7x31
/
sniffer-agent
mirror of https://github.com/zr-hebo/sniffer-agent.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
sniffer-agent/vendor/github.com/google/gopacket/pcapgo/pcapng.go

188 lines
8.2 KiB
Go
Raw Blame History

// Copyright 2018 The GoPacket Authors. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.
package pcapgo
import (
"errors"
"math"
"time"
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
)
// ErrNgVersionMismatch gets returned for unknown pcapng section versions. This can only happen if ReaderOptions.SkipUnknownVersion == false
var ErrNgVersionMismatch = errors.New("Unknown pcapng Version in Section Header")
// ErrNgLinkTypeMismatch gets returned if the link type of an interface is not the same as the link type from the first interface. This can only happen if ReaderOptions.ErrorOnMismatchingLinkType == true && ReaderOptions.WantMixedLinkType == false
var ErrNgLinkTypeMismatch = errors.New("Link type of current interface is different from first one")
const (
ngByteOrderMagic = 0x1A2B3C4D
// We can handle only version 1.0
ngVersionMajor = 1
ngVersionMinor = 0
)
type ngBlockType uint32
const (
ngBlockTypeInterfaceDescriptor ngBlockType = 1 // Interface description block
ngBlockTypePacket ngBlockType = 2 // Packet block (deprecated)
ngBlockTypeSimplePacket ngBlockType = 3 // Simple packet block
ngBlockTypeInterfaceStatistics ngBlockType = 5 // Interface statistics block
ngBlockTypeEnhancedPacket ngBlockType = 6 // Enhanced packet block
ngBlockTypeSectionHeader ngBlockType = 0x0A0D0D0A // Section header block (same in both endians)
)
type ngOptionCode uint16
const (
ngOptionCodeEndOfOptions ngOptionCode = iota // end of options. must be at the end of options in a block
ngOptionCodeComment // comment
ngOptionCodeHardware // description of the hardware
ngOptionCodeOS // name of the operating system
ngOptionCodeUserApplication // name of the application
)
const (
ngOptionCodeInterfaceName ngOptionCode = iota + 2 // interface name
ngOptionCodeInterfaceDescription // interface description
ngOptionCodeInterfaceIPV4Address // IPv4 network address and netmask for the interface
ngOptionCodeInterfaceIPV6Address // IPv6 network address and prefix length for the interface
ngOptionCodeInterfaceMACAddress // interface hardware MAC address
ngOptionCodeInterfaceEUIAddress // interface hardware EUI address
ngOptionCodeInterfaceSpeed // interface speed in bits/s
ngOptionCodeInterfaceTimestampResolution // timestamp resolution
ngOptionCodeInterfaceTimezone // time zone
ngOptionCodeInterfaceFilter // capture filter
ngOptionCodeInterfaceOS // operating system
ngOptionCodeInterfaceFCSLength // length of the Frame Check Sequence in bits
ngOptionCodeInterfaceTimestampOffset // offset (in seconds) that must be added to packet timestamp
)
const (
ngOptionCodeInterfaceStatisticsStartTime ngOptionCode = iota + 2 // Start of capture
ngOptionCodeInterfaceStatisticsEndTime // End of capture
ngOptionCodeInterfaceStatisticsInterfaceReceived // Packets received by physical interface
ngOptionCodeInterfaceStatisticsInterfaceDropped // Packets dropped by physical interface
ngOptionCodeInterfaceStatisticsFilterAccept // Packets accepted by filter
ngOptionCodeInterfaceStatisticsOSDrop // Packets dropped by operating system
ngOptionCodeInterfaceStatisticsDelivered // Packets delivered to user
)
// ngOption is a pcapng option
type ngOption struct {
code ngOptionCode
value []byte
raw interface{}
length uint16
}
// ngBlock is a pcapng block header
type ngBlock struct {
typ ngBlockType
length uint32 // remaining length of block
}
// NgResolution represents a pcapng timestamp resolution
type NgResolution uint8
// Binary returns true if the timestamp resolution is a negative power of two. Otherwise NgResolution is a negative power of 10.
func (r NgResolution) Binary() bool {
if r&0x80 == 0x80 {
return true
}
return false
}
// Exponent returns the negative exponent of the resolution.
func (r NgResolution) Exponent() uint8 {
return uint8(r) & 0x7f
}
// ToTimestampResolution converts an NgResolution to a gopaket.TimestampResolution
func (r NgResolution) ToTimestampResolution() (ret gopacket.TimestampResolution) {
if r.Binary() {
ret.Base = 2
} else {
ret.Base = 10
}
ret.Exponent = -int(r.Exponent())
return
}
// NgNoValue64 is a placeholder for an empty numeric 64 bit value.
const NgNoValue64 = math.MaxUint64
// NgInterfaceStatistics hold the statistic for an interface at a single point in time. These values are already supposed to be accumulated. Most pcapng files contain this information at the end of the file/section.
type NgInterfaceStatistics struct {
// LastUpdate is the last time the statistics were updated.
LastUpdate time.Time
// StartTime is the time packet capture started on this interface. This value might be zero if this option is missing.
StartTime time.Time
// EndTime is the time packet capture ended on this interface This value might be zero if this option is missing.
EndTime time.Time
// Comment can be an arbitrary comment. This value might be empty if this option is missing.
Comment string
// PacketsReceived are the number of received packets. This value might be NoValue64 if this option is missing.
PacketsReceived uint64
// PacketsReceived are the number of received packets. This value might be NoValue64 if this option is missing.
PacketsDropped uint64
}
var ngEmptyStatistics = NgInterfaceStatistics{
PacketsReceived: NgNoValue64,
PacketsDropped: NgNoValue64,
}
// NgInterface holds all the information of a pcapng interface.
type NgInterface struct {
// Name is the name of the interface. This value might be empty if this option is missing.
Name string
// Comment can be an arbitrary comment. This value might be empty if this option is missing.
Comment string
// Description is a description of the interface. This value might be empty if this option is missing.
Description string
// Filter is the filter used during packet capture. This value might be empty if this option is missing.
Filter string
// OS is the operating system this interface was controlled by. This value might be empty if this option is missing.
OS string
// LinkType is the linktype of the interface.
LinkType layers.LinkType
// TimestampResolution is the timestamp resolution of the packets in the pcapng file belonging to this interface.
TimestampResolution NgResolution
// TimestampResolution is the timestamp offset in seconds of the packets in the pcapng file belonging to this interface.
TimestampOffset uint64
// SnapLength is the maximum packet length captured by this interface. 0 for unlimited
SnapLength uint32
// Statistics holds the interface statistics
Statistics NgInterfaceStatistics
secondMask uint64
scaleUp uint64
scaleDown uint64
}
// Resolution returns the timestamp resolution of acquired timestamps before scaling to NanosecondTimestampResolution.
func (i NgInterface) Resolution() gopacket.TimestampResolution {
return i.TimestampResolution.ToTimestampResolution()
}
// NgSectionInfo contains additional information of a pcapng section
type NgSectionInfo struct {
// Hardware is the hardware this file was generated on. This value might be empty if this option is missing.
Hardware string
// OS is the operating system this file was generated on. This value might be empty if this option is missing.
OS string
// Application is the user space application this file was generated with. This value might be empty if this option is missing.
Application string
// Comment can be an arbitrary comment. This value might be empty if this option is missing.
Comment string
}
Reference in New Issue View Git Blame Copy Permalink