Documentation
¶
Index ¶
Constants ¶
View Source
const ( MinTCP4 = 40 // Minimum size of IPv4 header + TCP header MinTCP6 = 60 // Minimum size of IPv6 header + TCP header )
View Source
const ( WSizeTypeAny int = iota WSizeTypeNormal WSizeTypeMod WSizeTypeMSS WSizeTypeMTU )
Different ways that the WSize field can be interpreted
View Source
const ( TCPQuirkECN int = 1 << iota // ECN supported TCPQuirkDF // DF used (probably PMTUD); ignored for IPv6 TCPQuirkNZID // Non-zero IDs when DF set; ignored for IPv6 TCPQuirkZeroID // Zero IDs when DF not set; ignored for IPv6 TCPQuirkNZMBZ // IP "must be zero" field isn't; ignored for IPv6 TCPQuirkFlow // IPv6 flows used; ignored for IPv4 TCPQuirkZeroSEQ // SEQ is zero TCPQuirkNZACK // ACK non-zero when ACK flag not set TCPQuirkZeroACK // ACK is zero when ACK flag set TCPQuirkNZURG // URG non-zero when URG flag not set TCPQuirkURG // URG flag set TCPQuirkPUSH // PUSH flag on a control packet TCPQuirkOptZeroTS1 // Own timestamp set to zero TCPQuirkOptNZTS2 // Peer timestamp non-zero on SYN TCPQuirkOptEOLNZ // Non-zero padding past EOL TCPQuirkOptEXWS // Excessive window scaling TCPQuirkOptBAD // Problem parsing TCP options )
Variables ¶
View Source
var TCPOpts = map[string]uint8{ "nop": layers.TCPOptionKindNop, "mss": layers.TCPOptionKindMSS, "ws": layers.TCPOptionKindWindowScale, "sok": layers.TCPOptionKindSACKPermitted, "sack": layers.TCPOptionKindSACK, "ts": layers.TCPOptionKindTimestamps, }
For parsing list of options from the fingerprint file
View Source
var TCPQuirks = map[string]int{ "df": TCPQuirkDF, "id+": TCPQuirkNZID, "id-": TCPQuirkZeroID, "ecn": TCPQuirkECN, "0+": TCPQuirkNZMBZ, "flow": TCPQuirkFlow, "seq-": TCPQuirkZeroSEQ, "ack+": TCPQuirkNZACK, "ack-": TCPQuirkZeroACK, "uptr+": TCPQuirkNZURG, "urgf+": TCPQuirkURG, "pushf+": TCPQuirkPUSH, "ts1-": TCPQuirkOptZeroTS1, "ts2+": TCPQuirkOptNZTS2, "opt+": TCPQuirkOptEOLNZ, "exws": TCPQuirkOptEXWS, "bad": TCPQuirkOptBAD, }
For parsing list of quirks from the fingerprint file
Functions ¶
This section is empty.
Types ¶
type TCPSignature ¶
type TCPSignature struct {
Label string // type:class:name:flavor
Raw string // raw signature that this was parsed from
Version *int // IPv4 or IPv6, (nil => any)
ITTL uint8 // initial TTL
OptLen uint8 // length of IPv4 options or IPv6 extension headers
MSS *uint16 // maximum segment size, (nil => any)
WSizeType int // tells how to use the WSize field
WSize uint16 // window size
WScale *uint8 // window scaling factor, (nil => any)
OptLayout []uint8 // ordering of TCP options, if any
Quirks int // quirks in IP or TCP headers
PayloadClass int // payload size classification
EOLPad int // number of bytes after EOL to 32 byte padding
// contains filtered or unexported fields
}
Parsed representation of a TCP fingerprint. See ParseTCPSignature.
func ParseTCPSignature ¶
func ParseTCPSignature(label, s string) (*TCPSignature, error)
ParseTCPSignature parses the p0f TCP signature format:
ver:ittl:olen:mss:wsize,scale:olayout:quirks:pclass
Source Files
Click to show internal directories.
Click to hide internal directories.