dnsutils

package
v0.37.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2023 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	STR_UNKNOWN = "UNKNOWN"

	PROG_NAME           = "dnscollector"
	LOCALHOST_IP        = "127.0.0.1"
	ANY_IP              = "0.0.0.0"
	HTTP_OK             = "HTTP/1.1 200 OK\r\n\r\n"
	BAD_LABEL_DOMAIN    = "ultramegaverytoolonglabel-ultramegaverytoolonglabel-ultramegaverytoolonglabel.dnscollector.dev."
	BAD_VERYLONG_DOMAIN = "ultramegaverytoolonglabel.dnscollector" +
		"ultramegaverytoolonglabel-ultramegaverytoolonglabel-" +
		"ultramegaverytoolonglabel-ultramegaverytoolonglabel-" +
		"ultramegaverytoolonglabel-ultramegaverytoolonglabel-" +
		"ultramegaverytoolonglabel-ultramegaverytoolonglabel-" +
		"ultramegaverytoolonglabel-ultramegaverytoolonglabel-" +
		".dev."

	MODE_TEXT     = "text"
	MODE_JSON     = "json"
	MODE_FLATJSON = "flat-json"
	MODE_PCAP     = "pcap"
	MODE_DNSTAP   = "dnstap"

	SASL_MECHANISM_PLAIN = "PLAIN"
	SASL_MECHANISM_SCRAM = "SCRAM-SHA-512"

	DNS_RCODE_NXDOMAIN = "NXDOMAIN"
	DNS_RCODE_SERVFAIL = "SERVFAIL"
	DNS_RCODE_TIMEOUT  = "TIMEOUT"

	DNSTAP_OPERATION_QUERY = "QUERY"
	DNSTAP_OPERATION_REPLY = "REPLY"

	DNSTAP_CLIENT_RESPONSE = "CLIENT_RESPONSE"
	DNSTAP_CLIENT_QUERY    = "CLIENT_QUERY"

	DNSTAP_IDENTITY_TEST = "test_id"

	PROTO_INET  = "INET"
	PROTO_INET6 = "INET6"
	PROTO_IPV6  = "IPv6"
	PROTO_IPV4  = "IPv4"

	PROTO_UDP = "UDP"
	PROTO_TCP = "TCP"
	PROTO_DOT = "DOT"
	PROTO_DOH = "DOH"

	SOCKET_TCP  = "tcp"
	SOCKET_UDP  = "udp"
	SOCKET_UNIX = "unix"
	SOCKET_TLS  = "tcp+tls"

	TLS_v10 = "1.0"
	TLS_v11 = "1.1"
	TLS_v12 = "1.2"
	TLS_v13 = "1.3"
)
View Source
const DnsLen = 12
View Source
const UNKNOWN = "UNKNOWN"

Variables

View Source
var (
	Rdatatypes = map[int]string{
		0:     "NONE",
		1:     "A",
		2:     "NS",
		3:     "MD",
		4:     "MF",
		5:     "CNAME",
		6:     "SOA",
		7:     "MB",
		8:     "MG",
		9:     "MR",
		10:    "NULL",
		11:    "WKS",
		12:    "PTR",
		13:    "HINFO",
		14:    "MINFO",
		15:    "MX",
		16:    "TXT",
		17:    "RP",
		18:    "AFSDB",
		19:    "X25",
		20:    "ISDN",
		21:    "RT",
		22:    "NSAP",
		23:    "NSAP_PTR",
		24:    "SIG",
		25:    "KEY",
		26:    "PX",
		27:    "GPOS",
		28:    "AAAA",
		29:    "LOC",
		30:    "NXT",
		33:    "SRV",
		35:    "NAPTR",
		36:    "KX",
		37:    "CERT",
		38:    "A6",
		39:    "DNAME",
		41:    "OPT",
		42:    "APL",
		43:    "DS",
		44:    "SSHFP",
		45:    "IPSECKEY",
		46:    "RRSIG",
		47:    "NSEC",
		48:    "DNSKEY",
		49:    "DHCID",
		50:    "NSEC3",
		51:    "NSEC3PARAM",
		52:    "TSLA",
		53:    "SMIMEA",
		55:    "HIP",
		56:    "NINFO",
		59:    "CDS",
		60:    "CDNSKEY",
		61:    "OPENPGPKEY",
		62:    "CSYNC",
		64:    "SVCB",
		65:    "HTTPS",
		99:    "SPF",
		103:   "UNSPEC",
		108:   "EUI48",
		109:   "EUI64",
		249:   "TKEY",
		250:   "TSIG",
		251:   "IXFR",
		252:   "AXFR",
		253:   "MAILB",
		254:   "MAILA",
		255:   "ANY",
		256:   "URI",
		257:   "CAA",
		258:   "AVC",
		259:   "AMTRELAY",
		32768: "TA",
		32769: "DLV",
	}
	Rcodes = map[int]string{
		0:  "NOERROR",
		1:  "FORMERR",
		2:  "SERVFAIL",
		3:  "NXDOMAIN",
		4:  "NOIMP",
		5:  "REFUSED",
		6:  "YXDOMAIN",
		7:  "YXRRSET",
		8:  "NXRRSET",
		9:  "NOTAUTH",
		10: "NOTZONE",
		11: "DSOTYPENI",
		16: "BADSIG",
		17: "BADKEY",
		18: "BADTIME",
		19: "BADMODE",
		20: "BADNAME",
		21: "BADALG",
		22: "BADTRUNC",
		23: "BADCOOKIE",
	}
)
View Source
var (
	OptCodes = map[int]string{
		3:  "NSID",
		8:  "CSUBNET",
		9:  "EXPIRE",
		10: "COOKIE",
		11: "KEEPALIVE",
		12: "PADDING",
		15: "ERRORS",
	}
	ErrorCodeToString = map[int]string{
		0:  "Other",
		1:  "Unsupported DNSKEY Algorithm",
		2:  "Unsupported DS Digest Type",
		3:  "Stale Answer",
		4:  "Forged Answer",
		5:  "DNSSEC Indeterminate",
		6:  "DNSSEC Bogus",
		7:  "Signature Expired",
		8:  "Signature Not Yet Valid",
		9:  "DNSKEY Missing",
		10: "RRSIGs Missing",
		11: "No Zone Key Bit Set",
		12: "NSEC Missing",
		13: "Cached Error",
		14: "Not Ready",
		15: "Blocked",
		16: "Censored",
		17: "Filtered",
		18: "Prohibited",
		19: "Stale NXDOMAIN Answer",
		20: "Not Authoritative",
		21: "Not Supported",
		22: "No Reachable Authority",
		23: "Network Error",
		24: "Invalid Data",
	}
)
View Source
var (
	DnsQuery                  = "QUERY"
	DnsReply                  = "REPLY"
	PdnsDirectives            = regexp.MustCompile(`^powerdns-*`)
	GeoIPDirectives           = regexp.MustCompile(`^geoip-*`)
	SuspiciousDirectives      = regexp.MustCompile(`^suspicious-*`)
	PublicSuffixDirectives    = regexp.MustCompile(`^publixsuffix-*`)
	ExtractedDirectives       = regexp.MustCompile(`^extracted-*`)
	ReducerDirectives         = regexp.MustCompile(`^reducer-*`)
	MachineLearningDirectives = regexp.MustCompile(`^ml-*`)
)
View Source
var ErrDecodeDnsAnswerRdataTooShort = errors.New("malformed pkt, not enough data to decode rdata answer")
View Source
var ErrDecodeDnsAnswerTooShort = errors.New("malformed pkt, not enough data to decode answer")
View Source
var ErrDecodeDnsHeaderTooShort = errors.New("malformed pkt, dns payload too short to decode header")
View Source
var ErrDecodeDnsLabelInvalidData = errors.New("malformed pkt, invalid label length byte")
View Source
var ErrDecodeDnsLabelInvalidOffset = errors.New("malformed pkt, invalid offset to decode label")
View Source
var ErrDecodeDnsLabelInvalidPointer = errors.New("malformed pkt, label pointer not pointing to prior data")
View Source
var ErrDecodeDnsLabelTooLong = errors.New("malformed pkt, label too long")
View Source
var ErrDecodeDnsLabelTooShort = errors.New("malformed pkt, dns payload too short to get label")
View Source
var ErrDecodeEdnsBadRootDomain = errors.New("edns, name MUST be 0 (root domain)")
View Source
var ErrDecodeEdnsDataTooShort = errors.New("edns, not enough data to decode rdata answer")
View Source
var ErrDecodeEdnsOptionCsubnetBadFamily = errors.New("edns, csubnet option bad family")
View Source
var ErrDecodeEdnsOptionTooShort = errors.New("edns, not enough data to decode option answer")
View Source
var ErrDecodeEdnsTooManyOpts = errors.New("edns, packet contained too many OPT RRs")
View Source
var ErrDecodeQuestionQtypeTooShort = errors.New("malformed pkt, not enough data to decode qtype")

Functions

func DecodePayload added in v0.21.0

func DecodePayload(dm *DnsMessage, header *DnsHeader, config *Config) error

decodePayload can be used to decode raw payload data in dm.DNS.Payload into relevant parts of dm.DNS struct. The payload is decoded according to given DNS header. If packet is marked as malformed already, this function returs with no error, but does not process the packet. Error is returned if packet can not be parsed. Returned error wraps the original error returned by relevant decoding operation.

func DecodeQuestion added in v0.14.0

func DecodeQuestion(qdcount int, payload []byte) (string, int, int, error)

DNS QUESTION +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / QNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func GetIpPort added in v0.26.0

func GetIpPort(dm *DnsMessage) (string, int, string, int)

func IsValidMode added in v0.11.0

func IsValidMode(mode string) bool

func IsValidTLS added in v0.25.0

func IsValidTLS(mode string) bool

func OptCodeToString added in v0.14.0

func OptCodeToString(rcode int) string

func ParseA added in v0.14.0

func ParseA(r []byte) (string, error)

IPv4 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseAAAA added in v0.14.0

func ParseAAAA(rdata []byte) (string, error)

IPv6 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | ADDRESS | | | | | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseCNAME added in v0.14.0

func ParseCNAME(rdata_offset int, payload []byte) (string, error)

CNAME +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseCsubnet added in v0.14.0

func ParseCsubnet(d []byte) (string, error)

https://datatracker.ietf.org/doc/html/rfc7871

Extended Csubnet EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| FAMILY |

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| ADDRESS... /

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

func ParseErrors added in v0.14.0

func ParseErrors(d []byte) (string, error)

https://datatracker.ietf.org/doc/html/rfc8914

Extended Error EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | INFO-CODE | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / EXTRA-TEXT ... / +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

func ParseLabels added in v0.14.0

func ParseLabels(offset int, payload []byte) (string, int, error)

func ParseMX added in v0.14.0

func ParseMX(rdata_offset int, payload []byte) (string, error)

MX +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseNS added in v0.14.0

func ParseNS(rdata_offset int, payload []byte) (string, error)

NS +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NSDNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseOption added in v0.14.0

func ParseOption(optName string, optData []byte) (string, error)

func ParsePTR added in v0.14.0

func ParsePTR(rdata_offset int, payload []byte) (string, error)

PTR +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / PTRDNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseRdata added in v0.14.0

func ParseRdata(rdatatype string, rdata []byte, payload []byte, rdata_offset int) (string, error)

func ParseSOA added in v0.14.0

func ParseSOA(rdata_offset int, payload []byte) (string, error)

SOA +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / MNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / RNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | SERIAL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | REFRESH | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RETRY | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | EXPIRE | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | MINIMUM | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseSRV added in v0.14.0

func ParseSRV(rdata_offset int, payload []byte) (string, error)

SRV +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRIORITY | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | WEIGHT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PORT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TARGET | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseSVCB added in v0.34.0

func ParseSVCB(rdata []byte) (string, error)

SVCB +--+--+ | PRIO| +--+--+--+ / Target / +--+--+--+ / Params / +--+--+--+

func ParseSVCParam added in v0.34.0

func ParseSVCParam(svcParamKey uint16, paramData []byte) (string, error)

func ParseTXT added in v0.14.0

func ParseTXT(rdata []byte) (string, error)

TXT +--+--+--+--+--+--+--+--+ | LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func RcodeToString added in v0.14.0

func RcodeToString(rcode int) string

func RdatatypeToString added in v0.14.0

func RdatatypeToString(rrtype int) string

func ReloadConfig added in v0.16.0

func ReloadConfig(configPath string, config *Config) error

func SVCParamKeyToString added in v0.34.0

func SVCParamKeyToString(svcParamKey uint16) string

Types

type Config

type Config struct {
	Global struct {
		TextFormat          string `yaml:"text-format"`
		TextFormatDelimiter string `yaml:"text-format-delimiter"`
		TextFormatBoundary  string `yaml:"text-format-boundary"`
		Trace               struct {
			Verbose      bool   `yaml:"verbose"`
			LogMalformed bool   `yaml:"log-malformed"`
			Filename     string `yaml:"filename"`
			MaxSize      int    `yaml:"max-size"`
			MaxBackups   int    `yaml:"max-backups"`
		} `yaml:"trace"`
		ServerIdentity string `yaml:"server-identity"`
	} `yaml:"global"`

	Collectors struct {
		Tail struct {
			Enable       bool   `yaml:"enable"`
			TimeLayout   string `yaml:"time-layout"`
			PatternQuery string `yaml:"pattern-query"`
			PatternReply string `yaml:"pattern-reply"`
			FilePath     string `yaml:"file-path"`
		} `yaml:"tail"`
		Dnstap struct {
			Enable            bool   `yaml:"enable"`
			ListenIP          string `yaml:"listen-ip"`
			ListenPort        int    `yaml:"listen-port"`
			SockPath          string `yaml:"sock-path"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			CertFile          string `yaml:"cert-file"`
			KeyFile           string `yaml:"key-file"`
			RcvBufSize        int    `yaml:"sock-rcvbuf"`
			ResetConn         bool   `yaml:"reset-conn"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"dnstap"`
		DnstapProxifier struct {
			Enable        bool   `yaml:"enable"`
			ListenIP      string `yaml:"listen-ip"`
			ListenPort    int    `yaml:"listen-port"`
			SockPath      string `yaml:"sock-path"`
			TlsSupport    bool   `yaml:"tls-support"`
			TlsMinVersion string `yaml:"tls-min-version"`
			CertFile      string `yaml:"cert-file"`
			KeyFile       string `yaml:"key-file"`
		} `yaml:"dnstap-proxifier"`
		AfpacketLiveCapture struct {
			Enable            bool   `yaml:"enable"`
			Port              int    `yaml:"port"`
			Device            string `yaml:"device"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"afpacket-sniffer"`
		XdpLiveCapture struct {
			Enable            bool   `yaml:"enable"`
			Port              int    `yaml:"port"`
			Device            string `yaml:"device"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"xdp-sniffer"`
		PowerDNS struct {
			Enable            bool   `yaml:"enable"`
			ListenIP          string `yaml:"listen-ip"`
			ListenPort        int    `yaml:"listen-port"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			CertFile          string `yaml:"cert-file"`
			KeyFile           string `yaml:"key-file"`
			AddDnsPayload     bool   `yaml:"add-dns-payload"`
			RcvBufSize        int    `yaml:"sock-rcvbuf"`
			ResetConn         bool   `yaml:"reset-conn"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"powerdns"`
		FileIngestor struct {
			Enable            bool   `yaml:"enable"`
			WatchDir          string `yaml:"watch-dir"`
			WatchMode         string `yaml:"watch-mode"`
			PcapDnsPort       int    `yaml:"pcap-dns-port"`
			DeleteAfter       bool   `yaml:"delete-after"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"file-ingestor"`
		Tzsp struct {
			Enable            bool   `yaml:"enable"`
			ListenIp          string `yaml:"listen-ip"`
			ListenPort        int    `yaml:"listen-port"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		}
	} `yaml:"collectors"`

	IngoingTransformers ConfigTransformers `yaml:"ingoing-transformers"`

	Loggers struct {
		Stdout struct {
			Enable            bool   `yaml:"enable"`
			Mode              string `yaml:"mode"`
			TextFormat        string `yaml:"text-format"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"stdout"`
		Prometheus struct {
			Enable                  bool     `yaml:"enable"`
			ListenIP                string   `yaml:"listen-ip"`
			ListenPort              int      `yaml:"listen-port"`
			TlsSupport              bool     `yaml:"tls-support"`
			TlsMutual               bool     `yaml:"tls-mutual"`
			TlsMinVersion           string   `yaml:"tls-min-version"`
			CertFile                string   `yaml:"cert-file"`
			KeyFile                 string   `yaml:"key-file"`
			PromPrefix              string   `yaml:"prometheus-prefix"`
			LabelsList              []string `yaml:"prometheus-labels"`
			TopN                    int      `yaml:"top-n"`
			BasicAuthLogin          string   `yaml:"basic-auth-login"`
			BasicAuthPwd            string   `yaml:"basic-auth-pwd"`
			BasicAuthEnabled        bool     `yaml:"basic-auth-enable"`
			ChannelBufferSize       int      `yaml:"chan-buffer-size"`
			HistogramMetricsEnabled bool     `yaml:"histogram-metrics-enabled"`
		} `yaml:"prometheus"`
		RestAPI struct {
			Enable            bool   `yaml:"enable"`
			ListenIP          string `yaml:"listen-ip"`
			ListenPort        int    `yaml:"listen-port"`
			BasicAuthLogin    string `yaml:"basic-auth-login"`
			BasicAuthPwd      string `yaml:"basic-auth-pwd"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			CertFile          string `yaml:"cert-file"`
			KeyFile           string `yaml:"key-file"`
			TopN              int    `yaml:"top-n"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"restapi"`
		LogFile struct {
			Enable              bool   `yaml:"enable"`
			FilePath            string `yaml:"file-path"`
			MaxSize             int    `yaml:"max-size"`
			MaxFiles            int    `yaml:"max-files"`
			FlushInterval       int    `yaml:"flush-interval"`
			Compress            bool   `yaml:"compress"`
			CompressInterval    int    `yaml:"compress-interval"`
			CompressPostCommand string `yaml:"compress-postcommand"`
			Mode                string `yaml:"mode"`
			PostRotateCommand   string `yaml:"postrotate-command"`
			PostRotateDelete    bool   `yaml:"postrotate-delete-success"`
			TextFormat          string `yaml:"text-format"`
			ChannelBufferSize   int    `yaml:"chan-buffer-size"`
		} `yaml:"logfile"`
		Dnstap struct {
			Enable            bool   `yaml:"enable"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			SockPath          string `yaml:"sock-path"`
			ConnectTimeout    int    `yaml:"connect-timeout"`
			RetryInterval     int    `yaml:"retry-interval"`
			FlushInterval     int    `yaml:"flush-interval"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			ServerId          string `yaml:"server-id"`
			OverwriteIdentity bool   `yaml:"overwrite-identity"`
			BufferSize        int    `yaml:"buffer-size"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"dnstap"`
		TcpClient struct {
			Enable            bool   `yaml:"enable"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			SockPath          string `yaml:"sock-path"`
			RetryInterval     int    `yaml:"retry-interval"`
			Transport         string `yaml:"transport"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			Mode              string `yaml:"mode"`
			TextFormat        string `yaml:"text-format"`
			PayloadDelimiter  string `yaml:"delimiter"`
			BufferSize        int    `yaml:"buffer-size"`
			FlushInterval     int    `yaml:"flush-interval"`
			ConnectTimeout    int    `yaml:"connect-timeout"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"tcpclient"`
		Syslog struct {
			Enable            bool   `yaml:"enable"`
			Severity          string `yaml:"severity"`
			Facility          string `yaml:"facility"`
			Transport         string `yaml:"transport"`
			RemoteAddress     string `yaml:"remote-address"`
			RetryInterval     int    `yaml:"retry-interval"`
			TextFormat        string `yaml:"text-format"`
			Mode              string `yaml:"mode"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			Format            string `yaml:"format"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
			Tag               string `yaml:"tag"`
		} `yaml:"syslog"`
		Fluentd struct {
			Enable            bool   `yaml:"enable"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			SockPath          string `yaml:"sock-path"`
			ConnectTimeout    int    `yaml:"connect-timeout"`
			RetryInterval     int    `yaml:"retry-interval"`
			FlushInterval     int    `yaml:"flush-interval"`
			Transport         string `yaml:"transport"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			Tag               string `yaml:"tag"`
			BufferSize        int    `yaml:"buffer-size"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"fluentd"`
		InfluxDB struct {
			Enable            bool   `yaml:"enable"`
			ServerURL         string `yaml:"server-url"`
			AuthToken         string `yaml:"auth-token"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			Bucket            string `yaml:"bucket"`
			Organization      string `yaml:"organization"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"influxdb"`
		LokiClient struct {
			Enable            bool              `yaml:"enable"`
			ServerURL         string            `yaml:"server-url"`
			JobName           string            `yaml:"job-name"`
			Mode              string            `yaml:"mode"`
			FlushInterval     int               `yaml:"flush-interval"`
			BatchSize         int               `yaml:"batch-size"`
			RetryInterval     int               `yaml:"retry-interval"`
			TextFormat        string            `yaml:"text-format"`
			ProxyURL          string            `yaml:"proxy-url"`
			TlsInsecure       bool              `yaml:"tls-insecure"`
			TlsMinVersion     string            `yaml:"tls-min-version"`
			BasicAuthLogin    string            `yaml:"basic-auth-login"`
			BasicAuthPwd      string            `yaml:"basic-auth-pwd"`
			BasicAuthPwdFile  string            `yaml:"basic-auth-pwd-file"`
			TenantId          string            `yaml:"tenant-id"`
			RelabelConfigs    []*relabel.Config `yaml:"relabel-configs"`
			ChannelBufferSize int               `yaml:"chan-buffer-size"`
		} `yaml:"lokiclient"`
		Statsd struct {
			Enable            bool   `yaml:"enable"`
			Prefix            string `yaml:"prefix"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			Transport         string `yaml:"transport"`
			FlushInterval     int    `yaml:"flush-interval"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"statsd"`
		ElasticSearchClient struct {
			Enable            bool   `yaml:"enable"`
			Index             string `yaml:"index"`
			Server            string `yaml:"server"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
			BulkSize          int    `yaml:"bulk-size"`
			FlushInterval     int    `yaml:"flush-interval"`
		} `yaml:"elasticsearch"`
		ScalyrClient struct {
			Enable            bool                   `yaml:"enable"`
			Mode              string                 `yaml:"mode"`
			TextFormat        string                 `yaml:"text-format"`
			SessionInfo       map[string]string      `yaml:"sessioninfo"`
			Attrs             map[string]interface{} `yaml:"attrs"`
			ServerURL         string                 `yaml:"server-url"`
			ApiKey            string                 `yaml:"apikey"`
			Parser            string                 `yaml:"parser"`
			FlushInterval     int                    `yaml:"flush-interval"`
			ProxyURL          string                 `yaml:"proxy-url"`
			TlsInsecure       bool                   `yaml:"tls-insecure"`
			TlsMinVersion     string                 `yaml:"tls-min-version"`
			ChannelBufferSize int                    `yaml:"chan-buffer-size"`
		} `yaml:"scalyrclient"`
		RedisPub struct {
			Enable            bool   `yaml:"enable"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			SockPath          string `yaml:"sock-path"`
			RetryInterval     int    `yaml:"retry-interval"`
			Transport         string `yaml:"transport"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			Mode              string `yaml:"mode"`
			TextFormat        string `yaml:"text-format"`
			PayloadDelimiter  string `yaml:"delimiter"`
			BufferSize        int    `yaml:"buffer-size"`
			FlushInterval     int    `yaml:"flush-interval"`
			ConnectTimeout    int    `yaml:"connect-timeout"`
			RedisChannel      string `yaml:"redis-channel"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"redispub"`
		KafkaProducer struct {
			Enable            bool   `yaml:"enable"`
			RemoteAddress     string `yaml:"remote-address"`
			RemotePort        int    `yaml:"remote-port"`
			RetryInterval     int    `yaml:"retry-interval"`
			TlsSupport        bool   `yaml:"tls-support"`
			TlsInsecure       bool   `yaml:"tls-insecure"`
			TlsMinVersion     string `yaml:"tls-min-version"`
			SaslSupport       bool   `yaml:"sasl-support"`
			SaslUsername      string `yaml:"sasl-username"`
			SaslPassword      string `yaml:"sasl-password"`
			SaslMechanism     string `yaml:"sasl-mechanism"`
			Mode              string `yaml:"mode"`
			BufferSize        int    `yaml:"buffer-size"`
			FlushInterval     int    `yaml:"flush-interval"`
			ConnectTimeout    int    `yaml:"connect-timeout"`
			Topic             string `yaml:"topic"`
			Partition         int    `yaml:"partition"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"kafkaproducer"`
		FalcoClient struct {
			Enable            bool   `yaml:"enable"`
			URL               string `yaml:"url"`
			ChannelBufferSize int    `yaml:"chan-buffer-size"`
		} `yaml:"falco"`
	} `yaml:"loggers"`

	OutgoingTransformers ConfigTransformers `yaml:"outgoing-transformers"`

	Multiplexer struct {
		Collectors []MultiplexInOut  `yaml:"collectors"`
		Loggers    []MultiplexInOut  `yaml:"loggers"`
		Routes     []MultiplexRoutes `yaml:"routes"`
	} `yaml:"multiplexer"`
}

main configuration

func GetFakeConfig

func GetFakeConfig() *Config

func LoadConfig

func LoadConfig(configPath string) (*Config, error)

func (*Config) GetServerIdentity added in v0.25.0

func (c *Config) GetServerIdentity() string

func (*Config) SetDefault

func (c *Config) SetDefault()

type ConfigTransformers added in v0.25.0

type ConfigTransformers struct {
	UserPrivacy struct {
		Enable        bool `yaml:"enable"`
		AnonymizeIP   bool `yaml:"anonymize-ip"`
		MinimazeQname bool `yaml:"minimaze-qname"`
		HashIP        bool `yaml:"hash-ip"`
	} `yaml:"user-privacy"`
	Normalize struct {
		Enable         bool `yaml:"enable"`
		QnameLowerCase bool `yaml:"qname-lowercase"`
		QuietText      bool `yaml:"quiet-text"`
		AddTld         bool `yaml:"add-tld"`
		AddTldPlusOne  bool `yaml:"add-tld-plus-one"`
	} `yaml:"normalize"`
	Latency struct {
		Enable            bool `yaml:"enable"`
		MeasureLatency    bool `yaml:"measure-latency"`
		UnansweredQueries bool `yaml:"unanswered-queries"`
		QueriesTimeout    int  `yaml:"queries-timeout"`
	}
	Reducer struct {
		Enable                    bool `yaml:"enable"`
		RepetitiveTrafficDetector bool `yaml:"repetitive-traffic-detector"`
		QnamePlusOne              bool `yaml:"qname-plus-one"`
		WatchInterval             int  `yaml:"watch-interval"`
	}
	Filtering struct {
		Enable          bool     `yaml:"enable"`
		DropFqdnFile    string   `yaml:"drop-fqdn-file"`
		DropDomainFile  string   `yaml:"drop-domain-file"`
		KeepFqdnFile    string   `yaml:"keep-fqdn-file"`
		KeepDomainFile  string   `yaml:"keep-domain-file"`
		DropQueryIpFile string   `yaml:"drop-queryip-file"`
		KeepQueryIpFile string   `yaml:"keep-queryip-file"`
		KeepRdataFile   string   `yaml:"keep-rdata-file"`
		DropRcodes      []string `yaml:"drop-rcodes,flow"`
		LogQueries      bool     `yaml:"log-queries"`
		LogReplies      bool     `yaml:"log-replies"`
		Downsample      int      `yaml:"downsample"`
	} `yaml:"filtering"`
	GeoIP struct {
		Enable        bool   `yaml:"enable"`
		DbCountryFile string `yaml:"mmdb-country-file"`
		DbCityFile    string `yaml:"mmdb-city-file"`
		DbAsnFile     string `yaml:"mmdb-asn-file"`
	} `yaml:"geoip"`
	Suspicious struct {
		Enable             bool     `yaml:"enable"`
		ThresholdQnameLen  int      `yaml:"threshold-qname-len"`
		ThresholdPacketLen int      `yaml:"threshold-packet-len"`
		ThresholdSlow      float64  `yaml:"threshold-slow"`
		CommonQtypes       []string `yaml:"common-qtypes,flow"`
		UnallowedChars     []string `yaml:"unallowed-chars,flow"`
		ThresholdMaxLabels int      `yaml:"threshold-max-labels"`
		WhitelistDomains   []string `yaml:"whitelist-domains,flow"`
	} `yaml:"suspicious"`
	Extract struct {
		Enable     bool `yaml:"enable"`
		AddPayload bool `yaml:"add-payload"`
	} `yaml:"extract"`
	MachineLearning struct {
		Enable      bool `yaml:"enable"`
		AddFeatures bool `yaml:"add-features"`
	} `yaml:"machine-learning"`
}

func GetFakeConfigTransformers added in v0.25.0

func GetFakeConfigTransformers() *ConfigTransformers

func (*ConfigTransformers) SetDefault added in v0.25.0

func (c *ConfigTransformers) SetDefault()

type Dns added in v0.14.0

type Dns struct {
	Type    string `json:"-" msgpack:"-"`
	Payload []byte `json:"-" msgpack:"-"`
	Length  int    `json:"length" msgpack:"-"`
	Id      int    `json:"-" msgpack:"-"`
	Opcode  int    `json:"opcode" msgpack:"opcode"`
	Rcode   string `json:"rcode" msgpack:"rcode"`
	Qname   string `json:"qname" msgpack:"qname"`

	Qtype           string   `json:"qtype" msgpack:"qtype"`
	Flags           DnsFlags `json:"flags" msgpack:"flags"`
	DnsRRs          DnsRRs   `json:"resource-records" msgpack:"resource-records"`
	MalformedPacket bool     `json:"malformed-packet" msgpack:"malformed-packet"`
}

type DnsAnswer

type DnsAnswer struct {
	Name      string `json:"name" msgpack:"name"`
	Rdatatype string `json:"rdatatype" msgpack:"rdatatype"`
	Class     int    `json:"-" msgpack:"-"`
	Ttl       int    `json:"ttl" msgpack:"ttl"`
	Rdata     string `json:"rdata" msgpack:"rdata"`
}

func DecodeAnswer added in v0.14.0

func DecodeAnswer(ancount int, start_offset int, payload []byte) ([]DnsAnswer, int, error)

type DnsExtended added in v0.14.0

type DnsExtended struct {
	UdpSize       int         `json:"udp-size" msgpack:"udp-size"`
	ExtendedRcode int         `json:"rcode" msgpack:"rcode"`
	Version       int         `json:"version" msgpack:"version"`
	Do            int         `json:"dnssec-ok" msgpack:"dnssec-ok"`
	Z             int         `json:"-" msgpack:"-"`
	Options       []DnsOption `json:"options" msgpack:"options"`
}

func DecodeEDNS added in v0.14.0

func DecodeEDNS(arcount int, start_offset int, payload []byte) (DnsExtended, int, error)

type DnsFlags added in v0.14.0

type DnsFlags struct {
	QR bool `json:"qr" msgpack:"qr"`
	TC bool `json:"tc" msgpack:"tc"`
	AA bool `json:"aa" msgpack:"aa"`
	RA bool `json:"ra" msgpack:"ra"`
	AD bool `json:"ad" msgpack:"ad"`
}

type DnsHeader added in v0.14.0

type DnsHeader struct {
	Id      int
	Qr      int
	Opcode  int
	Aa      int
	Tc      int
	Rd      int
	Ra      int
	Z       int
	Ad      int
	Cd      int
	Rcode   int
	Qdcount int
	Ancount int
	Nscount int
	Arcount int
}

func DecodeDns added in v0.14.0

func DecodeDns(payload []byte) (DnsHeader, error)

type DnsMessage

type DnsMessage struct {
	NetworkInfo     DnsNetInfo             `json:"network" msgpack:"network"`
	DNS             Dns                    `json:"dns" msgpack:"dns"`
	EDNS            DnsExtended            `json:"edns" msgpack:"edns"`
	DnsTap          DnsTap                 `json:"dnstap" msgpack:"dnstap"`
	Geo             *TransformDnsGeo       `json:"geoip,omitempty" msgpack:"geo"`
	PowerDns        *PowerDns              `json:"powerdns,omitempty" msgpack:"powerdns"`
	Suspicious      *TransformSuspicious   `json:"suspicious,omitempty" msgpack:"suspicious"`
	PublicSuffix    *TransformPublicSuffix `json:"publicsuffix,omitempty" msgpack:"publicsuffix"`
	Extracted       *TransformExtracted    `json:"extracted,omitempty" msgpack:"extracted"`
	Reducer         *TransformReducer      `json:"reducer,omitempty" msgpack:"reducer"`
	MachineLearning *TransformML           `json:"ml,omitempty" msgpack:"ml"`
}

func GetFakeDnsMessage

func GetFakeDnsMessage() DnsMessage

func (*DnsMessage) Bytes

func (dm *DnsMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte

func (*DnsMessage) Flatten added in v0.31.0

func (dm *DnsMessage) Flatten() (ret map[string]interface{}, err error)

func (*DnsMessage) Init

func (dm *DnsMessage) Init()

func (*DnsMessage) String

func (dm *DnsMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string

func (*DnsMessage) ToDnstap added in v0.26.0

func (dm *DnsMessage) ToDnstap() ([]byte, error)

func (*DnsMessage) ToFlattenJson added in v0.32.0

func (dm *DnsMessage) ToFlattenJson() (string, error)

func (*DnsMessage) ToJson added in v0.32.0

func (dm *DnsMessage) ToJson() string

func (*DnsMessage) ToPacketLayer added in v0.26.0

func (dm *DnsMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)

type DnsNetInfo added in v0.14.0

type DnsNetInfo struct {
	Family         string `json:"family" msgpack:"family"`
	Protocol       string `json:"protocol" msgpack:"protocol"`
	QueryIp        string `json:"query-ip" msgpack:"query-ip"`
	QueryPort      string `json:"query-port" msgpack:"query-port"`
	ResponseIp     string `json:"response-ip" msgpack:"response-ip"`
	ResponsePort   string `json:"response-port" msgpack:"response-port"`
	IpDefragmented bool   `json:"ip-defragmented" msgpack:"ip-defragmented"`
	TcpReassembled bool   `json:"tcp-reassembled" msgpack:"tcp-reassembled"`
}

type DnsOption added in v0.14.0

type DnsOption struct {
	Code int    `json:"code" msgpack:"code"`
	Name string `json:"name" msgpack:"name"`
	Data string `json:"data" msgpack:"data"`
}

type DnsRRs added in v0.14.0

type DnsRRs struct {
	Answers     []DnsAnswer `json:"an" msgpack:"an"`
	Nameservers []DnsAnswer `json:"ns" msgpack:"ns"`
	Records     []DnsAnswer `json:"ar" msgpack:"ar"`
}

type DnsTap added in v0.14.0

type DnsTap struct {
	Operation        string  `json:"operation" msgpack:"operation"`
	Identity         string  `json:"identity" msgpack:"identity"`
	Version          string  `json:"version" msgpack:"version"`
	TimestampRFC3339 string  `json:"timestamp-rfc3339ns" msgpack:"timestamp-rfc3339ns"`
	Timestamp        int64   `json:"-" msgpack:"-"`
	TimeSec          int     `json:"-" msgpack:"-"`
	TimeNsec         int     `json:"-" msgpack:"-"`
	Latency          float64 `json:"-" msgpack:"-"`
	LatencySec       string  `json:"latency" msgpack:"latency"`
	Payload          []byte  `json:"-" msgpack:"-"`
	Extra            string  `json:"extra" msgpack:"extra"`
}

type MultiplexInOut added in v0.20.0

type MultiplexInOut struct {
	Name       string                 `yaml:"name"`
	Transforms map[string]interface{} `yaml:"transforms"`
	Params     map[string]interface{} `yaml:",inline"`
}

type MultiplexRoutes added in v0.20.0

type MultiplexRoutes struct {
	Src []string `yaml:"from,flow"`
	Dst []string `yaml:"to,flow"`
}

type PowerDns added in v0.18.0

type PowerDns struct {
	Tags                  []string          `json:"tags" msgpack:"tags"`
	OriginalRequestSubnet string            `json:"original-request-subnet" msgpack:"original-request-subnet"`
	AppliedPolicy         string            `json:"applied-policy" msgpack:"applied-policy"`
	Metadata              map[string]string `json:"metadata" msgpack:"metadata"`
}

type TransformDnsGeo added in v0.32.0

type TransformDnsGeo struct {
	City                   string `json:"city" msgpack:"city"`
	Continent              string `json:"continent" msgpack:"continent"`
	CountryIsoCode         string `json:"country-isocode" msgpack:"country-isocode"`
	AutonomousSystemNumber string `json:"as-number" msgpack:"as-number"`
	AutonomousSystemOrg    string `json:"as-owner" msgpack:"as-owner"`
}

type TransformExtracted added in v0.32.0

type TransformExtracted struct {
	Base64Payload []byte `json:"dns_payload" msgpack:"dns_payload"`
}

type TransformML added in v0.35.0

type TransformML struct {
	Entropy               float64 `json:"entropy" msgpack:"entropy"`   // Entropy of query name
	Length                int     `json:"length" msgpack:"length"`     // Length of domain
	Labels                int     `json:"labels" msgpack:"labels"`     // Number of labels in the query name  separated by dots
	Digits                int     `json:"digits" msgpack:"digits"`     // Count of numerical characters
	Lowers                int     `json:"lowers" msgpack:"lowers"`     // Count of lowercase characters
	Uppers                int     `json:"uppers" msgpack:"uppers"`     // Count of uppercase characters
	Specials              int     `json:"specials" msgpack:"specials"` // Number of special characters; special characters such as dash, underscore, equal sign,...
	Others                int     `json:"others" msgpack:"others"`
	RatioDigits           float64 `json:"ratio-digits" msgpack:"ratio-digits"`
	RatioLetters          float64 `json:"ratio-letters" msgpack:"ratio-letters"`
	RatioSpecials         float64 `json:"ratio-specials" msgpack:"ratio-specials"`
	RatioOthers           float64 `json:"ratio-others" msgpack:"ratio-others"`
	ConsecutiveChars      int     `json:"consecutive-chars" msgpack:"consecutive-chars"`
	ConsecutiveVowels     int     `json:"consecutive-vowels" msgpack:"consecutive-vowels"`
	ConsecutiveDigits     int     `json:"consecutive-digits" msgpack:"consecutive-digits"`
	ConsecutiveConsonants int     `json:"consecutive-consonants" msgpack:"consecutive-consonants"`
	Size                  int     `json:"size" msgpack:"size"`
	Occurences            int     `json:"occurences" msgpack:"occurences"`
	UncommonQtypes        int     `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"`
}

type TransformPublicSuffix added in v0.32.0

type TransformPublicSuffix struct {
	QnamePublicSuffix        string `json:"tld" msgpack:"qname-public-suffix"`
	QnameEffectiveTLDPlusOne string `json:"etld+1" msgpack:"qname-effective-tld-plus-one"`
}

type TransformReducer added in v0.32.0

type TransformReducer struct {
	Occurences       int `json:"occurences" msgpack:"occurences"`
	CumulativeLength int `json:"cumulative-length" msgpack:"cumulative-length"`
}

type TransformSuspicious added in v0.32.0

type TransformSuspicious struct {
	Score                 float64 `json:"score" msgpack:"score"`
	MalformedPacket       bool    `json:"malformed-pkt" msgpack:"malformed-pkt"`
	LargePacket           bool    `json:"large-pkt" msgpack:"large-pkt"`
	LongDomain            bool    `json:"long-domain" msgpack:"long-domain"`
	SlowDomain            bool    `json:"slow-domain" msgpack:"slow-domain"`
	UnallowedChars        bool    `json:"unallowed-chars" msgpack:"unallowed-chars"`
	UncommonQtypes        bool    `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"`
	ExcessiveNumberLabels bool    `json:"excessive-number-labels" msgpack:"excessive-number-labels"`
	Domain                string  `json:"domain,omitempty" msgpack:"-"`
}

type Worker

type Worker interface {
	SetLoggers(loggers []Worker)
	GetName() string
	Stop()
	Run()
	Channel() chan DnsMessage
	ReadConfig()
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL