Documentation
¶
Overview ¶
Package demuxer contains the tools for sending packets to the right goroutine to save them to disk.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type FlowKey ¶
type FlowKey struct {
// contains filtered or unexported fields
}
FlowKey characterizes a TCP/IP flow without judgement about what direction the flow is. The lexicographically lowest IP/Port combination should always be first. It is not meant to be human-readable, and is instead only designed to be used as a key in a map.
func FlowKeyFrom4Tuple ¶
FlowKeyFrom4Tuple creates a FlowKey (suitable for use as a map key) from a TCP 4-tuple. This function is called once per packet, by the demuxer, and once per flow, by the tcpeventsocket handler. Because it is called once per packet, it should be as efficient as possible.
IPv4 addresses passed in must be 4 bytes, because we do byte-based comparisons with sub-slices of packets retrieved from the wire.
func (*FlowKey) Format ¶ added in v0.5.4
func (f *FlowKey) Format(anon anonymize.IPAnonymizer) string
Format a FlowKey for inclusion in server logs. In an effort to not accidentally remove anonymization, we allow the IP address in the logs to be anonymized the exact same way as the archived IP address is anonymized.
type Saver ¶ added in v0.7.6
type Saver interface {
PChan() chan<- gopacket.Packet
UUIDChan() chan<- saver.UUIDEvent
State() string
}
Saver allows to save data coming from this demuxer.
type TCP ¶
type TCP struct {
UUIDChan chan<- UUIDEvent
// contains filtered or unexported fields
}
TCP sends each received TCP/IP packet to the proper saver. If the packet is not a TCP/IP packet, then the demuxer will drop it.
Note for those editing this code: demuxer.TCP methods are NOT threadsafe to avoid needing a lock in the main packet processing loop.
func NewTCP ¶
func NewTCP(anon anonymize.IPAnonymizer, dataDir string, uuidWaitDuration, maxFlowDuration time.Duration, maxIdleRAM bytecount.ByteCount, stream bool, maxHeap uint64, maxFlows int) *TCP
NewTCP creates a demuxer.TCP, which is the system which chooses which channel to send TCP/IP packets for subsequent saving to a file.
func (*TCP) CapturePackets ¶
func (d *TCP) CapturePackets(ctx context.Context, packets <-chan gopacket.Packet, gcTicker <-chan time.Time)
CapturePackets captures the packets from the channel `packets` and hands them off to the appropriate saver.TCP object. We can never be entirely sure that a flow will receive no more packets - even the "socket closed" signal from the kernel doesn't mean there will be no more packets. Therefore, we pass in a ticker for garbage collection (`gcTicker`), and when that ticker has fired twice without a flow receiving a packet, then that flow is assumed to be stopped.
This function can be stopped by cancelling the passed-in context or by closing both the passed-in packet channel and the UUIDChan to indicate that no future input is possible.
Source Files