NAME

Net::Inspect::L4::TCP - get IP data, extracts TCP connections

SYNOPSIS

my $tcp = Net::Inspect::L4::TCP->new;
my $raw = Net::Inspect::L3::IP->new($tcp);
$tcp->pktin($data,\%meta);

DESCRIPTION

Gets IP packets via pktin method and handles connections.

Provides the hooks required by Net::Inspect::L3::IP.

Hooks provided:

pktin($pkt,$meta)

Hooks called on the attached flow object:

syn(\%meta)

called when the first SYN is received. Meta data are saddr, sport, daddr, dport and time. If returns false the connection will not be setup, but in this case it will be called on the seconds SYN too (because it does not keep track of ignored connections).

new_connection(\%meta)

will be called if the final ACK for the 3-way handshake is received. Must return a connection object or the connection will be ignored. Same meta data as in syn.

The connection object will be stored in the flow as long as the connection is open. The next hooks will be called on the connection object instead of the object attached to the flow.

Methods called on the connection object:

in($dir,$data,$eof,$time)

Will be called when new data arrived and got acked. $dir is the direction of the data (e.g. 0 for data from client, 1 from server). If $eof is 1 only this direction got closed, on 2 both sides got closed. Otherwise $eof is false.

Must return the number of bytes processed from $data. The rest of the data will be kept inside the flow object and if new data come in (or FIN gets ACKed) the hook will be called again with all unprocessed data.

If $eof is true it should better process all data, because the hook will not be called again for this direction.

$time is the time, when the data arrived. If the data arrived at different times (like after reordering) the earliest time gets used.

fatal($reason,$dir,$time)

Will be called on fatal errors of the connection, e.g. lost packets.

Methods useful for overwriting

syn(\%meta): default implementation will just call syn from the attached flow object
new_connection(\%meta): default implementation will just call new_connection from the attached flow object

LIMITS

It will not croak on strange flag combinations.

You should regularly call expire otherwise connection missing final handshake will not be expired.

To install Net::Inspect, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Inspect

CPAN shell

perl -MCPAN -e shell
install Net::Inspect

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

LIMITS

Module Install Instructions