Documentation ¶
Overview ¶
Package ip4defrag implements a IPv4 defragmenter
Index ¶
Constants ¶
const ( IPv4MinimumFragmentSize = 8 // Minimum size of a single fragment IPv4MaximumSize = 65535 // Maximum size of a fragment (2^16) IPv4MaximumFragmentOffset = 8183 // Maximum offset of a fragment IPv4MaximumFragmentListLen = 8192 // Back out if we get more than this many fragments )
Constants determining how to handle fragments. Reference RFC 791, page 25
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPv4Defragmenter ¶
IPv4Defragmenter is a struct which embedded a map of all fragment/packet.
func NewIPv4Defragmenter ¶
func NewIPv4Defragmenter() *IPv4Defragmenter
NewIPv4Defragmenter returns a new IPv4Defragmenter with an initialized map.
func (*IPv4Defragmenter) DefragIPv4 ¶
DefragIPv4 takes in an IPv4 packet with a fragment payload.
It do not modify the IPv4 layer in place, 'in' remains untouched It returns a ready-to be used IPv4 layer.
If the passed-in IPv4 layer is NOT fragmented, it will immediately return it without modifying the layer.
If the IPv4 layer is a fragment and we don't have all fragments, it will return nil and store whatever internal information it needs to eventually defrag the packet.
If the IPv4 layer is the last fragment needed to reconstruct the packet, a new IPv4 layer will be returned, and will be set to the entire defragmented packet,
It use a map of all the running flows ¶
Usage example:
func HandlePacket(in *layers.IPv4) err { defragger := ip4defrag.NewIPv4Defragmenter() in, err := defragger.DefragIPv4(in) if err != nil { return err } else if in == nil { return nil // packet fragment, we don't have whole packet yet. } // At this point, we know that 'in' is defragmented. //It may be the same 'in' passed to // HandlePacket, or it may not, but we don't really care :) ... do stuff to 'in' ... }
func (*IPv4Defragmenter) DefragIPv4WithTimestamp ¶ added in v1.1.16
func (d *IPv4Defragmenter) DefragIPv4WithTimestamp(in *layers.IPv4, t time.Time) (*layers.IPv4, error)
DefragIPv4WithTimestamp provides functionality of DefragIPv4 with an additional timestamp parameter which is used for discarding old fragments instead of time.Now()
This is useful when operating on pcap files instead of live captured data
func (*IPv4Defragmenter) DiscardOlderThan ¶
func (d *IPv4Defragmenter) DiscardOlderThan(t time.Time) int
DiscardOlderThan forgets all packets without any activity since time t. It returns the number of FragmentList aka number of fragment packets it has discarded.