ip4defrag

package
v2.9.5+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package ip4defrag implements a IPv4 defragmenter

Index

Constants

View Source
const (
	IPv4MinimumFragmentSize    = 8     // Minimum size of a single fragment
	IPv4MaximumSize            = 65535 // Maximum size of a fragment (2^16)
	IPv4MaximumFragmentOffset  = 8183  // Maximum offset of a fragment
	IPv4MaximumFragmentListLen = 8192  // Back out if we get more than this many fragments
)

Constants determining how to handle fragments. Reference RFC 791, page 25

Variables

This section is empty.

Functions

func TestDefragBCDNS

func TestDefragBCDNS(t *testing.T)

func TestDefragDiscard

func TestDefragDiscard(t *testing.T)

func TestDefragFragmentOffset

func TestDefragFragmentOffset(t *testing.T)

func TestDefragIDField

func TestDefragIDField(t *testing.T)

func TestDefragMaxSize

func TestDefragMaxSize(t *testing.T)

func TestDefragPing1

func TestDefragPing1(t *testing.T)

func TestDefragPing1and2

func TestDefragPing1and2(t *testing.T)

func TestDefragPingMultipleFrags

func TestDefragPingMultipleFrags(t *testing.T)

func TestDefragTooSmall

func TestDefragTooSmall(t *testing.T)

func TestDontFragBCDNS

func TestDontFragBCDNS(t *testing.T)

func TestNotFrag

func TestNotFrag(t *testing.T)

Types

type IPv4Defragmenter

type IPv4Defragmenter struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

IPv4Defragmenter is a struct which embedded a map of all fragment/packet.

func NewIPv4Defragmenter

func NewIPv4Defragmenter() *IPv4Defragmenter

NewIPv4Defragmenter returns a new IPv4Defragmenter with an initialized map.

func (*IPv4Defragmenter) DefragIPv4

func (d *IPv4Defragmenter) DefragIPv4(in *layers.IPv4) (*layers.IPv4, error)

DefragIPv4 takes in an IPv4 packet with a fragment payload.

It do not modify the IPv4 layer in place, 'in' remains untouched It returns a ready-to be used IPv4 layer.

If the passed-in IPv4 layer is NOT fragmented, it will immediately return it without modifying the layer.

If the IPv4 layer is a fragment and we don't have all fragments, it will return nil and store whatever internal information it needs to eventually defrag the packet.

If the IPv4 layer is the last fragment needed to reconstruct the packet, a new IPv4 layer will be returned, and will be set to the entire defragmented packet,

It use a map of all the running flows

Usage example:

func HandlePacket(in *layers.IPv4) err {
    defragger := ip4defrag.NewIPv4Defragmenter()
    in, err := defragger.DefragIPv4(in)
    if err != nil {
        return err
    } else if in == nil {
        return nil  // packet fragment, we don't have whole packet yet.
    }
    // At this point, we know that 'in' is defragmented.
    //It may be the same 'in' passed to
	   // HandlePacket, or it may not, but we don't really care :)
	   ... do stuff to 'in' ...
}

func (*IPv4Defragmenter) DefragIPv4WithTimestamp

func (d *IPv4Defragmenter) DefragIPv4WithTimestamp(in *layers.IPv4, t time.Time) (*layers.IPv4, error)

DefragIPv4WithTimestamp provides functionality of DefragIPv4 with an additional timestamp parameter which is used for discarding old fragments instead of time.Now()

This is useful when operating on pcap files instead of live captured data

func (*IPv4Defragmenter) DiscardOlderThan

func (d *IPv4Defragmenter) DiscardOlderThan(t time.Time) int

DiscardOlderThan forgets all packets without any activity since time t. It returns the number of FragmentList aka number of fragment packets it has discarded.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL