packet

package
v10.303.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package packet support for TCP/IP packet manipulations needed by the Aporeto infrastructure.

Index

Constants

View Source
const (
	// IPProtocolTCP defines the constant for TCP protocol number
	IPProtocolTCP = 6

	// IPProtocolUDP defines the constant for UDP protocol number
	IPProtocolUDP = 17

	// IPProtocolICMP defines the constants for ICMP protocol number
	IPProtocolICMP = 1
)

IP Protocol numbers

View Source
const (

	// TCPSynMask is a mask for the TCP Syn flags
	TCPSynMask = 0x2

	// TCPSynAckMask  mask idenitifies a TCP SYN-ACK packet
	TCPSynAckMask = 0x12

	// TCPRstMask mask that identifies RST packets
	TCPRstMask = 0x4

	// TCPAckMask mask that identifies ACK packets
	TCPAckMask = 0x10

	// TCPFinMask mask that identifies FIN packets
	TCPFinMask = 0x1

	// TCPPshMask = 0x8 mask that identifies PSH packets
	TCPPshMask = 0x8
)

TCP Header masks

View Source
const (
	// TCPAuthenticationOption is the option number will be using
	TCPAuthenticationOption = uint8(34)

	// TCPMssOption is the type for MSS option
	TCPMssOption = uint8(2)

	// TCPMssOptionLen is the type for MSS option
	TCPMssOptionLen = uint8(4)
)

TCP Options Related constants

View Source
const (

	// UDPDataPos is the location of UDP data
	UDPDataPos = 8
	// UDPSynMask is a mask for the UDP Syn flags
	UDPSynMask = 0x10
	// UDPSynAckMask  mask idenitifies a UDP SYN-ACK packet
	UDPSynAckMask = 0x20
	// UDPAckMask mask that identifies ACK packets.
	UDPAckMask = 0x30
	// UDPFinAckMask mask that identifies the FinAck packets
	UDPFinAckMask = 0x40
	// UDPPolicyRejectMask mask that identifies a policy reject info from the remote end
	UDPPolicyRejectMask = 0x50
	// UDPDataPacket is a simple data packet
	UDPDataPacket = 0x80
	// UDPPacketMask identifies type of UDP packet.
	UDPPacketMask = 0xF0
)

UDP related constants.

View Source
const (
	// UDPAuthMarker is 18 byte Aporeto signature for UDP
	UDPAuthMarker = "n30njxq7bmiwr6dtxq"
	// UDPAuthMarkerLen is the length of UDP marker.
	UDPAuthMarkerLen = 18
	// UDPSignatureLen is the length of signature on UDP control packet.
	UDPSignatureLen = 20
)
View Source
const (
	// UDPAporetoOption is the option kind for Aporeto option
	UDPAporetoOption = uint8(34)
	// UDPAporetoOptionLengthFirstByte is the first if length is greater than 255
	UDPAporetoOptionLengthFirstByte = uint8(0xff)
	// UDPAporetoOptionShortLength is the length of the option header if payload length is less than UDPAporetoOptionLengthFirstByte
	UDPAporetoOptionShortLength = 2
	// UDPAporetoOptionLongLength is the length of the option header if payload length is greater than UDPAporetoOptionLengthFirstByte
	UDPAporetoOptionLongLength = 6
)
View Source
const (
	// PacketTypeNetwork is enum for from-network packets
	PacketTypeNetwork = 0x1000
	// PacketTypeApplication is enum for from-application packets
	PacketTypeApplication = 0x2000

	// PacketStageIncoming is an enum for incoming stage
	PacketStageIncoming = 0x0100
	// PacketStageAuth is an enum for authentication stage
	PacketStageAuth = 0x0200
	// PacketStageService is an enum for crypto stage
	PacketStageService = 0x0400
	// PacketStageOutgoing is an enum for outgoing stage
	PacketStageOutgoing = 0x0800

	// PacketFailureCreate is the drop reason for packet
	PacketFailureCreate = 0x0010
	// PacketFailureAuth is a drop reason for packet due to authentication error
	PacketFailureAuth = 0x0020
	// PacketFailureService is a drop reason for packet due to crypto error
	PacketFailureService = 0x00040
)

Variables

This section is empty.

Functions

func CreateUDPAuthMarker

func CreateUDPAuthMarker(packetType uint8, payloadLength uint16) []byte

CreateUDPAuthMarker creates a UDP auth marker.

func GetUDPTypeFromBuffer

func GetUDPTypeFromBuffer(buffer []byte) byte

GetUDPTypeFromBuffer gets the UDP packet from a raw buffer.,

func TCPFlagsToStr

func TCPFlagsToStr(flags uint8) string

TCPFlagsToStr converts the TCP Flags to a string value that is human readable

Types

type IPver

type IPver int

IPver is the type defined for ip version

const (
	// V4 is the flag for ipv4
	V4 IPver = iota
	// V6 is the flag for ipv6
	V6
)

type Packet

type Packet struct {

	// Mark is the nfqueue Mark
	Mark        string
	SetConnmark bool

	// Service Metadata
	SvcMetadata interface{}
	// Connection Metadata
	ConnectionMetadata interface{}
	// Platform Metadata (needed for Windows)
	PlatformMetadata PlatformMetadata
	// contains filtered or unexported fields
}

Packet structure

func New

func New(context uint64, bytes []byte, mark string, lengthValidate bool) (packet *Packet, err error)

New returns a pointer to Packet structure built from the provided bytes buffer which is expected to contain valid TCP/IP packet bytes. WARNING: This package takes control of the bytes buffer passed. The caller has to be aware calling any function that returns a slice will NOT be a copy rather a sub-slice of the bytes buffer passed. It is the responsibility of the caller to copy the slice If and when necessary.

func NewIpv4TCPPacket

func NewIpv4TCPPacket(context uint64, tcpFlags uint8, src, dst string, srcPort, desPort uint16) (*Packet, error)

NewIpv4TCPPacket creates an Ipv4/TCP packet

func NewIpv6TCPPacket

func NewIpv6TCPPacket(context uint64, tcpFlags uint8, src, dst string, srcPort, desPort uint16) (*Packet, error)

NewIpv6TCPPacket creates an Ipv6/TCP packet

func TestGetTCPPacket

func TestGetTCPPacket(srcIP, dstIP net.IP, srcPort, dstPort uint16) *Packet

TestGetTCPPacket is used by other test code when they need to create a packet

func (*Packet) CheckTCPAuthenticationOption

func (p *Packet) CheckTCPAuthenticationOption(iOptionLength int) (err error)

CheckTCPAuthenticationOption ensures authentication option exists at the offset provided

func (*Packet) ConvertAcktoFinAck

func (p *Packet) ConvertAcktoFinAck() error

ConvertAcktoFinAck function removes the data from the packet It is called only if the packet is Ack or Psh/Ack converts psh/ack to fin/ack packet.

func (*Packet) ConvertToRst

func (p *Packet) ConvertToRst()

ConvertToRst function converts the packet to a RST packet

func (*Packet) CreateReverseFlowPacket

func (p *Packet) CreateReverseFlowPacket()

CreateReverseFlowPacket modifies the packet for reverse flow.

func (*Packet) DecreaseTCPAck

func (p *Packet) DecreaseTCPAck(decr uint32)

DecreaseTCPAck decreases TCP ack number by decr

func (*Packet) DecreaseTCPSeq

func (p *Packet) DecreaseTCPSeq(decr uint32)

DecreaseTCPSeq decreases TCP seq number by decr

func (*Packet) DestPort

func (p *Packet) DestPort() uint16

DestPort -- returns the appropriate destination port

func (*Packet) DestinationAddress

func (p *Packet) DestinationAddress() net.IP

DestinationAddress returns the destination address

func (*Packet) FixupIPHdrOnDataModify

func (p *Packet) FixupIPHdrOnDataModify(old, new uint16)

FixupIPHdrOnDataModify modifies the IP header fields and checksum

func (*Packet) FixuptcpHdrOnTCPDataAttach

func (p *Packet) FixuptcpHdrOnTCPDataAttach(tcpOptionsLen uint16)

FixuptcpHdrOnTCPDataAttach modifies the TCP header fields and checksum

func (*Packet) FixuptcpHdrOnTCPDataDetach

func (p *Packet) FixuptcpHdrOnTCPDataDetach(optionLength uint16)

FixuptcpHdrOnTCPDataDetach modifies the TCP header fields and checksum

func (*Packet) GetBuffer

func (p *Packet) GetBuffer(offset int) []byte

GetBuffer returns the slice representing the buffer at offset specified

func (*Packet) GetICMPTypeCode

func (p *Packet) GetICMPTypeCode() (int8, int8)

GetICMPTypeCode returns the icmp type and icmp code

func (*Packet) GetIPLength

func (p *Packet) GetIPLength() uint16

GetIPLength returns the IP length

func (*Packet) GetTCPBytes

func (p *Packet) GetTCPBytes() []byte

GetTCPBytes returns the bytes in the packet. It consolidates in case of changes as well

func (*Packet) GetTCPFlags

func (p *Packet) GetTCPFlags() uint8

GetTCPFlags returns the tcp flags from the packet

func (*Packet) GetUDPData

func (p *Packet) GetUDPData() []byte

GetUDPData return additional data in packet

func (*Packet) GetUDPDataStartBytes

func (p *Packet) GetUDPDataStartBytes() uint16

GetUDPDataStartBytes return start of UDP data

func (*Packet) GetUDPType

func (p *Packet) GetUDPType() byte

GetUDPType returns udp type of packet.

func (*Packet) ID

func (p *Packet) ID() string

ID returns the IP ID of the packet

func (*Packet) IPHeaderLen

func (p *Packet) IPHeaderLen() uint8

IPHeaderLen returns the ip header length

func (*Packet) IPProto

func (p *Packet) IPProto() uint8

IPProto returns the L4 protocol

func (*Packet) IPTotalLen

func (p *Packet) IPTotalLen() uint16

IPTotalLen returns the total length of the packet

func (*Packet) IPversion

func (p *Packet) IPversion() IPver

IPversion returns the version of ip packet

func (*Packet) IncreaseTCPAck

func (p *Packet) IncreaseTCPAck(incr uint32)

IncreaseTCPAck increases TCP ack number by incr

func (*Packet) IncreaseTCPSeq

func (p *Packet) IncreaseTCPSeq(incr uint32)

IncreaseTCPSeq increases TCP seq number by incr

func (*Packet) IsEmptyTCPPayload

func (p *Packet) IsEmptyTCPPayload() bool

IsEmptyTCPPayload returns the TCP data offset

func (*Packet) L4FlowHash

func (p *Packet) L4FlowHash() string

L4FlowHash calculate a hash string based on the 4-tuple. It returns the cached value and does not re-calculate it. This leads to performance gains.

func (*Packet) L4ReverseFlowHash

func (p *Packet) L4ReverseFlowHash() string

L4ReverseFlowHash calculate a hash string based on the 4-tuple by reversing source and destination information

func (*Packet) NewPacket

func (p *Packet) NewPacket(context uint64, bytes []byte, mark string, lengthValidate bool) (err error)

NewPacket is a method called on Packet which decodes the packet into the struct

func (*Packet) PacketToStringTCP

func (p *Packet) PacketToStringTCP() string

PacketToStringTCP returns a string representation of fields contained in this packet.

func (*Packet) Print

func (p *Packet) Print(context uint64, packetLogLevel bool)

Print is a print helper function

func (*Packet) ReadTCPData

func (p *Packet) ReadTCPData() []byte

ReadTCPData returns ths payload in a string variable It does not remove the payload from the packet

func (*Packet) ReadTCPDataString

func (p *Packet) ReadTCPDataString() string

ReadTCPDataString returns ths payload in a string variable It does not remove the payload from the packet

func (*Packet) ReadUDPToken

func (p *Packet) ReadUDPToken() []byte

ReadUDPToken Parsing using format specified in https://tools.ietf.org/html/draft-ietf-tsvwg-udp-options-08 ReadUDPToken return the UDP token. Gets called only during the handshake process.

func (*Packet) SetTCPAck

func (p *Packet) SetTCPAck(ack uint32)

SetTCPAck sets the TCP ack number

func (*Packet) SetTCPFlags

func (p *Packet) SetTCPFlags(flags uint8)

SetTCPFlags allows to set the tcp flags on the packet

func (*Packet) SetTCPSeq

func (p *Packet) SetTCPSeq(seq uint32)

SetTCPSeq sets the TCP seq number

func (*Packet) SourceAddress

func (p *Packet) SourceAddress() net.IP

SourceAddress returns the source IP

func (*Packet) SourcePort

func (p *Packet) SourcePort() uint16

SourcePort -- returns the appropriate source port

func (*Packet) SourcePortHash

func (p *Packet) SourcePortHash(stage uint64) string

SourcePortHash calculates a hash based on dest ip/port for net packet and src ip/port for app packet.

func (*Packet) TCPAckNum

func (p *Packet) TCPAckNum() uint32

TCPAckNum returns tcp ack number

func (*Packet) TCPDataDetach

func (p *Packet) TCPDataDetach(optionLength uint16)

TCPDataDetach performs the following:

  • Removes all TCP data from Buffer to TCPData.
  • Removes "optionLength" bytes of options from TCP header to tcpOptions
  • Updates IP Hdr (lengths, checksums)
  • Updates TCP header (checksums)

func (*Packet) TCPDataStartBytes

func (p *Packet) TCPDataStartBytes() uint16

TCPDataStartBytes provides the tcp data start offset in bytes

func (*Packet) TCPSeqNum

func (p *Packet) TCPSeqNum() uint32

TCPSeqNum returns tcp sequence number

func (*Packet) TCPSequenceNumber

func (p *Packet) TCPSequenceNumber() uint32

TCPSequenceNumber return the initial sequence number

func (*Packet) UDPDataAttach

func (p *Packet) UDPDataAttach(header, udpdata []byte)

UDPDataAttach Attaches UDP data post encryption.

func (*Packet) UDPDataDetach

func (p *Packet) UDPDataDetach()

UDPDataDetach detaches UDP payload from the Buffer. Called only during Encrypt/Decrypt.

func (*Packet) UDPTokenAttach

func (p *Packet) UDPTokenAttach(udpdata []byte, udptoken []byte)

UDPTokenAttach attached udp packet signature and tokens.

func (*Packet) UpdateIPv4Checksum

func (p *Packet) UpdateIPv4Checksum()

UpdateIPv4Checksum computes the IP header checksum and updates the packet with the value.

func (*Packet) UpdatePacketBuffer

func (p *Packet) UpdatePacketBuffer(buffer []byte, tcpOptionsLen uint16) error

UpdatePacketBuffer updates the packet with the new updates buffer.

func (*Packet) UpdateTCPChecksum

func (p *Packet) UpdateTCPChecksum()

UpdateTCPChecksum computes the TCP header checksum and updates the packet with the value.

func (*Packet) VerifyIPv4Checksum

func (p *Packet) VerifyIPv4Checksum() bool

VerifyIPv4Checksum returns true if the IP header checksum is correct for this packet, false otherwise. Note that the checksum is not modified.

func (*Packet) VerifyTCPChecksum

func (p *Packet) VerifyTCPChecksum() bool

VerifyTCPChecksum returns true if the TCP header checksum is correct for this packet, false otherwise. Note that the checksum is not modified.

type PlatformMetadata

type PlatformMetadata interface {
	Clone() PlatformMetadata
}

PlatformMetadata structure

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL