bcap/model.go

package bcap

import (
	"net"
	"time"

	"github.com/gopacket/gopacket"
)

type ProtocolKind string

const (
	ProtocolUnknown ProtocolKind = "unknown"
	ProtocolTCP     ProtocolKind = "tcp"
	ProtocolUDP     ProtocolKind = "udp"
	ProtocolICMPv4  ProtocolKind = "icmp"
	ProtocolICMPv6  ProtocolKind = "icmpv6"
	ProtocolARP     ProtocolKind = "arp"
)

type NetworkFamily string

const (
	NetworkFamilyUnknown NetworkFamily = "unknown"
	NetworkFamilyIPv4    NetworkFamily = "ipv4"
	NetworkFamilyIPv6    NetworkFamily = "ipv6"
	NetworkFamilyARP     NetworkFamily = "arp"
)

type LinkKind string

const (
	LinkKindUnknown   LinkKind = "unknown"
	LinkKindEthernet  LinkKind = "ethernet"
	LinkKindLinuxSLL  LinkKind = "linux_sll"
	LinkKindLinuxSLL2 LinkKind = "linux_sll2"
)

type Tag string

const (
	TagTransportUnknown   Tag = "transport.unknown"
	TagTCPHandshakeSYN    Tag = "tcp.handshake.syn"
	TagTCPHandshakeSYNACK Tag = "tcp.handshake.synack"
	TagTCPHandshakeACK    Tag = "tcp.handshake.ack"
	TagTCPTeardownFIN     Tag = "tcp.teardown.fin"
	TagTCPTeardownFINACK  Tag = "tcp.teardown.finack"
	TagTCPTeardownACK     Tag = "tcp.teardown.ack"
	TagTCPPacket          Tag = "tcp.packet"
	TagTCPRetransmit      Tag = "tcp.retransmit"
	TagTCPKeepalive       Tag = "tcp.keepalive"
	TagTCPKeepaliveResp   Tag = "tcp.keepalive.response"
	TagTCPRst             Tag = "tcp.rst"
	TagTCPEce             Tag = "tcp.ece"
	TagTCPCwr             Tag = "tcp.cwr"
	TagUDPPacket          Tag = "udp.packet"
	TagICMPPacket         Tag = "icmp.packet"
	TagICMPEchoRequest    Tag = "icmp.echo-request"
	TagICMPEchoReply      Tag = "icmp.echo-reply"
	TagICMPUnreachable    Tag = "icmp.unreachable"
	TagICMPTimeExceeded   Tag = "icmp.time-exceeded"
	TagARPRequest         Tag = "arp.request"
	TagARPReply           Tag = "arp.reply"
)

type Packet struct {
	Meta      Meta
	Link      LinkFacts
	Network   NetworkFacts
	Transport TransportFacts
	Raw       RawFacts
}

type Meta struct {
	Timestamp       time.Time
	TimestampMicros int64
	RelativeTime    time.Duration
	CaptureLength   int
	Length          int
}

type LinkFacts struct {
	Kind   LinkKind
	SrcMAC net.HardwareAddr
	DstMAC net.HardwareAddr
}

type NetworkFacts struct {
	Family         NetworkFamily
	SrcIP          string
	DstIP          string
	TTL            uint8
	HopLimit       uint8
	ProtocolNumber uint16
	ARP            *ARPFacts
}

type ARPFacts struct {
	Operation uint16
	SenderMAC net.HardwareAddr
	TargetMAC net.HardwareAddr
	SenderIP  string
	TargetIP  string
}

type TransportFacts struct {
	Kind    ProtocolKind
	Payload int
	TCP     *TCPFacts
	UDP     *UDPFacts
	ICMP    *ICMPFacts
	Unknown *UnknownTransportFacts
}

type TCPFacts struct {
	SrcPort  string
	DstPort  string
	Seq      uint32
	Ack      uint32
	Window   uint16
	SYN      bool
	ACK      bool
	FIN      bool
	RST      bool
	ECE      bool
	CWR      bool
	PSH      bool
	Checksum uint16
	Payload  int
}

type UDPFacts struct {
	SrcPort string
	DstPort string
	Length  uint16
	Payload int
}

type ICMPFacts struct {
	Version  int
	Type     uint8
	Code     uint8
	Checksum uint16
	ID       uint16
	Seq      uint16
	Payload  int
}

type UnknownTransportFacts struct {
	Payload int
}

type RawFacts struct {
	Packet gopacket.Packet
}

type Endpoint struct {
	IP   string
	Port string
}

type FlowKey struct {
	Family   NetworkFamily
	Protocol ProtocolKind
	Src      Endpoint
	Dst      Endpoint
}

type FlowRef struct {
	Forward FlowKey
	Reverse FlowKey
	Stable  string
}

type Observation struct {
	Packet Packet
	Flow   FlowRef
	Hints  HintSet
}

type SummaryHint struct {
	Code string
}

type HintSet struct {
	Summary SummaryHint
	Tags    []Tag

	TCP  *TCPHint
	UDP  *UDPHint
	ICMP *ICMPHint
	ARP  *ARPHint
}

type TCPPhase string

const (
	TCPPhaseUnknown     TCPPhase = "unknown"
	TCPPhaseHandshake   TCPPhase = "handshake"
	TCPPhaseEstablished TCPPhase = "established"
	TCPPhaseTeardown    TCPPhase = "teardown"
	TCPPhaseSpecial     TCPPhase = "special"
)

type TCPEvent string

const (
	TCPEventUnknown        TCPEvent = "unknown"
	TCPEventSYN            TCPEvent = "syn"
	TCPEventSYNACK         TCPEvent = "synack"
	TCPEventHandshakeACK   TCPEvent = "handshake_ack"
	TCPEventACK            TCPEvent = "ack"
	TCPEventRetransmission TCPEvent = "retransmission"
	TCPEventKeepalive      TCPEvent = "keepalive"
	TCPEventKeepaliveResp  TCPEvent = "keepalive_response"
	TCPEventFIN            TCPEvent = "fin"
	TCPEventFINACK         TCPEvent = "finack"
	TCPEventTeardownACK    TCPEvent = "teardown_ack"
	TCPEventRST            TCPEvent = "rst"
	TCPEventECE            TCPEvent = "ece"
	TCPEventCWR            TCPEvent = "cwr"
)

type TCPHint struct {
	Phase             TCPPhase
	Event             TCPEvent
	LegacyState       uint8
	Seq               uint32
	Ack               uint32
	Window            uint16
	Payload           int
	Retransmission    bool
	Keepalive         bool
	KeepaliveResponse bool
	RST               bool
	ECE               bool
	CWR               bool
}

type UDPHint struct {
	Payload int
}

type ICMPHint struct {
	Version        int
	Type           uint8
	Code           uint8
	IsEcho         bool
	IsEchoReply    bool
	IsUnreachable  bool
	IsTimeExceeded bool
}

type ARPHint struct {
	Operation uint16
	Request   bool
	Reply     bool
}
重构代码 2026-03-24 23:39:55 +08:00			`package bcap`

			`import (`
			`"net"`
			`"time"`

			`"github.com/gopacket/gopacket"`
			`)`

			`type ProtocolKind string`

			`const (`
			`ProtocolUnknown ProtocolKind = "unknown"`
			`ProtocolTCP ProtocolKind = "tcp"`
			`ProtocolUDP ProtocolKind = "udp"`
			`ProtocolICMPv4 ProtocolKind = "icmp"`
			`ProtocolICMPv6 ProtocolKind = "icmpv6"`
			`ProtocolARP ProtocolKind = "arp"`
			`)`

			`type NetworkFamily string`

			`const (`
			`NetworkFamilyUnknown NetworkFamily = "unknown"`
			`NetworkFamilyIPv4 NetworkFamily = "ipv4"`
			`NetworkFamilyIPv6 NetworkFamily = "ipv6"`
			`NetworkFamilyARP NetworkFamily = "arp"`
			`)`

			`type LinkKind string`

			`const (`
			`LinkKindUnknown LinkKind = "unknown"`
			`LinkKindEthernet LinkKind = "ethernet"`
			`LinkKindLinuxSLL LinkKind = "linux_sll"`
			`LinkKindLinuxSLL2 LinkKind = "linux_sll2"`
			`)`

			`type Tag string`

			`const (`
			`TagTransportUnknown Tag = "transport.unknown"`
			`TagTCPHandshakeSYN Tag = "tcp.handshake.syn"`
			`TagTCPHandshakeSYNACK Tag = "tcp.handshake.synack"`
			`TagTCPHandshakeACK Tag = "tcp.handshake.ack"`
			`TagTCPTeardownFIN Tag = "tcp.teardown.fin"`
			`TagTCPTeardownFINACK Tag = "tcp.teardown.finack"`
			`TagTCPTeardownACK Tag = "tcp.teardown.ack"`
			`TagTCPPacket Tag = "tcp.packet"`
			`TagTCPRetransmit Tag = "tcp.retransmit"`
			`TagTCPKeepalive Tag = "tcp.keepalive"`
			`TagTCPKeepaliveResp Tag = "tcp.keepalive.response"`
			`TagTCPRst Tag = "tcp.rst"`
			`TagTCPEce Tag = "tcp.ece"`
			`TagTCPCwr Tag = "tcp.cwr"`
			`TagUDPPacket Tag = "udp.packet"`
			`TagICMPPacket Tag = "icmp.packet"`
			`TagICMPEchoRequest Tag = "icmp.echo-request"`
			`TagICMPEchoReply Tag = "icmp.echo-reply"`
			`TagICMPUnreachable Tag = "icmp.unreachable"`
			`TagICMPTimeExceeded Tag = "icmp.time-exceeded"`
			`TagARPRequest Tag = "arp.request"`
			`TagARPReply Tag = "arp.reply"`
			`)`

			`type Packet struct {`
			`Meta Meta`
			`Link LinkFacts`
			`Network NetworkFacts`
			`Transport TransportFacts`
			`Raw RawFacts`
			`}`

			`type Meta struct {`
			`Timestamp time.Time`
			`TimestampMicros int64`
			`RelativeTime time.Duration`
			`CaptureLength int`
			`Length int`
			`}`

			`type LinkFacts struct {`
			`Kind LinkKind`
			`SrcMAC net.HardwareAddr`
			`DstMAC net.HardwareAddr`
			`}`

			`type NetworkFacts struct {`
			`Family NetworkFamily`
			`SrcIP string`
			`DstIP string`
			`TTL uint8`
			`HopLimit uint8`
			`ProtocolNumber uint16`
			`ARP *ARPFacts`
			`}`

			`type ARPFacts struct {`
			`Operation uint16`
			`SenderMAC net.HardwareAddr`
			`TargetMAC net.HardwareAddr`
			`SenderIP string`
			`TargetIP string`
			`}`

			`type TransportFacts struct {`
			`Kind ProtocolKind`
			`Payload int`
			`TCP *TCPFacts`
			`UDP *UDPFacts`
			`ICMP *ICMPFacts`
			`Unknown *UnknownTransportFacts`
			`}`

			`type TCPFacts struct {`
			`SrcPort string`
			`DstPort string`
			`Seq uint32`
			`Ack uint32`
			`Window uint16`
			`SYN bool`
			`ACK bool`
			`FIN bool`
			`RST bool`
			`ECE bool`
			`CWR bool`
			`PSH bool`
			`Checksum uint16`
			`Payload int`
			`}`

			`type UDPFacts struct {`
			`SrcPort string`
			`DstPort string`
			`Length uint16`
			`Payload int`
			`}`

			`type ICMPFacts struct {`
			`Version int`
			`Type uint8`
			`Code uint8`
			`Checksum uint16`
			`ID uint16`
			`Seq uint16`
			`Payload int`
			`}`

			`type UnknownTransportFacts struct {`
			`Payload int`
			`}`

			`type RawFacts struct {`
			`Packet gopacket.Packet`
			`}`

			`type Endpoint struct {`
			`IP string`
			`Port string`
			`}`

			`type FlowKey struct {`
			`Family NetworkFamily`
			`Protocol ProtocolKind`
			`Src Endpoint`
			`Dst Endpoint`
			`}`

			`type FlowRef struct {`
			`Forward FlowKey`
			`Reverse FlowKey`
			`Stable string`
			`}`

			`type Observation struct {`
			`Packet Packet`
			`Flow FlowRef`
			`Hints HintSet`
			`}`

			`type SummaryHint struct {`
			`Code string`
			`}`

			`type HintSet struct {`
			`Summary SummaryHint`
			`Tags []Tag`

			`TCP *TCPHint`
			`UDP *UDPHint`
			`ICMP *ICMPHint`
			`ARP *ARPHint`
			`}`

			`type TCPPhase string`

			`const (`
			`TCPPhaseUnknown TCPPhase = "unknown"`
			`TCPPhaseHandshake TCPPhase = "handshake"`
			`TCPPhaseEstablished TCPPhase = "established"`
			`TCPPhaseTeardown TCPPhase = "teardown"`
			`TCPPhaseSpecial TCPPhase = "special"`
			`)`

			`type TCPEvent string`

			`const (`
			`TCPEventUnknown TCPEvent = "unknown"`
			`TCPEventSYN TCPEvent = "syn"`
			`TCPEventSYNACK TCPEvent = "synack"`
			`TCPEventHandshakeACK TCPEvent = "handshake_ack"`
			`TCPEventACK TCPEvent = "ack"`
			`TCPEventRetransmission TCPEvent = "retransmission"`
			`TCPEventKeepalive TCPEvent = "keepalive"`
			`TCPEventKeepaliveResp TCPEvent = "keepalive_response"`
			`TCPEventFIN TCPEvent = "fin"`
			`TCPEventFINACK TCPEvent = "finack"`
			`TCPEventTeardownACK TCPEvent = "teardown_ack"`
			`TCPEventRST TCPEvent = "rst"`
			`TCPEventECE TCPEvent = "ece"`
			`TCPEventCWR TCPEvent = "cwr"`
			`)`

			`type TCPHint struct {`
			`Phase TCPPhase`
			`Event TCPEvent`
			`LegacyState uint8`
			`Seq uint32`
			`Ack uint32`
			`Window uint16`
			`Payload int`
			`Retransmission bool`
			`Keepalive bool`
			`KeepaliveResponse bool`
			`RST bool`
			`ECE bool`
			`CWR bool`
			`}`

			`type UDPHint struct {`
			`Payload int`
			`}`

			`type ICMPHint struct {`
			`Version int`
			`Type uint8`
			`Code uint8`
			`IsEcho bool`
			`IsEchoReply bool`
			`IsUnreachable bool`
			`IsTimeExceeded bool`
			`}`

			`type ARPHint struct {`
			`Operation uint16`
			`Request bool`
			`Reply bool`
			`}`