trace

package
v0.0.0-...-28abf27 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2020 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Parasitic Traceroute API - Forward/Reverse TCP traceroute API which uses Linux Netfilter Queue

Parasitic Traceroute API - Forward/Reverse TCP traceroute API which uses Linux Netfilter Queue

Parasitic Traceroute API - Forward/Reverse TCP traceroute API which uses Linux Netfilter Queue

Index

Constants

View Source 
const (
	// IP TTL is a uint8 and therefore max value is 255
	MAX_TTL uint8 = 255
)

Variables

This section is empty.

Functions

func GetTCPFlowFromTCPHead 

func GetTCPFlowFromTCPHead(data []byte) gopacket.Flow

GetTCPFlowFromTCPHead is used to deal with rfc792 implementations where the original outbound packet is NOT sent back via ICMP payload but instead 64 bits of the original packet are sent. https://tools.ietf.org/html/rfc792 Returns assumes TCP and returns a gopacket.Flow. XXX obviously the 64 bits could be from a UDP packet or something else however this is *good-enough* for NFQueue TCP traceroute! XXX should perhaps look at the protocol number specified in the IP header and set it's type here? I don't have a use-case for that right now.

func SerializeWithTTL 

func SerializeWithTTL(p gopacket.Packet, ttl uint8) []byte

SerializeWithTTL takes a gopacket.Packet (containing a TCP/IP layers) and a TTL and returns a byte array of the serialized packet with the specified TTL

Types

type FlowTracker 

type FlowTracker struct {
	// contains filtered or unexported fields
}

FlowTracker struct is a concurrent-safe hashmap of tcp/ip-flowKeys to NFQueueTraceroute`s

func NewFlowTracker 

func NewFlowTracker() *FlowTracker

NewFlowTracker returns a new FlowTracker struct

func (*FlowTracker) AddFlow 

func (f *FlowTracker) AddFlow(flow TcpIpFlow, nfqTrace *NFQueueTraceroute)

AddFlow adds a NFQueueTraceroute struct pointer to our bookeeping hashmaps XXX needs some cleanup?

func (*FlowTracker) Delete 

func (f *FlowTracker) Delete(flow TcpIpFlow)

Delete removes the hashmap keys of the item. We have two hashmaps; one for flows and one for connections (bidirectional flows)...

func (*FlowTracker) GetConnectionTrace 

func (f *FlowTracker) GetConnectionTrace(flow TcpBidirectionalFlowKey) *NFQueueTraceroute

GetConnectionTrace returns the NFQueueTraceroute struct pointer associated with a specified TcpBidirectionalFlowKey

func (*FlowTracker) GetFlow 

func (f *FlowTracker) GetFlow(flow TcpIpFlow) *NFQueueTraceroute

GetFlowTrace returns a NFQueueTraceroute struct pointer given a flowKey func (f *FlowTracker) GetFlowTrace(flow TcpIpFlow) *NFQueueTraceroute {

func (*FlowTracker) HasConnection 

func (f *FlowTracker) HasConnection(biflow TcpBidirectionalFlowKey) bool

HasConnection returns true if the specified TcpBidirectionalFlowKey is a key in our connectionMap hashmap.

func (*FlowTracker) HasFlow 

func (f *FlowTracker) HasFlow(flow TcpIpFlow) bool

HasFlow returns true if the specified flowKey is a key in our flowMap hashmap.

type HopTick 

type HopTick struct {
	// contains filtered or unexported fields
}

HopTick represents a single route hop at a particular instant

func (*HopTick) String 

func (t *HopTick) String() string

String returns a string representation of a HopTick

type LogfileRouteLogger 

type LogfileRouteLogger struct {
	// contains filtered or unexported fields
}

LogfileRouteLogger uses a hashmap to relate route hop TTLs to TraceTick structs this can be used to identify route changes over time

func NewLogfileRouteLogger 

func NewLogfileRouteLogger(verbose bool) LogfileRouteLogger

NewLogfileRouteLogger returns a LogfileRouteLogger struct with accompanying method implements the RouteLogger interface

func (*LogfileRouteLogger) AddHopTick 

func (r *LogfileRouteLogger) AddHopTick(ttl uint8, hoptick HopTick)

AddHopTick takes a TTL and HopTick and adds them to a hashmap where the TTL is the key.

func (*LogfileRouteLogger) Complete 

func (r *LogfileRouteLogger) Complete()

func (*LogfileRouteLogger) GetRepeatLength 

func (r *LogfileRouteLogger) GetRepeatLength(ttl uint8) int

GetRepeatLength returns the number of HopTicks accumulated for a given TTL

func (*LogfileRouteLogger) GetSortedKeys 

func (r *LogfileRouteLogger) GetSortedKeys() []int

GetSortedKeys returns a slice of sorted keys (TTL) from our routeMap

func (*LogfileRouteLogger) String 

func (r *LogfileRouteLogger) String() string

String returns a string representation of the thus far accumulated traceroute information

type NFQueueTraceObserver 

type NFQueueTraceObserver struct {
	// contains filtered or unexported fields
}

NFQueueTraceObserver is a struct used to track concurrents TCP traceroute operations in TCP streams it observes in the specified Netfilter Queue.

func NewNFQueueTraceObserver 

func NewNFQueueTraceObserver(options NFQueueTraceObserverOptions) *NFQueueTraceObserver

NewNFQueueTraceObserver creates a NFQueueTraceObserver struct given a NFQueueTraceObserverOptions struct

func (*NFQueueTraceObserver) Start 

func (o *NFQueueTraceObserver) Start()

Start method creates two goroutines. 1. read packets from NFQueue and pipeline to traceroute operation 2. read packets from pcap sniffer and pipeline to process TCP FIN packets and ICMP TTL expired traceroute responses

func (*NFQueueTraceObserver) Stop 

func (o *NFQueueTraceObserver) Stop()

Stop method is an unfinished work in progress. Currently it only stoped the NFQueue packet processing goroutine.

type NFQueueTraceObserverOptions 

type NFQueueTraceObserverOptions struct {

	// QueueId is the Netfilter Queue we should use
	QueueId int
	// The maximum number of packets the queue is capable of storing
	QueueSize int

	// Iface is a network interface to listen for ICMP-TTL-expired packets and TCP FIN packets
	Iface string

	// TTLMax specifies the highest TTL value to use in the TCP traceroute
	TTLMax uint8
	// TTLRepeatMax specifies the number of times to send a given TTL for the traceroute
	TTLRepeatMax int

	// RepeatMode implies NFQueue verdict NF_REPEAT
	// which means sending a duplicate packet
	RepeatMode bool
	// MangleFreq is the number of packets that should traverse
	// a tracked flow before we mangle a packet's TTL for the traceroute operation
	MangleFreq int
	// TimeoutSeconds is the number of seconds to wait before incrementing the TTL
	// and further mangling packets for a given flow.
	TimeoutSeconds int

	RouteLogger RouteLogger
}

NFQueueTraceObserverOptions struct is a helper struct used to encapsulate the user tuned parameters for NFQueueTraceObserver struct.

type NFQueueTraceroute 

type NFQueueTraceroute struct {
	// contains filtered or unexported fields
}

NFQueueTraceroute struct is used to perform traceroute operations on a single TCP flow... where flow means a unidirection packet stream.

func NewNFQueueTraceroute 

func NewNFQueueTraceroute(id TcpIpFlow, repeatMode bool, observer *NFQueueTraceObserver, ttlMax uint8, ttlRepeatMax, mangleFreq, timeoutSeconds int, routeLogger RouteLogger) *NFQueueTraceroute

NewNFQueueTraceroute returns a new NFQueueTraceroute struct and starts two goroutines; a timer goroutine for determining when to increment the TTL for the traceroute operation... and a goroutine to process ICMP-TTL-expired responses.

func (*NFQueueTraceroute) Stop 

func (n *NFQueueTraceroute) Stop()

Stop stops the timeout goroutine... but it should be further extended to shutdown the entire traceroute operation which means dealing with other goroutines.

type PayloadIcmpIpLayer 

type PayloadIcmpIpLayer struct {
	// contains filtered or unexported fields
}

PayloadIcmpIpLayer struct is used as a channel type for passing icmp/ip packet data from the pcap sniffer to the traceroute-receive-ICMP-reply goroutine-channel pipeline.

type RouteLogger 

type RouteLogger interface {
	AddHopTick(ttl uint8, hop HopTick)
	GetRepeatLength(ttl uint8) int
	Complete()
}

type TcpBidirectionalFlowKey 

type TcpBidirectionalFlowKey struct {
	// contains filtered or unexported fields
}

TcpBidirectionalFlowKey struct can be used as a hashmap key. Bidirectional in this case means that each of these keys for each TCP connection can be represented by two TcpFlowKey`s

func NewTcpBidirectionalFlowKeyFromTcpIpFlow 

func NewTcpBidirectionalFlowKeyFromTcpIpFlow(tcpipFlow TcpIpFlow) TcpBidirectionalFlowKey

NewTcpBidirectionalFlowKeyFromTcpIpFlow takes a TcpIpFlow argument and returns a TcpBidirectionalFlowKey XXX can we please have short names for things? What should we rename it to?

func (*TcpBidirectionalFlowKey) Get 

func (f *TcpBidirectionalFlowKey) Get() TcpIpFlow

Get method is probably not useful. XXX

type TcpIpFlow 

type TcpIpFlow struct {
	// contains filtered or unexported fields
}

TcpIpFlow is used for tracking unidirectional TCP flows

func NewTcpIpFlowFromFlows 

func NewTcpIpFlowFromFlows(ipFlow gopacket.Flow, tcpFlow gopacket.Flow) TcpIpFlow

NewTcpIpFlowFromFlows given an IP flow and TCP flow returns a TcpIpFlow

func NewTcpIpFlowFromLayers 

func NewTcpIpFlowFromLayers(ipLayer layers.IPv4, tcpLayer layers.TCP) TcpIpFlow

NewTcpIpFlowFromLayers given IPv4 and TCP layers it returns a TcpIpFlow

func NewTcpIpFlowFromPacket 

func NewTcpIpFlowFromPacket(packet []byte) TcpIpFlow

getPacketFlow returns a tcp/ip flowKey given a byte array packet

func (*TcpIpFlow) Layers 

func (t *TcpIpFlow) Layers() (gopacket.Flow, gopacket.Flow)

Layers returns the component flow structs IPv4, TCP

type TcpIpLayer 

type TcpIpLayer struct {
	// contains filtered or unexported fields
}

TcpIpLayer struct is used as a channel type for passing tcp/ip packet data from the pcap sniffer to the TCP-session-close goroutine-channel pipeline.

func (*TcpIpLayer) Layers 

func (t *TcpIpLayer) Layers() (layers.IPv4, layers.TCP)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.