dnsutils

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 23, 2024 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProtoDoT = "DOT"
	ProtoDoH = "DOH"

	DNSRcodeNoError  = "NOERROR"
	DNSRcodeNXDomain = "NXDOMAIN"
	DNSRcodeServFail = "SERVFAIL"
	DNSRcodeTimeout  = "TIMEOUT"

	DNSTapOperationQuery = "QUERY"
	DNSTapOperationReply = "REPLY"

	DNSTapClientResponse = "CLIENT_RESPONSE"
	DNSTapClientQuery    = "CLIENT_QUERY"

	DNSTapIdentityTest = "test_id"

	MatchingModeInclude   = "include"
	MatchingOpGreaterThan = "greater-than"
	MatchingOpLowerThan   = "lower-than"
	MatchingOpSource      = "match-source"
	MatchingOpSourceKind  = "source-kind"
	MatchingKindString    = "string_list"
	MatchingKindRegexp    = "regexp_list"

	ErrorUnexpectedDirective = "unexpected text format directive: "
)
View Source 
const DNSLen = 12
View Source 
const (
	TestQName = "dnstapcollector.test."
)
View Source 
const UNKNOWN = "UNKNOWN"

Variables

View Source 
var (
	Class      = map[int]string{1: "IN", 3: "CH", 4: "HS", 254: "NONE", 255: "ANY"}
	Rdatatypes = map[int]string{
		0: "NONE", 1: "A", 2: "NS", 3: "MD",
		4: "MF", 5: "CNAME", 6: "SOA", 7: "MB",
		8: "MG", 9: "MR", 10: "NULL", 11: "WKS",
		12: "PTR", 13: "HINFO", 14: "MINFO", 15: "MX",
		16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25",
		20: "ISDN", 21: "RT", 22: "NSAP", 23: "NSAP_PTR",
		24: "SIG", 25: "KEY", 26: "PX", 27: "GPOS",
		28: "AAAA", 29: "LOC", 30: "NXT", 33: "SRV",
		35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6",
		39: "DNAME", 41: "OPT", 42: "APL", 43: "DS",
		44: "SSHFP", 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC",
		48: "DNSKEY", 49: "DHCID", 50: "NSEC3", 51: "NSEC3PARAM",
		52: "TSLA", 53: "SMIMEA", 55: "HIP", 56: "NINFO",
		59: "CDS", 60: "CDNSKEY", 61: "OPENPGPKEY", 62: "CSYNC",
		64: "SVCB", 65: "HTTPS", 99: "SPF", 103: "UNSPEC",
		108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG",
		251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA",
		255: "ANY", 256: "URI", 257: "CAA", 258: "AVC",
		259: "AMTRELAY", 32768: "TA", 32769: "DLV",
	}
	Rcodes = map[int]string{
		0: "NOERROR", 1: "FORMERR", 2: "SERVFAIL", 3: "NXDOMAIN", 4: "NOIMP",
		5: "REFUSED", 6: "YXDOMAIN", 7: "YXRRSET", 8: "NXRRSET", 9: "NOTAUTH",
		10: "NOTZONE", 11: "DSOTYPENI", 16: "BADSIG", 17: "BADKEY",
		18: "BADTIME", 19: "BADMODE", 20: "BADNAME", 21: "BADALG",
		22: "BADTRUNC", 23: "BADCOOKIE",
	}
)
View Source 
var (
	DNSQuery                  = "QUERY"
	DNSQueryQuiet             = "Q"
	DNSReply                  = "REPLY"
	DNSReplyQuiet             = "R"
	PdnsDirectives            = regexp.MustCompile(`^powerdns-*`)
	GeoIPDirectives           = regexp.MustCompile(`^geoip-*`)
	SuspiciousDirectives      = regexp.MustCompile(`^suspicious-*`)
	PublicSuffixDirectives    = regexp.MustCompile(`^publixsuffix-*`)
	ExtractedDirectives       = regexp.MustCompile(`^extracted-*`)
	ReducerDirectives         = regexp.MustCompile(`^reducer-*`)
	MachineLearningDirectives = regexp.MustCompile(`^ml-*`)
	FilteringDirectives       = regexp.MustCompile(`^filtering-*`)
	RawTextDirective          = regexp.MustCompile(`^ *\{.*\}`)
	ATagsDirectives           = regexp.MustCompile(`^atags*`)
)
View Source 
var (
	OptCodes = map[int]string{
		3: "NSID", 8: "CSUBNET", 9: "EXPIRE", 10: "COOKIE", 11: "KEEPALIVE", 12: "PADDING", 15: "ERRORS",
	}
	ErrorCodeToString = map[int]string{
		0:  "Other",
		1:  "Unsupported DNSKEY Algorithm",
		2:  "Unsupported DS Digest Type",
		3:  "Stale Answer",
		4:  "Forged Answer",
		5:  "DNSSEC Indeterminate",
		6:  "DNSSEC Bogus",
		7:  "Signature Expired",
		8:  "Signature Not Yet Valid",
		9:  "DNSKEY Missing",
		10: "RRSIGs Missing",
		11: "No Zone Key Bit Set",
		12: "NSEC Missing",
		13: "Cached Error",
		14: "Not Ready",
		15: "Blocked",
		16: "Censored",
		17: "Filtered",
		18: "Prohibited",
		19: "Stale NXDOMAIN Answer",
		20: "Not Authoritative",
		21: "Not Supported",
		22: "No Reachable Authority",
		23: "Network Error",
		24: "Invalid Data",
	}
)
View Source 
var ErrDecodeDNSAnswerRdataTooShort = errors.New("malformed pkt, not enough data to decode rdata answer")
View Source 
var ErrDecodeDNSAnswerTooShort = errors.New("malformed pkt, not enough data to decode answer")
View Source 
var ErrDecodeDNSHeaderTooShort = errors.New("malformed pkt, dns payload too short to decode header")
View Source 
var ErrDecodeDNSLabelInvalidData = errors.New("malformed pkt, invalid label length byte")
View Source 
var ErrDecodeDNSLabelInvalidOffset = errors.New("malformed pkt, invalid offset to decode label")
View Source 
var ErrDecodeDNSLabelInvalidPointer = errors.New("malformed pkt, label pointer not pointing to prior data")
View Source 
var ErrDecodeDNSLabelTooLong = errors.New("malformed pkt, label too long")
View Source 
var ErrDecodeDNSLabelTooShort = errors.New("malformed pkt, dns payload too short to get label")
View Source 
var ErrDecodeEdnsBadRootDomain = errors.New("edns, name MUST be 0 (root domain)")
View Source 
var ErrDecodeEdnsDataTooShort = errors.New("edns, not enough data to decode rdata answer")
View Source 
var ErrDecodeEdnsOptionCsubnetBadFamily = errors.New("edns, csubnet option bad family")
View Source 
var ErrDecodeEdnsOptionTooShort = errors.New("edns, not enough data to decode option answer")
View Source 
var ErrDecodeEdnsTooManyOpts = errors.New("edns, packet contained too many OPT RRs")
View Source 
var ErrDecodeQuestionQclassTooShort = errors.New("malformed pkt, not enough data to decode qclass")
View Source 
var ErrDecodeQuestionQtypeTooShort = errors.New("malformed pkt, not enough data to decode qtype")
View Source 
var File_extended_dnstap_proto protoreflect.FileDescriptor

Functions

func ClassToString added in v0.42.0 

func ClassToString(class int) string

func ConvertToString added in v1.0.0 

func ConvertToString(value interface{}) string

func DecodePayload added in v0.21.0 

func DecodePayload(dm *DNSMessage, header *DNSHeader, config *pkgconfig.Config) error

decodePayload can be used to decode raw payload data in dm.DNS.Payload into relevant parts of dm.DNS struct. The payload is decoded according to given DNS header. If packet is marked as malformed already, this function returs with no error, but does not process the packet. Error is returned if packet can not be parsed. Returned error wraps the original error returned by relevant decoding operation.

func DecodeQuestion added in v0.14.0 

func DecodeQuestion(qdcount int, payload []byte) (string, int, int, int, error)

DNS QUESTION +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | / QNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QTYPE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | QCLASS | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func GetDNSResponsePacket added in v1.1.0 

func GetDNSResponsePacket() ([]byte, error)

func GetFakeDNS added in v0.44.0 

func GetFakeDNS() ([]byte, error)

func GetFlatDNSMessage added in v0.40.0 

func GetFlatDNSMessage() (ret map[string]interface{}, err error)

func GetIPPort added in v0.39.0 

func GetIPPort(dm *DNSMessage) (string, int, string, int)

func OptCodeToString added in v0.14.0 

func OptCodeToString(rcode int) string

func ParseA added in v0.14.0 

func ParseA(r []byte) (string, error)

IPv4 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ADDRESS | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseAAAA added in v0.14.0 

func ParseAAAA(rdata []byte) (string, error)

IPv6 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | | | | | | | ADDRESS | | | | | | | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseCNAME added in v0.14.0 

func ParseCNAME(rdataOffset int, payload []byte) (string, error)

CNAME +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseCsubnet added in v0.14.0 

func ParseCsubnet(d []byte) (string, error)

https://datatracker.ietf.org/doc/html/rfc7871

Extended Csubnet EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| FAMILY |

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

| ADDRESS... /

+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

func ParseErrors added in v0.14.0 

func ParseErrors(d []byte) (string, error)

https://datatracker.ietf.org/doc/html/rfc8914

Extended Error EDNS0 option format +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ | INFO-CODE | +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ / EXTRA-TEXT ... / +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

func ParseLabels added in v0.14.0 

func ParseLabels(offset int, payload []byte) (string, int, error)

func ParseMX added in v0.14.0 

func ParseMX(rdataOffset int, payload []byte) (string, error)

MX +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseNS added in v0.14.0 

func ParseNS(rdataOffset int, payload []byte) (string, error)

NS +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / NSDNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseOption added in v0.14.0 

func ParseOption(optName string, optData []byte) (string, error)

func ParsePTR added in v0.14.0 

func ParsePTR(rdataOffset int, payload []byte) (string, error)

PTR +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / PTRDNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseRdata added in v0.14.0 

func ParseRdata(rdatatype string, rdata []byte, payload []byte, rdataOffset int) (string, error)

func ParseSOA added in v0.14.0 

func ParseSOA(rdataOffset int, payload []byte) (string, error)

SOA +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / MNAME / / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / RNAME / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | SERIAL | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | REFRESH | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | RETRY | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | EXPIRE | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | MINIMUM | | | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseSRV added in v0.14.0 

func ParseSRV(rdataOffset int, payload []byte) (string, error)

SRV +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PRIORITY | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | WEIGHT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PORT | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | TARGET | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func ParseSVCB added in v0.34.0 

func ParseSVCB(rdata []byte) (string, error)

SVCB +--+--+ | PRIO| +--+--+--+ / Target / +--+--+--+ / Params / +--+--+--+

func ParseSVCParam added in v0.34.0 

func ParseSVCParam(svcParamKey uint16, paramData []byte) (string, error)

func ParseTXT added in v0.14.0 

func ParseTXT(rdata []byte) (string, error)

TXT +--+--+--+--+--+--+--+--+ | LENGTH | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / TXT-DATA / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+

func QuoteStringAndWrite added in v1.0.0 

func QuoteStringAndWrite(s *strings.Builder, fieldString, fieldDelimiter, fieldBoundary string)

func RcodeToString added in v0.14.0 

func RcodeToString(rcode int) string

func RdatatypeToString added in v0.14.0 

func RdatatypeToString(rrtype int) string

func SVCParamKeyToString added in v0.34.0 

func SVCParamKeyToString(svcParamKey uint16) string

Types

type DNS added in v0.39.0 

type DNS struct {
	Type    string `json:"-"`
	Payload []byte `json:"-"`
	Length  int    `json:"length"`
	ID      int    `json:"id"`
	Opcode  int    `json:"opcode"`
	Rcode   string `json:"rcode"`
	Qname   string `json:"qname"`
	Qclass  string `json:"qclass"`

	QdCount int `json:"qdcount"`
	AnCount int `json:"ancount"`
	NsCount int `json:"nscount"`
	ArCount int `json:"arcount"`

	Qtype           string   `json:"qtype"`
	Flags           DNSFlags `json:"flags"`
	DNSRRs          DNSRRs   `json:"resource-records"`
	MalformedPacket bool     `json:"malformed-packet"`
}

type DNSAnswer added in v0.39.0 

type DNSAnswer struct {
	Name      string `json:"name"`
	Rdatatype string `json:"rdatatype"`
	Class     string `json:"class"`
	TTL       int    `json:"ttl"`
	Rdata     string `json:"rdata"`
}

func DecodeAnswer added in v0.14.0 

func DecodeAnswer(ancount int, startOffset int, payload []byte) ([]DNSAnswer, int, error)

type DNSExtended added in v0.39.0 

type DNSExtended struct {
	UDPSize       int         `json:"udp-size"`
	ExtendedRcode int         `json:"rcode"`
	Version       int         `json:"version"`
	Do            int         `json:"dnssec-ok"`
	Z             int         `json:"-"`
	Options       []DNSOption `json:"options"`
}

func DecodeEDNS added in v0.14.0 

func DecodeEDNS(arcount int, startOffset int, payload []byte) (DNSExtended, int, error)

type DNSFlags added in v0.39.0 

type DNSFlags struct {
	QR bool `json:"qr"`
	TC bool `json:"tc"`
	AA bool `json:"aa"`
	RA bool `json:"ra"`
	AD bool `json:"ad"`
	RD bool `json:"rd"`
	CD bool `json:"cd"`
}

type DNSHeader added in v0.39.0 

type DNSHeader struct {
	ID, Qr, Opcode, Rcode              int
	Aa, Tc, Rd, Ra, Z, Ad, Cd          int
	Qdcount, Ancount, Nscount, Arcount int
}

func DecodeDNS added in v0.39.0 

func DecodeDNS(payload []byte) (DNSHeader, error)

type DNSMessage added in v0.39.0 

type DNSMessage struct {
	NetworkInfo     DNSNetInfo             `json:"network"`
	DNS             DNS                    `json:"dns"`
	EDNS            DNSExtended            `json:"edns"`
	DNSTap          DNSTap                 `json:"dnstap"`
	Geo             *TransformDNSGeo       `json:"geoip,omitempty"`
	PowerDNS        *PowerDNS              `json:"powerdns,omitempty"`
	Suspicious      *TransformSuspicious   `json:"suspicious,omitempty"`
	PublicSuffix    *TransformPublicSuffix `json:"publicsuffix,omitempty"`
	Extracted       *TransformExtracted    `json:"extracted,omitempty"`
	Reducer         *TransformReducer      `json:"reducer,omitempty"`
	MachineLearning *TransformML           `json:"ml,omitempty"`
	Filtering       *TransformFiltering    `json:"filtering,omitempty"`
	ATags           *TransformATags        `json:"atags,omitempty"`
	Relabeling      *TransformRelabeling   `json:"-"`
}

func GetFakeDNSMessage added in v0.39.0 

func GetFakeDNSMessage() DNSMessage

func GetFakeDNSMessageWithPayload added in v0.39.0 

func GetFakeDNSMessageWithPayload() DNSMessage

func GetReferenceDNSMessage added in v0.41.0 

func GetReferenceDNSMessage() DNSMessage

func (*DNSMessage) ApplyRelabeling added in v0.43.0 

func (dm *DNSMessage) ApplyRelabeling(dnsFields map[string]interface{}) error

func (*DNSMessage) Bytes added in v0.39.0 

func (dm *DNSMessage) Bytes(format []string, fieldDelimiter string, fieldBoundary string) []byte

func (*DNSMessage) Flatten added in v0.39.0 

func (dm *DNSMessage) Flatten() (map[string]interface{}, error)

func (*DNSMessage) Init added in v0.39.0 

func (dm *DNSMessage) Init()

func (*DNSMessage) InitTransforms added in v0.40.0 

func (dm *DNSMessage) InitTransforms()

func (*DNSMessage) Matching added in v0.40.0 

func (dm *DNSMessage) Matching(matching map[string]interface{}) (error, bool)

func (*DNSMessage) String added in v0.39.0 

func (dm *DNSMessage) String(format []string, fieldDelimiter string, fieldBoundary string) string

func (*DNSMessage) ToDNSTap added in v0.39.0 

func (dm *DNSMessage) ToDNSTap(extended bool) ([]byte, error)

func (*DNSMessage) ToFlatJSON added in v0.39.0 

func (dm *DNSMessage) ToFlatJSON() (string, error)

func (*DNSMessage) ToJSON added in v0.39.0 

func (dm *DNSMessage) ToJSON() string

func (*DNSMessage) ToPacketLayer added in v0.39.0 

func (dm *DNSMessage) ToPacketLayer() ([]gopacket.SerializableLayer, error)

func (*DNSMessage) ToTextLine added in v0.41.0 

func (dm *DNSMessage) ToTextLine(format []string, fieldDelimiter string, fieldBoundary string) ([]byte, error)

func (*DNSMessage) ToTextTemplate added in v1.0.0 

func (dm *DNSMessage) ToTextTemplate(template string) (string, error)

type DNSNetInfo added in v0.39.0 

type DNSNetInfo struct {
	Family         string `json:"family"`
	Protocol       string `json:"protocol"`
	QueryIP        string `json:"query-ip"`
	QueryPort      string `json:"query-port"`
	ResponseIP     string `json:"response-ip"`
	ResponsePort   string `json:"response-port"`
	IPDefragmented bool   `json:"ip-defragmented"`
	TCPReassembled bool   `json:"tcp-reassembled"`
}

type DNSOption added in v0.39.0 

type DNSOption struct {
	Code int    `json:"code"`
	Name string `json:"name"`
	Data string `json:"data"`
}

type DNSRRs added in v0.39.0 

type DNSRRs struct {
	Answers     []DNSAnswer `json:"an"`
	Nameservers []DNSAnswer `json:"ns"`
	Records     []DNSAnswer `json:"ar"`
}

type DNSTap added in v0.39.0 

type DNSTap struct {
	Operation        string  `json:"operation"`
	Identity         string  `json:"identity"`
	Version          string  `json:"version"`
	TimestampRFC3339 string  `json:"timestamp-rfc3339ns"`
	Timestamp        int64   `json:"-"`
	TimeSec          int     `json:"-"`
	TimeNsec         int     `json:"-"`
	Latency          float64 `json:"latency"`
	Payload          []byte  `json:"-"`
	Extra            string  `json:"extra"`
	PolicyRule       string  `json:"policy-rule"`
	PolicyType       string  `json:"policy-type"`
	PolicyMatch      string  `json:"policy-match"`
	PolicyAction     string  `json:"policy-action"`
	PolicyValue      string  `json:"policy-value"`
	PeerName         string  `json:"peer-name"`
	QueryZone        string  `json:"query-zone"`
}

type ExtendedATags added in v0.40.0 

type ExtendedATags struct {
	Tags []string `protobuf:"bytes,1,rep,name=tags,proto3" json:"tags,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtendedATags) Descriptor deprecated added in v0.40.0 

func (*ExtendedATags) Descriptor() ([]byte, []int)

Deprecated: Use ExtendedATags.ProtoReflect.Descriptor instead.

func (*ExtendedATags) GetTags added in v0.40.0 

func (x *ExtendedATags) GetTags() []string

func (*ExtendedATags) ProtoMessage added in v0.40.0 

func (*ExtendedATags) ProtoMessage()

func (*ExtendedATags) ProtoReflect added in v0.40.0 

func (x *ExtendedATags) ProtoReflect() protoreflect.Message

func (*ExtendedATags) Reset added in v0.40.0 

func (x *ExtendedATags) Reset()

func (*ExtendedATags) String added in v0.40.0 

func (x *ExtendedATags) String() string

type ExtendedDnstap added in v0.40.0 

type ExtendedDnstap struct {
	Version             string             `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	OriginalDnstapExtra []byte             `protobuf:"bytes,2,opt,name=original_dnstap_extra,json=originalDnstapExtra,proto3" json:"original_dnstap_extra,omitempty"`
	Atags               *ExtendedATags     `protobuf:"bytes,3,opt,name=atags,proto3" json:"atags,omitempty"`
	Normalize           *ExtendedNormalize `protobuf:"bytes,4,opt,name=normalize,proto3" json:"normalize,omitempty"`
	Filtering           *ExtendedFiltering `protobuf:"bytes,5,opt,name=filtering,proto3" json:"filtering,omitempty"`
	Geo                 *ExtendedGeo       `protobuf:"bytes,6,opt,name=geo,proto3" json:"geo,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtendedDnstap) Descriptor deprecated added in v0.40.0 

func (*ExtendedDnstap) Descriptor() ([]byte, []int)

Deprecated: Use ExtendedDnstap.ProtoReflect.Descriptor instead.

func (*ExtendedDnstap) GetAtags added in v0.40.0 

func (x *ExtendedDnstap) GetAtags() *ExtendedATags

func (*ExtendedDnstap) GetFiltering added in v0.40.0 

func (x *ExtendedDnstap) GetFiltering() *ExtendedFiltering

func (*ExtendedDnstap) GetGeo added in v0.40.0 

func (x *ExtendedDnstap) GetGeo() *ExtendedGeo

func (*ExtendedDnstap) GetNormalize added in v0.40.0 

func (x *ExtendedDnstap) GetNormalize() *ExtendedNormalize

func (*ExtendedDnstap) GetOriginalDnstapExtra added in v0.40.0 

func (x *ExtendedDnstap) GetOriginalDnstapExtra() []byte

func (*ExtendedDnstap) GetVersion added in v0.40.0 

func (x *ExtendedDnstap) GetVersion() string

func (*ExtendedDnstap) ProtoMessage added in v0.40.0 

func (*ExtendedDnstap) ProtoMessage()

func (*ExtendedDnstap) ProtoReflect added in v0.40.0 

func (x *ExtendedDnstap) ProtoReflect() protoreflect.Message

func (*ExtendedDnstap) Reset added in v0.40.0 

func (x *ExtendedDnstap) Reset()

func (*ExtendedDnstap) String added in v0.40.0 

func (x *ExtendedDnstap) String() string

type ExtendedFiltering added in v0.40.0 

type ExtendedFiltering struct {
	SampleRate uint32 `protobuf:"varint,1,opt,name=sample_rate,json=sampleRate,proto3" json:"sample_rate,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtendedFiltering) Descriptor deprecated added in v0.40.0 

func (*ExtendedFiltering) Descriptor() ([]byte, []int)

Deprecated: Use ExtendedFiltering.ProtoReflect.Descriptor instead.

func (*ExtendedFiltering) GetSampleRate added in v0.40.0 

func (x *ExtendedFiltering) GetSampleRate() uint32

func (*ExtendedFiltering) ProtoMessage added in v0.40.0 

func (*ExtendedFiltering) ProtoMessage()

func (*ExtendedFiltering) ProtoReflect added in v0.40.0 

func (x *ExtendedFiltering) ProtoReflect() protoreflect.Message

func (*ExtendedFiltering) Reset added in v0.40.0 

func (x *ExtendedFiltering) Reset()

func (*ExtendedFiltering) String added in v0.40.0 

func (x *ExtendedFiltering) String() string

type ExtendedGeo added in v0.40.0 

type ExtendedGeo struct {
	City      string `protobuf:"bytes,1,opt,name=city,proto3" json:"city,omitempty"`
	Continent string `protobuf:"bytes,2,opt,name=continent,proto3" json:"continent,omitempty"`
	Isocode   string `protobuf:"bytes,3,opt,name=isocode,proto3" json:"isocode,omitempty"`
	AsNumber  string `protobuf:"bytes,4,opt,name=as_number,json=asNumber,proto3" json:"as_number,omitempty"`
	AsOrg     string `protobuf:"bytes,5,opt,name=as_org,json=asOrg,proto3" json:"as_org,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtendedGeo) Descriptor deprecated added in v0.40.0 

func (*ExtendedGeo) Descriptor() ([]byte, []int)

Deprecated: Use ExtendedGeo.ProtoReflect.Descriptor instead.

func (*ExtendedGeo) GetAsNumber added in v0.40.0 

func (x *ExtendedGeo) GetAsNumber() string

func (*ExtendedGeo) GetAsOrg added in v0.40.0 

func (x *ExtendedGeo) GetAsOrg() string

func (*ExtendedGeo) GetCity added in v0.40.0 

func (x *ExtendedGeo) GetCity() string

func (*ExtendedGeo) GetContinent added in v0.40.0 

func (x *ExtendedGeo) GetContinent() string

func (*ExtendedGeo) GetIsocode added in v0.40.0 

func (x *ExtendedGeo) GetIsocode() string

func (*ExtendedGeo) ProtoMessage added in v0.40.0 

func (*ExtendedGeo) ProtoMessage()

func (*ExtendedGeo) ProtoReflect added in v0.40.0 

func (x *ExtendedGeo) ProtoReflect() protoreflect.Message

func (*ExtendedGeo) Reset added in v0.40.0 

func (x *ExtendedGeo) Reset()

func (*ExtendedGeo) String added in v0.40.0 

func (x *ExtendedGeo) String() string

type ExtendedNormalize added in v0.40.0 

type ExtendedNormalize struct {
	Tld         string `protobuf:"bytes,1,opt,name=tld,proto3" json:"tld,omitempty"`
	EtldPlusOne string `protobuf:"bytes,2,opt,name=etld_plus_one,json=etldPlusOne,proto3" json:"etld_plus_one,omitempty"`
	// contains filtered or unexported fields
}

func (*ExtendedNormalize) Descriptor deprecated added in v0.40.0 

func (*ExtendedNormalize) Descriptor() ([]byte, []int)

Deprecated: Use ExtendedNormalize.ProtoReflect.Descriptor instead.

func (*ExtendedNormalize) GetEtldPlusOne added in v0.40.0 

func (x *ExtendedNormalize) GetEtldPlusOne() string

func (*ExtendedNormalize) GetTld added in v0.40.0 

func (x *ExtendedNormalize) GetTld() string

func (*ExtendedNormalize) ProtoMessage added in v0.40.0 

func (*ExtendedNormalize) ProtoMessage()

func (*ExtendedNormalize) ProtoReflect added in v0.40.0 

func (x *ExtendedNormalize) ProtoReflect() protoreflect.Message

func (*ExtendedNormalize) Reset added in v0.40.0 

func (x *ExtendedNormalize) Reset()

func (*ExtendedNormalize) String added in v0.40.0 

func (x *ExtendedNormalize) String() string

type PowerDNS added in v0.39.0 

type PowerDNS struct {
	Tags                  []string          `json:"tags"`
	OriginalRequestSubnet string            `json:"original-request-subnet"`
	AppliedPolicy         string            `json:"applied-policy"`
	AppliedPolicyHit      string            `json:"applied-policy-hit"`
	AppliedPolicyKind     string            `json:"applied-policy-kind"`
	AppliedPolicyTrigger  string            `json:"applied-policy-trigger"`
	AppliedPolicyType     string            `json:"applied-policy-type"`
	Metadata              map[string]string `json:"metadata"`
	HTTPVersion           string            `json:"http-version"`
}

type RelabelingRule added in v0.43.0 

type RelabelingRule struct {
	Regex       *regexp.Regexp
	Replacement string
	Action      string
}

type TransformATags added in v0.40.0 

type TransformATags struct {
	Tags []string `json:"tags"`
}

type TransformDNSGeo added in v0.39.0 

type TransformDNSGeo struct {
	City                   string `json:"city"`
	Continent              string `json:"continent"`
	CountryIsoCode         string `json:"country-isocode"`
	AutonomousSystemNumber string `json:"as-number"`
	AutonomousSystemOrg    string `json:"as-owner"`
}

type TransformExtracted added in v0.32.0 

type TransformExtracted struct {
	Base64Payload []byte `json:"dns_payload"`
}

type TransformFiltering added in v0.39.0 

type TransformFiltering struct {
	SampleRate int `json:"sample-rate"`
}

type TransformML added in v0.35.0 

type TransformML struct {
	Entropy               float64 `json:"entropy"`  // Entropy of query name
	Length                int     `json:"length"`   // Length of domain
	Labels                int     `json:"labels"`   // Number of labels in the query name  separated by dots
	Digits                int     `json:"digits"`   // Count of numerical characters
	Lowers                int     `json:"lowers"`   // Count of lowercase characters
	Uppers                int     `json:"uppers"`   // Count of uppercase characters
	Specials              int     `json:"specials"` // Number of special characters; special characters such as dash, underscore, equal sign,...
	Others                int     `json:"others"`
	RatioDigits           float64 `json:"ratio-digits"`
	RatioLetters          float64 `json:"ratio-letters"`
	RatioSpecials         float64 `json:"ratio-specials"`
	RatioOthers           float64 `json:"ratio-others"`
	ConsecutiveChars      int     `json:"consecutive-chars"`
	ConsecutiveVowels     int     `json:"consecutive-vowels"`
	ConsecutiveDigits     int     `json:"consecutive-digits"`
	ConsecutiveConsonants int     `json:"consecutive-consonants"`
	Size                  int     `json:"size"`
	Occurrences           int     `json:"occurrences"`
	UncommonQtypes        int     `json:"uncommon-qtypes"`
}

type TransformPublicSuffix added in v0.32.0 

type TransformPublicSuffix struct {
	QnamePublicSuffix        string `json:"tld"`
	QnameEffectiveTLDPlusOne string `json:"etld+1"`
	ManagedByICANN           bool   `json:"managed-icann"`
}

type TransformReducer added in v0.32.0 

type TransformReducer struct {
	Occurrences      int `json:"occurrences"`
	CumulativeLength int `json:"cumulative-length"`
}

type TransformRelabeling added in v0.43.0 

type TransformRelabeling struct {
	Rules []RelabelingRule
}

type TransformSuspicious added in v0.32.0 

type TransformSuspicious struct {
	Score                 float64 `json:"score"`
	MalformedPacket       bool    `json:"malformed-pkt"`
	LargePacket           bool    `json:"large-pkt"`
	LongDomain            bool    `json:"long-domain"`
	SlowDomain            bool    `json:"slow-domain"`
	UnallowedChars        bool    `json:"unallowed-chars"`
	UncommonQtypes        bool    `json:"uncommon-qtypes"`
	ExcessiveNumberLabels bool    `json:"excessive-number-labels"`
	Domain                string  `json:"domain,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.