Documentation
¶
Overview ¶
Copyright © 2020 GUILLAUME FOURNIER
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
Constants ¶
View Source
const ( // BPFAny - create new element or update existing BPFAny = 0 // BPFNoexist - create new element if it didn't exist BPFNoexist = 1 // BPFExist - update element if it exists BPFExist = 2 // DNSMaxLength - Maximum length of a DNS domain DNSMaxLength = 256 // DNSMaxLabelLength - Maximum length of a DNS label DNSMaxLabelLength = 63 // HTTPMaxURILength - Maximum length of a valid URI for this project HTTPMaxURILength = 128 // HTTPMaxMethodLength - Maximum length of a valid HTTP method for this project HTTPMaxMethodLength = 10 // PathMax - Maximum path length of the paths handled by the project. See ebpf code // for more explanation. A production version of this project wouldn't use path in maps // anyway, so this is an acceptable limitation for this PoC. PathMax = 350 // DNSRequestParserKey - DNS request parser key in dns_prog_array map DNSRequestParserKey = 0 // DNSResponseParserKey - DNS response parser key in dns_prog_array map DNSResponseParserKey = 1 // CIDREntryProgKey - CIDR entry program key CIDREntryProgKey = 2 )
Variables ¶
This section is empty.
Functions ¶
func SignalInfoToString ¶
SignalInfoToString - Returns a signal as its string representation
Types ¶
type ApplicationProtocol ¶
type ApplicationProtocol uint16
ApplicationProtocol - Application protocols
const ( // Any - Allows all L7 protocols Any ApplicationProtocol = iota // DNS - DNS protocol DNS // HTTP - Http protocol HTTP // HTTPS - Https protocol HTTPS )
func ProfileInputToApplicationProtocol ¶
func ProfileInputToApplicationProtocol(input string) ApplicationProtocol
ProfileInputToApplicationProtocol - Transforms a profile input into an application protocol
func (ApplicationProtocol) MarshalJSON ¶
func (ap ApplicationProtocol) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (ApplicationProtocol) String ¶
func (ap ApplicationProtocol) String() string
type DNSRecordType ¶
type DNSRecordType uint16
DNSRecordType - DNS record type
const ( // ARecord - A record DNS type ARecord DNSRecordType = 1 // AAAARecord - AAAA record DNS type AAAARecord DNSRecordType = 0x1c )
func (DNSRecordType) MarshalJSON ¶
func (drt DNSRecordType) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (DNSRecordType) String ¶
func (drt DNSRecordType) String() string
type InterfaceType ¶
type InterfaceType uint8
InterfaceType - Interface type
const ( // ExternalInterface - Used to designate an external network facing interface ExternalInterface InterfaceType = 1 // ContainerInterface - Used to designate a container veth pair interface ContainerInterface InterfaceType = 2 )
func (InterfaceType) MarshalJSON ¶
func (it InterfaceType) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (InterfaceType) String ¶
func (it InterfaceType) String() string
type NetworkAlert ¶
type NetworkAlert uint8
NetworkAlert - Network alert ID
const ( // NoProfileAlert - This alert indicates that no profile was found to check the traffic against NoProfileAlert NetworkAlert = 1 << 0 // NoDefaultActionAlert - This alert indicates that no default action was provided for the profile NoDefaultActionAlert NetworkAlert = 1 << 1 // L3Alert - This alert indicates that the profile doesn't allow the detected L3 traffic L3Alert NetworkAlert = 1 << 2 // L4Alert - This alert indicates that the profile doesn't allow the detected L4 traffic L4Alert NetworkAlert = 1 << 3 // L7Alert - This alert indicates that the profile doesn't allow the detected L7 traffic L7Alert NetworkAlert = 1 << 4 // CIDRAlert - This alert indicates that the profile doesn't allow the detected IP source / dest CIDRAlert NetworkAlert = 1 << 5 // DNSAlert - This alert indicates that the profile doesn't allow the detected DNS domain DNSAlert NetworkAlert = 1 << 6 // ARPSpoofingAlert - This alert indicates that an ARP spoofing attempt was detected ARPSpoofingAlert NetworkAlert = 1 << 7 )
func (NetworkAlert) MarshalJSON ¶
func (alert NetworkAlert) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (NetworkAlert) String ¶
func (alert NetworkAlert) String() string
type NetworkProtocol ¶
type NetworkProtocol uint16
NetworkProtocol - Network protocols
const ( // EthPLOOP - Ethernet Loopback packet EthPLOOP NetworkProtocol = 0x0060 // EthPPUP - Xerox PUP packet EthPPUP NetworkProtocol = 0x0200 // EthPPUPAT - Xerox PUP Addr Trans packet EthPPUPAT NetworkProtocol = 0x0201 // EthPTSN - TSN (IEEE 1722) packet EthPTSN NetworkProtocol = 0x22F0 // EthPIP - Internet Protocol packet EthPIP NetworkProtocol = 0x0800 // EthPX25 - CCITT X.25 EthPX25 NetworkProtocol = 0x0805 // EthPARP - Address Resolution packet EthPARP NetworkProtocol = 0x0806 // EthPBPQ - G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] EthPBPQ NetworkProtocol = 0x08FF // EthPIEEEPUP - Xerox IEEE802.3 PUP packet EthPIEEEPUP NetworkProtocol = 0x0a00 // EthPIEEEPUPAT - Xerox IEEE802.3 PUP Addr Trans packet EthPIEEEPUPAT NetworkProtocol = 0x0a01 // EthPBATMAN - B.A.T.M.A.N.-Advanced packet [ NOT AN OFFICIALLY REGISTERED ID ] EthPBATMAN NetworkProtocol = 0x4305 // EthPDEC - DEC Assigned proto EthPDEC NetworkProtocol = 0x6000 // EthPDNADL - DEC DNA Dump/Load EthPDNADL NetworkProtocol = 0x6001 // EthPDNARC - DEC DNA Remote Console EthPDNARC NetworkProtocol = 0x6002 // EthPDNART - DEC DNA Routing EthPDNART NetworkProtocol = 0x6003 // EthPLAT - DEC LAT EthPLAT NetworkProtocol = 0x6004 // EthPDIAG - DEC Diagnostics EthPDIAG NetworkProtocol = 0x6005 // EthPCUST - DEC Customer use EthPCUST NetworkProtocol = 0x6006 // EthPSCA - DEC Systems Comms Arch EthPSCA NetworkProtocol = 0x6007 // EthPTEB - Trans Ether Bridging EthPTEB NetworkProtocol = 0x6558 // EthPRARP - Reverse Addr Res packet EthPRARP NetworkProtocol = 0x8035 // EthPATALK - Appletalk DDP EthPATALK NetworkProtocol = 0x809B // EthPAARP - Appletalk AARP EthPAARP NetworkProtocol = 0x80F3 // EthP8021Q - 802.1Q VLAN Extended Header EthP8021Q NetworkProtocol = 0x8100 // EthPERSPAN - ERSPAN type II EthPERSPAN NetworkProtocol = 0x88BE // EthPIPX - IPX over DIX EthPIPX NetworkProtocol = 0x8137 // EthPIPV6 - IPv6 over bluebook EthPIPV6 NetworkProtocol = 0x86DD // EthPPAUSE - IEEE Pause frames. See 802.3 31B EthPPAUSE NetworkProtocol = 0x8808 // EthPSLOW - Slow Protocol. See 802.3ad 43B EthPSLOW NetworkProtocol = 0x8809 // EthPWCCP - Web-cache coordination protocol defined in draft-wilson-wrec-wccp-v2-00.txt EthPWCCP NetworkProtocol = 0x883E // EthPMPLSUC - MPLS Unicast traffic EthPMPLSUC NetworkProtocol = 0x8847 // EthPMPLSMC - MPLS Multicast traffic EthPMPLSMC NetworkProtocol = 0x8848 // EthPATMMPOA - MultiProtocol Over ATM EthPATMMPOA NetworkProtocol = 0x884c // EthPPPPDISC - PPPoE discovery messages EthPPPPDISC NetworkProtocol = 0x8863 // EthPPPPSES - PPPoE session messages EthPPPPSES NetworkProtocol = 0x8864 // EthPLinkCTL - HPNA, wlan link local tunnel EthPLinkCTL NetworkProtocol = 0x886c // EthPATMFATE - Frame-based ATM Transport over Ethernet EthPATMFATE NetworkProtocol = 0x8884 // EthPPAE - Port Access Entity (IEEE 802.1X) EthPPAE NetworkProtocol = 0x888E // EthPAOE - ATA over Ethernet EthPAOE NetworkProtocol = 0x88A2 // EthP8021AD - 802.1ad Service VLAN EthP8021AD NetworkProtocol = 0x88A8 // EthP802EX1 - 802.1 Local Experimental 1. EthP802EX1 NetworkProtocol = 0x88B5 // EthPTIPC - TIPC EthPTIPC NetworkProtocol = 0x88CA // EthPMACSEC - 802.1ae MACsec EthPMACSEC NetworkProtocol = 0x88E5 // EthP8021AH - 802.1ah Backbone Service Tag EthP8021AH NetworkProtocol = 0x88E7 // EthPMVRP - 802.1Q MVRP EthPMVRP NetworkProtocol = 0x88F5 // EthP1588 - IEEE 1588 Timesync EthP1588 NetworkProtocol = 0x88F7 // EthPNCSI - NCSI protocol EthPNCSI NetworkProtocol = 0x88F8 // EthPPRP - IEC 62439-3 PRP/HSRv0 EthPPRP NetworkProtocol = 0x88FB // EthPFCOE - Fibre Channel over Ethernet EthPFCOE NetworkProtocol = 0x8906 // EthPIBOE - Infiniband over Ethernet EthPIBOE NetworkProtocol = 0x8915 // EthPTDLS - TDLS EthPTDLS NetworkProtocol = 0x890D // EthPFIP - FCoE Initialization Protocol EthPFIP NetworkProtocol = 0x8914 // EthP80221 - IEEE 802.21 Media Independent Handover Protocol EthP80221 NetworkProtocol = 0x8917 // EthPHSR - IEC 62439-3 HSRv1 EthPHSR NetworkProtocol = 0x892F // EthPNSH - Network Service Header EthPNSH NetworkProtocol = 0x894F // EthPLOOPBACK - Ethernet loopback packet, per IEEE 802.3 EthPLOOPBACK NetworkProtocol = 0x9000 // EthPQINQ1 - deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ1 NetworkProtocol = 0x9100 // EthPQINQ2 - deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ2 NetworkProtocol = 0x9200 // EthPQINQ3 - deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] EthPQINQ3 NetworkProtocol = 0x9300 // EthPEDSA - Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] EthPEDSA NetworkProtocol = 0xDADA // EthPIFE - ForCES inter-FE LFB type EthPIFE NetworkProtocol = 0xED3E // EthPAFIUCV - IBM afiucv [ NOT AN OFFICIALLY REGISTERED ID ] EthPAFIUCV NetworkProtocol = 0xFBFB // EthP8023MIN - If the value in the ethernet type is less than this value then the frame is Ethernet II. Else it is 802.3 EthP8023MIN NetworkProtocol = 0x0600 // EthPIPV6HopByHop - IPv6 Hop by hop option EthPIPV6HopByHop NetworkProtocol = 0x000 // EthP8023 - Dummy type for 802.3 frames EthP8023 NetworkProtocol = 0x0001 // EthPAX25 - Dummy protocol id for AX.25 EthPAX25 NetworkProtocol = 0x0002 // EthPALL - Every packet (be careful!!!) EthPALL NetworkProtocol = 0x0003 // EthP8022 - 802.2 frames EthP8022 NetworkProtocol = 0x0004 // EthPSNAP - Internal only EthPSNAP NetworkProtocol = 0x0005 // EthPDDCMP - DEC DDCMP: Internal only EthPDDCMP NetworkProtocol = 0x0006 // EthPWANPPP - Dummy type for WAN PPP frames*/ EthPWANPPP NetworkProtocol = 0x0007 // EthPPPPMP - Dummy type for PPP MP frames EthPPPPMP NetworkProtocol = 0x0008 // EthPLOCALTALK - Localtalk pseudo type EthPLOCALTALK NetworkProtocol = 0x0009 // EthPCAN - CAN: Controller Area Network EthPCAN NetworkProtocol = 0x000C // EthPCANFD - CANFD: CAN flexible data rate*/ EthPCANFD NetworkProtocol = 0x000D // EthPPPPTALK - Dummy type for Atalk over PPP*/ EthPPPPTALK NetworkProtocol = 0x0010 // EthPTR8022 - 802.2 frames EthPTR8022 NetworkProtocol = 0x0011 // EthPMOBITEX - Mobitex (kaz@cafe.net) EthPMOBITEX NetworkProtocol = 0x0015 // EthPCONTROL - Card specific control frames EthPCONTROL NetworkProtocol = 0x0016 // EthPIRDA - Linux-IrDA EthPIRDA NetworkProtocol = 0x0017 // EthPECONET - Acorn Econet EthPECONET NetworkProtocol = 0x0018 // EthPHDLC - HDLC frames EthPHDLC NetworkProtocol = 0x0019 // EthPARCNET - 1A for ArcNet :-) EthPARCNET NetworkProtocol = 0x001A // EthPDSA - Distributed Switch Arch. EthPDSA NetworkProtocol = 0x001B // EthPTRAILER - Trailer switch tagging EthPTRAILER NetworkProtocol = 0x001C // EthPPHONET - Nokia Phonet frames EthPPHONET NetworkProtocol = 0x00F5 // EthPIEEE802154 - IEEE802.15.4 frame EthPIEEE802154 NetworkProtocol = 0x00F6 // EthPCAIF - ST-Ericsson CAIF protocol EthPCAIF NetworkProtocol = 0x00F7 // EthPXDSA - Multiplexed DSA protocol EthPXDSA NetworkProtocol = 0x00F8 // EthPMAP - Qualcomm multiplexing and aggregation protocol EthPMAP NetworkProtocol = 0x00F9 )
func ProfileInputToNetworkProtocol ¶
func ProfileInputToNetworkProtocol(input string) NetworkProtocol
ProfileInputToNetworkProtocol - Transforms a profile input into a network protocol
func (NetworkProtocol) MarshalJSON ¶
func (np NetworkProtocol) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (NetworkProtocol) String ¶
func (np NetworkProtocol) String() string
type SecurityProfileAction ¶
type SecurityProfileAction uint8
SecurityProfileAction - Security profile action
const ( // Ignore - Any infringement to the profile will be ignored. This is the default. Ignore SecurityProfileAction = 0 // Alert - Any infringement to the profile will trigger an alert. Alert SecurityProfileAction = 1 << 0 // Enforce - Any infringement to the profile will cause traffic to be dropped. Enforce SecurityProfileAction = 1 << 1 // ProfileGeneration - Any infringement to the profile will will be recorded to improve the security profile. ProfileGeneration SecurityProfileAction = 1 << 2 // TraceDNS - Traces any DNS traffic TraceDNS SecurityProfileAction = 1 << 3 )
func (SecurityProfileAction) MarshalJSON ¶
func (action SecurityProfileAction) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (SecurityProfileAction) String ¶
func (action SecurityProfileAction) String() string
type SignalInfo ¶
type SignalInfo int32
SignalInfo - Signal Info
const ( // SIGCHLD - Signal child SIGCHLD SignalInfo = 17 )
type SocketFamily ¶
type SocketFamily int32
SocketFamily - Socket family enum
const ( // AFUnspec - AF Unspecified AFUnspec SocketFamily = 0 // AFUnix - AF Unix AFUnix SocketFamily = 1 // AFLocal - AF Local AFLocal SocketFamily = AFUnix // AFInet - AF Inet AFInet SocketFamily = 2 // AFAX25 - AFAX25 AFAX25 SocketFamily = 3 // AFIPX - AFIPX AFIPX SocketFamily = 4 // AFAPPLETALK - AFAPPLETALK AFAPPLETALK SocketFamily = 5 // AFNetRom - AFNetRom AFNetRom SocketFamily = 6 // AFBridge - AFBridge AFBridge SocketFamily = 7 // AFATMPVC - AFATMPVC AFATMPVC SocketFamily = 8 // AFX25 - AFX25 AFX25 SocketFamily = 9 // AFInet6 - AFInet6 AFInet6 SocketFamily = 10 // AFRose - AFRose AFRose SocketFamily = 11 // AFDECnet - AFDECnet AFDECnet SocketFamily = 12 // AFNetBEUI - AFNetBEUI AFNetBEUI SocketFamily = 13 // AFSecurity - AFSecurity AFSecurity SocketFamily = 14 // AFKey - AFKey AFKey SocketFamily = 15 // AFNetLink - AFNetLink AFNetLink SocketFamily = 16 // AFRoute - AFRoute AFRoute SocketFamily = AFNetLink // AFPacket - AFPacket AFPacket SocketFamily = 17 // AFASH - AFASH AFASH SocketFamily = 18 // AFECONET - AFECONET AFECONET SocketFamily = 19 // AFATMSVC - AFATMSVC AFATMSVC SocketFamily = 20 // AFRDS - AFRDS AFRDS SocketFamily = 21 // AFSNA - AFSNA AFSNA SocketFamily = 22 // AFIRDA - AFIRDA AFIRDA SocketFamily = 23 // AFPPPOX - AFPPPOX AFPPPOX SocketFamily = 24 // AFWanPipe - AFWanPipe AFWanPipe SocketFamily = 25 // AFLLC - AFLLC AFLLC SocketFamily = 26 // AFIB - AFIB AFIB SocketFamily = 27 // AFMPLS - AFMPLS AFMPLS SocketFamily = 28 // AFCAN - AFCAN AFCAN SocketFamily = 29 // AFTIPC - AFTIPC AFTIPC SocketFamily = 30 // AFBluetooth - AFBluetooth AFBluetooth SocketFamily = 31 // AFIUCV - AFIUCV AFIUCV SocketFamily = 32 // AFRXRPC - AFRXRPC AFRXRPC SocketFamily = 33 // AFISDN - AFISDN AFISDN SocketFamily = 34 // AFPHONET - AFPHONET AFPHONET SocketFamily = 35 // AFIEEE802154 - AFIEEE802154 AFIEEE802154 SocketFamily = 36 // AFCAIF - AFCAIF AFCAIF SocketFamily = 37 // AFALG - AFALG AFALG SocketFamily = 38 // AFNFC - AFNFC AFNFC SocketFamily = 39 // AFVSOCK - AFVSOCK AFVSOCK SocketFamily = 40 // AFKCM - AFKCM AFKCM SocketFamily = 41 // AFQIPCRTR - AFQIPCRTR AFQIPCRTR SocketFamily = 42 // AFSMC - AFSMC AFSMC SocketFamily = 43 // AFXDP - AFXDP AFXDP SocketFamily = 44 // AFMAX - AFMAX AFMAX SocketFamily = 45 )
func (SocketFamily) MarshalJSON ¶
func (sf SocketFamily) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (SocketFamily) String ¶
func (sf SocketFamily) String() string
SocketFamilyToString - Returns a socket family as its string representation
type TrafficType ¶
type TrafficType uint8
TrafficType - Traffic type
const ( // Egress - Egress traffic type Egress TrafficType = 1 // Ingress TrafficType Ingress TrafficType = 2 )
func (TrafficType) MarshalJSON ¶
func (tt TrafficType) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (TrafficType) String ¶
func (tt TrafficType) String() string
type TransportProtocol ¶
type TransportProtocol uint8
TransportProtocol - Transport protocols
const ( // IPProtoIP - Dummy protocol for TCP IPProtoIP TransportProtocol = 0 // IPProtoICMP - Internet Control Message Protocol (IPv4) IPProtoICMP TransportProtocol = 1 // IPProtoIGMP - Internet Group Management Protocol IPProtoIGMP TransportProtocol = 2 // IPProtoIPIP - IPIP tunnels (older KA9Q tunnels use 94) IPProtoIPIP TransportProtocol = 4 // IPProtoTCP - Transmission Control Protocol IPProtoTCP TransportProtocol = 6 // IPProtoEGP - Exterior Gateway Protocol IPProtoEGP TransportProtocol = 8 // IPProtoIGP - Interior Gateway Protocol (any private interior gateway (used by Cisco for their IGRP)) IPProtoIGP TransportProtocol = 9 // IPProtoPUP - PUP protocol IPProtoPUP TransportProtocol = 12 // IPProtoUDP - User Datagram Protocol IPProtoUDP TransportProtocol = 17 // IPProtoIDP - XNS IDP protocol IPProtoIDP TransportProtocol = 22 // IPProtoTP - SO Transport Protocol Class 4 IPProtoTP TransportProtocol = 29 // IPProtoDCCP - Datagram Congestion Control Protocol IPProtoDCCP TransportProtocol = 33 // IPProtoIPV6 - IPv6-in-IPv4 tunnelling IPProtoIPV6 TransportProtocol = 41 // IPProtoRSVP - RSVP Protocol IPProtoRSVP TransportProtocol = 46 // IPProtoGRE - Cisco GRE tunnels (rfc 1701,1702) IPProtoGRE TransportProtocol = 47 // IPProtoESP - Encapsulation Security Payload protocol IPProtoESP TransportProtocol = 50 // IPProtoAH - Authentication Header protocol IPProtoAH TransportProtocol = 51 // IPProtoICMPV6 - Internet Control Message Protocol (IPv6) IPProtoICMPV6 TransportProtocol = 58 // IPProtoMTP - Multicast Transport Protocol IPProtoMTP TransportProtocol = 92 // IPProtoBEETPH - IP option pseudo header for BEET IPProtoBEETPH TransportProtocol = 94 // IPProtoENCAP - Encapsulation Header IPProtoENCAP TransportProtocol = 98 // IPProtoPIM - Protocol Independent Multicast IPProtoPIM TransportProtocol = 103 // IPProtoCOMP - Compression Header Protocol IPProtoCOMP TransportProtocol = 108 // IPProtoSCTP - Stream Control Transport Protocol IPProtoSCTP TransportProtocol = 132 // IPProtoUDPLITE - UDP-Lite (RFC 3828) IPProtoUDPLITE TransportProtocol = 136 // IPProtoMPLS - MPLS in IP (RFC 4023) IPProtoMPLS TransportProtocol = 137 // IPProtoRAW - Raw IP packets IPProtoRAW TransportProtocol = 255 )
func ProfileInputToTransportProtocol ¶
func ProfileInputToTransportProtocol(input string) TransportProtocol
ProfileInputToTransportProtocol - Transforms a profile input into a transport protocol
func (TransportProtocol) MarshalJSON ¶
func (tp TransportProtocol) MarshalJSON() ([]byte, error)
MarshalJSON - Marshal interface implementation
func (TransportProtocol) String ¶
func (tp TransportProtocol) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.