capturetypes

package
v4.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2025 License: GPL-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MaxEphemeralPort uint16 = 65535
	MinEphemeralPort uint16 = 32768 // matches condition in isEphemeralPort()
)

Ephemeral ports as union of: -> suggested by IANA / RFC6335 (49152–65535) -> used by most Linux kernels (32768–60999)

View Source 
const (
	ICMP   = 0x01 // ICMP : 1
	TCP    = 0x06 // TCP :  6
	UDP    = 0x11 // UDP : 17
	ESP    = 0x32 // ESP : 50
	ICMPv6 = 0x3A // ICMPv6 : 58

	EPHashSizeV4 = 13 // EPHashSizeV4 : The (static) length of an IPv4 EPHash
	EPHashSizeV6 = 37 // EPHashSizeV6 : The (static) length of an IPv6 EPHash
)

Enumeration of the most common IP protocols

View Source 
const (
	EPHashV4SipStart    = 0
	EPHashV4SipEnd      = 4
	EPHashV4SPortStart  = 4
	EPHashV4SPortEnd    = 6
	EPHashV4DipStart    = 6
	EPHashV4DipEnd      = 10
	EPHashV4DPortStart  = 10
	EPHashV4DPortEnd    = 12
	EPHashV4ProtocolPos = 12

	EPHashV4SPortFirstByte = EPHashV4SPortStart     // 4
	EPHashV4SPortLastByte  = EPHashV4SPortStart + 1 // 5
	EPHashV4DPortFirstByte = EPHashV4DPortStart     // 10
	EPHashV4DPortLastByte  = EPHashV4DPortStart + 1 // 11
)

EPHashV4 array position constants (all explicit so they can theoretically be switched around with zero effort and to avoid having to do index math in functions) epHash[0:4] -> Src IP epHash[4:6] -> Src Port epHash[6:10] -> Dst IP epHash[10:12] -> Dst Port epHash[12] -> Protocol

View Source 
const (
	EPHashV6SipStart    = 0
	EPHashV6SipEnd      = 16
	EPHashV6SPortStart  = 16
	EPHashV6SPortEnd    = 18
	EPHashV6DipStart    = 18
	EPHashV6DipEnd      = 34
	EPHashV6DPortStart  = 34
	EPHashV6DPortEnd    = 36
	EPHashV6ProtocolPos = 36

	EPHashV6SPortFirstByte = EPHashV6SPortStart     // 16
	EPHashV6SPortLastByte  = EPHashV6SPortStart + 1 // 17
	EPHashV6DPortFirstByte = EPHashV6DPortStart     // 34
	EPHashV6DPortLastByte  = EPHashV6DPortStart + 1 // 35
)

EPHashV6 array position constants (all explicit so they can theoretically be switched around with zero effort and to avoid having to do index math in functions) epHash[0:16] -> Src IP epHash[16:18] -> Src Port epHash[18:34] -> Dst IP epHash[34:36] -> Dst Port epHash[36] -> Protocol

Variables

View Source 
var ParsingErrnoNames = [NumParsingErrors]string{
	"packet fragmented",
	"invalid IP header",
	"packet truncated",
}

ParsingErrnoNames maps a ParsingErrno to a string

Functions

func AddStats 

func AddStats(a, b *CaptureStats)

AddStats is a convenience method to total capture stats. This is relevant in the scope of adding statistics from the two directions. The result of the addition is written back to a to reduce allocations

func SubStats 

func SubStats(a, b *CaptureStats)

SubStats is a convenience method to total capture stats. This is relevant in the scope of subtracting statistics from the two directions. The result of the subtraction is written back to a to reduce allocations

Types

type CaptureStats 

type CaptureStats struct {
	// StartedAt: denotes the time when the capture was started
	StartedAt time.Time `json:"started_at" doc:"Time when the capture was started" example:"2021-01-01T00:00:00Z"`
	// Received: denotes the number of packets received
	Received uint64 `json:"received" doc:"Number of packets received" example:"69"`
	// ReceivedTotal: denotes the number of packets received since the capture was started
	ReceivedTotal uint64 `json:"received_total" doc:"Total number of packets received since capture was started" example:"69000"`
	// Processed: denotes the number of packets processed by the capture
	Processed uint64 `json:"processed" doc:"Number of packets processed by the capture" example:"70"`
	// ProcessedTotal denotes the number of packets processed since the capture was started
	ProcessedTotal uint64 `json:"processed_total" doc:"Total number of packets processed since the capture was started" example:"70000"`
	// Dropped: denotes the number of packets dropped
	Dropped uint64 `json:"dropped" doc:"Number of packets dropped" example:"3"`
	// DroppedTotal: denotes the number of packets dropped since the capture was started
	DroppedTotal uint64 `json:"dropped_total" doc:"Number of packets dropped since the capture was started" example:"20"`

	// ParsingErrors: denotes all packet parsing errors / failures encountered
	ParsingErrors ParsingErrTracker `json:"parsing_errors,omitempty" doc:"All packet parsing errors / failures" example:"[23,0]"`
}

CaptureStats stores the capture stores its statistics

type Direction 

type Direction uint8

Direction denotes if the detected packet direction should remain or changed, based on flow analysis 

const (
	DirectionUnknown Direction = iota
	DirectionRemains
	DirectionReverts
)

Direction detection states

func ClassifyPacketDirectionV4 

func ClassifyPacketDirectionV4(epHash EPHashV4, auxInfo byte) Direction

ClassifyPacketDirectionV4 is responsible for running a variety of heuristics on IPv4 packets in order to determine its direction. This classification is important since the termination of flows in regular intervals otherwise results in the incapability to correctly assign the appropriate endpoints. Current heuristics include:

  • investigating the TCP flags (if available)
  • incorporating the port information (with respect to privileged ports)
  • dissecting ICMP traffic

Return value: according to above enumeration 

0: if no classification possible
1: if packet direction is "request" (with high confidence)
2: if packet direction is "response" (with high confidence)
3: if packet direction is "request" (with low confidence -> continue to assess)
4: if packet direction is "response" (with low confidence -> continue to assess)

func ClassifyPacketDirectionV6 

func ClassifyPacketDirectionV6(epHash EPHashV6, auxInfo byte) Direction

ClassifyPacketDirectionV6 is responsible for running a variety of heuristics on IPv6 packets in order to determine its direction. This classification is important since the termination of flows in regular intervals otherwise results in the incapability to correctly assign the appropriate endpoints. Current heuristics include:

  • investigating the TCP flags (if available)
  • incorporating the port information (with respect to privileged ports)
  • dissecting ICMP traffic

Return value: according to above enumeration 

0: if no classification possible
1: if packet direction is "request" (with high confidence)
2: if packet direction is "response" (with high confidence)
3: if packet direction is "request" (with low confidence -> continue to assess)
4: if packet direction is "response" (with low confidence -> continue to assess)

type EPHashV4 

type EPHashV4 [EPHashSizeV4]byte

EPHashV4 is a typedef that allows us to replace the type of hash for IPv4 flows

func (EPHashV4) IsProbablyReverse 

func (h EPHashV4) IsProbablyReverse() bool

IsProbablyReverse performs a very simple heuristic in order to determine if a packet is most likely to be classified as forward or backward (hence allowing to optimize the flow map lookup path)

func (EPHashV4) Reverse 

func (h EPHashV4) Reverse() (rev EPHashV4)

Reverse calculates the reverse of an EPHashV4 (i.e. source / destination switched)

type EPHashV6 

type EPHashV6 [EPHashSizeV6]byte

EPHashV6 is a typedef that allows us to replace the type of hash for IPv6 flows

func (EPHashV6) IsProbablyReverse 

func (h EPHashV6) IsProbablyReverse() bool

IsProbablyReverse performs a very simple heuristic in order to determine if a packet is most likely to be classified as forward or backward (hence allowing to optimize the flow map lookup path)

func (EPHashV6) Reverse 

func (h EPHashV6) Reverse() (rev EPHashV6)

Reverse calculates the reverse of an EPHashV6 (i.e. source / destination switched)

type IfaceChange 

type IfaceChange struct {
	// Name: the name of the interface
	Name string `json:"name" doc:"Name of the interface" example:"eth0"`
	// Success: the config update / reload operation(s) succeeded
	Success bool `json:"success" doc:"The config update / reload operation(s) suceeded" example:"true"`
}

IfaceChange denotes the result from a config update / reload of an interface

func (IfaceChange) LogValue 

func (ic IfaceChange) LogValue() slog.Value

LogValue implements the LogValuer interface

type IfaceChanges 

type IfaceChanges []IfaceChange

IfaceChanges denotes a list of IfaceChange instances

func FromIfaceNames 

func FromIfaceNames(names []string) IfaceChanges

FromIfaceNames generates a list of IfaceChange instances from a list of interface names

func (IfaceChanges) Len 

func (c IfaceChanges) Len() int

Len returns the length (read: number) of interface changes (implementation of sorting interface)

func (IfaceChanges) Less 

func (c IfaceChanges) Less(i, j int) bool

Less returns if a named change is to be ordered before a second one (implementation of sorting interface)

func (IfaceChanges) Names 

func (c IfaceChanges) Names() []string

Names return a simple string slice containing all interface names

func (IfaceChanges) Results 

func (c IfaceChanges) Results() (ok []string, failed []string)

Results return both successful and failed results in a slice, respectively

func (IfaceChanges) Swap 

func (c IfaceChanges) Swap(i, j int)

Swap swaps two interface changes in the list (implementation of sorting interface)

type InterfaceStats 

type InterfaceStats map[string]CaptureStats

InterfaceStats stores the statistics for each interface

type ParsingErrTracker 

type ParsingErrTracker [NumParsingErrors]int

ParsingErrTracker denotes a simple table-based parsing error structure for counting all available parsing error (errno) types

func (*ParsingErrTracker) Reset 

func (e *ParsingErrTracker) Reset()

Reset resets all error counters in the error table (for reuse)

func (*ParsingErrTracker) Sum 

func (e *ParsingErrTracker) Sum() (res int)

Sum returns the sum of all errors (inclunding non-critical ones) currently tracked in the error table

func (*ParsingErrTracker) SumFailed 

func (e *ParsingErrTracker) SumFailed() (res int)

SumFailed returns the sum of all errors (that prevent packet processing) currently tracked in the error table

type ParsingErrno 

type ParsingErrno int8

ParsingErrno denotes a non-critical packet parsing error / failure 

const (
	// ErrnoOK : No Error
	ErrnoOK ParsingErrno = iota - 1

	// ErrnoPacketFragmentIgnore : packet fragment does not carry relevant information
	// (will be skipped as non-error)
	ErrnoPacketFragmentIgnore

	// ErrnoInvalidIPHeader : received neither IPv4 nor IPv6 IP header
	ErrnoInvalidIPHeader

	// ErrnoPacketTruncated : packet too short / truncated
	ErrnoPacketTruncated

	// NumParsingErrors : Number of tracked parsing errors
	NumParsingErrors
)

func (ParsingErrno) ParsingFailed 

func (e ParsingErrno) ParsingFailed() bool

ParsingFailed denotes if a ParsingErrno actually signifies that packet parsing failed

func (ParsingErrno) String 

func (e ParsingErrno) String() string

String returns a string representation of the underlying ParsingErrno

type TaggedAggFlowMap 

type TaggedAggFlowMap struct {
	Map   *hashmap.AggFlowMap
	Stats CaptureStats `json:"stats,omitempty"`
	Iface string       `json:"iface"`
}

TaggedAggFlowMap represents an aggregated flow map tagged with Stats and an an interface name.

Used by Manager to return the results of RotateAll() and Update().

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.