learn

package
v0.18.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 29, 2021 License: Apache-2.0 Imports: 45 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// The fallback to trying compression algorithms is more exprensive because there doesn't seem to be a
	// good way of interrogating the algorithms about whether the stream is OK. So we limit the amount of
	// data is may consume or produce.
	MaxFallbackInput  = 1 * 1024 * 1024
	MaxFallbackOutput = 10 * 1024 * 1024

	// This is used for non-JSON and non-YAML types where there is no point in reading more
	// than a little bit anyway.
	MaxBufferedBody = 5 * 1024 * 1024
)

Variables

This section is empty.

Functions

func CollectWitnesses

func CollectWitnesses(stop <-chan struct{}, intf, bpfFilter string, proc WitnessProcessor, harOpts *HAROptions) error

Starts collecting witnesses and blocks until stop is closed. Closes proc upon return.

func CollectWitnessesFromChannel

func CollectWitnessesFromChannel(parsedChan <-chan akinet.ParsedNetworkTraffic, proc WitnessProcessor) error

func MergeWitness

func MergeWitness(dst, src *pb.Witness)

func ToWitnessID

func ToWitnessID(streamID uuid.UUID, seq int) akid.WitnessID

Generates a v5 UUID as witness ID based on stream ID and seq.

func UnassignedHTTPID added in v0.13.0

func UnassignedHTTPID() *pb.MethodID

These need to be constructors, rather than a global var that's reused, so that there is not a race condition when marshaling to protobufs that share them. (The race condition actually manifested in obfuscate().)

func UnknownHTTPMethodMeta added in v0.13.0

func UnknownHTTPMethodMeta() *pb.MethodMeta

func ValidLuhn

func ValidLuhn(number string) bool

code adopted from https://github.com/ShiraazMoollatjie/goluhn

Types

type HAROptions

type HAROptions struct {
	SampleRate float64
	OutDir     string
}

type KGXReportError

type KGXReportError struct {
	// contains filtered or unexported fields
}

func (KGXReportError) Error

func (e KGXReportError) Error() string

type KGXWitnessProcessor

type KGXWitnessProcessor struct {
	// contains filtered or unexported fields
}

implements witnessProcessor

func NewKGXWitnessProcessor

func NewKGXWitnessProcessor(lrn akid.LearnSessionID, client rest.LearnClient, bufferSize int, flushDuration time.Duration, dir kgxapi.NetworkDirection) *KGXWitnessProcessor

func (*KGXWitnessProcessor) Close

func (w *KGXWitnessProcessor) Close()

func (*KGXWitnessProcessor) ProcessWitness

func (w *KGXWitnessProcessor) ProcessWitness(r *witnessResult) error

func (*KGXWitnessProcessor) SetWitnessTags

func (w *KGXWitnessProcessor) SetWitnessTags(tags map[tags.Key]string)

Sets the tags for all witnesses going forward.

type ParseAPISpecError

type ParseAPISpecError string

func (ParseAPISpecError) Error

func (pase ParseAPISpecError) Error() string

type PartialWitness

type PartialWitness struct {
	Witness *pb.Witness

	// Key used to pair this PartialWitness up with its counterpart.
	PairKey akid.WitnessID
}

A partial witness is a witness that only includes the argument or response. It represents a raw observation from a TCP flow and should be paired up with the corresponding observation from the opposite flow in the same TCP stream.

type PartialWitnessParser

type PartialWitnessParser func(akinet.ParsedNetworkContent) (*PartialWitness, error)

type SensitiveDataMatcher

type SensitiveDataMatcher func(string) bool

This can be applied to any field (cookies, query strings, etc).

func CombineMatchers

func CombineMatchers(matchers []SensitiveDataMatcher) SensitiveDataMatcher

Utility to consolidate matching and generate Akita Spec Annotation structure if a sensitive data match is found.

type WitnessProcessor

type WitnessProcessor interface {
	ProcessWitness(*witnessResult) error

	// Implementations must complete all witnesses sent to ProcessWitness before
	// returning.
	Close()
}

Responsible for processing witnesses collected by the broker.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL