sniffer

package

v0.0.0-...-7a53ea4 Latest Latest Go to latest Published: Apr 20, 2020 License: Apache-2.0 Imports: 14 Imported by: 3

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/honeycombio/honeycomb-tcpagent

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewStreamFactory(cf ConsumerFactory) *streamFactory
type Consumer
type ConsumerFactory
type Context
- func (c *Context) GetCaptureInfo() gopacket.CaptureInfo
type IPPortTuple
- func NewIPPortTuple(net_, transport gopacket.Flow) IPPortTuple
- func (t IPPortTuple) Reverse() IPPortTuple
type Message
type MessageStream
type Options
type Sniffer
- func New(options Options, cf ConsumerFactory) (*Sniffer, error)
- func (sniffer *Sniffer) Run() error
type Stream

Constants ¶

View Source

const (
	PCap     = "pcap"
	Afpacket = "af_packet"
	Offline  = "offline"
)

Variables ¶

This section is empty.

Functions ¶

func NewStreamFactory ¶

func NewStreamFactory(cf ConsumerFactory) *streamFactory

Types ¶

type Consumer ¶

type Consumer interface {
	On(MessageStream)
}

type ConsumerFactory ¶

type ConsumerFactory interface {
	New(flow IPPortTuple) Consumer
	BPFFilter() string
}

TODO: this is kind of a messy API

type Context ¶

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

func (*Context) GetCaptureInfo ¶

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

type IPPortTuple ¶

type IPPortTuple struct {
	SrcIP   net.IP
	DstIP   net.IP
	SrcPort uint16
	DstPort uint16
}

func NewIPPortTuple ¶

func NewIPPortTuple(net_, transport gopacket.Flow) IPPortTuple

func (IPPortTuple) Reverse ¶

func (t IPPortTuple) Reverse() IPPortTuple

type Message ¶

type Message interface {
	Timestamp() time.Time
	Flow() IPPortTuple
	io.Reader
}

A Message represents a concatenated sequence of one or more consecutive TCP segments in one direction.

type MessageStream ¶

type MessageStream interface {
	Next() (Message, bool)
}

type Options ¶

type Options struct {
	SourceType   string `long:"type" default:"pcap" description:"Packet capture mechanism (pcap, af_packet or offline)"`
	Device       string `long:"device" description:"Network interface to listen on"`
	SnapLen      int    `long:"snaplen" default:"65535" description:"Capture snapshot length"`
	BufSizeMb    int    `long:"bufsize" description:"buffer size in megabytes" default:"32"`
	FlushTimeout int    `long:"flushtimeout" description:"Time in seconds to wait before flushing buffered data for a connection" default:"5"`
	PcapFile     string `long:"pcapfile" description:"For offline packet captures, path to pcap file"`
}

type Sniffer ¶

type Sniffer struct {
	// contains filtered or unexported fields
}

func New ¶

func New(options Options, cf ConsumerFactory) (*Sniffer, error)

func (*Sniffer) Run ¶

func (sniffer *Sniffer) Run() error

type Stream ¶

type Stream struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func (*Stream) Accept ¶

func (s *Stream) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir reassembly.TCPFlowDirection,
	ackSeq reassembly.Sequence, start *bool, ac reassembly.AssemblerContext) bool

func (*Stream) Next ¶

func (s *Stream) Next() (Message, bool)

Implements the MessageStream interface

func (*Stream) ReassembledSG ¶

func (s *Stream) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.AssemblerContext)

func (*Stream) ReassemblyComplete ¶

func (s *Stream) ReassemblyComplete(ac reassembly.AssemblerContext) bool

TODO: ensure this fully handles completion

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL