ruleset

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2024 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Action

type Action int
const (
	// ActionMaybe indicates that the ruleset hasn't seen anything worth blocking based on
	// current information, but that may change if volatile fields change in the future.
	ActionMaybe Action = iota
	// ActionAllow indicates that the stream should be allowed regardless of future changes.
	ActionAllow
	// ActionBlock indicates that the stream should be blocked.
	ActionBlock
	// ActionDrop indicates that the current packet should be dropped,
	// but the stream should be allowed to continue.
	// Only valid for UDP streams. Equivalent to ActionBlock for TCP streams.
	ActionDrop
	// ActionModify indicates that the current packet should be modified,
	// and the stream should be allowed to continue.
	// Only valid for UDP streams. Equivalent to ActionMaybe for TCP streams.
	ActionModify
)

func (Action) String

func (a Action) String() string

type BuiltinConfig added in v0.0.5

type BuiltinConfig struct {
	GeoSiteFilename string
	GeoIpFilename   string
}

type ExprRule

type ExprRule struct {
	Name     string        `yaml:"name"`
	Action   string        `yaml:"action"`
	Modifier ModifierEntry `yaml:"modifier"`
	Expr     string        `yaml:"expr"`
}

ExprRule is the external representation of an expression rule.

func ExprRulesFromYAML

func ExprRulesFromYAML(file string) ([]ExprRule, error)

type MatchResult

type MatchResult struct {
	Action      Action
	ModInstance modifier.Instance
}

type ModifierEntry

type ModifierEntry struct {
	Name string                 `yaml:"name"`
	Args map[string]interface{} `yaml:"args"`
}

type Protocol

type Protocol int
const (
	ProtocolTCP Protocol = iota
	ProtocolUDP
)

func (Protocol) String

func (p Protocol) String() string

type Ruleset

type Ruleset interface {
	// Analyzers returns the list of analyzers to use for a stream.
	// It must be safe for concurrent use by multiple workers.
	Analyzers(StreamInfo) []analyzer.Analyzer
	// Match matches a stream against the ruleset and returns the result.
	// It must be safe for concurrent use by multiple workers.
	Match(StreamInfo) (MatchResult, error)
}

func CompileExprRules

func CompileExprRules(rules []ExprRule, ans []analyzer.Analyzer, mods []modifier.Modifier, config *BuiltinConfig) (Ruleset, error)

CompileExprRules compiles a list of expression rules into a ruleset. It returns an error if any of the rules are invalid, or if any of the analyzers used by the rules are unknown (not provided in the analyzer list).

type StreamInfo

type StreamInfo struct {
	ID               int64
	Protocol         Protocol
	SrcIP, DstIP     net.IP
	SrcPort, DstPort uint16
	Props            analyzer.CombinedPropMap
}

func (StreamInfo) DstString

func (i StreamInfo) DstString() string

func (StreamInfo) SrcString

func (i StreamInfo) SrcString() string

Directories

Path Synopsis
geo

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL