in pcap-cli/internal/transformer/json_translator.go [732:809]
func (t *JSONPcapTranslator) translateTCPLayer(
ctx context.Context,
tcp *layers.TCP,
) fmt.Stringer {
json := gabs.New()
// https://github.com/google/gopacket/blob/master/layers/tcp.go#L19-L35
L4, _ := json.Object("L4")
L4.Set(strconv.FormatInt(int64(len(tcp.Payload)), 10), "len")
L4.Set(tcp.Seq, "seq")
L4.Set(tcp.Ack, "ack")
L4.Set(tcp.DataOffset, "off")
L4.Set(tcp.Window, "win")
L4.Set(tcp.Checksum, "xsum")
L4.Set(tcp.Urgent, "urg")
flags, _ := L4.Object("flags")
setFlags := parseTCPflags(tcp)
flags.Set(setFlags, "dec")
if flagsStr, ok := tcpFlagsStr[setFlags]; ok {
flags.Set(flagsStr, "str")
} else {
// this scenario is slow, but it should also be exceedingly rare
t.addTCPflags(ctx, tcp, flags)
}
t.addTCPoptions(ctx, tcp, L4)
L4.Set(tcp.SrcPort, "src")
L4.Set(tcp.DstPort, "dst")
// TCP(6) (0x06) | `SrcPort` and `DstPort` are `uint8`
flowID := fnv1a.HashUint64(uint64(6) + uint64(tcp.SrcPort) + uint64(tcp.DstPort))
flowIDstr := strconv.FormatUint(flowID, 10)
L4.Set(flowIDstr, "flow")
atDebugVerbosity(ctx,
t.pcapTranslator,
func(
ctx context.Context,
translator *pcapTranslator,
) {
if name, ok := layers.TCPPortNames[tcp.SrcPort]; ok {
L4.Set(name, "sproto")
}
if name, ok := layers.TCPPortNames[tcp.DstPort]; ok {
L4.Set(name, "dproto")
}
transportFlow := tcp.TransportFlow()
t.addEndpoints(L4, &transportFlow)
flagsMap, _ := flags.Object("map")
flagsMap.Set(tcp.SYN, "SYN")
flagsMap.Set(tcp.ACK, "ACK")
flagsMap.Set(tcp.PSH, "PSH")
flagsMap.Set(tcp.FIN, "FIN")
flagsMap.Set(tcp.RST, "RST")
flagsMap.Set(tcp.URG, "URG")
flagsMap.Set(tcp.ECE, "ECE")
flagsMap.Set(tcp.CWR, "CWR")
flagsMap.Set(tcp.NS, "NS")
flags.Set("0b"+strconv.FormatUint(uint64(setFlags), 2), "bin")
flags.Set("0x"+strconv.FormatUint(uint64(setFlags), 16), "hex")
})
return json
}