packemon

package module
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 26, 2025 License: BSD-2-Clause Imports: 20 Imported by: 0

README

Packémon

Packet monster, or Packémon for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ)

https://github.com/user-attachments/assets/d4ec78d1-ed1e-4c6e-8abe-70808742f549

TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). This tool is not available for Windows and macOS. I have confirmed that it works on Linux (Debian and Ubuntu on WSL2) .

I intend to develop it patiently🌴

[!WARNING] This tool is implemented with protocol stacks from scratch and utilizes raw socket.
There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!

Feature

This TUI tool has two major functions: packet generation and packet monitoring.

This image shows packemon running in Generator / Monitor mode.
DNS query packet generated by Generator on the left is shown in 32 line of the Monitor. DNS query response packet is shown as 33 line, and a more detailed view of it is shown in the image below.
See here for detailed instructions.

Packemon's Monitor allows user to select each packet by pressing Enter key. Then, select any line and press Enter key to see the details of the desired packet. Pressing Esc key in the packet detail screen will return you to the original packet list screen.

Packet Generator

[!WARNING] While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.

  • Send generated packets to any network interfaces.

    • You can specify network interface with --interface flag. Default is eth0.

  • The following types of packets are covered.

    • Ethernet
    • ARP (WIP)
    • IPv4 (WIP)
    • IPv6 (WIP)
    • ICMPv4 (WIP)
    • ICMPv6
    • TCP (WIP)
    • UDP (WIP)
    • TLSv1.2 (WIP)
    • DNS (WIP)
    • HTTP (WIP)
    • HTTPS (WIP)
    • xxxxx....
    • Routing Protocols
      • IGP (Interior Gateway Protocol)
        • OSPF (Open Shortest Path First)
        • EIGRP (Enhanced Interior Gateway Routing Protocol)
        • RIP (Routing Information Protocol)
      • EGP (Exterior Gateway Protocol)
Packet Monitor

  • Monitor any network interfaces.

    • You can specify network interface with --interface flag. Default is eth0.

  • The following types of packets are covered.

    • Ethernet
    • ARP
    • IPv4 (WIP)
    • IPv6 (WIP)
    • ICMPv4 (WIP)
    • ICMPv6
    • TCP (WIP)
    • UDP
    • DNS (WIP)
      • DNS query
      • DNS query response
      • xxxxx....
    • HTTP (WIP)
      • HTTP GET request
      • HTTP GET response
      • xxxxx....
    • xxxxx....
    • Routing Protocols
      • IGP (Interior Gateway Protocol)
        • OSPF (Open Shortest Path First)
        • EIGRP (Enhanced Interior Gateway Routing Protocol)
        • RIP (Routing Information Protocol)
      • EGP (Exterior Gateway Protocol)
        • BGP (Border Gateway Protocol)

Installation


git clone & Go
# Recomended (Clone this repository and require 'Dependencies' section of https://ebpf-go.dev/guides/getting-started/#ebpf-c-program)
$ cd egress_control/ && go generate && cd -
$ go build -o packemon cmd/packemon/*.go
$ ls | grep packemon
$ mv packemon /usr/local/bin/

Go
# Deprecated (In some environments, RST packets may be sent during TCP 3-way handshake)
$ go install github.com/ddddddO/packemon/cmd/packemon@latest

deb
$ export PACKEMON_VERSION=X.X.X
$ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb
$ dpkg -i packemon.deb

rpm
$ export PACKEMON_VERSION=X.X.X
$ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm

apk
$ export PACKEMON_VERSION=X.X.X
$ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk
$ apk add --allow-untrusted packemon.apk

Usage

  • Packet Generator

    sudo packemon --send

  • Packet Monitor

    sudo packemon

Usecase

Sending DNS query and Monitoring DNS response

  1. setup

    # Generator
$ sudo packemon --send

    # Monitor
$ sudo packemon

    ← Generator | Monitor →

  2. Generator

    • Protocols > Ethernet > Ether Type > IPv4

    • Protocols > IPv4 > Protocol > UDP

    • Protocols > IPv4 > Destination IP Addr > 1.1.1.1

      • Enter the address of DNS resolver here. Above is the address of Cloudflare resolver.

    • Protocols > UDP > Destination Port > 53

    • Protocols > UDP > Automatically calculate length ? > (Check!)

    • Protocols > DNS > Queries Domain > go.dev

      • Enter here the domain for which you want to name resolution.

    • Protocols > DNS > Click on Send!

      • At this time, DNS query is sent with the contents set so far.

  3. Monitor

    • Find records where Proto: DNS and DstIP or SrcIP is 1.1.1.1. Select each record to see the packet structure of the DNS query and the packet structure of the DNS response.

      • List

      • DNS query (DstIP: 1.1.1.1)

      • DNS response (SrcIP: 1.1.1.1)

Another feature

The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.

                                         +-------------------------------------+
+----------------------+                 | REMOTE NODE                         |
| LOCAL NODE (Browser) |                 | $ sudo packemon-api --interface xxx |
|  Monitor   <---------|-- WebSocket   --|--> HTTP GET  /ws  <-----+           |
|  Generator  ---------|-- POST packet --|--> HTTP POST /packet    |           |
+----------------------+                 |      -> parse packet    |           |                  +---------------+
                                         |           -> Network Interface -----|-- Send packet -->| TARGET NODE x |
                                         +-------------------------------------+                  |               |
                                                                                                  +---------------+

  • Remote node

  • Local node

[!WARNING] Please note that the following is dangerous.

The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.

  1. (REMOTE) Please install packemon-api and run. 
    $ go install github.com/ddddddO/packemon/cmd/packemon-api@latest
$ sudo packemon-api --interface wlan0
  2. (REMOTE) Run ngrok and note the URL to be paid out. 
    $ ngrok http 8082
  3. (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.

Acknowledgment

Document

Stargazers over time

Stargazers over time

Log (japanese)

xxx
動作確認
Raspberry Piで簡易http server
pi@raspberrypi:~ $ sudo go run main.go
パケットキャプチャ
$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -

  • 受信画面

    $ sudo go run cmd/packemon/main.go

  • 送信画面

    $ sudo go run cmd/packemon/main.go --send

  • 単発フレーム送信コマンド(e.g. ARP request)

    $ sudo go run cmd/packemon/main.go --debug --send --proto arp
手軽にブロードキャスト
$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
tcpでdns
$ nslookup -vc github.com
ipv6でping

どうするか

$ ip -6 route
$ ping -c 1 fe80::1
自前実装の tcp 3way handshake
$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http
動作確認の様子
xxx

  • Ethernetフレームのみ作って送信(77c9149 でコミットしたファイルにて)

  • ARPリクエストを作って送信(390f266 でコミットしたファイルにて。中身はめちゃくちゃと思うけど)

  • ARPリクエストを受信してパース(b6a025a でコミット)

Documentation

Index

Constants

View Source 
const (
	ARP_OPERATION_CODE_REQUEST = 0x0001
	ARP_OPERATION_CODE_REPLY   = 0x0002
)
View Source 
const (
	DNS_QR_REQUEST  = 0 << 15 // 0
	DNS_QR_RESPONSE = 1 << 15 // 1000 0000 0000 0000
)

https://datatracker.ietf.org/doc/html/rfc1035#section-4.1.1 の「QR」 関連: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-5 の「Opcode」の逆引きは廃止(IQuery (Inverse Query, OBSOLETE))

View Source 
const (
	DNS_QUERY_TYPE_A    = 0x0001
	DNS_QUERY_TYPE_AAAA = 0x001c
)
View Source 
const (
	IPv4_PROTO_ICMP uint8 = 0x01
	IPv4_PROTO_TCP  uint8 = 0x06
	IPv4_PROTO_UDP  uint8 = 0x11
)
View Source 
const (
	IPv6_NEXT_HEADER_TCP    = IPv4_PROTO_TCP
	IPv6_NEXT_HEADER_UDP    = IPv4_PROTO_UDP
	IPv6_NEXT_HEADER_ICMPv6 = 0x3a
)

TODO: IPv4 と同じものは、IPv4_PROTO_HOGE 使っていいかも

View Source 
const (
	TCP_FLAGS_SYN         = 0x02
	TCP_FLAGS_SYN_ACK     = 0x12
	TCP_FLAGS_ACK         = 0x10
	TCP_FLAGS_FIN_ACK     = 0x11
	TCP_FLAGS_PSH_ACK     = 0x18 // データを上位層へ渡してという信号
	TCP_FLAGS_FIN_PSH_ACK = 0x19
)
View Source 
const ARP_HARDWARE_TYPE_THERNET = 0x0001
View Source 
const ARP_PROTO_TYPE_IPv4 = 0x0800
View Source 
const CLIENT_HELLO = 0x01
View Source 
const COMMAND_IP = "ip"
View Source 
const COMPRESSION_METHOD_NULL = 0x00
View Source 
const (
	DNS_QUERY_CLASS_IN = 0x0001
)
View Source 
const ETHER_TYPE_ARP uint16 = 0x0806
View Source 
const ETHER_TYPE_IPv4 uint16 = 0x0800
View Source 
const ETHER_TYPE_IPv6 uint16 = 0x86dd
View Source 
const (
	ICMP_TYPE_REQUEST = 0x08
)
View Source 
const PORT_DNS = 0x0035 // 53
View Source 
const (
	PORT_HTTP = 0x0050
)
View Source 
const TLS_CONTENT_TYPE_APPLICATION_DATA = 0x17
View Source 
const TLS_CONTENT_TYPE_CHANGE_CIPHER_SPEC = 0x14
View Source 
const TLS_CONTENT_TYPE_HANDSHAKE = 0x16
View Source 
const TLS_HANDSHAKE_TYPE_CLIENT_KEY_EXCHANGE = 0x10
View Source 
const TLS_HANDSHAKE_TYPE_FINISHED = 0x14

Variables

View Source 
var IPv4Protocols = map[uint8]string{
	IPv4_PROTO_ICMP: "ICMP",
	IPv4_PROTO_TCP:  "TCP",
	IPv4_PROTO_UDP:  "UDP",
}
View Source 
var KeyLable = []byte("key expansion")
View Source 
var MasterSecretLable = []byte("master secret")
View Source 
var TLS_VERSION_1_2 = []byte{0x03, 0x03}

Functions

func EstablishConnectionAndSendPayload 

func EstablishConnectionAndSendPayload(nwInterface string, dstIPAddr []byte, dstPort uint16, payload []byte) error

with tcp 3 way handshake

func EstablishConnectionAndSendPayloadXxx added in v0.0.3 

func EstablishConnectionAndSendPayloadXxx(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv4 *IPv4, fTcp *TCP, fHttp *HTTP) error

このなかで、ログ出力などしないこと。Monitor の下に出てくる 挙動を詳細に確認する場合は、internal内の SendTCP3wayhandshake 関数でやること TODO: 対向からRST,RST/ACKが来た時にreturnするようにする TODO: http専用になっちゃってるから、他のプロトコルでも使えるよう汎用的にする

func EstablishConnectionAndSendPayloadXxxForIPv6 added in v1.1.0 

func EstablishConnectionAndSendPayloadXxxForIPv6(ctx context.Context, nwInterface string, fEthrh *EthernetHeader, fIpv6 *IPv6, fTcp *TCP, fHttp *HTTP) error

func ExecCommand 

func ExecCommand(command string, args ...string) (string, error)

func ExecIP 

func ExecIP(args ...string) (string, error)

func ExecIPNeigh 

func ExecIPNeigh(args ...string) (string, error)

func ExecIPRoute 

func ExecIPRoute(args ...string) (string, error)

func GetDefaultRouteIP 

func GetDefaultRouteIP() (string, error)

func GetDefaultRouteMAC 

func GetDefaultRouteMAC() (string, error)

func IsDNSRequest added in v1.0.8 

func IsDNSRequest(flags uint16) bool

func IsDNSResponse added in v1.0.8 

func IsDNSResponse(flags uint16) bool

func NewTLSApplicationData added in v1.0.3 

func NewTLSApplicationData(data []byte, keyblock *KeyBlock, clientSequence int) []byte

func NewTLSClientKeyExchangeAndChangeCipherSpecAndFinished added in v1.0.3 

func NewTLSClientKeyExchangeAndChangeCipherSpecAndFinished(clientHello *TLSClientHello, serverHello *TLSServerHello) (*TLSClientKeyExchange, *KeyBlock, int, []byte, []byte)

func Options 

func Options() []byte

synパケットの中を覗いて下

func OptionsOfAck 

func OptionsOfAck() []byte

synパケットの中を覗いて下

func OptionsOfhttp 

func OptionsOfhttp() []byte

http getリクエスト時のtcp optionを覗いて https://atmarkit.itmedia.co.jp/ait/articles/0401/29/news080_2.html 「オプション」フィールド:32bit単位で可変長

func StrHexToBytes added in v1.0.0 

func StrHexToBytes(s string) ([]byte, error)

TODO: rename or refactor

func StrHexToBytes2 added in v1.0.0 

func StrHexToBytes2(s string) ([]byte, error)

TODO: rename or refactor

func StrHexToBytes3 added in v1.0.0 

func StrHexToBytes3(s string) (byte, error)

TODO: rename or refactor

func StrIPToBytes added in v1.0.0 

func StrIPToBytes(s string) ([]byte, error)

stringのIPv4アドレスをbytesに変換

func StrIntToUint16 added in v1.0.0 

func StrIntToUint16(s string) (uint16, error)

func WriteUint16 

func WriteUint16(buf *bytes.Buffer, target uint16)

func WriteUint32 

func WriteUint32(buf *bytes.Buffer, target uint32)

Types

type ARP 

type ARP struct {
	HardwareType       uint16
	ProtocolType       uint16
	HardwareAddrLength uint8
	ProtocolLength     uint8
	Operation          uint16

	SenderHardwareAddr HardwareAddr
	SenderIPAddr       uint32

	TargetHardwareAddr HardwareAddr
	TargetIPAddr       uint32
}

https://ja.wikipedia.org/wiki/Address_Resolution_Protocol#%E3%83%91%E3%82%B1%E3%83%83%E3%83%88%E6%A7%8B%E9%80%A0 https://beginners-network.com/supplement/arp_packet_format.html

func NewARPReply added in v1.0.0 

func NewARPReply(sMACAdder HardwareAddr, sIPAddr uint32, tMACAddr HardwareAddr, tIPAddr uint32) *ARP

func NewARPRequest added in v1.0.0 

func NewARPRequest(sMACAdder HardwareAddr, sIPAddr uint32, tMACAddr HardwareAddr, tIPAddr uint32) *ARP

func ParsedARP 

func ParsedARP(payload []byte) *ARP

func (*ARP) Bytes 

func (a *ARP) Bytes() []byte

type Answer 

type Answer struct {
	Name       uint16
	Typ        uint16
	Class      uint16
	Ttl        uint32
	DataLength uint16
	Address    uint32
}

type Certificate added in v1.0.3 

type Certificate struct {
	RecordLayer        *TLSRecordLayer
	HandshakeProtocol  *TLSHandshakeProtocol
	CertificatesLength []byte
	Certificates       []byte // TODO: ここ更にフィールドあった
	// contains filtered or unexported fields
}

func (*Certificate) Bytes added in v1.0.3 

func (c *Certificate) Bytes() []byte

func (*Certificate) ServerPublicKey added in v1.0.3 

func (c *Certificate) ServerPublicKey() *rsa.PublicKey

func (*Certificate) Validate added in v1.0.3 

func (c *Certificate) Validate() error

ref: https://zenn.dev/satoken/articles/golang-tls1_2#serverhello%2C-certificate%2C-serverhellodone

type ChangeCipherSpecAndFinished added in v1.0.3 

type ChangeCipherSpecAndFinished struct {
	ChangeCipherSpecProtocol *ChangeCipherSpecProtocol
	Finished                 *Finished
}

func ParsedTLSChangeCipherSpecAndFinished added in v1.0.3 

func ParsedTLSChangeCipherSpecAndFinished(b []byte, keyblock *KeyBlock, clientSequenceNum int, verifyingData *ForVerifing) *ChangeCipherSpecAndFinished

type ChangeCipherSpecProtocol added in v1.0.3 

type ChangeCipherSpecProtocol struct {
	RecordLayer             *TLSRecordLayer
	ChangeCipherSpecMessage []byte
}

func (*ChangeCipherSpecProtocol) Bytes added in v1.0.3 

func (cc *ChangeCipherSpecProtocol) Bytes() []byte

type ClientKeyExchange added in v1.0.3 

type ClientKeyExchange struct {
	RecordLayer                 *TLSRecordLayer
	HandshakeProtocol           *TLSHandshakeProtocol
	RSAEncryptedPreMasterSecret *RSAEncryptedPreMasterSecret
}

func (*ClientKeyExchange) Bytes added in v1.0.3 

func (c *ClientKeyExchange) Bytes() []byte

type DNS 

type DNS struct {
	TransactionID uint16
	Flags         uint16 // TODO: ここにビット単位で意味があるから、structにして管理したい
	Questions     uint16
	AnswerRRs     uint16
	AuthorityRRs  uint16
	AdditionalRRs uint16
	Queries       *Queries
	Answers       []*Answer
}

https://atmarkit.itmedia.co.jp/ait/articles/1601/29/news014.html 上記とパケットキャプチャ見てイメージがつく、domain

func ParsedDNSRequest 

func ParsedDNSRequest(payload []byte) *DNS

func ParsedDNSResponse 

func ParsedDNSResponse(payload []byte) *DNS

func (*DNS) Bytes 

func (d *DNS) Bytes() []byte

func (*DNS) Domain 

func (d *DNS) Domain(domain string)

type EncryptedHandshakeMessage added in v1.0.3 

type EncryptedHandshakeMessage struct {
	RecordLayer                *TLSRecordLayer
	EncryptedHandshakeMessage_ []byte
}

func (*EncryptedHandshakeMessage) Bytes added in v1.0.3 

func (e *EncryptedHandshakeMessage) Bytes() []byte

type EthernetFrame 

type EthernetFrame struct {
	Header *EthernetHeader
	Data   []byte
}

func NewEthernetFrame 

func NewEthernetFrame(dst HardwareAddr, src HardwareAddr, typ uint16, payload []byte) *EthernetFrame

func ParsedEthernetFrame 

func ParsedEthernetFrame(b []byte) *EthernetFrame

func (*EthernetFrame) Bytes 

func (ef *EthernetFrame) Bytes() []byte

type EthernetHeader 

type EthernetHeader struct {
	Dst HardwareAddr
	Src HardwareAddr
	Typ uint16
}

type Finished added in v1.0.3 

type Finished struct {
	RecordLayer *TLSRecordLayer

	RawEncrypted []byte
}

type ForVerifing added in v1.0.3 

type ForVerifing struct {
	Master            []byte
	ClientHello       *TLSClientHello
	ServerHello       *TLSServerHello
	ClientKeyExchange *ClientKeyExchange
	ClientFinished    []byte // 暗号化前の
}

type HTTP 

type HTTP struct {
	Method        string
	Uri           string
	Version       string
	Host          string
	UserAgent     string
	Accept        string
	ContentLength string

	Body string
}

func NewHTTP 

func NewHTTP() *HTTP

func ParsedHTTPRequest 

func ParsedHTTPRequest(payload []byte) *HTTP

func (*HTTP) Bytes 

func (h *HTTP) Bytes() []byte

type HTTPResponse 

type HTTPResponse struct {
	StatusLine string
	Header     *HTTPResponseHeader
	Body       []byte
	// contains filtered or unexported fields
}

func ParsedHTTPResponse 

func ParsedHTTPResponse(payload []byte) *HTTPResponse

TODO: 多分このあたりバグってる。Monitor の http response の hexadecimal dump と Wireshark で異なる TODO: panic になることある

func (*HTTPResponse) Bytes added in v1.0.7 

func (hr *HTTPResponse) Bytes() []byte

func (*HTTPResponse) Len added in v0.0.3 

func (h *HTTPResponse) Len() int

type HTTPResponseHeader added in v0.0.3 

type HTTPResponseHeader struct {
	Date          string
	ContentLength int
	ContentType   string
}

func (*HTTPResponseHeader) Bytes added in v1.0.7 

func (hrh *HTTPResponseHeader) Bytes() []byte

type HardwareAddr 

type HardwareAddr [6]uint8

func (*HardwareAddr) String added in v1.0.0 

func (h *HardwareAddr) String() string

type ICMP 

type ICMP struct {
	Typ        uint8
	Code       uint8
	Checksum   uint16
	Identifier uint16
	Sequence   uint16
	Data       []byte
}

https://www.infraexpert.com/study/tcpip4.html https://inc0x0.com/icmp-ip-packets-ping-manually-create-and-send-icmp-ip-packets/

func NewICMP 

func NewICMP() *ICMP

icmp request

func ParsedICMP 

func ParsedICMP(payload []byte) *ICMP

func (*ICMP) Bytes 

func (i *ICMP) Bytes() []byte

func (*ICMP) CalculateChecksum 

func (i *ICMP) CalculateChecksum() uint16

copy from https://cs.opensource.google/go/x/net/+/master:icmp/message.go

type IPv4 

type IPv4 struct {
	Version        uint8  // 4bit
	Ihl            uint8  // 4bit. hearder length
	Tos            uint8  // 8bit. type of service
	TotalLength    uint16 // 16bit. total length
	Identification uint16 // 16bit
	Flags          uint8  // 3bit
	FragmentOffset uint16 // 13bit
	Ttl            uint8  // 8bit
	Protocol       uint8  // 8bit
	HeaderChecksum uint16 // 16bit
	SrcAddr        uint32 // 32bit
	DstAddr        uint32 // 32bit

	Options []uint8
	Padding []uint8

	Data []byte
}

https://www.infraexpert.com/study/tcpip1.html

func NewIPv4 added in v0.0.3 

func NewIPv4(protocol uint8, srcAddr uint32, dstAddr uint32) *IPv4

func ParsedIPv4 

func ParsedIPv4(payload []byte) *IPv4

func (*IPv4) Bytes 

func (i *IPv4) Bytes() []byte

func (*IPv4) CalculateChecksum 

func (i *IPv4) CalculateChecksum()

TODO: ここだけではないけど要refactor

func (*IPv4) CalculateTotalLength 

func (i *IPv4) CalculateTotalLength()

func (*IPv4) StrDstIPAddr added in v1.0.0 

func (i *IPv4) StrDstIPAddr() string

func (*IPv4) StrSrcIPAddr added in v1.0.0 

func (i *IPv4) StrSrcIPAddr() string

type IPv6 added in v0.0.2 

type IPv6 struct {
	Version       uint8 // 4bit
	TrafficClass  uint8
	FlowLabel     uint32 // 20bit
	PayloadLength uint16
	NextHeader    uint8
	HopLimit      uint8
	SrcAddr       []uint8
	DstAddr       []uint8

	Option []uint8

	Data []byte
}

rfc: https://datatracker.ietf.org/doc/html/rfc8200#page-6 https://atmarkit.itmedia.co.jp/ait/articles/1201/05/news113.html ↑ によると、「TrafficClass」の前半4bitに拡張ヘッダ(Option)までの長さ入ってるっぽいけど https://datatracker.ietf.org/doc/html/rfc8200#section-4 によると、「NextHeader」の種類ごとに、拡張ヘッダー(Option)があるかどうかみたいなのがわかるっぽい? ちなみに、NextHeader は、IPv4 の Protocol と同じ値みたい

func NewIPv6 added in v1.1.0 

func NewIPv6(protocol uint8, srcAddr []uint8, dstAddr []uint8) *IPv6

func ParsedIPv6 added in v0.0.2 

func ParsedIPv6(payload []byte) *IPv6

func (*IPv6) Bytes added in v1.1.0 

func (i *IPv6) Bytes() []byte

func (*IPv6) PseudoHeader added in v1.1.0 

func (i *IPv6) PseudoHeader(upperLayerLength uint32) []byte

上位レイヤのチェックサムを求めるための ref: https://datatracker.ietf.org/doc/html/rfc8200#section-8.1

func (*IPv6) StrDstIPAddr added in v1.0.0 

func (i *IPv6) StrDstIPAddr() string

func (*IPv6) StrSrcIPAddr added in v1.0.0 

func (i *IPv6) StrSrcIPAddr() string

type KeyBlock added in v1.0.3 

type KeyBlock struct {
	ClientWriteKey []byte
	ServerWriteKey []byte
	ClientWriteIV  []byte
	ServerWriteIV  []byte
}

type Mss 

type Mss struct {
	Kind   uint8
	Length uint8
	Value  uint16
}

type NetworkInterface 

type NetworkInterface struct {
	Intf       *net.Interface
	Socket     int // file discripter
	SocketAddr unix.SockaddrLinklayer
	IPAdder    uint32

	PassiveCh chan *Passive
}

func NewNetworkInterface 

func NewNetworkInterface(nwInterface string) (*NetworkInterface, error)

func (*NetworkInterface) Close 

func (nw *NetworkInterface) Close() error

func (*NetworkInterface) Recieve 

func (nw *NetworkInterface) Recieve(ctx context.Context) error

func (*NetworkInterface) Send 

func (nw *NetworkInterface) Send(ethernetFrame *EthernetFrame) error

type NetworkInterfaceForTCP 

type NetworkInterfaceForTCP struct {
	Socket int
}

func NewNetworkInterfaceForTCP 

func NewNetworkInterfaceForTCP(nwInterface string) (*NetworkInterfaceForTCP, error)

func (*NetworkInterfaceForTCP) Close 

func (nwt *NetworkInterfaceForTCP) Close() error

func (*NetworkInterfaceForTCP) Connect 

func (nwt *NetworkInterfaceForTCP) Connect(dstIPAddr []byte, dstPort uint16) error

func (*NetworkInterfaceForTCP) Read 

func (nwt *NetworkInterfaceForTCP) Read(buf []byte) (int, error)

func (*NetworkInterfaceForTCP) Write 

func (nwt *NetworkInterfaceForTCP) Write(tcpPayload []byte) (int, error)

type NoOperation 

type NoOperation struct {
	Kind uint8
}

type Passive 

type Passive struct {
	HTTPRes       *HTTPResponse
	HTTP          *HTTP
	DNS           *DNS
	TCP           *TCP
	UDP           *UDP
	ICMP          *ICMP
	IPv4          *IPv4
	IPv6          *IPv6
	ARP           *ARP
	EthernetFrame *EthernetFrame
}

func ParsedPacket 

func ParsedPacket(recieved []byte) *Passive

func (*Passive) HighLayerProto 

func (p *Passive) HighLayerProto() string

type Queries 

type Queries struct {
	Domain     []uint8
	Typ        uint16
	Class      uint16
	Ttl        uint32
	DataLength uint16
}

TODO: 個別にQueryで定義してスライスで持つようにする

type RSAEncryptedPreMasterSecret added in v1.0.3 

type RSAEncryptedPreMasterSecret struct {
	EncryptedPreMasterLength []byte
	EncryptedPreMaster       []byte
}

func (*RSAEncryptedPreMasterSecret) Bytes added in v1.0.3 

func (r *RSAEncryptedPreMasterSecret) Bytes() []byte

type SackPermitted 

type SackPermitted struct {
	Kind   uint8
	Length uint8
}

type ServerHello added in v1.0.3 

type ServerHello struct {
	RecordLayer       *TLSRecordLayer
	HandshakeProtocol *TLSHandshakeProtocol
}

func (*ServerHello) Bytes added in v1.0.3 

func (s *ServerHello) Bytes() []byte

type ServerHelloDone added in v1.0.3 

type ServerHelloDone struct {
	RecordLayer       *TLSRecordLayer
	HandshakeProtocol *TLSHandshakeProtocol
}

func (*ServerHelloDone) Bytes added in v1.0.3 

func (sd *ServerHelloDone) Bytes() []byte

type TCP 

type TCP struct {
	SrcPort        uint16
	DstPort        uint16
	Sequence       uint32
	Acknowledgment uint32

	// Data Offset (DOffset)(4bit. TCPヘッダ長. 32bit整数倍) と Reserved (Rsrvd)(4bit. すべて0)
	// ref: https://www.rfc-editor.org/rfc/rfc9293.html#section-3.1
	HeaderLength uint8

	// Control bits(8bit)
	// ref: https://www.rfc-editor.org/rfc/rfc9293.html#section-3.1-6.14.1
	Flags uint8

	Window        uint16
	Checksum      uint16
	UrgentPointer uint16
	Options       []byte // optionsをセットする用の関数あった方がいいかも?

	Data []byte
}

func NewTCPAck 

func NewTCPAck(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32) *TCP

tcpパケット連続で送るときは port 変えること

func NewTCPAckForPassiveData added in v0.0.3 

func NewTCPAckForPassiveData(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32, tcpPayloadLength int) *TCP

tcpパケット連続で送るときは port 変えること

func NewTCPFinAck added in v0.0.3 

func NewTCPFinAck(srcPort, dstPort uint16, prevSequence uint32, prevAcknowledgment uint32) *TCP

tcpパケット連続で送るときは port 変えること

func NewTCPSyn 

func NewTCPSyn(srcPort, dstPort uint16) *TCP

tcpパケット単発で連続で送るときは port/sequence 変えること

func NewTCPWithData 

func NewTCPWithData(srcPort, dstPort uint16, data []byte, prevSequence uint32, prevAcknowledgment uint32) *TCP

tcpパケット連続で送るときは port 変えること

func ParsedTCP 

func ParsedTCP(payload []byte) *TCP

func (*TCP) Bytes 

func (t *TCP) Bytes() []byte

https://www.infraexpert.com/study/tcpip8.html

func (*TCP) CalculateChecksum added in v0.0.3 

func (t *TCP) CalculateChecksum(ipv4 *IPv4)

https://atmarkit.itmedia.co.jp/ait/articles/0401/29/news080_2.html 「「チェックサム」フィールド:16bit幅」

func (*TCP) CalculateChecksumForIPv6 added in v1.1.0 

func (t *TCP) CalculateChecksumForIPv6(ipv6 *IPv6)

type TLSApplicationData added in v1.0.3 

type TLSApplicationData struct {
	RecordLayer              *TLSRecordLayer
	EncryptedApplicationData []byte
}

こちらで作る分にはこのstructは不要

func (*TLSApplicationData) Bytes added in v1.0.3 

func (a *TLSApplicationData) Bytes() []byte

type TLSClientHello added in v1.0.3 

type TLSClientHello struct {
	RecordLayer       *TLSRecordLayer
	HandshakeProtocol *TLSHandshakeProtocol
}

func NewTLSClientHello added in v1.0.3 

func NewTLSClientHello() *TLSClientHello

func (*TLSClientHello) Bytes added in v1.0.3 

func (tch *TLSClientHello) Bytes() []byte

type TLSClientKeyExchange added in v1.0.3 

type TLSClientKeyExchange struct {
	ClientKeyExchange         *ClientKeyExchange
	ChangeCipherSpecProtocol  *ChangeCipherSpecProtocol
	EncryptedHandshakeMessage []byte
}

func (*TLSClientKeyExchange) Bytes added in v1.0.3 

func (tlsclientkeyexchange *TLSClientKeyExchange) Bytes() []byte

type TLSHandshakeProtocol added in v1.0.3 

type TLSHandshakeProtocol struct {
	HandshakeType            []byte
	Length                   []byte
	Version                  []byte
	Random                   []byte
	SessionID                []byte
	CipherSuitesLength       []byte
	CipherSuites             []uint16 // ref: https://tls12.xargs.org/#client-hello/annotated [Ciper Suites]
	CompressionMethodsLength []byte
	CompressionMethods       []byte
	ExtensionsLength         []byte
	Extentions               []byte // サイト見ると結構種類有りそう
}

func (*TLSHandshakeProtocol) Bytes added in v1.0.3 

func (p *TLSHandshakeProtocol) Bytes(isFromServer bool) []byte

type TLSRecordLayer added in v1.0.3 

type TLSRecordLayer struct {
	ContentType []byte
	Version     []byte
	Length      []byte
}

ref: https://tls12.xargs.org/#client-hello/annotated 以降のstructのフィールドはWiresharkを見つつ補完

func (*TLSRecordLayer) Bytes added in v1.0.3 

func (l *TLSRecordLayer) Bytes() []byte

type TLSServerHello added in v1.0.3 

type TLSServerHello struct {
	ServerHello     *ServerHello
	Certificate     *Certificate
	ServerHelloDone *ServerHelloDone
}

func ParsedTLSServerHello added in v1.0.3 

func ParsedTLSServerHello(b []byte) *TLSServerHello

func (*TLSServerHello) Bytes added in v1.0.3 

func (tlsserverhello *TLSServerHello) Bytes() []byte

type Timestamps 

type Timestamps struct {
	Kind      uint8
	Length    uint8
	Value     uint32
	EchoReply uint32
}

type UDP 

type UDP struct {
	SrcPort  uint16
	DstPort  uint16
	Length   uint16
	Checksum uint16 // TODO: 後で計算用メソッドを。そもそも他のヘッダのchecksumと同じ計算っぽいから、独立させるかも
	Data     []byte
}

func ParsedUDP 

func ParsedUDP(payload []byte) *UDP

func (*UDP) Bytes 

func (u *UDP) Bytes() []byte

func (*UDP) CalculateChecksumForIPv6 added in v1.1.0 

func (u *UDP) CalculateChecksumForIPv6(ipv6 *IPv6)

IPv6 ではチェックサムがないため、上のレイヤでチェックサムが必要なため

func (*UDP) Len 

func (u *UDP) Len()

type WindowScale 

type WindowScale struct {
	Kind       uint8
	Length     uint8
	ShiftCount uint8
}

Source Files

View all Source files

Directories

Path Synopsis
cmd
debugging/bgp
debugging/http-server
debugging/https-server
debugging/tls-server
packemon
packemon-api
internal
debugging
tui

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.