applayer

package
v2.8.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 11, 2020 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package applayer provides common definitions with common fields for use with application layer protocols among beats.

Index

Constants

This section is empty.

Variables

View Source
var ErrStreamTooLarge = errors.New("Stream data too large")

Error code if stream exceeds max allowed size on Append.

Functions

This section is empty.

Types

type Message

type Message struct {
	Ts           time.Time
	Tuple        common.IPPortTuple
	Transport    Transport
	CmdlineTuple *common.CmdlineTuple
	Direction    NetDirection
	IsRequest    bool
	Size         uint64
	Notes        []string
}

Message defines common application layer message fields. Some of these fields are required to initialize a Transaction (see (*Transaction).InitWithMsg).

func (*Message) AddNotes

func (m *Message) AddNotes(n ...string)

AddNotes appends some notes to a message.

type NetDirection

type NetDirection uint8

A Message its direction indicator

const (
	// Message due to a response by server
	NetReverseDirection NetDirection = 0

	// Message was send by client
	NetOriginalDirection NetDirection = 1
)

type Stream

type Stream struct {
	// Buf provides the buffering with parsing support
	Buf streambuf.Buffer

	// MaxDataInStream sets the maximum number of bytes held in buffer.
	// If limit is reached append function will return an error.
	MaxDataInStream int
}

A Stream provides buffering data if stream based protocol is used. Use Init to initialize a stream with en empty buffer and buffering limit. A Stream its zero value is a valid unlimited stream buffer.

func (*Stream) Append

func (stream *Stream) Append(data []byte) error

Append adds data to the Stream its buffer. If internal buffer is nil, data will be retained as is. Use Write if you don't intend to retain the buffer in the stream.

func (*Stream) Init

func (stream *Stream) Init(maxDataInStream int)

Init initializes a stream with an empty buffer and max size. Calling Init twice will fully re-initialize the buffer, such that calling Init before putting the stream in some object pool, no memory will be leaked.

func (*Stream) Reset

func (stream *Stream) Reset()

Reset will remove all bytes already read from the buffer.

func (*Stream) Write

func (stream *Stream) Write(data []byte) (int, error)

Write copies data to the Stream its buffer. The data slice will not be retained by the buffer.

type Transaction

type Transaction struct {
	// Type is the name of the application layer protocol transaction be represented.
	Type string

	// Transaction source and destination IPs and Ports.
	Tuple common.IPPortTuple

	// Transport layer type
	Transport Transport

	// Src describes the transaction source/initiator endpoint
	Src common.Endpoint

	// Dst describes the transaction destination endpoint
	Dst common.Endpoint

	// Ts sets the transaction its initial timestamp
	Ts TransactionTimestamp

	// ResponseTime is the transaction duration in milliseconds. Should be set
	// to -1 if duration is unknown
	ResponseTime int32

	// Status of final transaction
	Status string // see libbeat/common/statuses.go

	// Notes holds a list of interesting events and errors encountered when
	// processing the transaction
	Notes []string

	// BytesIn is the number of bytes returned by destination endpoint
	BytesIn uint64

	// BytesOut is the number of bytes send by source endpoint to destination endpoint
	BytesOut uint64
}

A Transaction defines common fields for all application layer protocols.

func (*Transaction) Event

func (t *Transaction) Event(event *beat.Event) error

Event fills common event fields.

func (*Transaction) Init

func (t *Transaction) Init(
	typ string,
	tuple common.IPPortTuple,
	transport Transport,
	direction NetDirection,
	time time.Time,
	cmdline *common.CmdlineTuple,
	notes []string,
)

Init initializes some common fields. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.

func (*Transaction) InitWithMsg

func (t *Transaction) InitWithMsg(
	typ string,
	msg *Message,
)

InitWithMsg initializes some common fields from a Message. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.

type TransactionTimestamp

type TransactionTimestamp struct {
	Millis int64
	Ts     time.Time
}

TransactionTimestamp defines a transaction its initial timestamps as unix timestamp in milliseconds and time.Time struct.

type Transport

type Transport uint8

Transport type indicator. One of TransportUdp or TransportTcp

const (
	TransportUDP Transport = iota
	TransportTCP
)

func (Transport) String

func (t Transport) String() string

String returns the transport type its textual representation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL