259 lines
5.2 KiB
Go
259 lines
5.2 KiB
Go
package bcap
|
|
|
|
import (
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/gopacket/gopacket"
|
|
)
|
|
|
|
type ProtocolKind string
|
|
|
|
const (
|
|
ProtocolUnknown ProtocolKind = "unknown"
|
|
ProtocolTCP ProtocolKind = "tcp"
|
|
ProtocolUDP ProtocolKind = "udp"
|
|
ProtocolICMPv4 ProtocolKind = "icmp"
|
|
ProtocolICMPv6 ProtocolKind = "icmpv6"
|
|
ProtocolARP ProtocolKind = "arp"
|
|
)
|
|
|
|
type NetworkFamily string
|
|
|
|
const (
|
|
NetworkFamilyUnknown NetworkFamily = "unknown"
|
|
NetworkFamilyIPv4 NetworkFamily = "ipv4"
|
|
NetworkFamilyIPv6 NetworkFamily = "ipv6"
|
|
NetworkFamilyARP NetworkFamily = "arp"
|
|
)
|
|
|
|
type LinkKind string
|
|
|
|
const (
|
|
LinkKindUnknown LinkKind = "unknown"
|
|
LinkKindEthernet LinkKind = "ethernet"
|
|
LinkKindLinuxSLL LinkKind = "linux_sll"
|
|
LinkKindLinuxSLL2 LinkKind = "linux_sll2"
|
|
)
|
|
|
|
type Tag string
|
|
|
|
const (
|
|
TagTransportUnknown Tag = "transport.unknown"
|
|
TagTCPHandshakeSYN Tag = "tcp.handshake.syn"
|
|
TagTCPHandshakeSYNACK Tag = "tcp.handshake.synack"
|
|
TagTCPHandshakeACK Tag = "tcp.handshake.ack"
|
|
TagTCPTeardownFIN Tag = "tcp.teardown.fin"
|
|
TagTCPTeardownFINACK Tag = "tcp.teardown.finack"
|
|
TagTCPTeardownACK Tag = "tcp.teardown.ack"
|
|
TagTCPPacket Tag = "tcp.packet"
|
|
TagTCPRetransmit Tag = "tcp.retransmit"
|
|
TagTCPKeepalive Tag = "tcp.keepalive"
|
|
TagTCPKeepaliveResp Tag = "tcp.keepalive.response"
|
|
TagTCPRst Tag = "tcp.rst"
|
|
TagTCPEce Tag = "tcp.ece"
|
|
TagTCPCwr Tag = "tcp.cwr"
|
|
TagUDPPacket Tag = "udp.packet"
|
|
TagICMPPacket Tag = "icmp.packet"
|
|
TagICMPEchoRequest Tag = "icmp.echo-request"
|
|
TagICMPEchoReply Tag = "icmp.echo-reply"
|
|
TagICMPUnreachable Tag = "icmp.unreachable"
|
|
TagICMPTimeExceeded Tag = "icmp.time-exceeded"
|
|
TagARPRequest Tag = "arp.request"
|
|
TagARPReply Tag = "arp.reply"
|
|
)
|
|
|
|
type Packet struct {
|
|
Meta Meta
|
|
Link LinkFacts
|
|
Network NetworkFacts
|
|
Transport TransportFacts
|
|
Raw RawFacts
|
|
}
|
|
|
|
type Meta struct {
|
|
Timestamp time.Time
|
|
TimestampMicros int64
|
|
RelativeTime time.Duration
|
|
CaptureLength int
|
|
Length int
|
|
}
|
|
|
|
type LinkFacts struct {
|
|
Kind LinkKind
|
|
SrcMAC net.HardwareAddr
|
|
DstMAC net.HardwareAddr
|
|
}
|
|
|
|
type NetworkFacts struct {
|
|
Family NetworkFamily
|
|
SrcIP string
|
|
DstIP string
|
|
TTL uint8
|
|
HopLimit uint8
|
|
ProtocolNumber uint16
|
|
ARP *ARPFacts
|
|
}
|
|
|
|
type ARPFacts struct {
|
|
Operation uint16
|
|
SenderMAC net.HardwareAddr
|
|
TargetMAC net.HardwareAddr
|
|
SenderIP string
|
|
TargetIP string
|
|
}
|
|
|
|
type TransportFacts struct {
|
|
Kind ProtocolKind
|
|
Payload int
|
|
TCP *TCPFacts
|
|
UDP *UDPFacts
|
|
ICMP *ICMPFacts
|
|
Unknown *UnknownTransportFacts
|
|
}
|
|
|
|
type TCPFacts struct {
|
|
SrcPort string
|
|
DstPort string
|
|
Seq uint32
|
|
Ack uint32
|
|
Window uint16
|
|
SYN bool
|
|
ACK bool
|
|
FIN bool
|
|
RST bool
|
|
ECE bool
|
|
CWR bool
|
|
PSH bool
|
|
Checksum uint16
|
|
Payload int
|
|
}
|
|
|
|
type UDPFacts struct {
|
|
SrcPort string
|
|
DstPort string
|
|
Length uint16
|
|
Payload int
|
|
}
|
|
|
|
type ICMPFacts struct {
|
|
Version int
|
|
Type uint8
|
|
Code uint8
|
|
Checksum uint16
|
|
ID uint16
|
|
Seq uint16
|
|
Payload int
|
|
}
|
|
|
|
type UnknownTransportFacts struct {
|
|
Payload int
|
|
}
|
|
|
|
type RawFacts struct {
|
|
Packet gopacket.Packet
|
|
}
|
|
|
|
type Endpoint struct {
|
|
IP string
|
|
Port string
|
|
}
|
|
|
|
type FlowKey struct {
|
|
Family NetworkFamily
|
|
Protocol ProtocolKind
|
|
Src Endpoint
|
|
Dst Endpoint
|
|
}
|
|
|
|
type FlowRef struct {
|
|
Forward FlowKey
|
|
Reverse FlowKey
|
|
Stable string
|
|
}
|
|
|
|
type Observation struct {
|
|
Packet Packet
|
|
Flow FlowRef
|
|
Hints HintSet
|
|
}
|
|
|
|
type SummaryHint struct {
|
|
Code string
|
|
}
|
|
|
|
type HintSet struct {
|
|
Summary SummaryHint
|
|
Tags []Tag
|
|
|
|
TCP *TCPHint
|
|
UDP *UDPHint
|
|
ICMP *ICMPHint
|
|
ARP *ARPHint
|
|
}
|
|
|
|
type TCPPhase string
|
|
|
|
const (
|
|
TCPPhaseUnknown TCPPhase = "unknown"
|
|
TCPPhaseHandshake TCPPhase = "handshake"
|
|
TCPPhaseEstablished TCPPhase = "established"
|
|
TCPPhaseTeardown TCPPhase = "teardown"
|
|
TCPPhaseSpecial TCPPhase = "special"
|
|
)
|
|
|
|
type TCPEvent string
|
|
|
|
const (
|
|
TCPEventUnknown TCPEvent = "unknown"
|
|
TCPEventSYN TCPEvent = "syn"
|
|
TCPEventSYNACK TCPEvent = "synack"
|
|
TCPEventHandshakeACK TCPEvent = "handshake_ack"
|
|
TCPEventACK TCPEvent = "ack"
|
|
TCPEventRetransmission TCPEvent = "retransmission"
|
|
TCPEventKeepalive TCPEvent = "keepalive"
|
|
TCPEventKeepaliveResp TCPEvent = "keepalive_response"
|
|
TCPEventFIN TCPEvent = "fin"
|
|
TCPEventFINACK TCPEvent = "finack"
|
|
TCPEventTeardownACK TCPEvent = "teardown_ack"
|
|
TCPEventRST TCPEvent = "rst"
|
|
TCPEventECE TCPEvent = "ece"
|
|
TCPEventCWR TCPEvent = "cwr"
|
|
)
|
|
|
|
type TCPHint struct {
|
|
Phase TCPPhase
|
|
Event TCPEvent
|
|
LegacyState uint8
|
|
Seq uint32
|
|
Ack uint32
|
|
Window uint16
|
|
Payload int
|
|
Retransmission bool
|
|
Keepalive bool
|
|
KeepaliveResponse bool
|
|
RST bool
|
|
ECE bool
|
|
CWR bool
|
|
}
|
|
|
|
type UDPHint struct {
|
|
Payload int
|
|
}
|
|
|
|
type ICMPHint struct {
|
|
Version int
|
|
Type uint8
|
|
Code uint8
|
|
IsEcho bool
|
|
IsEchoReply bool
|
|
IsUnreachable bool
|
|
IsTimeExceeded bool
|
|
}
|
|
|
|
type ARPHint struct {
|
|
Operation uint16
|
|
Request bool
|
|
Reply bool
|
|
}
|