protos

package
v2.8.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultTransactionHashSize                 = 2 ^ 16
	DefaultTransactionExpiration time.Duration = 10 * time.Second
)

Variables

View Source
var ErrInvalidPort = errors.New("port number out of range")
View Source
var Protos = ProtocolsStruct{
	// contains filtered or unexported fields
}

Singleton of Protocols type.

Functions

func Register

func Register(name string, plugin ProtocolPlugin)

Types

type ExpirationAwareTCPPlugin

type ExpirationAwareTCPPlugin interface {
	TCPPlugin

	// Expired is called when the TCP stream is expired due to connection timeout.
	Expired(tuple *common.TCPTuple, private ProtocolData)
}

ExpirationAwareTCPPlugin is a TCPPlugin that also provides the Expired() method. No need to use this type directly, just implement the method.

type Packet

type Packet struct {
	Ts      time.Time
	Tuple   common.IPPortTuple
	Payload []byte
}

type Plugin

type Plugin interface {
	// Called to return the configured ports
	GetPorts() []int
}

Functions to be exported by a protocol plugin

type PortsConfig

type PortsConfig struct {
	Ports []int
}

Protocol Plugin Port configuration with validation on init

func (*PortsConfig) Init

func (p *PortsConfig) Init(ports ...int) error

func (*PortsConfig) Set

func (p *PortsConfig) Set(ports []int) error

type Protocol

type Protocol uint16

Protocol identifier.

const (
	UnknownProtocol Protocol = iota
)

Protocol constants.

func Lookup

func Lookup(name string) Protocol

func (Protocol) String

func (p Protocol) String() string

type ProtocolData

type ProtocolData interface{}

ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.

type ProtocolPlugin

type ProtocolPlugin func(
	testMode bool,
	results Reporter,
	cfg *common.Config,
) (Plugin, error)

type Protocols

type Protocols interface {
	BpfFilter(withVlans bool, withICMP bool) string
	GetTCP(proto Protocol) TCPPlugin
	GetUDP(proto Protocol) UDPPlugin

	GetAllTCP() map[Protocol]TCPPlugin
	GetAllUDP() map[Protocol]UDPPlugin
}

type ProtocolsStruct

type ProtocolsStruct struct {
	// contains filtered or unexported fields
}

list of protocol plugins

func (ProtocolsStruct) BpfFilter

func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string

BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets

func (ProtocolsStruct) GetAllTCP

func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin

func (ProtocolsStruct) GetAllUDP

func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin

func (ProtocolsStruct) GetTCP

func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin

func (ProtocolsStruct) GetUDP

func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin

func (ProtocolsStruct) Init

func (s ProtocolsStruct) Init(
	testMode bool,
	pub reporterFactory,
	configs map[string]*common.Config,
	listConfigs []*common.Config,
) error

type Reporter

type Reporter func(beat.Event)

Reporter is used by plugin instances to report new transaction events.

type TCPPlugin

type TCPPlugin interface {
	Plugin

	// Called when TCP payload data is available for parsing.
	Parse(pkt *Packet, tcptuple *common.TCPTuple,
		dir uint8, private ProtocolData) ProtocolData

	// Called when the FIN flag is seen in the TCP stream.
	ReceivedFin(tcptuple *common.TCPTuple, dir uint8,
		private ProtocolData) ProtocolData

	// Called when a packets are missing from the tcp
	// stream.
	GapInStream(tcptuple *common.TCPTuple, dir uint8, nbytes int,
		private ProtocolData) (priv ProtocolData, drop bool)

	// ConnectionTimeout returns the per stream connection timeout.
	// Return <=0 to set default tcp module transaction timeout.
	ConnectionTimeout() time.Duration
}

type UDPPlugin

type UDPPlugin interface {
	Plugin

	// ParseUDP is invoked when UDP payload data is available for parsing.
	ParseUDP(pkt *Packet)
}

Directories

Path Synopsis
Package applayer provides common definitions with common fields for use with application layer protocols among beats.
Package applayer provides common definitions with common fields for use with application layer protocols among beats.
Package dns provides support for parsing DNS messages and reporting the results.
Package dns provides support for parsing DNS messages and reporting the results.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL