Documentation ¶
Index ¶
- Constants
- Variables
- func DecodePayload(dm *DNSMessage, header *DNSHeader, config *pkgconfig.Config) error
- func DecodeQuestion(qdcount int, payload []byte) (string, int, int, error)
- func GetFlatDNSMessage() (ret map[string]interface{}, err error)
- func GetIPPort(dm *DNSMessage) (string, int, string, int)
- func OptCodeToString(rcode int) string
- func ParseA(r []byte) (string, error)
- func ParseAAAA(rdata []byte) (string, error)
- func ParseCNAME(rdataOffset int, payload []byte) (string, error)
- func ParseCsubnet(d []byte) (string, error)
- func ParseErrors(d []byte) (string, error)
- func ParseLabels(offset int, payload []byte) (string, int, error)
- func ParseMX(rdataOffset int, payload []byte) (string, error)
- func ParseNS(rdataOffset int, payload []byte) (string, error)
- func ParseOption(optName string, optData []byte) (string, error)
- func ParsePTR(rdataOffset int, payload []byte) (string, error)
- func ParseRdata(rdatatype string, rdata []byte, payload []byte, rdataOffset int) (string, error)
- func ParseSOA(rdataOffset int, payload []byte) (string, error)
- func ParseSRV(rdataOffset int, payload []byte) (string, error)
- func ParseSVCB(rdata []byte) (string, error)
- func ParseSVCParam(svcParamKey uint16, paramData []byte) (string, error)
- func ParseTXT(rdata []byte) (string, error)
- func RcodeToString(rcode int) string
- func RdatatypeToString(rrtype int) string
- func SVCParamKeyToString(svcParamKey uint16) string
- type DNS
- type DNSAnswer
- type DNSExtended
- type DNSFlags
- type DNSHeader
- type DNSMessage
- func (dm *DNSMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte
- func (dm *DNSMessage) Flatten() (ret map[string]interface{}, err error)
- func (dm *DNSMessage) Init()
- func (dm *DNSMessage) InitTransforms()
- func (dm *DNSMessage) Matching(matching map[string]interface{}) (error, bool)
- func (dm *DNSMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string
- func (dm *DNSMessage) ToDNSTap(extended bool) ([]byte, error)
- func (dm *DNSMessage) ToFlatJSON() (string, error)
- func (dm *DNSMessage) ToJSON() string
- func (dm *DNSMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)
- func (dm *DNSMessage) ToTextLine(format []string, fieldDelimiter string, fieldBoundary string) ([]byte, error)
- type DNSNetInfo
- type DNSOption
- type DNSRRs
- type DNSTap
- type ExtendedATags
- type ExtendedDnstap
- func (*ExtendedDnstap) Descriptor() ([]byte, []int)deprecated
- func (x *ExtendedDnstap) GetAtags() *ExtendedATags
- func (x *ExtendedDnstap) GetFiltering() *ExtendedFiltering
- func (x *ExtendedDnstap) GetGeo() *ExtendedGeo
- func (x *ExtendedDnstap) GetNormalize() *ExtendedNormalize
- func (x *ExtendedDnstap) GetOriginalDnstapExtra() []byte
- func (x *ExtendedDnstap) GetVersion() string
- func (*ExtendedDnstap) ProtoMessage()
- func (x *ExtendedDnstap) ProtoReflect() protoreflect.Message
- func (x *ExtendedDnstap) Reset()
- func (x *ExtendedDnstap) String() string
- type ExtendedFiltering
- func (*ExtendedFiltering) Descriptor() ([]byte, []int)deprecated
- func (x *ExtendedFiltering) GetSampleRate() uint32
- func (*ExtendedFiltering) ProtoMessage()
- func (x *ExtendedFiltering) ProtoReflect() protoreflect.Message
- func (x *ExtendedFiltering) Reset()
- func (x *ExtendedFiltering) String() string
- type ExtendedGeo
- func (*ExtendedGeo) Descriptor() ([]byte, []int)deprecated
- func (x *ExtendedGeo) GetAsNumber() string
- func (x *ExtendedGeo) GetAsOrg() string
- func (x *ExtendedGeo) GetCity() string
- func (x *ExtendedGeo) GetContinent() string
- func (x *ExtendedGeo) GetIsocode() string
- func (*ExtendedGeo) ProtoMessage()
- func (x *ExtendedGeo) ProtoReflect() protoreflect.Message
- func (x *ExtendedGeo) Reset()
- func (x *ExtendedGeo) String() string
- type ExtendedNormalize
- func (*ExtendedNormalize) Descriptor() ([]byte, []int)deprecated
- func (x *ExtendedNormalize) GetEtldPlusOne() string
- func (x *ExtendedNormalize) GetTld() string
- func (*ExtendedNormalize) ProtoMessage()
- func (x *ExtendedNormalize) ProtoReflect() protoreflect.Message
- func (x *ExtendedNormalize) Reset()
- func (x *ExtendedNormalize) String() string
- type PowerDNS
- type TransformATags
- type TransformDNSGeo
- type TransformExtracted
- type TransformFiltering
- type TransformML
- type TransformPublicSuffix
- type TransformReducer
- type TransformSuspicious
Constants ¶
const ( ProtoDoT = "DOT" ProtoDoH = "DOH" DNSRcodeNoError = "NOERROR" DNSRcodeNXDomain = "NXDOMAIN" DNSRcodeServFail = "SERVFAIL" DNSRcodeTimeout = "TIMEOUT" DNSTapOperationQuery = "QUERY" DNSTapOperationReply = "REPLY" DNSTapClientResponse = "CLIENT_RESPONSE" DNSTapClientQuery = "CLIENT_QUERY" DNSTapIdentityTest = "test_id" MatchingModeInclude = "include" MatchingOpGreaterThan = "greater-than" MatchingOpLowerThan = "lower-than" MatchingOpSource = "match-source" MatchingOpSourceKind = "source-kind" MatchingKindString = "string_list" MatchingKindRegexp = "regexp_list" ErrorUnexpectedDirective = "unexpected text format directive: " )
const DNSLen = 12
const UNKNOWN = "UNKNOWN"
Variables ¶
var ( Rdatatypes = map[int]string{ 0: "NONE", 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", 21: "RT", 22: "NSAP", 23: "NSAP_PTR", 24: "SIG", 25: "KEY", 26: "PX", 27: "GPOS", 28: "AAAA", 29: "LOC", 30: "NXT", 33: "SRV", 35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6", 39: "DNAME", 41: "OPT", 42: "APL", 43: "DS", 44: "SSHFP", 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", 50: "NSEC3", 51: "NSEC3PARAM", 52: "TSLA", 53: "SMIMEA", 55: "HIP", 56: "NINFO", 59: "CDS", 60: "CDNSKEY", 61: "OPENPGPKEY", 62: "CSYNC", 64: "SVCB", 65: "HTTPS", 99: "SPF", 103: "UNSPEC", 108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG", 251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA", 255: "ANY", 256: "URI", 257: "CAA", 258: "AVC", 259: "AMTRELAY", 32768: "TA", 32769: "DLV", } Rcodes = map[int]string{ 0: "NOERROR", 1: "FORMERR", 2: "SERVFAIL", 3: "NXDOMAIN", 4: "NOIMP", 5: "REFUSED", 6: "YXDOMAIN", 7: "YXRRSET", 8: "NXRRSET", 9: "NOTAUTH", 10: "NOTZONE", 11: "DSOTYPENI", 16: "BADSIG", 17: "BADKEY", 18: "BADTIME", 19: "BADMODE", 20: "BADNAME", 21: "BADALG", 22: "BADTRUNC", 23: "BADCOOKIE", } )
var ( OptCodes = map[int]string{ 3: "NSID", 8: "CSUBNET", 9: "EXPIRE", 10: "COOKIE", 11: "KEEPALIVE", 12: "PADDING", 15: "ERRORS", } ErrorCodeToString = map[int]string{ 0: "Other", 1: "Unsupported DNSKEY Algorithm", 2: "Unsupported DS Digest Type", 3: "Stale Answer", 4: "Forged Answer", 5: "DNSSEC Indeterminate", 6: "DNSSEC Bogus", 7: "Signature Expired", 8: "Signature Not Yet Valid", 9: "DNSKEY Missing", 10: "RRSIGs Missing", 11: "No Zone Key Bit Set", 12: "NSEC Missing", 13: "Cached Error", 14: "Not Ready", 15: "Blocked", 16: "Censored", 17: "Filtered", 18: "Prohibited", 19: "Stale NXDOMAIN Answer", 20: "Not Authoritative", 21: "Not Supported", 22: "No Reachable Authority", 23: "Network Error", 24: "Invalid Data", } )
var ( DNSQuery = "QUERY" DNSQueryQuiet = "Q" DNSReply = "REPLY" DNSReplyQuiet = "R" PdnsDirectives = regexp.MustCompile(`^powerdns-*`) GeoIPDirectives = regexp.MustCompile(`^geoip-*`) SuspiciousDirectives = regexp.MustCompile(`^suspicious-*`) PublicSuffixDirectives = regexp.MustCompile(`^publixsuffix-*`) ExtractedDirectives = regexp.MustCompile(`^extracted-*`) ReducerDirectives = regexp.MustCompile(`^reducer-*`) MachineLearningDirectives = regexp.MustCompile(`^ml-*`) FilteringDirectives = regexp.MustCompile(`^filtering-*`) )
var ErrDecodeDNSAnswerRdataTooShort = errors.New("malformed pkt, not enough data to decode rdata answer")
var ErrDecodeDNSAnswerTooShort = errors.New("malformed pkt, not enough data to decode answer")
var ErrDecodeDNSHeaderTooShort = errors.New("malformed pkt, dns payload too short to decode header")
var ErrDecodeDNSLabelInvalidData = errors.New("malformed pkt, invalid label length byte")
var ErrDecodeDNSLabelInvalidOffset = errors.New("malformed pkt, invalid offset to decode label")
var ErrDecodeDNSLabelInvalidPointer = errors.New("malformed pkt, label pointer not pointing to prior data")
var ErrDecodeDNSLabelTooLong = errors.New("malformed pkt, label too long")
var ErrDecodeDNSLabelTooShort = errors.New("malformed pkt, dns payload too short to get label")
var ErrDecodeEdnsBadRootDomain = errors.New("edns, name MUST be 0 (root domain)")
var ErrDecodeEdnsDataTooShort = errors.New("edns, not enough data to decode rdata answer")
var ErrDecodeEdnsOptionCsubnetBadFamily = errors.New("edns, csubnet option bad family")
var ErrDecodeEdnsOptionTooShort = errors.New("edns, not enough data to decode option answer")
var ErrDecodeEdnsTooManyOpts = errors.New("edns, packet contained too many OPT RRs")
var ErrDecodeQuestionQtypeTooShort = errors.New("malformed pkt, not enough data to decode qtype")
var File_extended_dnstap_proto protoreflect.FileDescriptor
Functions ¶
func DecodePayload ¶ added in v0.21.0
func DecodePayload(dm *DNSMessage, header *DNSHeader, config *pkgconfig.Config) error
decodePayload can be used to decode raw payload data in dm.DNS.Payload into relevant parts of dm.DNS struct. The payload is decoded according to given DNS header. If packet is marked as malformed already, this function returs with no error, but does not process the packet. Error is returned if packet can not be parsed. Returned error wraps the original error returned by relevant decoding operation.
func DecodeQuestion ¶ added in v0.14.0
DNS QUESTION +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / QNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func GetFlatDNSMessage ¶ added in v0.40.0
func OptCodeToString ¶ added in v0.14.0
func ParseA ¶ added in v0.14.0
IPv4 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseAAAA ¶ added in v0.14.0
IPv6 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | ADDRESS | | | | | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCNAME ¶ added in v0.14.0
CNAME +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseCsubnet ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc7871
Extended Csubnet EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| FAMILY |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
| ADDRESS... /
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseErrors ¶ added in v0.14.0
https://datatracker.ietf.org/doc/html/rfc8914
Extended Error EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | INFO-CODE | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / EXTRA-TEXT ... / +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
func ParseLabels ¶ added in v0.14.0
func ParseMX ¶ added in v0.14.0
MX +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseNS ¶ added in v0.14.0
NS +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NSDNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseOption ¶ added in v0.14.0
func ParsePTR ¶ added in v0.14.0
PTR +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / PTRDNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseRdata ¶ added in v0.14.0
func ParseSOA ¶ added in v0.14.0
SOA +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / MNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / RNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | SERIAL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | REFRESH | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RETRY | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | EXPIRE | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | MINIMUM | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseSRV ¶ added in v0.14.0
SRV +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRIORITY | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | WEIGHT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PORT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TARGET | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func ParseSVCB ¶ added in v0.34.0
SVCB +--+--+ | PRIO| +--+--+--+ / Target / +--+--+--+ / Params / +--+--+--+
func ParseSVCParam ¶ added in v0.34.0
func ParseTXT ¶ added in v0.14.0
TXT +--+--+--+--+--+--+--+--+ | LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
func RcodeToString ¶ added in v0.14.0
func RdatatypeToString ¶ added in v0.14.0
func SVCParamKeyToString ¶ added in v0.34.0
Types ¶
type DNS ¶ added in v0.39.0
type DNS struct { Type string `json:"-" msgpack:"-"` Payload []byte `json:"-" msgpack:"-"` Length int `json:"length" msgpack:"-"` ID int `json:"id" msgpack:"id"` Opcode int `json:"opcode" msgpack:"opcode"` Rcode string `json:"rcode" msgpack:"rcode"` Qname string `json:"qname" msgpack:"qname"` Qtype string `json:"qtype" msgpack:"qtype"` Flags DNSFlags `json:"flags" msgpack:"flags"` DNSRRs DNSRRs `json:"resource-records" msgpack:"resource-records"` MalformedPacket bool `json:"malformed-packet" msgpack:"malformed-packet"` }
type DNSAnswer ¶ added in v0.39.0
type DNSExtended ¶ added in v0.39.0
type DNSExtended struct { UDPSize int `json:"udp-size" msgpack:"udp-size"` ExtendedRcode int `json:"rcode" msgpack:"rcode"` Version int `json:"version" msgpack:"version"` Do int `json:"dnssec-ok" msgpack:"dnssec-ok"` Z int `json:"-" msgpack:"-"` Options []DNSOption `json:"options" msgpack:"options"` }
func DecodeEDNS ¶ added in v0.14.0
type DNSHeader ¶ added in v0.39.0
type DNSMessage ¶ added in v0.39.0
type DNSMessage struct { NetworkInfo DNSNetInfo `json:"network" msgpack:"network"` DNS DNS `json:"dns" msgpack:"dns"` EDNS DNSExtended `json:"edns" msgpack:"edns"` DNSTap DNSTap `json:"dnstap" msgpack:"dnstap"` Geo *TransformDNSGeo `json:"geoip,omitempty" msgpack:"geo"` PowerDNS *PowerDNS `json:"powerdns,omitempty" msgpack:"powerdns"` Suspicious *TransformSuspicious `json:"suspicious,omitempty" msgpack:"suspicious"` PublicSuffix *TransformPublicSuffix `json:"publicsuffix,omitempty" msgpack:"publicsuffix"` Extracted *TransformExtracted `json:"extracted,omitempty" msgpack:"extracted"` Reducer *TransformReducer `json:"reducer,omitempty" msgpack:"reducer"` MachineLearning *TransformML `json:"ml,omitempty" msgpack:"ml"` Filtering *TransformFiltering `json:"filtering,omitempty" msgpack:"filtering"` ATags *TransformATags `json:"atags,omitempty" msgpack:"atags"` }
func GetFakeDNSMessage ¶ added in v0.39.0
func GetFakeDNSMessage() DNSMessage
func GetFakeDNSMessageWithPayload ¶ added in v0.39.0
func GetFakeDNSMessageWithPayload() DNSMessage
func GetReferenceDNSMessage ¶ added in v0.41.0
func GetReferenceDNSMessage() DNSMessage
func (*DNSMessage) Bytes ¶ added in v0.39.0
func (dm *DNSMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte
func (*DNSMessage) Flatten ¶ added in v0.39.0
func (dm *DNSMessage) Flatten() (ret map[string]interface{}, err error)
func (*DNSMessage) Init ¶ added in v0.39.0
func (dm *DNSMessage) Init()
func (*DNSMessage) InitTransforms ¶ added in v0.40.0
func (dm *DNSMessage) InitTransforms()
func (*DNSMessage) Matching ¶ added in v0.40.0
func (dm *DNSMessage) Matching(matching map[string]interface{}) (error, bool)
func (*DNSMessage) String ¶ added in v0.39.0
func (dm *DNSMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string
func (*DNSMessage) ToDNSTap ¶ added in v0.39.0
func (dm *DNSMessage) ToDNSTap(extended bool) ([]byte, error)
func (*DNSMessage) ToFlatJSON ¶ added in v0.39.0
func (dm *DNSMessage) ToFlatJSON() (string, error)
func (*DNSMessage) ToJSON ¶ added in v0.39.0
func (dm *DNSMessage) ToJSON() string
func (*DNSMessage) ToPacketLayer ¶ added in v0.39.0
func (dm *DNSMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)
func (*DNSMessage) ToTextLine ¶ added in v0.41.0
type DNSNetInfo ¶ added in v0.39.0
type DNSNetInfo struct { Family string `json:"family" msgpack:"family"` Protocol string `json:"protocol" msgpack:"protocol"` QueryIP string `json:"query-ip" msgpack:"query-ip"` QueryPort string `json:"query-port" msgpack:"query-port"` ResponseIP string `json:"response-ip" msgpack:"response-ip"` ResponsePort string `json:"response-port" msgpack:"response-port"` IPDefragmented bool `json:"ip-defragmented" msgpack:"ip-defragmented"` TCPReassembled bool `json:"tcp-reassembled" msgpack:"tcp-reassembled"` }
type DNSTap ¶ added in v0.39.0
type DNSTap struct { Operation string `json:"operation" msgpack:"operation"` Identity string `json:"identity" msgpack:"identity"` Version string `json:"version" msgpack:"version"` TimestampRFC3339 string `json:"timestamp-rfc3339ns" msgpack:"timestamp-rfc3339ns"` Timestamp int64 `json:"-" msgpack:"-"` TimeSec int `json:"-" msgpack:"-"` TimeNsec int `json:"-" msgpack:"-"` Latency float64 `json:"-" msgpack:"-"` LatencySec string `json:"latency" msgpack:"latency"` Payload []byte `json:"-" msgpack:"-"` Extra string `json:"extra" msgpack:"extra"` PolicyRule string `json:"policy-rule" msgpack:"policy-rule"` PolicyType string `json:"policy-type" msgpack:"policy-type"` PolicyMatch string `json:"policy-match" msgpack:"policy-match"` PolicyAction string `json:"policy-action" msgpack:"policy-action"` PolicyValue string `json:"policy-value" msgpack:"policy-value"` }
type ExtendedATags ¶ added in v0.40.0
type ExtendedATags struct { Tags []string `protobuf:"bytes,1,rep,name=tags,proto3" json:"tags,omitempty"` // contains filtered or unexported fields }
func (*ExtendedATags) Descriptor
deprecated
added in
v0.40.0
func (*ExtendedATags) Descriptor() ([]byte, []int)
Deprecated: Use ExtendedATags.ProtoReflect.Descriptor instead.
func (*ExtendedATags) GetTags ¶ added in v0.40.0
func (x *ExtendedATags) GetTags() []string
func (*ExtendedATags) ProtoMessage ¶ added in v0.40.0
func (*ExtendedATags) ProtoMessage()
func (*ExtendedATags) ProtoReflect ¶ added in v0.40.0
func (x *ExtendedATags) ProtoReflect() protoreflect.Message
func (*ExtendedATags) Reset ¶ added in v0.40.0
func (x *ExtendedATags) Reset()
func (*ExtendedATags) String ¶ added in v0.40.0
func (x *ExtendedATags) String() string
type ExtendedDnstap ¶ added in v0.40.0
type ExtendedDnstap struct { Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` OriginalDnstapExtra []byte `protobuf:"bytes,2,opt,name=original_dnstap_extra,json=originalDnstapExtra,proto3" json:"original_dnstap_extra,omitempty"` Normalize *ExtendedNormalize `protobuf:"bytes,4,opt,name=normalize,proto3" json:"normalize,omitempty"` Filtering *ExtendedFiltering `protobuf:"bytes,5,opt,name=filtering,proto3" json:"filtering,omitempty"` Geo *ExtendedGeo `protobuf:"bytes,6,opt,name=geo,proto3" json:"geo,omitempty"` // contains filtered or unexported fields }
func (*ExtendedDnstap) Descriptor
deprecated
added in
v0.40.0
func (*ExtendedDnstap) Descriptor() ([]byte, []int)
Deprecated: Use ExtendedDnstap.ProtoReflect.Descriptor instead.
func (*ExtendedDnstap) GetAtags ¶ added in v0.40.0
func (x *ExtendedDnstap) GetAtags() *ExtendedATags
func (*ExtendedDnstap) GetFiltering ¶ added in v0.40.0
func (x *ExtendedDnstap) GetFiltering() *ExtendedFiltering
func (*ExtendedDnstap) GetGeo ¶ added in v0.40.0
func (x *ExtendedDnstap) GetGeo() *ExtendedGeo
func (*ExtendedDnstap) GetNormalize ¶ added in v0.40.0
func (x *ExtendedDnstap) GetNormalize() *ExtendedNormalize
func (*ExtendedDnstap) GetOriginalDnstapExtra ¶ added in v0.40.0
func (x *ExtendedDnstap) GetOriginalDnstapExtra() []byte
func (*ExtendedDnstap) GetVersion ¶ added in v0.40.0
func (x *ExtendedDnstap) GetVersion() string
func (*ExtendedDnstap) ProtoMessage ¶ added in v0.40.0
func (*ExtendedDnstap) ProtoMessage()
func (*ExtendedDnstap) ProtoReflect ¶ added in v0.40.0
func (x *ExtendedDnstap) ProtoReflect() protoreflect.Message
func (*ExtendedDnstap) Reset ¶ added in v0.40.0
func (x *ExtendedDnstap) Reset()
func (*ExtendedDnstap) String ¶ added in v0.40.0
func (x *ExtendedDnstap) String() string
type ExtendedFiltering ¶ added in v0.40.0
type ExtendedFiltering struct { SampleRate uint32 `protobuf:"varint,1,opt,name=sample_rate,json=sampleRate,proto3" json:"sample_rate,omitempty"` // contains filtered or unexported fields }
func (*ExtendedFiltering) Descriptor
deprecated
added in
v0.40.0
func (*ExtendedFiltering) Descriptor() ([]byte, []int)
Deprecated: Use ExtendedFiltering.ProtoReflect.Descriptor instead.
func (*ExtendedFiltering) GetSampleRate ¶ added in v0.40.0
func (x *ExtendedFiltering) GetSampleRate() uint32
func (*ExtendedFiltering) ProtoMessage ¶ added in v0.40.0
func (*ExtendedFiltering) ProtoMessage()
func (*ExtendedFiltering) ProtoReflect ¶ added in v0.40.0
func (x *ExtendedFiltering) ProtoReflect() protoreflect.Message
func (*ExtendedFiltering) Reset ¶ added in v0.40.0
func (x *ExtendedFiltering) Reset()
func (*ExtendedFiltering) String ¶ added in v0.40.0
func (x *ExtendedFiltering) String() string
type ExtendedGeo ¶ added in v0.40.0
type ExtendedGeo struct { City string `protobuf:"bytes,1,opt,name=city,proto3" json:"city,omitempty"` Continent string `protobuf:"bytes,2,opt,name=continent,proto3" json:"continent,omitempty"` Isocode string `protobuf:"bytes,3,opt,name=isocode,proto3" json:"isocode,omitempty"` AsNumber string `protobuf:"bytes,4,opt,name=as_number,json=asNumber,proto3" json:"as_number,omitempty"` AsOrg string `protobuf:"bytes,5,opt,name=as_org,json=asOrg,proto3" json:"as_org,omitempty"` // contains filtered or unexported fields }
func (*ExtendedGeo) Descriptor
deprecated
added in
v0.40.0
func (*ExtendedGeo) Descriptor() ([]byte, []int)
Deprecated: Use ExtendedGeo.ProtoReflect.Descriptor instead.
func (*ExtendedGeo) GetAsNumber ¶ added in v0.40.0
func (x *ExtendedGeo) GetAsNumber() string
func (*ExtendedGeo) GetAsOrg ¶ added in v0.40.0
func (x *ExtendedGeo) GetAsOrg() string
func (*ExtendedGeo) GetCity ¶ added in v0.40.0
func (x *ExtendedGeo) GetCity() string
func (*ExtendedGeo) GetContinent ¶ added in v0.40.0
func (x *ExtendedGeo) GetContinent() string
func (*ExtendedGeo) GetIsocode ¶ added in v0.40.0
func (x *ExtendedGeo) GetIsocode() string
func (*ExtendedGeo) ProtoMessage ¶ added in v0.40.0
func (*ExtendedGeo) ProtoMessage()
func (*ExtendedGeo) ProtoReflect ¶ added in v0.40.0
func (x *ExtendedGeo) ProtoReflect() protoreflect.Message
func (*ExtendedGeo) Reset ¶ added in v0.40.0
func (x *ExtendedGeo) Reset()
func (*ExtendedGeo) String ¶ added in v0.40.0
func (x *ExtendedGeo) String() string
type ExtendedNormalize ¶ added in v0.40.0
type ExtendedNormalize struct { Tld string `protobuf:"bytes,1,opt,name=tld,proto3" json:"tld,omitempty"` EtldPlusOne string `protobuf:"bytes,2,opt,name=etld_plus_one,json=etldPlusOne,proto3" json:"etld_plus_one,omitempty"` // contains filtered or unexported fields }
func (*ExtendedNormalize) Descriptor
deprecated
added in
v0.40.0
func (*ExtendedNormalize) Descriptor() ([]byte, []int)
Deprecated: Use ExtendedNormalize.ProtoReflect.Descriptor instead.
func (*ExtendedNormalize) GetEtldPlusOne ¶ added in v0.40.0
func (x *ExtendedNormalize) GetEtldPlusOne() string
func (*ExtendedNormalize) GetTld ¶ added in v0.40.0
func (x *ExtendedNormalize) GetTld() string
func (*ExtendedNormalize) ProtoMessage ¶ added in v0.40.0
func (*ExtendedNormalize) ProtoMessage()
func (*ExtendedNormalize) ProtoReflect ¶ added in v0.40.0
func (x *ExtendedNormalize) ProtoReflect() protoreflect.Message
func (*ExtendedNormalize) Reset ¶ added in v0.40.0
func (x *ExtendedNormalize) Reset()
func (*ExtendedNormalize) String ¶ added in v0.40.0
func (x *ExtendedNormalize) String() string
type PowerDNS ¶ added in v0.39.0
type PowerDNS struct { Tags []string `json:"tags" msgpack:"tags"` OriginalRequestSubnet string `json:"original-request-subnet" msgpack:"original-request-subnet"` AppliedPolicy string `json:"applied-policy" msgpack:"applied-policy"` AppliedPolicyHit string `json:"applied-policy-hit" msgpack:"applied-policy-hit"` AppliedPolicyKind string `json:"applied-policy-kind" msgpack:"applied-policy-kind"` AppliedPolicyTrigger string `json:"applied-policy-trigger" msgpack:"applied-policy-trigger"` AppliedPolicyType string `json:"applied-policy-type" msgpack:"applied-policy-type"` Metadata map[string]string `json:"metadata" msgpack:"metadata"` }
type TransformATags ¶ added in v0.40.0
type TransformATags struct {
Tags []string `json:"tags" msgpack:"tags"`
}
type TransformDNSGeo ¶ added in v0.39.0
type TransformDNSGeo struct { City string `json:"city" msgpack:"city"` Continent string `json:"continent" msgpack:"continent"` CountryIsoCode string `json:"country-isocode" msgpack:"country-isocode"` AutonomousSystemNumber string `json:"as-number" msgpack:"as-number"` AutonomousSystemOrg string `json:"as-owner" msgpack:"as-owner"` }
type TransformExtracted ¶ added in v0.32.0
type TransformExtracted struct {
Base64Payload []byte `json:"dns_payload" msgpack:"dns_payload"`
}
type TransformFiltering ¶ added in v0.39.0
type TransformFiltering struct {
SampleRate int `json:"sample-rate" msgpack:"sample-rate"`
}
type TransformML ¶ added in v0.35.0
type TransformML struct { Entropy float64 `json:"entropy" msgpack:"entropy"` // Entropy of query name Length int `json:"length" msgpack:"length"` // Length of domain Labels int `json:"labels" msgpack:"labels"` // Number of labels in the query name separated by dots Digits int `json:"digits" msgpack:"digits"` // Count of numerical characters Lowers int `json:"lowers" msgpack:"lowers"` // Count of lowercase characters Uppers int `json:"uppers" msgpack:"uppers"` // Count of uppercase characters Specials int `json:"specials" msgpack:"specials"` // Number of special characters; special characters such as dash, underscore, equal sign,... Others int `json:"others" msgpack:"others"` RatioDigits float64 `json:"ratio-digits" msgpack:"ratio-digits"` RatioLetters float64 `json:"ratio-letters" msgpack:"ratio-letters"` RatioSpecials float64 `json:"ratio-specials" msgpack:"ratio-specials"` RatioOthers float64 `json:"ratio-others" msgpack:"ratio-others"` ConsecutiveChars int `json:"consecutive-chars" msgpack:"consecutive-chars"` ConsecutiveVowels int `json:"consecutive-vowels" msgpack:"consecutive-vowels"` ConsecutiveDigits int `json:"consecutive-digits" msgpack:"consecutive-digits"` ConsecutiveConsonants int `json:"consecutive-consonants" msgpack:"consecutive-consonants"` Size int `json:"size" msgpack:"size"` Occurrences int `json:"occurrences" msgpack:"occurrences"` UncommonQtypes int `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"` }
type TransformPublicSuffix ¶ added in v0.32.0
type TransformReducer ¶ added in v0.32.0
type TransformSuspicious ¶ added in v0.32.0
type TransformSuspicious struct { Score float64 `json:"score" msgpack:"score"` MalformedPacket bool `json:"malformed-pkt" msgpack:"malformed-pkt"` LargePacket bool `json:"large-pkt" msgpack:"large-pkt"` LongDomain bool `json:"long-domain" msgpack:"long-domain"` SlowDomain bool `json:"slow-domain" msgpack:"slow-domain"` UnallowedChars bool `json:"unallowed-chars" msgpack:"unallowed-chars"` UncommonQtypes bool `json:"uncommon-qtypes" msgpack:"uncommon-qtypes"` ExcessiveNumberLabels bool `json:"excessive-number-labels" msgpack:"excessive-number-labels"` Domain string `json:"domain,omitempty" msgpack:"-"` }