packet

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: BSD-3-Clause, GPL-3.0 Imports: 41 Imported by: 0

Documentation

Overview

Package packet Package decoder implements decoders to transform network packets into protocol buffers for various protocols

Index

Constants

View Source 
const (
	EthernetCTPFunctionReply       = 1
	EthernetCTPFunctionForwardData = 2
)

CTP function codes as defined in the Xerox Ethernet II specification

View Source 
const (
	RMCPClassASF  = 0x06
	RMCPClassIPMI = 0x07
)

RMCP class constants

Variables

View Source 
var (
	// DeviceProfiles hold all connections.
	DeviceProfiles = &atomicDeviceProfileMap{
		Items: make(map[string]*deviceProfile),
	}
)
View Source 
var (
	// ErrInvalidDecoder occurs when a decoder name is unknown during initialization.
	ErrInvalidDecoder = errors.New("invalid decoder")
)
View Source 
var (
	// LocalDNS controls whether the DNS names shall be resolved locally
	// without contacting a nameserver.
	LocalDNS = true
)

Functions

func ApplyActionToGoPacketDecoders 

func ApplyActionToGoPacketDecoders(action func(*GoPacketDecoder))

ApplyActionToGoPacketDecoders can be used to run custom code for all gopacket decoders.

func ApplyActionToGoPacketDecodersAsync 

func ApplyActionToGoPacketDecodersAsync(action func(*GoPacketDecoder))

ApplyActionToGoPacketDecodersAsync can be used to run custom code for all gopacket decoders asynchronously.

func ApplyActionToPacketDecoders 

func ApplyActionToPacketDecoders(action func(DecoderAPI))

ApplyActionToPacketDecoders can be used to run custom code for all packet decoders.

func ApplyActionToPacketDecodersAsync 

func ApplyActionToPacketDecodersAsync(action func(DecoderAPI))

ApplyActionToPacketDecodersAsync can be used to run custom code for all packet decoders asynchronously.

func CalcCommunityID added in v0.9.0 

func CalcCommunityID(p gopacket.Packet) string

CalcCommunityID generates a Community ID v1 for a packet. This provides a standardized flow identifier that is compatible with Zeek, Suricata, and other network monitoring tools. Returns an empty string if the packet lacks the necessary layers.

func GetBaseLayerType added in v0.9.0 

func GetBaseLayerType() gopacket.LayerType

GetBaseLayerType returns the current base layer type

func InitGoPacketDecoders 

func InitGoPacketDecoders(c *config.Config) (decoders map[gopacket.LayerType][]*GoPacketDecoder, err error)

InitGoPacketDecoders initializes all gopacket decoders.

func MarkdownOverview 

func MarkdownOverview()

MarkdownOverview dumps a Markdown summary of all available decoders and their fields.

func ResetConnections added in v0.7.5 

func ResetConnections()

ResetConnections clears all connections from memory This should be called when resetting state between processing different files

func ResetDeviceProfiles added in v0.7.5 

func ResetDeviceProfiles()

ResetDeviceProfiles clears all device profiles from memory This should be called when resetting state between processing different files

func ResetIPProfiles added in v0.7.5 

func ResetIPProfiles()

ResetIPProfiles clears all IP profiles from memory This should be called when resetting state between processing different files

func SetBaseLayerType added in v0.9.0 

func SetBaseLayerType(lt gopacket.LayerType)

SetBaseLayerType sets the base layer type for packet decoding This should be called by the collector when it determines the link type

func SetConfig 

func SetConfig(cfg *config.Config)

SetConfig can be used to set a configuration for the package.

func SetDecoderLogger 

func SetDecoderLogger(lg *zap.Logger)

SetDecoderLogger sets the general decoder logger for the decoder package.

func ShowDecoders 

func ShowDecoders(verbose bool)

ShowDecoders will dump all decoders to stdout.

Types

type Decoder 

type Decoder struct {

	// used to keep track of the number of generated audit records
	NumRecordsWritten int64

	// Name of the decoder
	Name string

	// Description of the decoder
	Description string

	// Icon name for the decoder (for Maltego)
	Icon string

	// Handler to process packets
	Handler packetDecoderHandler

	// init functions
	PostInit func(*Decoder) error
	DeInit   func(*Decoder) error

	// FlushState is called during live capture to write current state without clearing it.
	// This allows accumulating decoders (DeviceProfile, IPProfile, Connection) to periodically
	// make their data visible while continuing to track state.
	FlushState func(*Decoder) int64

	// Writer for audit records
	Writer io.AuditRecordWriter

	// Type of the audit records produced by this decoder
	Type types.Type
}

Decoder implements custom logic to decode data from a gopacket.Packet this structure has an optimized field order to avoid excessive padding.

func (*Decoder) DeInitFunc 

func (pd *Decoder) DeInitFunc() error

DeInitFunc is called prior to teardown.

func (*Decoder) Decode 

func (pd *Decoder) Decode(p gopacket.Packet, ctx *types.PacketContext) error

Decode is called for each layer this calls the handler function of the decoder and writes the serialized protobuf into the data pipe.

func (*Decoder) Destroy 

func (pd *Decoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers and calls deinit if set.

func (*Decoder) FlushCurrentState added in v0.9.0 

func (pd *Decoder) FlushCurrentState() int64

FlushCurrentState writes the current state of accumulating records to disk without clearing the in-memory state. This is used during live capture to periodically make data visible while continuing to track state. Returns the number of records flushed.

func (*Decoder) GetChan 

func (pd *Decoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the decoder.

func (*Decoder) GetDescription 

func (pd *Decoder) GetDescription() string

GetDescription returns the description of the decoder.

func (*Decoder) GetName 

func (pd *Decoder) GetName() string

GetName returns the name of the decoder.

func (*Decoder) GetType 

func (pd *Decoder) GetType() types.Type

GetType returns the netcap type of the decoder.

func (*Decoder) GetWriter added in v0.9.0 

func (pd *Decoder) GetWriter() io.AuditRecordWriter

GetWriter returns the current writer.

func (*Decoder) NumRecords 

func (pd *Decoder) NumRecords() int64

NumRecords returns the number of written records.

func (*Decoder) PostInitFunc 

func (pd *Decoder) PostInitFunc() error

PostInitFunc is called after the decoder has been initialized.

func (*Decoder) SetWriter 

func (pd *Decoder) SetWriter(w io.AuditRecordWriter)

SetWriter sets the netcap writer to use for the decoder.

type DecoderAPI 

type DecoderAPI interface {
	core.DecoderAPI

	// Decode parses a gopacket and returns an error
	Decode(p gopacket.Packet, ctx *types.PacketContext) error
}

DecoderAPI PacketDecoderAPI describes an interface that all custom decoders need to implement this allows to supply a custom structure and maintain state for advanced protocol analysis.

func GetPacketDecoders added in v0.7.5 

func GetPacketDecoders() []DecoderAPI

GetPacketDecoders returns all available packet decoders

func InitPacketDecoders 

func InitPacketDecoders(c *config.Config) (decoders []DecoderAPI, err error)

InitPacketDecoders initializes all packet decoders.

type GoPacketDecoder 

type GoPacketDecoder struct {
	Description string
	Layer       gopacket.LayerType
	Handler     goPacketDecoderHandler

	Type types.Type
	// contains filtered or unexported fields
}

GoPacketDecoder represents an decoder for the gopacket.Layer type this structure has an optimized field order to avoid excessive padding.

func GetGoPacketDecoders added in v0.7.5 

func GetGoPacketDecoders() []*GoPacketDecoder

GetGoPacketDecoders returns all available gopacket layer decoders

func (*GoPacketDecoder) DeInitFunc 

func (dec *GoPacketDecoder) DeInitFunc() error

func (*GoPacketDecoder) Decode 

func (dec *GoPacketDecoder) Decode(ctx *types.PacketContext, p gopacket.Packet, l gopacket.Layer) error

Decode is called for each layer this calls the handler function of the decoder and writes the serialized protobuf into the data pipe.

func (*GoPacketDecoder) Destroy 

func (dec *GoPacketDecoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers.

func (*GoPacketDecoder) FlushCurrentState added in v0.9.0 

func (dec *GoPacketDecoder) FlushCurrentState() int64

FlushCurrentState flushes the writer buffer for gopacket decoders. GoPacket decoders write records immediately, so there's no accumulated state to flush. This just ensures any buffered data is written to disk.

func (*GoPacketDecoder) GetChan 

func (cd *GoPacketDecoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the decoder.

func (*GoPacketDecoder) GetDescription 

func (dec *GoPacketDecoder) GetDescription() string

func (*GoPacketDecoder) GetName 

func (dec *GoPacketDecoder) GetName() string

func (*GoPacketDecoder) GetType 

func (dec *GoPacketDecoder) GetType() types.Type

func (*GoPacketDecoder) GetWriter added in v0.9.0 

func (dec *GoPacketDecoder) GetWriter() io.AuditRecordWriter

func (*GoPacketDecoder) NumRecords 

func (dec *GoPacketDecoder) NumRecords() int64

func (*GoPacketDecoder) PostInitFunc 

func (dec *GoPacketDecoder) PostInitFunc() error

func (*GoPacketDecoder) SetWriter 

func (dec *GoPacketDecoder) SetWriter(writer io.AuditRecordWriter)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.