mischief
commented
9 years ago +1
Closed david415 closed 9 years ago
mischief
commented
9 years ago +1
david415
commented
9 years ago we've essentially achieved this goal by using AF_PACKET in my opinion... since the gopacket AF_PACKET support uses cgo to make a syscall it's pretty much pure golang.
We must remove libpcap as a dependency and utilize only pure golang for sniffing. This is a security concern. Currently we use gopacket's pcap which depends on the c libpcap... however it is possible to use raw sockets directly to read packets off the wire. This should be abstracted such that the rest of HoneyBadger doesn't care if the packets come from a pcap file or from the wire. pcapgo should be utilized.
https://godoc.org/code.google.com/p/gopacket/pcapgo