Documentation
¶
Overview ¶
Package capture provides the configuration and all the modules for capturing input and converting them to a dns result type. Like output, capture tries to leverage common behaviour of inputs and design an interface around it, but unlike the output module it does not have configuration granulaity based on each module.
Index ¶
- Constants
- Variables
- func FNV1A(input []byte) uint64
- type IPv6Defragmenter
- func (d *IPv6Defragmenter) DefragIPv6(in *layers.IPv6, inFragment *layers.IPv6Fragment) (*layers.IPv6, error)
- func (d *IPv6Defragmenter) DefragIPv6WithTimestamp(in *layers.IPv6, inFragment *layers.IPv6Fragment, t time.Time) (*layers.IPv6, error)
- func (d *IPv6Defragmenter) DiscardOlderThan(t time.Time) int
Constants ¶
const ( IPv6MaximumSize = 65535 IPv6MaximumFragmentOffset = 8191 IPv6MaximumFragmentListLen = 8191 )
Constants determining how to handle fragments.
Variables ¶
var GlobalCaptureConfig *captureConfig
GlobalCaptureConfig is accessible globally
Functions ¶
Types ¶
type IPv6Defragmenter ¶
IPv6Defragmenter is a struct which embedded a map of all fragment/packet.
func NewIPv6Defragmenter ¶
func NewIPv6Defragmenter() *IPv6Defragmenter
NewIPv6Defragmenter returns a new IPv6Defragmenter with an initialized map.
func (*IPv6Defragmenter) DefragIPv6 ¶
func (d *IPv6Defragmenter) DefragIPv6(in *layers.IPv6, inFragment *layers.IPv6Fragment) (*layers.IPv6, error)
DefragIPv6 takes in an IPv6 packet with a fragment payload.
It do not modify the IPv6 layer in place, 'in' and 'inFragment' remains untouched. It returns a ready-to be used IPv6 layer.
If we don't have all fragments, it will return nil and store whatever internal information it needs to eventually defrag the packet.
If the IPv6 layer is the last fragment needed to reconstruct the packet, a new IPv6 layer will be returned, and will be set to the entire defragmented packet,
It use a map of all the running flows ¶
Usage example:
func HandlePacket(in *layers.IPv6, inFragment *layers.IPv6Fragment) err {
defragger := ip6defrag.NewIPv6Defragmenter()
in, err := defragger.DefragIPv6(in, inFragment)
if err != nil {
return err
} else if in == nil {
return nil // packet fragment, we don't have whole packet yet.
}
// At this point, we know that 'in' is defragmented.
//It may be the same 'in' passed to
// HandlePacket, or it may not, but we don't really care :)
... do stuff to 'in' ...
}
func (*IPv6Defragmenter) DefragIPv6WithTimestamp ¶
func (d *IPv6Defragmenter) DefragIPv6WithTimestamp(in *layers.IPv6, inFragment *layers.IPv6Fragment, t time.Time) (*layers.IPv6, error)
DefragIPv6WithTimestamp provides functionality of DefragIPv6 with an additional timestamp parameter which is used for discarding old fragments instead of time.Now()
This is useful when operating on pcap files instead of live captured data
func (*IPv6Defragmenter) DiscardOlderThan ¶
func (d *IPv6Defragmenter) DiscardOlderThan(t time.Time) int
DiscardOlderThan forgets all packets without any activity since time t. It returns the number of FragmentList aka number of fragment packets it has discarded.
Source Files