Documentation ¶
Index ¶
- Variables
- type Packet
- type PortsConfig
- type Protocol
- type ProtocolData
- type ProtocolPlugin
- type Protocols
- type ProtocolsStruct
- func (protocols ProtocolsStruct) BpfFilter(with_vlans bool) string
- func (protocols ProtocolsStruct) GetAll() map[Protocol]ProtocolPlugin
- func (protocols ProtocolsStruct) GetAllTcp() map[Protocol]TcpProtocolPlugin
- func (protocols ProtocolsStruct) GetAllUdp() map[Protocol]UdpProtocolPlugin
- func (protocols ProtocolsStruct) GetTcp(proto Protocol) TcpProtocolPlugin
- func (protocols ProtocolsStruct) GetUdp(proto Protocol) UdpProtocolPlugin
- func (protos ProtocolsStruct) Register(proto Protocol, plugin ProtocolPlugin)
- type TcpProtocolPlugin
- type UdpProtocolPlugin
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInvalidPort = errors.New("port number out of range")
View Source
var ProtocolNames = []string{
"unknown",
"http",
"mysql",
"redis",
"pgsql",
"thrift",
"mongodb",
"dns",
"memcache",
}
Protocol names
Functions ¶
This section is empty.
Types ¶
type PortsConfig ¶ added in v1.0.0
type PortsConfig struct {
Ports []int
}
Protocol Plugin Port configuration with validation on init
func (*PortsConfig) Init ¶ added in v1.0.0
func (p *PortsConfig) Init(ports ...int) error
func (*PortsConfig) Set ¶ added in v1.0.0
func (p *PortsConfig) Set(ports []int) error
type Protocol ¶
type Protocol uint16
Protocol identifier.
type ProtocolData ¶
type ProtocolData interface{}
ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.
type ProtocolPlugin ¶
type ProtocolPlugin interface { // Called to initialize the Plugin Init(test_mode bool, results chan common.MapStr) error // Called to return the configured ports GetPorts() []int }
Functions to be exported by a protocol plugin
type Protocols ¶
type Protocols interface { BpfFilter(with_vlans bool) string GetTcp(proto Protocol) TcpProtocolPlugin GetUdp(proto Protocol) UdpProtocolPlugin GetAll() map[Protocol]ProtocolPlugin GetAllTcp() map[Protocol]TcpProtocolPlugin GetAllUdp() map[Protocol]UdpProtocolPlugin Register(proto Protocol, plugin ProtocolPlugin) }
type ProtocolsStruct ¶ added in v1.0.0
type ProtocolsStruct struct {
// contains filtered or unexported fields
}
list of protocol plugins
var Protos ProtocolsStruct
Singleton of Protocols type.
func (ProtocolsStruct) BpfFilter ¶ added in v1.0.0
func (protocols ProtocolsStruct) BpfFilter(with_vlans bool) string
BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets
func (ProtocolsStruct) GetAll ¶ added in v1.0.0
func (protocols ProtocolsStruct) GetAll() map[Protocol]ProtocolPlugin
func (ProtocolsStruct) GetAllTcp ¶ added in v1.0.0
func (protocols ProtocolsStruct) GetAllTcp() map[Protocol]TcpProtocolPlugin
func (ProtocolsStruct) GetAllUdp ¶ added in v1.0.0
func (protocols ProtocolsStruct) GetAllUdp() map[Protocol]UdpProtocolPlugin
func (ProtocolsStruct) GetTcp ¶ added in v1.0.0
func (protocols ProtocolsStruct) GetTcp(proto Protocol) TcpProtocolPlugin
func (ProtocolsStruct) GetUdp ¶ added in v1.0.0
func (protocols ProtocolsStruct) GetUdp(proto Protocol) UdpProtocolPlugin
func (ProtocolsStruct) Register ¶ added in v1.0.0
func (protos ProtocolsStruct) Register(proto Protocol, plugin ProtocolPlugin)
type TcpProtocolPlugin ¶ added in v1.0.0
type TcpProtocolPlugin interface { ProtocolPlugin // Called when TCP payload data is available for parsing. Parse(pkt *Packet, tcptuple *common.TcpTuple, dir uint8, private ProtocolData) ProtocolData // Called when the FIN flag is seen in the TCP stream. ReceivedFin(tcptuple *common.TcpTuple, dir uint8, private ProtocolData) ProtocolData // Called when a packets are missing from the tcp // stream. GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int, private ProtocolData) (priv ProtocolData, drop bool) }
type UdpProtocolPlugin ¶ added in v1.0.0
type UdpProtocolPlugin interface { ProtocolPlugin // ParseUdp is invoked when UDP payload data is available for parsing. ParseUdp(pkt *Packet) }
Directories ¶
Path | Synopsis |
---|---|
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
|
The applayer module provides common definitions with common fields for use with application layer protocols among beats. |
This file contains the name mapping data used to convert various DNS IDs to their string values.
|
This file contains the name mapping data used to convert various DNS IDs to their string values. |
Click to show internal directories.
Click to hide internal directories.