Documentation ¶
Index ¶
- Constants
- Variables
- func DecodePayload(dm *DnsMessage, header *DnsHeader, config *Config) error
- func DecodeQuestion(qdcount int, payload []byte) (string, int, int, error)
- func GetIpPort(dm *DnsMessage) (string, int, string, int)
- func IsValidMode(mode string) bool
- func IsValidTLS(mode string) bool
- func OptCodeToString(rcode int) string
- func ParseA(r []byte) (string, error)
- func ParseAAAA(rdata []byte) (string, error)
- func ParseCNAME(rdata_offset int, payload []byte) (string, error)
- func ParseCsubnet(d []byte) (string, error)
- func ParseErrors(d []byte) (string, error)
- func ParseLabels(offset int, payload []byte) (string, int, error)
- func ParseMX(rdata_offset int, payload []byte) (string, error)
- func ParseNS(rdata_offset int, payload []byte) (string, error)
- func ParseOption(optName string, optData []byte) (string, error)
- func ParsePTR(rdata_offset int, payload []byte) (string, error)
- func ParseRdata(rdatatype string, rdata []byte, payload []byte, rdata_offset int) (string, error)
- func ParseSOA(rdata_offset int, payload []byte) (string, error)
- func ParseSRV(rdata_offset int, payload []byte) (string, error)
- func ParseSVCB(rdata []byte) (string, error)
- func ParseSVCParam(svcParamKey uint16, paramData []byte) (string, error)
- func ParseTXT(rdata []byte) (string, error)
- func RcodeToString(rcode int) string
- func RdatatypeToString(rrtype int) string
- func ReloadConfig(configPath string, config *Config) error
- func SVCParamKeyToString(svcParamKey uint16) string
- type Config
- type ConfigTransformers
- type Dns
- type DnsAnswer
- type DnsExtended
- type DnsFlags
- type DnsHeader
- type DnsMessage
- func (dm *DnsMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte
- func (dm *DnsMessage) Flatten() (ret map[string]interface{}, err error)
- func (dm *DnsMessage) Init()
- func (dm *DnsMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string
- func (dm *DnsMessage) ToDnstap() ([]byte, error)
- func (dm *DnsMessage) ToFlattenJson() (string, error)
- func (dm *DnsMessage) ToJson() string
- func (dm *DnsMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)
- type DnsNetInfo
- type DnsOption
- type DnsRRs
- type DnsTap
- type MultiplexInOut
- type MultiplexRoutes
- type PowerDns
- type TransformDnsGeo
- type TransformExtracted
- type TransformML
- type TransformPublicSuffix
- type TransformReducer
- type TransformSuspicious
- type Worker
Constants ¶
const ( STR_UNKNOWN = "UNKNOWN" PROG_NAME = "dnscollector" LOCALHOST_IP = "127.0.0.1" ANY_IP = "0.0.0.0" HTTP_OK = "HTTP/1.1 200 OK\r\n\r\n" BAD_LABEL_DOMAIN = "ultramegaverytoolonglabel-ultramegaverytoolonglabel-ultramegaverytoolonglabel.dnscollector.dev." BAD_VERYLONG_DOMAIN = "ultramegaverytoolonglabel.dnscollector" + "ultramegaverytoolonglabel-ultramegaverytoolonglabel-" + "ultramegaverytoolonglabel-ultramegaverytoolonglabel-" + "ultramegaverytoolonglabel-ultramegaverytoolonglabel-" + "ultramegaverytoolonglabel-ultramegaverytoolonglabel-" + "ultramegaverytoolonglabel-ultramegaverytoolonglabel-" + ".dev." MODE_TEXT = "text" MODE_JSON = "json" MODE_FLATJSON = "flat-json" MODE_PCAP = "pcap" MODE_DNSTAP = "dnstap" SASL_MECHANISM_PLAIN = "PLAIN" SASL_MECHANISM_SCRAM = "SCRAM-SHA-512" DNS_RCODE_NXDOMAIN = "NXDOMAIN" DNS_RCODE_SERVFAIL = "SERVFAIL" DNS_RCODE_TIMEOUT = "TIMEOUT" DNSTAP_OPERATION_QUERY = "QUERY" DNSTAP_OPERATION_REPLY = "REPLY" DNSTAP_CLIENT_RESPONSE = "CLIENT_RESPONSE" DNSTAP_CLIENT_QUERY = "CLIENT_QUERY" DNSTAP_IDENTITY_TEST = "test_id" PROTO_INET = "INET" PROTO_INET6 = "INET6" PROTO_IPV6 = "IPv6" PROTO_IPV4 = "IPv4" PROTO_UDP = "UDP" PROTO_TCP = "TCP" PROTO_DOT = "DOT" PROTO_DOH = "DOH" SOCKET_TCP = "tcp" SOCKET_UDP = "udp" SOCKET_UNIX = "unix" SOCKET_TLS = "tcp+tls" TLS_v10 = "1.0" TLS_v11 = "1.1" TLS_v12 = "1.2" TLS_v13 = "1.3" )
const DnsLen = 12
const UNKNOWN = "UNKNOWN"
Variables ¶
var ( TLS_VERSION = map[string]uint16{ TLS_v10: tls.VersionTLS10, TLS_v11: tls.VersionTLS11, TLS_v12: tls.VersionTLS12, TLS_v13: tls.VersionTLS13, } IP_VERSION = map[string]string{ PROTO_INET: PROTO_IPV4, PROTO_INET6: PROTO_IPV6, } IP_TO_INET = map[string]string{ PROTO_IPV4: PROTO_INET, PROTO_IPV6: PROTO_INET6, } )
var ( Rdatatypes = map[int]string{ 0: "NONE", 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", 21: "RT", 22: "NSAP", 23: "NSAP_PTR", 24: "SIG", 25: "KEY", 26: "PX", 27: "GPOS", 28: "AAAA", 29: "LOC", 30: "NXT", 33: "SRV", 35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6", 39: "DNAME", 41: "OPT", 42: "APL", 43: "DS", 44: "SSHFP", 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", 50: "NSEC3", 51: "NSEC3PARAM", 52: "TSLA", 53: "SMIMEA", 55: "HIP", 56: "NINFO", 59: "CDS", 60: "CDNSKEY", 61: "OPENPGPKEY", 62: "CSYNC", 64: "SVCB", 65: "HTTPS", 99: "SPF", 103: "UNSPEC", 108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG", 251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA", 255: "ANY", 256: "URI", 257: "CAA", 258: "AVC", 259: "AMTRELAY", 32768: "TA", 32769: "DLV", } Rcodes = map[int]string{ 0: "NOERROR", 1: "FORMERR", 2: "SERVFAIL", 3: "NXDOMAIN", 4: "NOIMP", 5: "REFUSED", 6: "YXDOMAIN", 7: "YXRRSET", 8: "NXRRSET", 9: "NOTAUTH", 10: "NOTZONE", 11: "DSOTYPENI", 16: "BADSIG", 17: "BADKEY", 18: "BADTIME", 19: "BADMODE", 20: "BADNAME", 21: "BADALG", 22: "BADTRUNC", 23: "BADCOOKIE", } )
var ( OptCodes = map[int]string{ 3: "NSID", 8: "CSUBNET", 9: "EXPIRE", 10: "COOKIE", 11: "KEEPALIVE", 12: "PADDING", 15: "ERRORS", } ErrorCodeToString = map[int]string{ 0: "Other", 1: "Unsupported DNSKEY Algorithm", 2: "Unsupported DS Digest Type", 3: "Stale Answer", 4: "Forged Answer", 5: "DNSSEC Indeterminate", 6: "DNSSEC Bogus", 7: "Signature Expired", 8: "Signature Not Yet Valid", 9: "DNSKEY Missing", 10: "RRSIGs Missing", 11: "No Zone Key Bit Set", 12: "NSEC Missing", 13: "Cached Error", 14: "Not Ready", 15: "Blocked", 16: "Censored", 17: "Filtered", 18: "Prohibited", 19: "Stale NXDOMAIN Answer", 20: "Not Authoritative", 21: "Not Supported", 22: "No Reachable Authority", 23: "Network Error", 24: "Invalid Data", } )
var ( DnsQuery = "QUERY" DnsReply = "REPLY" PdnsDirectives = regexp.MustCompile(`^powerdns-*`) GeoIPDirectives = regexp.MustCompile(`^geoip-*`) SuspiciousDirectives = regexp.MustCompile(`^suspicious-*`) PublicSuffixDirectives = regexp.MustCompile(`^publixsuffix-*`) ExtractedDirectives = regexp.MustCompile(`^extracted-*`) ReducerDirectives = regexp.MustCompile(`^reducer-*`) MachineLearningDirectives = regexp.MustCompile(`^ml-*`) )
var ErrDecodeDnsAnswerRdataTooShort = errors.New("malformed pkt, not enough data to decode rdata answer")
var ErrDecodeDnsAnswerTooShort = errors.New("malformed pkt, not enough data to decode answer")
var ErrDecodeDnsHeaderTooShort = errors.New("malformed pkt, dns payload too short to decode header")
var ErrDecodeDnsLabelInvalidData = errors.New("malformed pkt, invalid label length byte")
var ErrDecodeDnsLabelInvalidOffset = errors.New("malformed pkt, invalid offset to decode label")
var ErrDecodeDnsLabelInvalidPointer = errors.New("malformed pkt, label pointer not pointing to prior data")
var ErrDecodeDnsLabelTooLong = errors.New("malformed pkt, label too long")
var ErrDecodeDnsLabelTooShort = errors.New("malformed pkt, dns payload too short to get label")
var ErrDecodeEdnsBadRootDomain = errors.New("edns, name MUST be 0 (root domain)")
var ErrDecodeEdnsDataTooShort = errors.New("edns, not enough data to decode rdata answer")
var ErrDecodeEdnsOptionCsubnetBadFamily = errors.New("edns, csubnet option bad family")
var ErrDecodeEdnsOptionTooShort = errors.New("edns, not enough data to decode option answer")
var ErrDecodeEdnsTooManyOpts = errors.New("edns, packet contained too many OPT RRs")
var ErrDecodeQuestionQtypeTooShort = errors.New("malformed pkt, not enough data to decode qtype")
Functions ¶
func DecodePayload ¶ added in v0.21.0
func DecodePayload(dm *DnsMessage, header *DnsHeader, config *Config) error
decodePayload can be used to decode raw payload data in dm.DNS.Payload into relevant parts of dm.DNS struct. The payload is decoded according to given DNS header. If packet is marked as malformed already, this function returs with no error, but does not process the packet. Error is returned if packet can not be parsed. Returned error wraps the original error returned by relevant decoding operation.
func DecodeQuestion ¶ added in v0.14.0
DNS QUESTION +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / QNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func IsValidMode ¶ added in v0.11.0
func IsValidTLS ¶ added in v0.25.0
func OptCodeToString ¶ added in v0.14.0
func ParseA ¶ added in v0.14.0
IPv4 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseAAAA ¶ added in v0.14.0
IPv6 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | ADDRESS | | | | | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCNAME ¶ added in v0.14.0
CNAME +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCsubnet ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc7871
Extended Csubnet EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| FAMILY |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ADDRESS... /
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseErrors ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc8914
Extended Error EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | INFO-CODE | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / EXTRA-TEXT ... / +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseLabels ¶ added in v0.14.0
func ParseMX ¶ added in v0.14.0
MX +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseNS ¶ added in v0.14.0
NS +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NSDNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseOption ¶ added in v0.14.0
func ParsePTR ¶ added in v0.14.0
PTR +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / PTRDNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseRdata ¶ added in v0.14.0
func ParseSOA ¶ added in v0.14.0
SOA +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / MNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / RNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | SERIAL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | REFRESH | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RETRY | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | EXPIRE | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | MINIMUM | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseSRV ¶ added in v0.14.0
SRV +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRIORITY | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | WEIGHT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PORT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TARGET | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseSVCB ¶ added in v0.34.0
SVCB +--+--+ | PRIO| +--+--+--+ / Target / +--+--+--+ / Params / +--+--+--+
func ParseSVCParam ¶ added in v0.34.0
func ParseTXT ¶ added in v0.14.0
TXT +--+--+--+--+--+--+--+--+ | LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func RcodeToString ¶ added in v0.14.0
func RdatatypeToString ¶ added in v0.14.0
func ReloadConfig ¶ added in v0.16.0
func SVCParamKeyToString ¶ added in v0.34.0
Types ¶
type Config ¶
type Config struct { Global struct { TextFormat string `yaml:"text-format"` TextFormatDelimiter string `yaml:"text-format-delimiter"` TextFormatBoundary string `yaml:"text-format-boundary"` Trace struct { Verbose bool `yaml:"verbose"` LogMalformed bool `yaml:"log-malformed"` Filename string `yaml:"filename"` MaxSize int `yaml:"max-size"` MaxBackups int `yaml:"max-backups"` } `yaml:"trace"` ServerIdentity string `yaml:"server-identity"` } `yaml:"global"` Collectors struct { Tail struct { Enable bool `yaml:"enable"` TimeLayout string `yaml:"time-layout"` PatternQuery string `yaml:"pattern-query"` PatternReply string `yaml:"pattern-reply"` FilePath string `yaml:"file-path"` } `yaml:"tail"` Dnstap struct { Enable bool `yaml:"enable"` ListenIP string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` SockPath string `yaml:"sock-path"` TlsSupport bool `yaml:"tls-support"` TlsMinVersion string `yaml:"tls-min-version"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` RcvBufSize int `yaml:"sock-rcvbuf"` ResetConn bool `yaml:"reset-conn"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"dnstap"` DnstapProxifier struct { Enable bool `yaml:"enable"` ListenIP string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` SockPath string `yaml:"sock-path"` TlsSupport bool `yaml:"tls-support"` TlsMinVersion string `yaml:"tls-min-version"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` } `yaml:"dnstap-proxifier"` AfpacketLiveCapture struct { Enable bool `yaml:"enable"` Port int `yaml:"port"` Device string `yaml:"device"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"afpacket-sniffer"` XdpLiveCapture struct { Enable bool `yaml:"enable"` Port int `yaml:"port"` Device string `yaml:"device"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"xdp-sniffer"` PowerDNS struct { Enable bool `yaml:"enable"` ListenIP string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` TlsSupport bool `yaml:"tls-support"` TlsMinVersion string `yaml:"tls-min-version"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` AddDnsPayload bool `yaml:"add-dns-payload"` RcvBufSize int `yaml:"sock-rcvbuf"` ResetConn bool `yaml:"reset-conn"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"powerdns"` FileIngestor struct { Enable bool `yaml:"enable"` WatchDir string `yaml:"watch-dir"` WatchMode string `yaml:"watch-mode"` PcapDnsPort int `yaml:"pcap-dns-port"` DeleteAfter bool `yaml:"delete-after"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"file-ingestor"` Tzsp struct { Enable bool `yaml:"enable"` ListenIp string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` ChannelBufferSize int `yaml:"chan-buffer-size"` } } `yaml:"collectors"` IngoingTransformers ConfigTransformers `yaml:"ingoing-transformers"` Loggers struct { Stdout struct { Enable bool `yaml:"enable"` Mode string `yaml:"mode"` TextFormat string `yaml:"text-format"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"stdout"` Prometheus struct { Enable bool `yaml:"enable"` ListenIP string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` TlsSupport bool `yaml:"tls-support"` TlsMutual bool `yaml:"tls-mutual"` TlsMinVersion string `yaml:"tls-min-version"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` PromPrefix string `yaml:"prometheus-prefix"` LabelsList []string `yaml:"prometheus-labels"` TopN int `yaml:"top-n"` BasicAuthLogin string `yaml:"basic-auth-login"` BasicAuthPwd string `yaml:"basic-auth-pwd"` BasicAuthEnabled bool `yaml:"basic-auth-enable"` ChannelBufferSize int `yaml:"chan-buffer-size"` HistogramMetricsEnabled bool `yaml:"histogram-metrics-enabled"` } `yaml:"prometheus"` RestAPI struct { Enable bool `yaml:"enable"` ListenIP string `yaml:"listen-ip"` ListenPort int `yaml:"listen-port"` BasicAuthLogin string `yaml:"basic-auth-login"` BasicAuthPwd string `yaml:"basic-auth-pwd"` TlsSupport bool `yaml:"tls-support"` TlsMinVersion string `yaml:"tls-min-version"` CertFile string `yaml:"cert-file"` KeyFile string `yaml:"key-file"` TopN int `yaml:"top-n"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"restapi"` LogFile struct { Enable bool `yaml:"enable"` FilePath string `yaml:"file-path"` MaxSize int `yaml:"max-size"` MaxFiles int `yaml:"max-files"` FlushInterval int `yaml:"flush-interval"` Compress bool `yaml:"compress"` CompressInterval int `yaml:"compress-interval"` CompressPostCommand string `yaml:"compress-postcommand"` Mode string `yaml:"mode"` PostRotateCommand string `yaml:"postrotate-command"` PostRotateDelete bool `yaml:"postrotate-delete-success"` TextFormat string `yaml:"text-format"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"logfile"` Dnstap struct { Enable bool `yaml:"enable"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` SockPath string `yaml:"sock-path"` ConnectTimeout int `yaml:"connect-timeout"` RetryInterval int `yaml:"retry-interval"` FlushInterval int `yaml:"flush-interval"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` ServerId string `yaml:"server-id"` OverwriteIdentity bool `yaml:"overwrite-identity"` BufferSize int `yaml:"buffer-size"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"dnstap"` TcpClient struct { Enable bool `yaml:"enable"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` SockPath string `yaml:"sock-path"` RetryInterval int `yaml:"retry-interval"` Transport string `yaml:"transport"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` Mode string `yaml:"mode"` TextFormat string `yaml:"text-format"` PayloadDelimiter string `yaml:"delimiter"` BufferSize int `yaml:"buffer-size"` FlushInterval int `yaml:"flush-interval"` ConnectTimeout int `yaml:"connect-timeout"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"tcpclient"` Syslog struct { Enable bool `yaml:"enable"` Severity string `yaml:"severity"` Facility string `yaml:"facility"` Transport string `yaml:"transport"` RemoteAddress string `yaml:"remote-address"` RetryInterval int `yaml:"retry-interval"` TextFormat string `yaml:"text-format"` Mode string `yaml:"mode"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` Format string `yaml:"format"` ChannelBufferSize int `yaml:"chan-buffer-size"` Tag string `yaml:"tag"` } `yaml:"syslog"` Fluentd struct { Enable bool `yaml:"enable"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` SockPath string `yaml:"sock-path"` ConnectTimeout int `yaml:"connect-timeout"` RetryInterval int `yaml:"retry-interval"` FlushInterval int `yaml:"flush-interval"` Transport string `yaml:"transport"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` Tag string `yaml:"tag"` BufferSize int `yaml:"buffer-size"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"fluentd"` InfluxDB struct { Enable bool `yaml:"enable"` ServerURL string `yaml:"server-url"` AuthToken string `yaml:"auth-token"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` Bucket string `yaml:"bucket"` Organization string `yaml:"organization"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"influxdb"` LokiClient struct { Enable bool `yaml:"enable"` ServerURL string `yaml:"server-url"` JobName string `yaml:"job-name"` Mode string `yaml:"mode"` FlushInterval int `yaml:"flush-interval"` BatchSize int `yaml:"batch-size"` RetryInterval int `yaml:"retry-interval"` TextFormat string `yaml:"text-format"` ProxyURL string `yaml:"proxy-url"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` BasicAuthLogin string `yaml:"basic-auth-login"` BasicAuthPwd string `yaml:"basic-auth-pwd"` BasicAuthPwdFile string `yaml:"basic-auth-pwd-file"` TenantId string `yaml:"tenant-id"` RelabelConfigs []*relabel.Config `yaml:"relabel-configs"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"lokiclient"` Statsd struct { Enable bool `yaml:"enable"` Prefix string `yaml:"prefix"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` Transport string `yaml:"transport"` FlushInterval int `yaml:"flush-interval"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"statsd"` ElasticSearchClient struct { Enable bool `yaml:"enable"` Index string `yaml:"index"` Server string `yaml:"server"` ChannelBufferSize int `yaml:"chan-buffer-size"` BulkSize int `yaml:"bulk-size"` FlushInterval int `yaml:"flush-interval"` } `yaml:"elasticsearch"` ScalyrClient struct { Enable bool `yaml:"enable"` Mode string `yaml:"mode"` TextFormat string `yaml:"text-format"` SessionInfo map[string]string `yaml:"sessioninfo"` Attrs map[string]interface{} `yaml:"attrs"` ServerURL string `yaml:"server-url"` ApiKey string `yaml:"apikey"` Parser string `yaml:"parser"` FlushInterval int `yaml:"flush-interval"` ProxyURL string `yaml:"proxy-url"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"scalyrclient"` RedisPub struct { Enable bool `yaml:"enable"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` SockPath string `yaml:"sock-path"` RetryInterval int `yaml:"retry-interval"` Transport string `yaml:"transport"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` Mode string `yaml:"mode"` TextFormat string `yaml:"text-format"` PayloadDelimiter string `yaml:"delimiter"` BufferSize int `yaml:"buffer-size"` FlushInterval int `yaml:"flush-interval"` ConnectTimeout int `yaml:"connect-timeout"` RedisChannel string `yaml:"redis-channel"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"redispub"` KafkaProducer struct { Enable bool `yaml:"enable"` RemoteAddress string `yaml:"remote-address"` RemotePort int `yaml:"remote-port"` RetryInterval int `yaml:"retry-interval"` TlsSupport bool `yaml:"tls-support"` TlsInsecure bool `yaml:"tls-insecure"` TlsMinVersion string `yaml:"tls-min-version"` SaslSupport bool `yaml:"sasl-support"` SaslUsername string `yaml:"sasl-username"` SaslPassword string `yaml:"sasl-password"` SaslMechanism string `yaml:"sasl-mechanism"` Mode string `yaml:"mode"` BufferSize int `yaml:"buffer-size"` FlushInterval int `yaml:"flush-interval"` ConnectTimeout int `yaml:"connect-timeout"` Topic string `yaml:"topic"` Partition int `yaml:"partition"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"kafkaproducer"` FalcoClient struct { Enable bool `yaml:"enable"` URL string `yaml:"url"` ChannelBufferSize int `yaml:"chan-buffer-size"` } `yaml:"falco"` } `yaml:"loggers"` OutgoingTransformers ConfigTransformers `yaml:"outgoing-transformers"` Multiplexer struct { Collectors []MultiplexInOut `yaml:"collectors"` Loggers []MultiplexInOut `yaml:"loggers"` Routes []MultiplexRoutes `yaml:"routes"` } `yaml:"multiplexer"` }
main configuration
func GetFakeConfig ¶
func GetFakeConfig() *Config
func LoadConfig ¶
func (*Config) GetServerIdentity ¶ added in v0.25.0
func (*Config) SetDefault ¶
func (c *Config) SetDefault()
type ConfigTransformers ¶ added in v0.25.0
type ConfigTransformers struct { UserPrivacy struct { Enable bool `yaml:"enable"` AnonymizeIP bool `yaml:"anonymize-ip"` MinimazeQname bool `yaml:"minimaze-qname"` HashIP bool `yaml:"hash-ip"` } `yaml:"user-privacy"` Normalize struct { Enable bool `yaml:"enable"` QnameLowerCase bool `yaml:"qname-lowercase"` QuietText bool `yaml:"quiet-text"` AddTld bool `yaml:"add-tld"` AddTldPlusOne bool `yaml:"add-tld-plus-one"` } `yaml:"normalize"` Latency struct { Enable bool `yaml:"enable"` MeasureLatency bool `yaml:"measure-latency"` UnansweredQueries bool `yaml:"unanswered-queries"` QueriesTimeout int `yaml:"queries-timeout"` } Reducer struct { Enable bool `yaml:"enable"` RepetitiveTrafficDetector bool `yaml:"repetitive-traffic-detector"` QnamePlusOne bool `yaml:"qname-plus-one"` WatchInterval int `yaml:"watch-interval"` } Filtering struct { Enable bool `yaml:"enable"` DropFqdnFile string `yaml:"drop-fqdn-file"` DropDomainFile string `yaml:"drop-domain-file"` KeepFqdnFile string `yaml:"keep-fqdn-file"` KeepDomainFile string `yaml:"keep-domain-file"` DropQueryIpFile string `yaml:"drop-queryip-file"` KeepQueryIpFile string `yaml:"keep-queryip-file"` KeepRdataFile string `yaml:"keep-rdata-file"` DropRcodes []string `yaml:"drop-rcodes,flow"` LogQueries bool `yaml:"log-queries"` LogReplies bool `yaml:"log-replies"` Downsample int `yaml:"downsample"` } `yaml:"filtering"` GeoIP struct { Enable bool `yaml:"enable"` DbCountryFile string `yaml:"mmdb-country-file"` DbCityFile string `yaml:"mmdb-city-file"` DbAsnFile string `yaml:"mmdb-asn-file"` } `yaml:"geoip"` Suspicious struct { Enable bool `yaml:"enable"` ThresholdQnameLen int `yaml:"threshold-qname-len"` ThresholdPacketLen int `yaml:"threshold-packet-len"` ThresholdSlow float64 `yaml:"threshold-slow"` CommonQtypes []string `yaml:"common-qtypes,flow"` UnallowedChars []string `yaml:"unallowed-chars,flow"` ThresholdMaxLabels int `yaml:"threshold-max-labels"` WhitelistDomains []string `yaml:"whitelist-domains,flow"` } `yaml:"suspicious"` Extract struct { Enable bool `yaml:"enable"` AddPayload bool `yaml:"add-payload"` } `yaml:"extract"` MachineLearning struct { Enable bool `yaml:"enable"` AddFeatures bool `yaml:"add-features"` } `yaml:"machine-learning"` }
func GetFakeConfigTransformers ¶ added in v0.25.0
func GetFakeConfigTransformers() *ConfigTransformers
func (*ConfigTransformers) SetDefault ¶ added in v0.25.0
func (c *ConfigTransformers) SetDefault()
type Dns ¶ added in v0.14.0
type Dns struct { Type string `json:"-" msgpack:"-"` Payload []byte `json:"-" msgpack:"-"` Length int `json:"length" msgpack:"-"` Id int `json:"-" msgpack:"-"` Opcode int `json:"opcode" msgpack:"opcode"` Rcode string `json:"rcode" msgpack:"rcode"` Qname string `json:"qname" msgpack:"qname"` Qtype string `json:"qtype" msgpack:"qtype"` Flags DnsFlags `json:"flags" msgpack:"flags"` DnsRRs DnsRRs `json:"resource-records" msgpack:"resource-records"` MalformedPacket bool `json:"malformed-packet" msgpack:"malformed-packet"` }
type DnsAnswer ¶
type DnsExtended ¶ added in v0.14.0
type DnsExtended struct { UdpSize int `json:"udp-size" msgpack:"udp-size"` ExtendedRcode int `json:"rcode" msgpack:"rcode"` Version int `json:"version" msgpack:"version"` Do int `json:"dnssec-ok" msgpack:"dnssec-ok"` Z int `json:"-" msgpack:"-"` Options []DnsOption `json:"options" msgpack:"options"` }
func DecodeEDNS ¶ added in v0.14.0
type DnsHeader ¶ added in v0.14.0
type DnsMessage ¶
type DnsMessage struct { NetworkInfo DnsNetInfo `json:"network" msgpack:"network"` DNS Dns `json:"dns" msgpack:"dns"` EDNS DnsExtended `json:"edns" msgpack:"edns"` DnsTap DnsTap `json:"dnstap" msgpack:"dnstap"` Geo *TransformDnsGeo `json:"geoip,omitempty" msgpack:"geo"` PowerDns *PowerDns `json:"powerdns,omitempty" msgpack:"powerdns"` Suspicious *TransformSuspicious `json:"suspicious,omitempty" msgpack:"suspicious"` PublicSuffix *TransformPublicSuffix `json:"publicsuffix,omitempty" msgpack:"publicsuffix"` Extracted *TransformExtracted `json:"extracted,omitempty" msgpack:"extracted"` Reducer *TransformReducer `json:"reducer,omitempty" msgpack:"reducer"` MachineLearning *TransformML `json:"ml,omitempty" msgpack:"ml"` }
func GetFakeDnsMessage ¶
func GetFakeDnsMessage() DnsMessage
func (*DnsMessage) Bytes ¶
func (dm *DnsMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte
func (*DnsMessage) Flatten ¶ added in v0.31.0
func (dm *DnsMessage) Flatten() (ret map[string]interface{}, err error)
func (*DnsMessage) Init ¶
func (dm *DnsMessage) Init()
func (*DnsMessage) String ¶
func (dm *DnsMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string
func (*DnsMessage) ToDnstap ¶ added in v0.26.0
func (dm *DnsMessage) ToDnstap() ([]byte, error)
func (*DnsMessage) ToFlattenJson ¶ added in v0.32.0
func (dm *DnsMessage) ToFlattenJson() (string, error)
func (*DnsMessage) ToJson ¶ added in v0.32.0
func (dm *DnsMessage) ToJson() string
func (*DnsMessage) ToPacketLayer ¶ added in v0.26.0
func (dm *DnsMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)
type DnsNetInfo ¶ added in v0.14.0
type DnsNetInfo struct { Family string `json:"family" msgpack:"family"` Protocol string `json:"protocol" msgpack:"protocol"` QueryIp string `json:"query-ip" msgpack:"query-ip"` QueryPort string `json:"query-port" msgpack:"query-port"` ResponseIp string `json:"response-ip" msgpack:"response-ip"` ResponsePort string `json:"response-port" msgpack:"response-port"` IpDefragmented bool `json:"ip-defragmented" msgpack:"ip-defragmented"` TcpReassembled bool `json:"tcp-reassembled" msgpack:"tcp-reassembled"` }
type DnsTap ¶ added in v0.14.0
type DnsTap struct { Operation string `json:"operation" msgpack:"operation"` Identity string `json:"identity" msgpack:"identity"` Version string `json:"version" msgpack:"version"` TimestampRFC3339 string `json:"timestamp-rfc3339ns" msgpack:"timestamp-rfc3339ns"` Timestamp int64 `json:"-" msgpack:"-"` TimeSec int `json:"-" msgpack:"-"` TimeNsec int `json:"-" msgpack:"-"` Latency float64 `json:"-" msgpack:"-"` LatencySec string `json:"latency" msgpack:"latency"` Payload []byte `json:"-" msgpack:"-"` Extra string `json:"extra" msgpack:"extra"` }
type MultiplexInOut ¶ added in v0.20.0
type MultiplexRoutes ¶ added in v0.20.0
type TransformDnsGeo ¶ added in v0.32.0
type TransformDnsGeo struct { City string `json:"city" msgpack:"city"` Continent string `json:"continent" msgpack:"continent"` CountryIsoCode string `json:"country-isocode" msgpack:"country-isocode"` AutonomousSystemNumber string `json:"as-number" msgpack:"as-number"` AutonomousSystemOrg string `json:"as-owner" msgpack:"as-owner"` }
type TransformExtracted ¶ added in v0.32.0
type TransformExtracted struct {
Base64Payload []byte `json:"dns_payload" msgpack:"dns_payload"`
}
type TransformML ¶ added in v0.35.0
type TransformML struct { Entropy float64 `json:"entropy" msgpack:"entropy"` // Entropy of query name Length int `json:"length" msgpack:"length"` // Length of domain Labels int `json:"labels" msgpack:"labels"` // Number of labels in the query name separated by dots Digits int `json:"digits" msgpack:"digits"` // Count of numerical characters Lowers int `json:"lowers" msgpack:"lowers"` // Count of lowercase characters Uppers int `json:"uppers" msgpack:"uppers"` // Count of uppercase characters Specials int `json:"specials" msgpack:"specials"` // Number of special characters; special characters such as dash, underscore, equal sign,... Others int `json:"others" msgpack:"others"` RatioDigits float64 `json:"ratio-digits" msgpack:"ratio-digits"` RatioLetters float64 `json:"ratio-letters" msgpack:"ratio-letters"` RatioSpecials float64 `json:"ratio-specials" msgpack:"ratio-specials"` RatioOthers float64 `json:"ratio-others" msgpack:"ratio-others"` ConsecutiveChars int `json:"consecutive-chars" msgpack:"consecutive-chars"` ConsecutiveVowels int `json:"consecutive-vowels" msgpack:"consecutive-vowels"` ConsecutiveDigits int `json:"consecutive-digits" msgpack:"consecutive-digits"` ConsecutiveConsonants int `json:"consecutive-consonants" msgpack:"consecutive-consonants"` Size int `json:"size" msgpack:"size"` Occurences int `json:"occurences" msgpack:"occurences"` UncommonQtypes int `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"` }
type TransformPublicSuffix ¶ added in v0.32.0
type TransformReducer ¶ added in v0.32.0
type TransformSuspicious ¶ added in v0.32.0
type TransformSuspicious struct { Score float64 `json:"score" msgpack:"score"` MalformedPacket bool `json:"malformed-pkt" msgpack:"malformed-pkt"` LargePacket bool `json:"large-pkt" msgpack:"large-pkt"` LongDomain bool `json:"long-domain" msgpack:"long-domain"` SlowDomain bool `json:"slow-domain" msgpack:"slow-domain"` UnallowedChars bool `json:"unallowed-chars" msgpack:"unallowed-chars"` UncommonQtypes bool `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"` ExcessiveNumberLabels bool `json:"excessive-number-labels" msgpack:"excessive-number-labels"` Domain string `json:"domain,omitempty" msgpack:"-"` }
type Worker ¶
type Worker interface { SetLoggers(loggers []Worker) GetName() string Stop() Run() Channel() chan DnsMessage ReadConfig() }