func (IEEE1905) Type added in v0.2.2 

func (p IEEE1905) Type() uint16

func (IEEE1905) Version added in v0.2.2 

func (p IEEE1905) Version() uint8

type IP4 

type IP4 []byte

IP4 provide decoding and encoding of IPv4 packets. see: ipv4.ParseHeader in https://raw.githubusercontent.com/golang/net/master/ipv4/header.go

func EncodeIP4 added in v0.3.0 

func EncodeIP4(p []byte, ttl byte, src netip.Addr, dst netip.Addr) IP4

func (IP4) AppendPayload 

func (p IP4) AppendPayload(b []byte, protocol byte) (IP4, error)

func (IP4) CalculateChecksum 

func (p IP4) CalculateChecksum() uint16

func (IP4) Checksum 

func (p IP4) Checksum() int

func (IP4) Dst 

func (p IP4) Dst() netip.Addr

func (IP4) FastLog added in v0.2.0 

func (p IP4) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (IP4) FlagDontFragment added in v0.3.0 

func (p IP4) FlagDontFragment() bool

func (IP4) FlagMoreFragments added in v0.3.0 

func (p IP4) FlagMoreFragments() bool

func (IP4) Flags added in v0.3.0 

func (p IP4) Flags() uint8

func (IP4) Fragment added in v0.3.0 

func (p IP4) Fragment() uint16

func (IP4) ID 

func (p IP4) ID() int

func (IP4) IHL 

func (p IP4) IHL() int

func (IP4) IsValid 

func (p IP4) IsValid() error

func (IP4) Payload 

func (p IP4) Payload() []byte

func (IP4) Protocol 

func (p IP4) Protocol() uint8

func (IP4) SetPayload 

func (p IP4) SetPayload(b []byte, protocol byte) IP4

func (IP4) Src 

func (p IP4) Src() netip.Addr

func (IP4) String 

func (p IP4) String() string

func (IP4) TOS 

func (p IP4) TOS() int

func (IP4) TTL 

func (p IP4) TTL() int

func (IP4) TotalLen 

func (p IP4) TotalLen() int

func (IP4) Version 

func (p IP4) Version() int

type IP6 

type IP6 []byte

IP6 provide decode and encoding of IPv6 packets. IP6 structure: see https://github.com/golang/net/blob/master/ipv6/header.go

func EncodeIP6 added in v0.3.0 

func EncodeIP6(p []byte, hopLimit uint8, srcIP netip.Addr, dstIP netip.Addr) IP6

func (IP6) AppendPayload 

func (p IP6) AppendPayload(b []byte, nextHeader uint8) (IP6, error)

func (IP6) Dst 

func (p IP6) Dst() netip.Addr

func (IP6) FastLog added in v0.2.0 

func (p IP6) FastLog(line *fastlog.Line) *fastlog.Line

Print implements fastlog struct interface

func (IP6) FlowLabel 

func (p IP6) FlowLabel() int

func (IP6) HeaderLen added in v0.3.0 

func (p IP6) HeaderLen() int

func (IP6) HopLimit 

func (p IP6) HopLimit() uint8

func (IP6) IsValid 

func (p IP6) IsValid() error

func (IP6) NextHeader 

func (p IP6) NextHeader() uint8

func (IP6) Payload 

func (p IP6) Payload() []byte

func (IP6) PayloadLen 

func (p IP6) PayloadLen() uint16

func (IP6) SetPayload 

func (p IP6) SetPayload(b []byte, nextHeader uint8) IP6

func (IP6) Src 

func (p IP6) Src() netip.Addr

func (IP6) String 

func (p IP6) String() string

func (IP6) TrafficClass 

func (p IP6) TrafficClass() int

func (IP6) Version 

func (p IP6) Version() int

type IPNameEntry added in v0.2.0 

type IPNameEntry struct {
	Addr      Addr
	NameEntry NameEntry
}

IPNameEntry adds an Address to NameEntry

func (IPNameEntry) FastLog added in v0.2.0 

func (n IPNameEntry) FastLog(l *fastlog.Line) *fastlog.Line

type IPResourceRecord 

type IPResourceRecord struct {
	Name string
	IP   netip.Addr
	TTL  uint32
}

type LLC added in v0.1.1 

type LLC []byte

Local Link Control

func (LLC) Control added in v0.1.1 

func (p LLC) Control() uint8

func (LLC) DSAP added in v0.1.1 

func (p LLC) DSAP() uint8

func (LLC) FastLog added in v0.2.0 

func (p LLC) FastLog(line *fastlog.Line) *fastlog.Line

func (LLC) IsValid added in v0.1.1 

func (p LLC) IsValid() error

func (LLC) Payload added in v0.1.1 

func (p LLC) Payload() []byte

func (LLC) SSAP added in v0.1.1 

func (p LLC) SSAP() uint8

func (LLC) String added in v0.1.1 

func (p LLC) String() string

func (LLC) Type added in v0.1.1 

func (p LLC) Type() string

type LLDP added in v0.2.2 

type LLDP []byte

LLDP provides access to Local Link Discovery Protocol

func (LLDP) Capability added in v0.2.2 

func (p LLDP) Capability(v []byte) string

func (LLDP) ChassisID added in v0.2.2 

func (p LLDP) ChassisID() []byte

func (LLDP) FastLog added in v0.2.2 

func (p LLDP) FastLog(line *fastlog.Line) *fastlog.Line

func (LLDP) GetPDU added in v0.2.2 

func (p LLDP) GetPDU(pduType int) []byte

func (LLDP) IsValid added in v0.2.2 

func (p LLDP) IsValid() error

func (LLDP) PortID added in v0.2.2 

func (p LLDP) PortID() []byte

func (LLDP) String added in v0.2.2 

func (p LLDP) String() string

func (LLDP) Type added in v0.2.2 

func (p LLDP) Type(t int) string

type LinkLayerAddress added in v0.3.0 

type LinkLayerAddress struct {
	Direction Direction
	MAC       net.HardwareAddr
}

A LinkLayerAddress is a Source or Target Link-Layer Address option, as described in RFC 4861, Section 4.6.1.

func (*LinkLayerAddress) Code added in v0.3.0 

func (lla *LinkLayerAddress) Code() byte

Code implements Option.

type MACEntry 

type MACEntry struct {
	MAC          net.HardwareAddr // unique mac address
	Captured     bool             // true if mac is in capture mode
	IP4          netip.Addr       // keep current IP4 to detect ip changes
	IP4Offer     netip.Addr       // keep dhcp4 IP offer
	IP6GUA       netip.Addr       // keep current ip6 global unique address
	IP6LLA       netip.Addr       // keep current ip6 local link address
	IP6Offer     netip.Addr       // keep ip6 GUA offer
	Online       bool             // true is mac is online
	IsRouter     bool             // Set to true if this is a router
	HostList     []*Host          // IPs associated with this mac
	Row          sync.RWMutex     // Row level mutex - must lock/unlock if reading/updating MACEntry and Host entry
	Manufacturer string           // Ethernet card manufacturer name
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	LastSeen     time.Time
}

MACEntry stores mac details Each host has one MACEntry

func (*MACEntry) FastLog added in v0.2.0 

func (e *MACEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (*MACEntry) String 

func (e *MACEntry) String() string

type MACTable 

type MACTable struct {
	Table []*MACEntry
}

MACTable manages a goroutine safe set for adding and removing mac addresses

type MTU added in v0.3.0 

type MTU uint32

An MTU is an MTU option, as described in RFC 4861, Section 4.6.1.

func NewMTU added in v0.3.0 

func NewMTU(mtu uint32) *MTU

NewMTU creates an MTU Option from an MTU value.

func (*MTU) Code added in v0.3.0 

func (*MTU) Code() byte

Code implements Option.

type NICInfo 

type NICInfo struct {
	IFI          *net.Interface
	HomeLAN4     netip.Prefix // IPv4: home LAN netmask
	HostAddr4    Addr         // IPv4: host MAC and IPv4
	RouterAddr4  Addr         // IPv4: router MAC and IPv4
	HostLLA      netip.Prefix // IPv6: host LLA
	HostGUA      netip.Prefix // IPv6: host GUA
	RouterLLA    netip.Prefix // IPv6: router LLA
	RouterGUA    netip.Prefix // IPv6: router GUA
	RouterPrefix net.IP       // IPv6: router prefix
}

NICInfo stores the network interface info

func GetNICInfo added in v0.3.0 

func GetNICInfo(nic string) (info *NICInfo, err error)

GetNICInfo returns the interface configuration

TODO: use routing package to identify default router https://github.com/google/gopacket/tree/v1.1.19/routing

func (NICInfo) String 

func (e NICInfo) String() string

type NameEntry added in v0.2.0 

type NameEntry struct {
	Type         string
	Name         string
	Model        string
	Manufacturer string
	OS           string
	Expire       time.Time
}

NameEntry holds a name entry

func (NameEntry) FastLog added in v0.2.0 

func (n NameEntry) FastLog(l *fastlog.Line) *fastlog.Line

func (NameEntry) Merge added in v0.2.0 

func (e NameEntry) Merge(nameEntry NameEntry) (newEntry NameEntry, modified bool)

type NameResourceRecord 

type NameResourceRecord struct {
	Name  string
	CName string
	TTL   uint32
}

type NeighborAdvertisement added in v0.3.0 

type NeighborAdvertisement struct {
	Router        bool
	Solicited     bool
	Override      bool
	TargetAddress net.IP
	TargetLLA     net.HardwareAddr // optional - TargetLLA option
}

A NeighborAdvertisement is a Neighbor Advertisement message as described in RFC 4861, Section 4.4.

type NewOptions added in v0.3.0 

type NewOptions struct {
	MTU              MTU
	Prefixes         []PrefixInformation
	FirstPrefix      net.IP
	RDNSS            RecursiveDNSServer
	SourceLLA        LinkLayerAddress
	TargetLLA        LinkLayerAddress
	DNSSearchList    DNSSearchList
	RouteInformation RouteInformation
}

type Notification added in v0.3.0 

type Notification struct {
	Addr         Addr
	Online       bool
	Manufacturer string
	DHCP4Name    NameEntry
	MDNSName     NameEntry
	SSDPName     NameEntry
	LLMNRName    NameEntry
	NBNSName     NameEntry
	IsRouter     bool
}

func (Notification) FastLog added in v0.3.0 

func (n Notification) FastLog(l *fastlog.Line) *fastlog.Line

func (Notification) String added in v0.3.0 

func (n Notification) String() string

type Option added in v0.3.0 

type Option interface {
	// Code specifies the NDP option code for an Option.
	Code() uint8
	// contains filtered or unexported methods
}

An Option is a Neighbor Discovery Protocol option.

type PayloadID added in v0.3.0 

type PayloadID int
const (
	PayloadEther         PayloadID = 1
	Payload8023          PayloadID = 2
	PayloadARP           PayloadID = 3
	PayloadIP4           PayloadID = 4
	PayloadIP6           PayloadID = 5
	PayloadICMP4         PayloadID = 6
	PayloadICMP6         PayloadID = 7
	PayloadUDP           PayloadID = 8
	PayloadTCP           PayloadID = 9
	PayloadDHCP4         PayloadID = 10
	PayloadDHCP6         PayloadID = 11
	PayloadDNS           PayloadID = 12
	PayloadMDNS          PayloadID = 13
	PayloadSSL           PayloadID = 14
	PayloadNTP           PayloadID = 15
	PayloadSSDP          PayloadID = 16
	PayloadWSDP          PayloadID = 17
	PayloadNBNS          PayloadID = 18
	PayloadPlex          PayloadID = 19
	PayloadUbiquiti      PayloadID = 20
	PayloadLLMNR         PayloadID = 21
	PayloadIGMP          PayloadID = 22
	PayloadEthernetPause PayloadID = 23
	PayloadRRCP          PayloadID = 24
	PayloadLLDP          PayloadID = 25
	Payload802_11r       PayloadID = 26
	PayloadIEEE1905      PayloadID = 27
	PayloadSonos         PayloadID = 28
	Payload880a          PayloadID = 29
)

func (PayloadID) String added in v0.3.0 

func (i PayloadID) String() string

type Preference added in v0.3.0 

type Preference int

A Preference is a NDP router selection or route preference value as described in RFC 4191, Section 2.1. 

const (
	Medium Preference = 0
	High   Preference = 1

	Low Preference = 3
)

Possible Preference values.

type PrefixInformation added in v0.3.0 

type PrefixInformation struct {
	PrefixLength                   uint8
	OnLink                         bool
	AutonomousAddressConfiguration bool
	ValidLifetime                  time.Duration
	PreferredLifetime              time.Duration
	Prefix                         net.IP
}

A PrefixInformation is a a Prefix Information option, as described in RFC 4861, Section 4.6.1.

func (*PrefixInformation) Code added in v0.3.0 

func (*PrefixInformation) Code() byte

Code implements Option.

type ProtoStats added in v0.3.0 

type ProtoStats struct {
	Proto    PayloadID
	Count    int
	ErrCount int
	Last     time.Time
}

type Question added in v0.4.0 

type Question struct {
	Name  []byte
	Type  uint16
	Class uint16
}

func DecodeQuestion added in v0.4.0 

func DecodeQuestion(p DNS, index int, buffer []byte) (question Question, off int, err error)

DecodeQuestion returns the first question in the DNS packet

type RRCP added in v0.1.1 

type RRCP []byte

func (RRCP) AuthKey added in v0.1.1 

func (p RRCP) AuthKey() uint16

func (RRCP) FastLog added in v0.3.0 

func (p RRCP) FastLog(l *fastlog.Line) *fastlog.Line

func (RRCP) IsValid added in v0.1.1 

func (p RRCP) IsValid() error

func (RRCP) OpCode added in v0.1.1 

func (p RRCP) OpCode() uint8

func (RRCP) Protocol added in v0.1.1 

func (p RRCP) Protocol() uint8

Protocol 0x01 - the original format but not seen in logs yet. 

RRCP protocol description: http://realtek.info/pdf/rtl8324.pdf
                           http://openrrcp.org.ru/download/datasheets/RTL8326_8326S_DataSheet_3.1.pdf
some sample C code here: https://www.wireshark.org/lists/ethereal-dev/200409/msg00090.html
                         https://github.com/the-tcpdump-group/tcpdump/blob/master/print-rrcp.c

func (RRCP) RegisterAddr added in v0.1.1 

func (p RRCP) RegisterAddr() uint16

func (RRCP) RegisterData added in v0.1.1 

func (p RRCP) RegisterData() uint16

func (RRCP) Reply added in v0.1.1 

func (p RRCP) Reply() bool

func (RRCP) SixBytes added in v0.3.0 

func (p RRCP) SixBytes() []byte

Protocol 0x23 - Loop detection - RTL8305 

common in Arris router
see - https://www.openhacks.com/uploadsproductos/realtek-semicon-rtl8305nb-cg-qfn-48_c52146.pdf
          1byte                         1byte

+ * +---------------------------+---------------------------+ + * | Protocol number - 0x2300 | + * +-------------------------------------------------------+ + * | 12bits - 0x000 | 4bits TTL | + * +-------------------------------------------------------+ + * | 352 bits 0x00 | + * +-------------------------------------------------------+

func (RRCP) String added in v0.1.1 

func (p RRCP) String() string

func (RRCP) Zeros added in v0.3.0 

func (p RRCP) Zeros() []byte

type RawOption added in v0.3.0 

type RawOption struct {
	Type   uint8
	Length uint8
	Value  []byte
}

A RawOption is an Option in its raw and unprocessed format. Options which are not recognized by this package can be represented using a RawOption.

func (*RawOption) Code added in v0.3.0 

func (r *RawOption) Code() byte

Code implements Option.

type RecursiveDNSServer added in v0.3.0 

type RecursiveDNSServer struct {
	Lifetime time.Duration
	Servers  []net.IP
}

A RecursiveDNSServer is a Recursive DNS Server option, as described in RFC 8106, Section 5.1.

func (*RecursiveDNSServer) Code added in v0.3.0 

func (*RecursiveDNSServer) Code() byte

Code implements Option.

type RouteInformation added in v0.3.0 

type RouteInformation struct {
	PrefixLength  uint8
	Preference    Preference
	RouteLifetime time.Duration
	Prefix        net.IP
}

A RouteInformation is a Route Information option, as described in RFC 4191, Section 2.3.

func (*RouteInformation) Code added in v0.3.0 

func (*RouteInformation) Code() byte

Code implements Option.

type RouterAdvertisement added in v0.3.0 

type RouterAdvertisement struct {
	CurrentHopLimit           uint8
	ManagedConfiguration      bool
	OtherConfiguration        bool
	MobileIPv6HomeAgent       bool
	RouterSelectionPreference Preference
	NeighborDiscoveryProxy    bool
	RouterLifetime            time.Duration
	ReachableTime             time.Duration
	RetransmitTimer           time.Duration
	Options                   []Option
}

described in RFC 4861, Section 4.1.

func (*RouterAdvertisement) Type added in v0.3.0 

func (ra *RouterAdvertisement) Type() ipv6.ICMPType

Type implements Message.

type RouterSolicitation added in v0.3.0 

type RouterSolicitation struct {
	SourceLLA net.HardwareAddr
	Options   []Option
}

A RouterSolicitation is a Router Solicitation message as described in RFC 4861, Section 4.1.

func (*RouterSolicitation) Type added in v0.3.0 

func (rs *RouterSolicitation) Type() ipv6.ICMPType

Type implements Message.

type SNAP added in v0.1.1 

type SNAP []byte

Local Link Control - SNAP extension 

+-------+--------+--------+
|  MAC Header    (14 bytes)                                802.{3/4/5} MAC
+--------+--------+--------+
| DSAP=AA| SSAP=AA| Control|                               802.2 LLC - unnumbered (1 byte control = 0x03)
+--------+--------+---------+--------+--------+
|    OUI                    |    EtherType    |            802.2 SNAP - OUI is zero if using EtheryType otherwise it is an organisation ID
+--------+--------+---------+--------+--------+
The total length of the LLC Header and the SNAP header is 8-octets.
An organizationally unique identifier (OUI) is a 24-bit number that uniquely identifies a vendor, manufacturer, or other organization.
EtherType is zero if not carrying an registered EtherType

func (SNAP) Control added in v0.1.1 

func (p SNAP) Control() uint8

func (SNAP) DSAP added in v0.1.1 

func (p SNAP) DSAP() uint8

func (SNAP) EtherType added in v0.1.1 

func (p SNAP) EtherType() uint16

func (SNAP) FastLog added in v0.2.0 

func (p SNAP) FastLog(line *fastlog.Line) *fastlog.Line

func (SNAP) IsValid added in v0.1.1 

func (p SNAP) IsValid() error

func (SNAP) OrganisationID added in v0.1.1 

func (p SNAP) OrganisationID() []byte

func (SNAP) Payload added in v0.1.1 

func (p SNAP) Payload() []byte

func (SNAP) SSAP added in v0.1.1 

func (p SNAP) SSAP() uint8

func (SNAP) String added in v0.1.1 

func (p SNAP) String() string

type Session 

type Session struct {
	Conn            net.PacketConn // the underlaying raw connection used for all read and write
	NICInfo         *NICInfo       // keep interface information
	ProbeDeadline   time.Duration  // send IP probe if no traffic received for this long
	OfflineDeadline time.Duration  // mark Host offline if no traffic for this long
	PurgeDeadline   time.Duration  // delete Host if no traffic for this long
	HostTable       HostTable      // store MAC/IP list - one for each IP host
	MACTable        MACTable       // store mac list

	Statistics []ProtoStats      // keep per protocol statistics
	C          chan Notification // channel for online & offline notifications
	// contains filtered or unexported fields
}

Session holds the session context for a given network interface.

func NewSession added in v0.3.0 

func NewSession(nic string) (*Session, error)

NewSession returns a session to read and write raw packets from the network interface card.

func (*Session) Capture added in v0.3.0 

func (h *Session) Capture(mac net.HardwareAddr) error

Capture sets the mac to capture mode

func (*Session) Close added in v0.3.0 

func (h *Session) Close()

Close stop all session goroutines and close notification channel and the underlaying raw connection. The session is no longer valid after calling Close().

func (*Session) DHCPv4IPOffer added in v0.3.0 

func (h *Session) DHCPv4IPOffer(mac net.HardwareAddr) netip.Addr

DHCPv4Offer returns the dhcp v4 ip offer if one is available. This is used in the arp spoof module to reject announcements that conflict with the offered dhcp ip.

func (*Session) DHCPv4Update added in v0.3.0 

func (h *Session) DHCPv4Update(mac net.HardwareAddr, ip netip.Addr, name NameEntry) error

DHCPv4Update updates the mac and host entry with dhcp details. A DHCP processing module should call this when it encounters a new host in a DHCP discovery/request message.

A host using DHCP cannot use an IP address until it is confirmed by a dhcp server. Therefore various DHCP messages are transmitted with a zero IP and in particular the DHCP discover does not have a srcIP.

func (*Session) EnableIP4Forwarding added in v0.3.1 

func (h *Session) EnableIP4Forwarding() error

func (*Session) FindByMAC 

func (h *Session) FindByMAC(mac net.HardwareAddr) (list []Addr)

FindByMAC returns a list of IP addresses for mac

func (*Session) FindIP 

func (h *Session) FindIP(ip netip.Addr) *Host

FindIP returns the host entry for IP or nil othewise

func (*Session) FindMACEntry 

func (h *Session) FindMACEntry(mac net.HardwareAddr) *MACEntry

FindMACEntry returns pointer to macEntry or nil if not found

func (*Session) GetHosts 

func (h *Session) GetHosts() (list []*Host)

GetTable returns a shallow copy of the current table

func (*Session) ICMP4SendEchoRequest added in v0.3.0 

func (h *Session) ICMP4SendEchoRequest(srcAddr Addr, dstAddr Addr, id uint16, seq uint16) error

ICMP4SendEchoRequest transmit an icmp echo request Do not wait for response

func (*Session) ICMP6SendEchoRequest added in v0.3.0 

func (h *Session) ICMP6SendEchoRequest(srcAddr Addr, dstAddr Addr, id uint16, seq uint16) error

ICMP6SendEchoRequest transmit an icmp6 echo request and do not wait for response

func (*Session) ICMP6SendNeighborAdvertisement added in v0.3.0 

func (h *Session) ICMP6SendNeighborAdvertisement(srcAddr Addr, dstAddr Addr, targetAddr Addr) error

func (*Session) ICMP6SendNeighbourSolicitation added in v0.3.0 

func (h *Session) ICMP6SendNeighbourSolicitation(srcAddr Addr, dstAddr Addr, targetIP netip.Addr) error

SendNeighbourSolicitation send an ICMP6 NS

func (*Session) ICMP6SendRouterAdvertisement added in v0.3.0 

func (h *Session) ICMP6SendRouterAdvertisement(prefixes []PrefixInformation, rdnss *RecursiveDNSServer, dstAddr Addr) error

func (*Session) ICMP6SendRouterSolicitation added in v0.3.0 

func (h *Session) ICMP6SendRouterSolicitation() error

func (*Session) IPAddrs added in v0.3.0 

func (h *Session) IPAddrs(mac net.HardwareAddr) []Addr

IPAddrs retun the array of hosts for the mac.

func (*Session) IsCaptured 

func (h *Session) IsCaptured(mac net.HardwareAddr) bool

IsCaptured returns true is mac is in capture mode

func (*Session) Notify added in v0.3.0 

func (h *Session) Notify(frame Frame)

Notify generates the notification for host offline and online if required. The function is only required if the caller wants to receive notifications via the notification channel. If the caller is not interested in online/offline transitions, the function is not required to run.

Notify will only send a notification via the notification channel if a change is pending as a result of processing the packet. It returns silently if there is no notification pending.

func (*Session) Parse added in v0.3.0 

func (h *Session) Parse(p []byte) (frame Frame, err error)

Parse returns a Frame containing references to common layers and the payload. It will also create the host entry if this is a new IP. The function is fast as it will map to the underlying array. No copy and no allocation takes place.

Benchmark result: Jan 2021 cpu: 11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz Benchmark_Parse-8 25281475 47.58 ns/op 0 B/op 0 allocs/op

func (*Session) Ping added in v0.3.0 

func (h *Session) Ping(dstAddr Addr, timeout time.Duration) (err error)

Ping send a ping request and wait for a reply

func (*Session) Ping6 added in v0.3.0 

func (h *Session) Ping6(srcAddr Addr, dstAddr Addr, timeout time.Duration) (err error)

Ping send a ping request and wait for a reply

func (*Session) PrintTable 

func (h *Session) PrintTable()

PrintTable logs the table to standard out.

func (*Session) ReadFrom added in v0.3.0 

func (h *Session) ReadFrom(b []byte) (int, net.Addr, error)

func (*Session) Release added in v0.3.0 

func (h *Session) Release(mac net.HardwareAddr) error

Release sets the mac to normal mode (not captured)

func (*Session) SetDHCPv4IPOffer added in v0.3.0 

func (h *Session) SetDHCPv4IPOffer(mac net.HardwareAddr, ip netip.Addr, name NameEntry)

SetDHCPv4IPOffer set an IPv4 offer for the mac. A DCP processing module should call this when it wants to record the IP it has offered for a given mac.

func (*Session) ValidateDefaultRouter added in v0.3.0 

func (h *Session) ValidateDefaultRouter(addr Addr) error

ValidateDefaultRouter validates the default route is pointing to us by pinging client using home router IP as source IP. The reply will come to us when the default route on client is netfilter. If not, the ping reply will not be received.

Note: the reply will also come to us if the client is undergoing an arp attack (hunt).

type SocketConfig added in v0.3.0 

type SocketConfig struct {
	// Linux only: call socket(7) with SOCK_DGRAM instead of SOCK_RAW.
	// Has no effect on other operating systems.
	LinuxSockDGRAM bool

	// Linux only: do not accumulate packet socket statistic counters.  Packet
	// socket statistics are reset on each call to retrieve them via getsockopt,
	// but this package's default behavior is to continue accumulating the
	// statistics internally per Conn.  To use the Linux default behavior of
	// resetting statistics on each call to Stats, set this value to true.
	NoCumulativeStats bool

	// Linux only: initial filter to apply to the connection. This avoids
	// capturing random packets before SetBPF is called.
	Filter []bpf.RawInstruction

	// BSD only: configure the BPF direction flag to allow selection of inbound
	// only (0 - default) or bidirectional (1) packet processing.
	// Has no effect on other operating systems.
	BPFDirection int

	// Set interface to promiscuous mode
	Promiscuous bool
}

A Config can be used to specify additional options for a Conn.

type TCP 

type TCP []byte

TCP provides decoding of tcp frames

func (TCP) ACK 

func (p TCP) ACK() bool

func (TCP) Ack 

func (p TCP) Ack() uint32

func (TCP) CWR 

func (p TCP) CWR() bool

func (TCP) Checksum 

func (p TCP) Checksum() uint16

func (TCP) DstPort 

func (p TCP) DstPort() uint16

func (TCP) ECE 

func (p TCP) ECE() bool

func (TCP) FIN 

func (p TCP) FIN() bool

func (TCP) HeaderLen 

func (p TCP) HeaderLen() int

func (TCP) IsValid 

func (p TCP) IsValid() error

func (TCP) NS 

func (p TCP) NS() bool

func (TCP) PSH 

func (p TCP) PSH() bool

func (TCP) Payload 

func (p TCP) Payload() []byte

func (TCP) RST 

func (p TCP) RST() bool

func (TCP) SYN 

func (p TCP) SYN() bool

func (TCP) Seq 

func (p TCP) Seq() uint32

func (TCP) SrcPort 

func (p TCP) SrcPort() uint16

func (TCP) URG 

func (p TCP) URG() bool

func (TCP) Urgent 

func (p TCP) Urgent() uint16

func (TCP) Window 

func (p TCP) Window() uint16

type UDP 

type UDP []byte

UDP provides decoding and encoding of udp frames

func EncodeUDP added in v0.3.0 

func EncodeUDP(p []byte, srcPort uint16, dstPort uint16) UDP

func (UDP) AppendPayload 

func (p UDP) AppendPayload(b []byte) (UDP, error)

func (UDP) Checksum 

func (p UDP) Checksum() uint16

func (UDP) DstPort 

func (p UDP) DstPort() uint16

func (UDP) FastLog added in v0.2.0 

func (p UDP) FastLog(line *fastlog.Line) *fastlog.Line

FastLog implements fastlog interface

func (UDP) HeaderLen added in v0.3.0 

func (p UDP) HeaderLen() int

func (UDP) IsValid 

func (p UDP) IsValid() error

func (UDP) Len 

func (p UDP) Len() uint16

func (UDP) Payload 

func (p UDP) Payload() []byte

func (UDP) SetPayload 

func (p UDP) SetPayload(b []byte) UDP

func (UDP) SrcPort 

func (p UDP) SrcPort() uint16

func (UDP) String 

func (p UDP) String() string

type Unknown880a added in v0.2.2 

type Unknown880a []byte

unknown880a unkownn ether type 0x880a

func (Unknown880a) IsValid added in v0.2.2 

func (p Unknown880a) IsValid() error

Source Files

View all Source files

Directories

Path Synopsis
examples
arpspoofer
dhcpd
dnslistener
hosts
tcpdump
handlers
arp_spoofer
Package arp_spoofer provides a handler to spoof arp tables on a target host.
 Package arp_spoofer provides a handler to spoof arp tables on a target host.
dhcp4_spoofer
package dhcp4_spoofer implements a dhcp server designed to operate as a secondary dhcp server on the same lan.
 package dhcp4_spoofer implements a dhcp server designed to operate as a secondary dhcp server on the same lan.
dns_naming
Package dns_naming maps a name from the wire to a mac address.
 Package dns_naming maps a name from the wire to a mac address.
icmp_spoofer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.