Documentation ¶
Index ¶
- func CollectWitnesses(stop <-chan struct{}, intf, bpfFilter string, proc WitnessProcessor, ...) error
- func CollectWitnessesFromChannel(parsedChan <-chan akinet.ParsedNetworkTraffic, proc WitnessProcessor) error
- func MergeWitness(dst, src *pb.Witness)
- func ToWitnessID(streamID uuid.UUID, seq int) akid.WitnessID
- func ValidLuhn(number string) bool
- type HAROptions
- type KGXReportError
- type KGXWitnessProcessor
- type ParseAPISpecError
- type PartialWitness
- type PartialWitnessParser
- type SensitiveDataMatcher
- type WitnessProcessor
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CollectWitnesses ¶
func CollectWitnesses(stop <-chan struct{}, intf, bpfFilter string, proc WitnessProcessor, harOpts *HAROptions) error
Starts collecting witnesses and blocks until stop is closed. Closes proc upon return.
func CollectWitnessesFromChannel ¶
func CollectWitnessesFromChannel(parsedChan <-chan akinet.ParsedNetworkTraffic, proc WitnessProcessor) error
func MergeWitness ¶
func ToWitnessID ¶
Generates a v5 UUID as witness ID based on stream ID and seq.
func ValidLuhn ¶
code adopted from https://github.com/ShiraazMoollatjie/goluhn
Types ¶
type HAROptions ¶
type KGXReportError ¶
type KGXReportError struct {
// contains filtered or unexported fields
}
func (KGXReportError) Error ¶
func (e KGXReportError) Error() string
type KGXWitnessProcessor ¶
type KGXWitnessProcessor struct {
// contains filtered or unexported fields
}
implements witnessProcessor
func NewKGXWitnessProcessor ¶
func NewKGXWitnessProcessor(lrn akid.LearnSessionID, client rest.LearnClient, bufferSize int, flushDuration time.Duration, dir kgxapi.NetworkDirection) *KGXWitnessProcessor
func (*KGXWitnessProcessor) Close ¶
func (w *KGXWitnessProcessor) Close()
func (*KGXWitnessProcessor) ProcessWitness ¶
func (w *KGXWitnessProcessor) ProcessWitness(r *witnessResult) error
func (*KGXWitnessProcessor) SetWitnessTags ¶
func (w *KGXWitnessProcessor) SetWitnessTags(tags map[string]string)
Sets the tags for all witnesses going forward.
type ParseAPISpecError ¶
type ParseAPISpecError string
func (ParseAPISpecError) Error ¶
func (pase ParseAPISpecError) Error() string
type PartialWitness ¶
type PartialWitness struct { Witness *pb.Witness // Key used to pair this PartialWitness up with its counterpart. PairKey akid.WitnessID }
A partial witness is a witness that only includes the argument or response. It represents a raw observation from a TCP flow and should be paired up with the corresponding observation from the opposite flow in the same TCP stream.
func ParseHTTP ¶
func ParseHTTP(elem akinet.ParsedNetworkContent) (*PartialWitness, error)
type PartialWitnessParser ¶
type PartialWitnessParser func(akinet.ParsedNetworkContent) (*PartialWitness, error)
type SensitiveDataMatcher ¶
This can be applied to any field (cookies, query strings, etc).
func CombineMatchers ¶
func CombineMatchers(matchers []SensitiveDataMatcher) SensitiveDataMatcher
Utility to consolidate matching and generate Akita Spec Annotation structure if a sensitive data match is found.
type WitnessProcessor ¶
type WitnessProcessor interface { ProcessWitness(*witnessResult) error // Implementations must complete all witnesses sent to ProcessWitness before // returning. Close() }
Responsible for processing witnesses collected by the broker.