diag

package
v1.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 23, 2024 License: MIT Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AllTCPStates is a flag to request all sockets in any TCP state.
	AllTCPStates = ^uint32(0)

	// TCPDIAG_GETSOCK is the netlink message type for requesting TCP diag data.
	// https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L7
	TCPDIAG_GETSOCK = 18

	// SOCK_DIAG_BY_FAMILY is the netlink message type for requestion socket
	// diag data by Family. This is newer and can be used with inet_diag_req_v2.
	// https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/sock_diag.h#L6
	SOCK_DIAG_BY_FAMILY = 20
)
View Source
const (
	INET_DIAG_NONE    = 0
	INET_DIAG_MEMINFO = 1 << iota
	INET_DIAG_INFO
	INET_DIAG_VEGASINFO
	INET_DIAG_CONG
	INET_DIAG_TOS
	INET_DIAG_TCLASS
	INET_DIAG_SKMEMINFO
	INET_DIAG_SHUTDOWN
	INET_DIAG_DCTCPINFO
	INET_DIAG_PROTOCOL /* response attribute only */
	INET_DIAG_SKV6ONLY
	INET_DIAG_LOCALS
	INET_DIAG_PEERS
	INET_DIAG_PAD
	INET_DIAG_MARK
)

Extensions that can be used in the InetDiagReqV2 request to ask for additional data. https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L103

Variables

View Source
var KindTCP4 = NetConnectionKindType{
	// contains filtered or unexported fields
}
View Source
var KindUDP4 = NetConnectionKindType{
	// contains filtered or unexported fields
}
View Source
var KindUDP6 = NetConnectionKindType{
	// contains filtered or unexported fields
}
View Source
var KindUNIX = NetConnectionKindType{
	// contains filtered or unexported fields
}
View Source
var TCPStatuses = map[string]string{
	"01": "ESTABLISHED",
	"02": "SYN_SENT",
	"03": "SYN_RECV",
	"04": "FIN_WAIT1",
	"05": "FIN_WAIT2",
	"06": "TIME_WAIT",
	"07": "CLOSE",
	"08": "CLOSE_WAIT",
	"09": "LAST_ACK",
	"0A": "LISTEN",
	"0B": "CLOSING",
}

http://students.mimuw.edu.pl/lxr/source/include/net/tcp_states.h

Functions

func GetEndian

func GetEndian() binary.ByteOrder

func NewInetDiagReq

func NewInetDiagReq() syscall.NetlinkMessage

NewInetDiagReq returns a new NetlinkMessage whose payload is an InetDiagReq. Callers should set their own sequence number in the returned message header.

func NewInetDiagReqV2

func NewInetDiagReqV2(af AddressFamily, protocol uint8) syscall.NetlinkMessage

NewInetDiagReqV2 returns a new NetlinkMessage whose payload is an InetDiagReqV2. Callers should set their own sequence number in the returned message header.

func ParseNetlinkError

func ParseNetlinkError(netlinkData []byte) error

ParseNetlinkError parses the errno from the data section of a syscall.NetlinkMessage. If netlinkData is less than 4 bytes an error describing the problem will be returned.

func ParserInet

func ParserInet(file string, kind NetConnectionKindType) ([]conn, error)

解析网络文件

func Reverse

func Reverse(s []byte) []byte

Reverse reverses array of bytes.

func ReverseWithContext

func ReverseWithContext(ctx context.Context, s []byte) []byte

Types

type Addr

type Addr struct {
	IP   string `json:"ip"`
	Port uint32 `json:"port"`
}

Addr is implemented compatibility to psutil

type AddressFamily

type AddressFamily uint8

AddressFamily is the address Family of the socket.

func (AddressFamily) String

func (af AddressFamily) String() string

type InetDiagMsg

type InetDiagMsg struct {
	Family  uint8 // Address Family.
	State   uint8 // TCP State
	Timer   uint8
	Retrans uint8

	ID InetDiagSockID

	Expires uint32
	RQueue  uint32 // Recv-Q
	WQueue  uint32 // Send-Q
	UID     uint32 // UID
	Inode   uint32 // Inode of socket.
}

InetDiagMsg (inet_diag_msg) is the base info structure. It contains socket identity (addrs/ports/cookie) and the information shown by netstat. https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L86

func NetlinkInetDiag

func NetlinkInetDiag(request syscall.NetlinkMessage) ([]*InetDiagMsg, error)

NetlinkInetDiag sends the given netlink request parses the responses with the assumption that they are inet_diag_msgs. This will allocate a temporary buffer for reading from the socket whose size will be the length of a page (usually 32k). Use NetlinkInetDiagWithBuf if you want to provide your own buffer.

func NetlinkInetDiagWithBuf

func NetlinkInetDiagWithBuf(request syscall.NetlinkMessage, readBuf []byte, resp io.Writer) ([]*InetDiagMsg, error)

NetlinkInetDiagWithBuf sends the given netlink request parses the responses with the assumption that they are inet_diag_msgs. readBuf will be used to hold the raw data read from the socket. If the length is not large enough to hold the socket contents the data will be truncated. If readBuf is nil then a temporary buffer will be allocated for each invocation. The resp writer, if non-nil, will receive a copy of all bytes read (this is useful for debugging).

func ParseInetDiagMsg

func ParseInetDiagMsg(b []byte) (*InetDiagMsg, error)

ParseInetDiagMsg parse an InetDiagMsg from a byte slice. It assumes the InetDiagMsg starts at the beginning of b. Invoke this method to parse the payload of a netlink response.

func (InetDiagMsg) DstIP

func (m InetDiagMsg) DstIP() net.IP

DstIP returns the destination (remote) IP.

func (InetDiagMsg) DstPort

func (m InetDiagMsg) DstPort() int

DstPort returns the destination (remote) port.

func (*InetDiagMsg) FastHash

func (m *InetDiagMsg) FastHash() uint64

FastHash returns a hash calculated using FNV-1 of the source and destination addresses.

func (InetDiagMsg) SrcIP

func (m InetDiagMsg) SrcIP() net.IP

SrcIP returns the source (local) IP.

func (InetDiagMsg) SrcPort

func (m InetDiagMsg) SrcPort() int

SrcPort returns the source (local) port.

type InetDiagReq

type InetDiagReq struct {
	Family uint8
	SrcLen uint8
	DstLen uint8
	Ext    uint8
	ID     InetDiagSockID
	States uint32 // States to dump.
	DBs    uint32 // Tables to dump.
}

InetDiagReq (inet_diag_req) is used to request diagnostic data from older kernels. https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L25

type InetDiagReqV2

type InetDiagReqV2 struct {
	Family   uint8
	Protocol uint8
	Ext      uint8
	Pad      uint8
	States   uint32
	ID       InetDiagSockID
}

InetDiagReqV2 (inet_diag_req_v2) is used to request diagnostic data. https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L37

type InetDiagSockID

type InetDiagSockID struct {
	SPort  [2]byte  // Source port (big-endian).
	DPort  [2]byte  // Destination port (big-endian).
	Src    [16]byte // Source IP
	Dst    [16]byte // Destination IP
	If     uint32
	Cookie [2]uint32
}

InetDiagSockID (inet_diag_sockid) contains the socket identity. https://github.com/torvalds/linux/blob/v4.0/include/uapi/linux/inet_diag.h#L13

type NetConnectionKindType

type NetConnectionKindType struct {
	// contains filtered or unexported fields
}

type NetlinkErrno

type NetlinkErrno uint32

NetlinkErrno represent the error code contained in a netlink message of type NLMSG_ERROR.

const (
	NLE_SUCCESS NetlinkErrno = iota
	NLE_FAILURE
	NLE_INTR
	NLE_BAD_SOCK
	NLE_AGAIN
	NLE_NOMEM
	NLE_EXIST
	NLE_INVAL
	NLE_RANGE
	NLE_MSGSIZE
	NLE_OPNOTSUPP
	NLE_AF_NOSUPPORT
	NLE_OBJ_NOTFOUND
	NLE_NOATTR
	NLE_MISSING_ATTR
	NLE_AF_MISMATCH
	NLE_SEQ_MISMATCH
	NLE_MSG_OVERFLOW
	NLE_MSG_TRUNC
	NLE_NOADDR
	NLE_SRCRT_NOSUPPORT
	NLE_MSG_TOOSHORT
	NLE_MSGTYPE_NOSUPPORT
	NLE_OBJ_MISMATCH
	NLE_NOCACHE
	NLE_BUSY
	NLE_PROTO_MISMATCH
	NLE_NOACCESS
	NLE_PERM
	NLE_PKTLOC_FILE
	NLE_PARSE_ERR
	NLE_NODEV
	NLE_IMMUTABLE
	NLE_DUMP_INTR
	NLE_ATTRSIZE
)

Netlink error codes.

func (NetlinkErrno) Error

func (e NetlinkErrno) Error() string

type TCPState

type TCPState uint8

TCPState represents the state of a TCP connection.

const (
	TCP_ESTABLISHED TCPState = iota + 1
	TCP_SYN_SENT
	TCP_SYN_RECV
	TCP_FIN_WAIT1
	TCP_FIN_WAIT2
	TCP_TIME_WAIT
	TCP_CLOSE
	TCP_CLOSE_WAIT
	TCP_LAST_ACK
	TCP_LISTEN
	TCP_CLOSING /* Now a valid state */
)

https://github.com/torvalds/linux/blob/5924bbecd0267d87c24110cbe2041b5075173a25/include/net/tcp_states.h#L16

func (TCPState) String

func (s TCPState) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL