Documentation
¶
Index ¶
- Constants
- Variables
- func DecodePayload(dm *DnsMessage, header *DnsHeader, config *Config) error
- func DecodeQuestion(qdcount int, payload []byte) (string, int, int, error)
- func GetIpPort(dm *DnsMessage) (string, int, string, int)
- func IsValidMode(mode string) bool
- func IsValidTLS(mode string) bool
- func OptCodeToString(rcode int) string
- func ParseA(r []byte) (string, error)
- func ParseAAAA(rdata []byte) (string, error)
- func ParseCNAME(rdata_offset int, payload []byte) (string, error)
- func ParseCsubnet(d []byte) (string, error)
- func ParseErrors(d []byte) (string, error)
- func ParseLabels(offset int, payload []byte) (string, int, error)
- func ParseMX(rdata_offset int, payload []byte) (string, error)
- func ParseNS(rdata_offset int, payload []byte) (string, error)
- func ParseOption(optName string, optData []byte) (string, error)
- func ParsePTR(rdata_offset int, payload []byte) (string, error)
- func ParseRdata(rdatatype string, rdata []byte, payload []byte, rdata_offset int) (string, error)
- func ParseSOA(rdata_offset int, payload []byte) (string, error)
- func ParseSRV(rdata_offset int, payload []byte) (string, error)
- func ParseTXT(rdata []byte) (string, error)
- func RcodeToString(rcode int) string
- func RdatatypeToString(rrtype int) string
- func ReloadConfig(configPath string, config *Config) error
- type Config
- type ConfigTransformers
- type Dns
- type DnsAnswer
- type DnsExtended
- type DnsFlags
- type DnsGeo
- type DnsHeader
- type DnsMessage
- type DnsNetInfo
- type DnsOption
- type DnsRRs
- type DnsTap
- type MapTTL
- type MultiplexInOut
- type MultiplexRoutes
- type PowerDns
- type Suspicious
- type Worker
Constants ¶
const ( STR_UNKNOWN = "UNKNOWN" PROG_NAME = "dnscollector" LOCALHOST_IP = "127.0.0.1" ANY_IP = "0.0.0.0" MODE_TEXT = "text" MODE_JSON = "json" MODE_PCAP = "pcap" MODE_DNSTAP = "dnstap" DNS_RCODE_NXDOMAIN = "NXDOMAIN" DNS_RCODE_SERVFAIL = "SERVFAIL" DNSTAP_OPERATION_QUERY = "QUERY" DNSTAP_OPERATION_REPLY = "REPLY" DNSTAP_CLIENT_RESPONSE = "CLIENT_RESPONSE" DNSTAP_CLIENT_QUERY = "CLIENT_QUERY" PROTO_IPV6 = "INET6" PROTO_IPV4 = "INET" PROTO_UDP = "UDP" PROTO_TCP = "TCP" SOCKET_TCP = "tcp" SOCKET_UDP = "udp" SOCKET_UNIX = "unix" TLS_v10 = "1.0" TLS_v11 = "1.1" TLS_v12 = "1.2" TLS_v13 = "1.3" )
const DnsLen = 12
const UNKNOWN = "UNKNOWN"
Variables ¶
var ( Rdatatypes = map[int]string{ 0: "NONE", 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", 21: "RT", 22: "NSAP", 23: "NSAP_PTR", 24: "SIG", 25: "KEY", 26: "PX", 27: "GPOS", 28: "AAAA", 29: "LOC", 30: "NXT", 33: "SRV", 35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6", 39: "DNAME", 41: "OPT", 42: "APL", 43: "DS", 44: "SSHFP", 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", 50: "NSEC3", 51: "NSEC3PARAM", 52: "TSLA", 53: "SMIMEA", 55: "HIP", 56: "NINFO", 59: "CDS", 60: "CDNSKEY", 61: "OPENPGPKEY", 62: "CSYNC", 64: "SVCB", 65: "HTTPS", 99: "SPF", 103: "UNSPEC", 108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG", 251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA", 255: "ANY", 256: "URI", 257: "CAA", 258: "AVC", 259: "AMTRELAY", 32768: "TA", 32769: "DLV", } Rcodes = map[int]string{ 0: "NOERROR", 1: "FORMERR", 2: "SERVFAIL", 3: "NXDOMAIN", 4: "NOIMP", 5: "REFUSED", 6: "YXDOMAIN", 7: "YXRRSET", 8: "NXRRSET", 9: "NOTAUTH", 10: "NOTZONE", 11: "DSOTYPENI", 16: "BADSIG", 17: "BADKEY", 18: "BADTIME", 19: "BADMODE", 20: "BADNAME", 21: "BADALG", 22: "BADTRUNC", 23: "BADCOOKIE", } )
var ( OptCodes = map[int]string{ 3: "NSID", 8: "CSUBNET", 9: "EXPIRE", 10: "COOKIE", 11: "KEEPALIVE", 12: "PADDING", 15: "ERRORS", } ErrorCodeToString = map[int]string{ 0: "Other", 1: "Unsupported DNSKEY Algorithm", 2: "Unsupported DS Digest Type", 3: "Stale Answer", 4: "Forged Answer", 5: "DNSSEC Indeterminate", 6: "DNSSEC Bogus", 7: "Signature Expired", 8: "Signature Not Yet Valid", 9: "DNSKEY Missing", 10: "RRSIGs Missing", 11: "No Zone Key Bit Set", 12: "NSEC Missing", 13: "Cached Error", 14: "Not Ready", 15: "Blocked", 16: "Censored", 17: "Filtered", 18: "Prohibited", 19: "Stale NXDOMAIN Answer", 20: "Not Authoritative", 21: "Not Supported", 22: "No Reachable Authority", 23: "Network Error", 24: "Invalid Data", } )
var ( DnsQuery = "QUERY" DnsReply = "REPLY" )
var ErrDecodeDnsAnswerRdataTooShort = errors.New("malformed pkt, not enough data to decode rdata answer")
var ErrDecodeDnsAnswerTooShort = errors.New("malformed pkt, not enough data to decode answer")
var ErrDecodeDnsHeaderTooShort = errors.New("malformed pkt, dns payload too short to decode header")
var ErrDecodeDnsLabelInvalidData = errors.New("malformed pkt, invalid label length byte")
var ErrDecodeDnsLabelInvalidOffset = errors.New("malformed pkt, invalid offset to decode label")
var ErrDecodeDnsLabelInvalidPointer = errors.New("malformed pkt, label pointer not pointing to prior data")
var ErrDecodeDnsLabelTooLong = errors.New("malformed pkt, label too long")
var ErrDecodeDnsLabelTooShort = errors.New("malformed pkt, dns payload too short to get label")
var ErrDecodeEdnsBadRootDomain = errors.New("edns, name MUST be 0 (root domain)")
var ErrDecodeEdnsDataTooShort = errors.New("edns, not enough data to decode rdata answer")
var ErrDecodeEdnsOptionCsubnetBadFamily = errors.New("edns, csubnet option bad family")
var ErrDecodeEdnsOptionTooShort = errors.New("edns, not enough data to decode option answer")
var ErrDecodeEdnsTooManyOpts = errors.New("edns, packet contained too many OPT RRs")
var ErrDecodeQuestionQtypeTooShort = errors.New("malformed pkt, not enough data to decode qtype")
var ( TLS_VERSION = map[string]uint16{ TLS_v10: tls.VersionTLS10, TLS_v11: tls.VersionTLS11, TLS_v12: tls.VersionTLS12, TLS_v13: tls.VersionTLS13, } )
Functions ¶
func DecodePayload ¶ added in v0.21.0
func DecodePayload(dm *DnsMessage, header *DnsHeader, config *Config) error
decodePayload can be used to decode raw payload data in dm.DNS.Payload into relevant parts of dm.DNS struct. The payload is decoded according to given DNS header. If packet is marked as malformed already, this function returs with no error, but does not process the packet. Error is returned if packet can not be parsed. Returned error wraps the original error returned by relevant decoding operation.
func DecodeQuestion ¶ added in v0.14.0
DNS QUESTION +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / QNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func IsValidMode ¶ added in v0.11.0
func IsValidTLS ¶ added in v0.25.0
func OptCodeToString ¶ added in v0.14.0
func ParseA ¶ added in v0.14.0
IPv4 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseAAAA ¶ added in v0.14.0
IPv6 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | ADDRESS | | | | | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCNAME ¶ added in v0.14.0
CNAME +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCsubnet ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc7871
Extended Csubnet EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| FAMILY |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ADDRESS... /
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseErrors ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc8914
Extended Error EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | INFO-CODE | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / EXTRA-TEXT ... / +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseLabels ¶ added in v0.14.0
func ParseMX ¶ added in v0.14.0
MX +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseNS ¶ added in v0.14.0
NS +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NSDNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseOption ¶ added in v0.14.0
func ParsePTR ¶ added in v0.14.0
PTR +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / PTRDNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseRdata ¶ added in v0.14.0
func ParseSOA ¶ added in v0.14.0
SOA +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / MNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / RNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | SERIAL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | REFRESH | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RETRY | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | EXPIRE | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | MINIMUM | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseSRV ¶ added in v0.14.0
SRV +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRIORITY | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | WEIGHT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PORT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TARGET | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseTXT ¶ added in v0.14.0
TXT +--+--+--+--+--+--+--+--+ | LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func RcodeToString ¶ added in v0.14.0
func RdatatypeToString ¶ added in v0.14.0
func ReloadConfig ¶ added in v0.16.0
Types ¶
type Config ¶
type Config struct {
Global struct {
TextFormat string `yaml:"text-format"`
Trace struct {
Verbose bool `yaml:"verbose"`
LogMalformed bool `yaml:"log-malformed"`
Filename string `yaml:"filename"`
MaxSize int `yaml:"max-size"`
MaxBackups int `yaml:"max-backups"`
} `yaml:"trace"`
ServerIdentity string `yaml:"server-identity"`
} `yaml:"global"`
Collectors struct {
Tail struct {
Enable bool `yaml:"enable"`
TimeLayout string `yaml:"time-layout"`
PatternQuery string `yaml:"pattern-query"`
PatternReply string `yaml:"pattern-reply"`
FilePath string `yaml:"file-path"`
} `yaml:"tail"`
Dnstap struct {
Enable bool `yaml:"enable"`
ListenIP string `yaml:"listen-ip"`
ListenPort int `yaml:"listen-port"`
SockPath string `yaml:"sock-path"`
TlsSupport bool `yaml:"tls-support"`
TlsMinVersion string `yaml:"tls-min-version"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
CacheSupport bool `yaml:"cache-support"`
QueryTimeout int `yaml:"query-timeout"`
QuietText bool `yaml:"quiet-text"`
} `yaml:"dnstap"`
DnstapProxifier struct {
Enable bool `yaml:"enable"`
ListenIP string `yaml:"listen-ip"`
ListenPort int `yaml:"listen-port"`
SockPath string `yaml:"sock-path"`
TlsSupport bool `yaml:"tls-support"`
TlsMinVersion string `yaml:"tls-min-version"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
} `yaml:"dnstap-proxifier"`
LiveCapture struct {
Enable bool `yaml:"enable"`
Port int `yaml:"port"`
Device string `yaml:"device"`
CacheSupport bool `yaml:"cache-support"`
QueryTimeout int `yaml:"query-timeout"`
} `yaml:"sniffer"`
PowerDNS struct {
Enable bool `yaml:"enable"`
ListenIP string `yaml:"listen-ip"`
ListenPort int `yaml:"listen-port"`
QuietText bool `yaml:"quiet-text"`
TlsSupport bool `yaml:"tls-support"`
TlsMinVersion string `yaml:"tls-min-version"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
} `yaml:"powerdns"`
FileIngestor struct {
Enable bool `yaml:"enable"`
WatchDir string `yaml:"watch-dir"`
WatchMode string `yaml:"watch-mode"`
PcapDnsPort int `yaml:"pcap-dns-port"`
DeleteAfter bool `yaml:"delete-after"`
} `yaml:"file-ingestor"`
} `yaml:"collectors"`
IngoingTransformers ConfigTransformers `yaml:"ingoing-transformers"`
Loggers struct {
Stdout struct {
Enable bool `yaml:"enable"`
Mode string `yaml:"mode"`
TextFormat string `yaml:"text-format"`
} `yaml:"stdout"`
Prometheus struct {
Enable bool `yaml:"enable"`
ListenIP string `yaml:"listen-ip"`
ListenPort int `yaml:"listen-port"`
TlsSupport bool `yaml:"tls-support"`
TlsMutual bool `yaml:"tls-mutual"`
TlsMinVersion string `yaml:"tls-min-version"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
PromPrefix string `yaml:"prometheus-prefix"`
TopN int `yaml:"top-n"`
} `yaml:"prometheus"`
RestAPI struct {
Enable bool `yaml:"enable"`
ListenIP string `yaml:"listen-ip"`
ListenPort int `yaml:"listen-port"`
BasicAuthLogin string `yaml:"basic-auth-login"`
BasicAuthPwd string `yaml:"basic-auth-pwd"`
TlsSupport bool `yaml:"tls-support"`
TlsMinVersion string `yaml:"tls-min-version"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
TopN int `yaml:"top-n"`
} `yaml:"restapi"`
LogFile struct {
Enable bool `yaml:"enable"`
FilePath string `yaml:"file-path"`
MaxSize int `yaml:"max-size"`
MaxFiles int `yaml:"max-files"`
FlushInterval int `yaml:"flush-interval"`
Compress bool `yaml:"compress"`
CompressInterval int `yaml:"compress-interval"`
CompressPostCommand string `yaml:"compress-postcommand"`
Mode string `yaml:"mode"`
PostRotateCommand string `yaml:"postrotate-command"`
PostRotateDelete bool `yaml:"postrotate-delete-success"`
TextFormat string `yaml:"text-format"`
} `yaml:"logfile"`
Dnstap struct {
Enable bool `yaml:"enable"`
RemoteAddress string `yaml:"remote-address"`
RemotePort int `yaml:"remote-port"`
SockPath string `yaml:"sock-path"`
RetryInterval int `yaml:"retry-interval"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
ServerId string `yaml:"server-id"`
} `yaml:"dnstap"`
TcpClient struct {
Enable bool `yaml:"enable"`
RemoteAddress string `yaml:"remote-address"`
RemotePort int `yaml:"remote-port"`
SockPath string `yaml:"sock-path"`
RetryInterval int `yaml:"retry-interval"`
Transport string `yaml:"transport"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
Mode string `yaml:"mode"`
TextFormat string `yaml:"text-format"`
Delimiter string `yaml:"delimiter"`
} `yaml:"tcpclient"`
Syslog struct {
Enable bool `yaml:"enable"`
Severity string `yaml:"severity"`
Facility string `yaml:"facility"`
Transport string `yaml:"transport"`
RemoteAddress string `yaml:"remote-address"`
TextFormat string `yaml:"text-format"`
Mode string `yaml:"mode"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
Format string `yaml:"format"`
} `yaml:"syslog"`
Fluentd struct {
Enable bool `yaml:"enable"`
RemoteAddress string `yaml:"remote-address"`
RemotePort int `yaml:"remote-port"`
SockPath string `yaml:"sock-path"`
RetryInterval int `yaml:"retry-interval"`
Transport string `yaml:"transport"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
Tag string `yaml:"tag"`
} `yaml:"fluentd"`
InfluxDB struct {
Enable bool `yaml:"enable"`
ServerURL string `yaml:"server-url"`
AuthToken string `yaml:"auth-token"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
Bucket string `yaml:"bucket"`
Organization string `yaml:"organization"`
} `yaml:"influxdb"`
LokiClient struct {
Enable bool `yaml:"enable"`
ServerURL string `yaml:"server-url"`
JobName string `yaml:"job-name"`
Mode string `yaml:"mode"`
FlushInterval int `yaml:"flush-interval"`
BatchSize int `yaml:"batch-size"`
RetryInterval int `yaml:"retry-interval"`
TextFormat string `yaml:"text-format"`
ProxyURL string `yaml:"proxy-url"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
BasicAuthLogin string `yaml:"basic-auth-login"`
BasicAuthPwd string `yaml:"basic-auth-pwd"`
TenantId string `yaml:"tenant-id"`
} `yaml:"lokiclient"`
Statsd struct {
Enable bool `yaml:"enable"`
Prefix string `yaml:"prefix"`
RemoteAddress string `yaml:"remote-address"`
RemotePort int `yaml:"remote-port"`
Transport string `yaml:"transport"`
FlushInterval int `yaml:"flush-interval"`
TlsSupport bool `yaml:"tls-support"`
TlsInsecure bool `yaml:"tls-insecure"`
TlsMinVersion string `yaml:"tls-min-version"`
} `yaml:"statsd"`
ElasticSearchClient struct {
Enable bool `yaml:"enable"`
URL string `yaml:"url"`
} `yaml:"elasticsearch"`
} `yaml:"loggers"`
OutgoingTransformers ConfigTransformers `yaml:"outgoing-transformers"`
Multiplexer struct {
Collectors []MultiplexInOut `yaml:"collectors"`
Loggers []MultiplexInOut `yaml:"loggers"`
Routes []MultiplexRoutes `yaml:"routes"`
} `yaml:"multiplexer"`
}
main configuration
func GetFakeConfig ¶
func GetFakeConfig() *Config
func LoadConfig ¶
func (*Config) GetServerIdentity ¶ added in v0.25.0
func (*Config) SetDefault ¶
func (c *Config) SetDefault()
type ConfigTransformers ¶ added in v0.25.0
type ConfigTransformers struct {
PublicSuffix struct {
Enable bool `yaml:"enable"`
AddTld bool `yaml:"add-tld"`
AddTldPlusOne bool `yaml:"add-tld-plus-one"`
} `yaml:"public-suffix"`
UserPrivacy struct {
Enable bool `yaml:"enable"`
AnonymizeIP bool `yaml:"anonymize-ip"`
MinimazeQname bool `yaml:"minimaze-qname"`
} `yaml:"user-privacy"`
Normalize struct {
Enable bool `yaml:"enable"`
QnameLowerCase bool `yaml:"qname-lowercase"`
} `yaml:"normalize"`
Filtering struct {
Enable bool `yaml:"enable"`
DropFqdnFile string `yaml:"drop-fqdn-file"`
DropDomainFile string `yaml:"drop-domain-file"`
KeepFqdnFile string `yaml:"keep-fqdn-file"`
KeepDomainFile string `yaml:"keep-domain-file"`
DropQueryIpFile string `yaml:"drop-queryip-file"`
KeepQueryIpFile string `yaml:"keep-queryip-file"`
DropRcodes []string `yaml:"drop-rcodes,flow"`
LogQueries bool `yaml:"log-queries"`
LogReplies bool `yaml:"log-replies"`
Downsample int `yaml:"downsample"`
} `yaml:"filtering"`
GeoIP struct {
Enable bool `yaml:"enable"`
DbCountryFile string `yaml:"mmdb-country-file"`
DbCityFile string `yaml:"mmdb-city-file"`
DbAsnFile string `yaml:"mmdb-asn-file"`
} `yaml:"geoip"`
Suspicious struct {
Enable bool `yaml:"enable"`
ThresholdQnameLen int `yaml:"threshold-qname-len"`
ThresholdPacketLen int `yaml:"threshold-packet-len"`
ThresholdSlow float64 `yaml:"threshold-slow"`
CommonQtypes []string `yaml:"common-qtypes,flow"`
UnallowedChars []string `yaml:"unallowed-chars,flow"`
ThresholdMaxLabels int `yaml:"threshold-max-labels"`
} `yaml:"suspicious"`
}
func GetFakeConfigTransformers ¶ added in v0.25.0
func GetFakeConfigTransformers() *ConfigTransformers
func (*ConfigTransformers) SetDefault ¶ added in v0.25.0
func (c *ConfigTransformers) SetDefault()
type Dns ¶ added in v0.14.0
type Dns struct {
Type string `json:"-" msgpack:"-"`
Payload []byte `json:"-" msgpack:"-"`
Length int `json:"length" msgpack:"-"`
Id int `json:"-" msgpack:"-"`
Opcode int `json:"opcode" msgpack:"opcode"`
Rcode string `json:"rcode" msgpack:"rcode"`
Qname string `json:"qname" msgpack:"qname"`
QnamePublicSuffix string `json:"qname-public-suffix" msgpack:"qname-public-suffix"`
QnameEffectiveTLDPlusOne string `json:"qname-effective-tld-plus-one" msgpack:"qname-effective-tld-plus-one"`
Qtype string `json:"qtype" msgpack:"qtype"`
Flags DnsFlags `json:"flags" msgpack:"flags"`
DnsRRs DnsRRs `json:"resource-records" msgpack:"resource-records"`
MalformedPacket bool `json:"malformed-packet" msgpack:"malformed-packet"`
}
type DnsAnswer ¶
type DnsExtended ¶ added in v0.14.0
type DnsExtended struct {
UdpSize int `json:"udp-size" msgpack:"udp-size"`
ExtendedRcode int `json:"rcode" msgpack:"rcode"`
Version int `json:"version" msgpack:"version"`
Do int `json:"dnssec-ok" msgpack:"dnssec-ok"`
Z int `json:"-" msgpack:"-"`
Options []DnsOption `json:"options" msgpack:"options"`
}
func DecodeEDNS ¶ added in v0.14.0
type DnsHeader ¶ added in v0.14.0
type DnsMessage ¶
type DnsMessage struct {
NetworkInfo DnsNetInfo `json:"network" msgpack:"network"`
DNS Dns `json:"dns" msgpack:"dns"`
EDNS DnsExtended `json:"edns" msgpack:"edns"`
DnsTap DnsTap `json:"dnstap" msgpack:"dnstap"`
Geo DnsGeo `json:"geo" msgpack:"geo"`
PowerDns PowerDns `json:"pdns" msgpack:"pdns"`
Suspicious Suspicious `json:"suspicious" msgpack:"suspicious"`
}
func GetFakeDnsMessage ¶
func GetFakeDnsMessage() DnsMessage
func (*DnsMessage) Init ¶
func (dm *DnsMessage) Init()
func (*DnsMessage) String ¶
func (dm *DnsMessage) String(format []string) string
func (*DnsMessage) ToDnstap ¶ added in v0.26.0
func (dm *DnsMessage) ToDnstap() ([]byte, error)
func (*DnsMessage) ToPacketLayer ¶ added in v0.26.0
func (dm *DnsMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)
type DnsNetInfo ¶ added in v0.14.0
type DnsNetInfo struct {
Family string `json:"family" msgpack:"family"`
Protocol string `json:"protocol" msgpack:"protocol"`
QueryIp string `json:"query-ip" msgpack:"query-ip"`
QueryPort string `json:"query-port" msgpack:"query-port"`
ResponseIp string `json:"response-ip" msgpack:"response-ip"`
ResponsePort string `json:"response-port" msgpack:"response-port"`
AutonomousSystemNumber string `json:"as-number" msgpack:"as-number"`
AutonomousSystemOrg string `json:"as-owner" msgpack:"as-owner"`
}
type DnsTap ¶ added in v0.14.0
type DnsTap struct {
Operation string `json:"operation" msgpack:"operation"`
Identity string `json:"identity" msgpack:"identity"`
TimestampRFC3339 string `json:"timestamp-rfc3339ns" msgpack:"timestamp-rfc3339ns"`
Timestamp float64 `json:"-" msgpack:"-"`
TimeSec int `json:"-" msgpack:"-"`
TimeNsec int `json:"-" msgpack:"-"`
Latency float64 `json:"-" msgpack:"-"`
LatencySec string `json:"latency" msgpack:"latency"`
Payload []byte `json:"-" msgpack:"-"`
}
type MapTTL ¶
func NewDnsCache ¶ added in v0.21.0
type MultiplexInOut ¶ added in v0.20.0
type MultiplexRoutes ¶ added in v0.20.0
type Suspicious ¶ added in v0.25.0
type Suspicious struct {
Score float64 `json:"score" msgpack:"score"`
MalformedPacket bool `json:"malformed-pkt" msgpack:"malformed-pkt"`
LargePacket bool `json:"large-pkt" msgpack:"large-pkt"`
LongDomain bool `json:"long-domain" msgpack:"long-domain"`
SlowDomain bool `json:"slow-domain" msgpack:"slow-domain"`
UnallowedChars bool `json:"unallowed-chars" msgpack:"unallowed-chars"`
UncommonQtypes bool `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"`
ExcessiveNumberLabels bool `json:"excessive-number-labels" msgpack:"excessive-number-labels"`
}
type Worker ¶
type Worker interface {
SetLoggers(loggers []Worker)
GetName() string
Stop()
Run()
Channel() chan DnsMessage
ReadConfig()
}
Source Files