github/weave-scope
1
0
Fork 0
mirror of https://github.com/weaveworks/scope.git synced 2026-03-27 13:57:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ea04aa159244d85b30bdefbe80098dde2f7cba4
weave-scope/vendor/github.com/google/gopacket/pfring/doc.go
Tom Wilkie 35bfa5f751 Okay, that was a bad idea
2015-10-26 16:53:21 +00:00

59 lines
2.0 KiB
Go
Raw Blame History

// Copyright 2012 Google, Inc. All rights reserved.
//
// Use of this source code is governed by a BSD-style license
// that can be found in the LICENSE file in the root of the source
// tree.
/* Package pfring wraps the PF_RING C library for Go.
PF_RING is a high-performance packet capture library written by ntop.org (see
http://www.ntop.org/products/pf_ring/). This library allows you to utilize the
PF_RING library with gopacket to read packet data and decode it.
This package is meant to be used with its parent,
http://github.com/google/gopacket, although it can also be used independently
if you just want to get packet data from the wire.
Simple Example
This is probably the simplest code you can use to start getting packets through
pfring:
if ring, err := pfring.NewRing("eth0", 65536, pfring.FlagPromisc); err != nil {
panic(err)
} else if err := ring.SetBPFFilter("tcp and port 80"); err != nil { // optional
panic(err)
} else if err := ring.Enable(); err != nil { // Must do this!, or you get no packets!
panic(err)
} else {
packetSource := gopacket.NewPacketSource(ring, layers.LinkTypeEthernet)
for packet := range packetSource.Packets() {
handlePacket(packet) // Do something with a packet here.
}
}
Pfring Tweaks
PF_RING has a ton of optimizations and tweaks to make sure you get just the
packets you want. For example, if you're only using pfring to read packets,
consider running:
ring.SetSocketMode(pfring.ReadOnly)
If you only care about packets received on your interface (not those transmitted
by the interface), you can run:
ring.SetDirection(pfring.ReceiveOnly)
Pfring Clusters
PF_RING has an idea of 'clusters', where multiple applications can all read from
the same cluster, and PF_RING will multiplex packets over that cluster such that
only one application receives each packet. We won't discuss this mechanism in
too much more detail (see the ntop.org docs for more info), but here's how to
utilize this with the pfring go library:
ring.SetCluster(1, pfring.ClusterPerFlow5Tuple)
*/
package pfring
Reference in New Issue View Git Blame Copy Permalink