core

package

v0.6.11 Latest Latest Go to latest Published: Jan 30, 2022 License: BSD-3-Clause, GPL-3.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dreadl0ck/netcap

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConversationInfo ¶

type ConversationInfo struct {
	Data              DataFragments
	Ident             string
	FirstClientPacket time.Time
	FirstServerPacket time.Time

	ClientIP   string
	ServerIP   string
	ClientPort int32
	ServerPort int32
}

ConversationInfo is wrapper structure for traffic sent over a Transport protocol to allow Transport agnostic decoding of data streams.

type DataFragments ¶

type DataFragments []dataFragment

DataFragments implements sort.Interface to sort data fragments based on their timestamps.

func (DataFragments) First ¶

func (d DataFragments) First() []byte

First returns the first fragment.

func (DataFragments) Len ¶

func (d DataFragments) Len() int

Len returns the length.

func (DataFragments) Less ¶

func (d DataFragments) Less(i, j int) bool

Less will check if the value at index i is less than the one at index j.

func (DataFragments) Size ¶

func (d DataFragments) Size() int

Size returns the fragments total data size.

func (DataFragments) Swap ¶

func (d DataFragments) Swap(i, j int)

Swap will flip both values.

type DecoderAPI ¶

type DecoderAPI interface {

	// PostInitFunc is called after the decoder has been initialized
	PostInitFunc() error

	// DeInitFunc is called prior to teardown
	DeInitFunc() error

	// GetName returns the name of the decoder
	GetName() string

	// SetWriter sets the netcap writer to use for the decoder
	SetWriter(io.AuditRecordWriter)

	// GetType returns the netcap type of the decoder
	GetType() types.Type

	// GetDescription returns the description of the decoder
	GetDescription() string

	// GetChan returns a channel to receive serialized audit records from the decoder
	GetChan() <-chan []byte

	// Destroy initiates teardown
	Destroy() (string, int64)

	// NumRecords returns the number of processed audit records
	NumRecords() int64
}

DecoderAPI describes functionality of a decoder.

type StreamData ¶

type StreamData struct {
	// raw binary data
	RawData []byte

	// tcp specific fields
	AssemblerContext reassembly.AssemblerContext
	Dir              reassembly.TCPFlowDirection

	// udp specific fields
	CaptureInformation gopacket.CaptureInfo
	Net                gopacket.Flow
	Trans              gopacket.Flow
}

StreamData is a payload fragment of data we received from a streamReader its contains the raw bytes as well an assembler context with timestamp information.

func (*StreamData) CaptureInfo ¶

func (s *StreamData) CaptureInfo() gopacket.CaptureInfo

CaptureInfo returns the capture information from gopacket

func (*StreamData) Context ¶

func (s *StreamData) Context() reassembly.AssemblerContext

Context returns the assembler context.

func (*StreamData) Direction ¶

func (s *StreamData) Direction() reassembly.TCPFlowDirection

Direction returns the direction of the flow.

func (*StreamData) Network ¶

func (s *StreamData) Network() gopacket.Flow

Network returns the network layer

func (*StreamData) Raw ¶

func (s *StreamData) Raw() []byte

Raw returns the raw byte slice that makes up the data fragment.

func (*StreamData) SetDirection ¶

func (s *StreamData) SetDirection(d reassembly.TCPFlowDirection)

SetDirection will update the flow direction.

func (*StreamData) Transport ¶

func (s *StreamData) Transport() gopacket.Flow

Transport returns the transport layer

type StreamDecoderAPI ¶

type StreamDecoderAPI interface {
	DecoderAPI

	// CanDecodeStream determines if this decoder can understand the protocol used
	CanDecodeStream(client []byte, server []byte) bool

	// GetReaderFactory returns a factory for processing streams of the current decoder
	GetReaderFactory() StreamDecoderFactory

	Transport() TransportProtocol
}

StreamDecoderAPI describes an interface that all stream decoders need to implement this allows to supply a custom structure and maintain state for advanced protocol analysis.

type StreamDecoderFactory ¶

type StreamDecoderFactory interface {

	// New StreamDecoderInterface
	New(conversation *ConversationInfo) StreamDecoderInterface
}

StreamDecoderFactory produces stream decoder instances.

type StreamDecoderInterface ¶

type StreamDecoderInterface interface {

	// Decode parses the stream according to the identified protocol.
	Decode()
}

StreamDecoderInterface is the interface for processing a bi-directional network connection.

type TransportProtocol ¶

type TransportProtocol int

TransportProtocol is a layer 4 protocol from the OSI model

const (
	// TCP protocol
	TCP TransportProtocol = iota
	// UDP protocol
	UDP
	// All will invoke decoder for all transport protocols
	All
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL