aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/github.com/google/gopacket/pfring/doc.go
blob: 32baaf67ae2220c99344207632f6a9883a2679b2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

// Copyright 2012 Google, Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.

/*Package pfring wraps the PF_RING C library for Go.

PF_RING is a high-performance packet capture library written by ntop.org (see
http://www.ntop.org/products/pf_ring/).  This library allows you to utilize the
PF_RING library with gopacket to read packet data and decode it.

This package is meant to be used with its parent,
http://github.com/google/gopacket, although it can also be used independently
if you just want to get packet data from the wire.

Simple Example

This is probably the simplest code you can use to start getting packets through
pfring:

 if ring, err := pfring.NewRing("eth0", 65536, pfring.FlagPromisc); err != nil {
   panic(err)
 } else if err := ring.SetBPFFilter("tcp and port 80"); err != nil {  // optional
   panic(err)
 } else if err := ring.Enable(); err != nil { // Must do this!, or you get no packets!
   panic(err)
 } else {
   packetSource := gopacket.NewPacketSource(ring, layers.LinkTypeEthernet)
	 for packet := range packetSource.Packets() {
     handlePacket(packet)  // Do something with a packet here.
   }
 }

Pfring Tweaks

PF_RING has a ton of optimizations and tweaks to make sure you get just the
packets you want.  For example, if you're only using pfring to read packets,
consider running:

 ring.SetSocketMode(pfring.ReadOnly)

If you only care about packets received on your interface (not those transmitted
by the interface), you can run:

 ring.SetDirection(pfring.ReceiveOnly)

Pfring Clusters

PF_RING has an idea of 'clusters', where multiple applications can all read from
the same cluster, and PF_RING will multiplex packets over that cluster such that
only one application receives each packet.  We won't discuss this mechanism in
too much more detail (see the ntop.org docs for more info), but here's how to
utilize this with the pfring go library:

 ring.SetCluster(1, pfring.ClusterPerFlow5Tuple)
*/
package pfring