Documentation ¶
Index ¶
- Constants
- Variables
- func Register(name string, plugin ProtocolPlugin)
- type ExpirationAwareTCPPlugin
- type Packet
- type Plugin
- type PortsConfig
- type Protocol
- type ProtocolData
- type ProtocolPlugin
- type Protocols
- type ProtocolsStruct
- func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string
- func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin
- func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin
- func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin
- func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin
- func (s ProtocolsStruct) Init(testMode bool, pub reporterFactory, configs map[string]*common.Config, ...) error
- type Reporter
- type TCPPlugin
- type UDPPlugin
Constants ¶
View Source
const ( DefaultTransactionHashSize = 2 ^ 16 DefaultTransactionExpiration time.Duration = 10 * time.Second )
Variables ¶
View Source
var ErrInvalidPort = errors.New("port number out of range")
View Source
var Protos = ProtocolsStruct{ // contains filtered or unexported fields }
Singleton of Protocols type.
Functions ¶
func Register ¶
func Register(name string, plugin ProtocolPlugin)
Types ¶
type ExpirationAwareTCPPlugin ¶
type ExpirationAwareTCPPlugin interface { TCPPlugin // Expired is called when the TCP stream is expired due to connection timeout. Expired(tuple *common.TCPTuple, private ProtocolData) }
ExpirationAwareTCPPlugin is a TCPPlugin that also provides the Expired() method. No need to use this type directly, just implement the method.
type Plugin ¶
type Plugin interface { // Called to return the configured ports GetPorts() []int }
Functions to be exported by a protocol plugin
type PortsConfig ¶
type PortsConfig struct {
Ports []int
}
Protocol Plugin Port configuration with validation on init
func (*PortsConfig) Init ¶
func (p *PortsConfig) Init(ports ...int) error
func (*PortsConfig) Set ¶
func (p *PortsConfig) Set(ports []int) error
type ProtocolData ¶
type ProtocolData interface{}
ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.
type ProtocolPlugin ¶
type ProtocolsStruct ¶
type ProtocolsStruct struct {
// contains filtered or unexported fields
}
list of protocol plugins
func (ProtocolsStruct) BpfFilter ¶
func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string
BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets
func (ProtocolsStruct) GetAllTCP ¶
func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin
func (ProtocolsStruct) GetAllUDP ¶
func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin
func (ProtocolsStruct) GetTCP ¶
func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin
func (ProtocolsStruct) GetUDP ¶
func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin
type TCPPlugin ¶
type TCPPlugin interface { Plugin // Called when TCP payload data is available for parsing. Parse(pkt *Packet, tcptuple *common.TCPTuple, dir uint8, private ProtocolData) ProtocolData // Called when the FIN flag is seen in the TCP stream. ReceivedFin(tcptuple *common.TCPTuple, dir uint8, private ProtocolData) ProtocolData // Called when a packets are missing from the tcp // stream. GapInStream(tcptuple *common.TCPTuple, dir uint8, nbytes int, private ProtocolData) (priv ProtocolData, drop bool) // ConnectionTimeout returns the per stream connection timeout. // Return <=0 to set default tcp module transaction timeout. ConnectionTimeout() time.Duration }
Directories ¶
Path | Synopsis |
---|---|
Package applayer provides common definitions with common fields for use with application layer protocols among beats.
|
Package applayer provides common definitions with common fields for use with application layer protocols among beats. |
Package dns provides support for parsing DNS messages and reporting the results.
|
Package dns provides support for parsing DNS messages and reporting the results. |
Click to show internal directories.
Click to hide internal directories.