analyze

package
v0.0.0-...-ea46d6d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	LayerTypeQUIC = gopacket.RegisterLayerType(147, gopacket.LayerTypeMetadata{
		Name:    "QUIC",
		Decoder: gopacket.DecodeFunc(decodeQUIC),
	})
	LayerTypeTFTP = gopacket.RegisterLayerType(148, gopacket.LayerTypeMetadata{
		Name:    "TFTP",
		Decoder: gopacket.DecodeFunc(decodeTFTP),
	})
	LayerTypeSNMP = gopacket.RegisterLayerType(149, gopacket.LayerTypeMetadata{
		Name:    "SNMP",
		Decoder: gopacket.DecodeFunc(decodeSNMP),
	})
	LayerTypeMDNS = gopacket.RegisterLayerType(150, gopacket.LayerTypeMetadata{
		Name:    "MDNS",
		Decoder: gopacket.DecodeFunc(decodeMDNS),
	})
)

Functions

func CheckUDP 

func CheckUDP(userIP, tranIP string, udp *layers.UDP) gopacket.LayerType

Types

type Analyze 

type Analyze struct {
	Assembler *reassembly.Assembler
	Factory   Factory
}

func NewAnalyzer 

func NewAnalyzer() *Analyze

func (*Analyze) HandlePacket 

func (a *Analyze) HandlePacket(packet gopacket.Packet)

type AssemblerContext 

type AssemblerContext struct {
	CaptureInfo gopacket.CaptureInfo
}

AssemblerContext provides method to get metadata

func (*AssemblerContext) GetCaptureInfo 

func (ac *AssemblerContext) GetCaptureInfo() gopacket.CaptureInfo

type Factory 

type Factory struct {
	// contains filtered or unexported fields
}

func (*Factory) New 

func (f *Factory) New(netFlow, tcpFlow gopacket.Flow, tcp *layers.TCP, ac reassembly.AssemblerContext) reassembly.Stream

func (*Factory) WaitGoRoutines 

func (f *Factory) WaitGoRoutines()

type Stream 

type Stream struct {
	Wg sync.WaitGroup
	sync.Mutex
	SessionID      string    `bson:"session_id"`
	StartTime      time.Time `bson:"start_time"`
	EndTime        time.Time `bson:"end_time"`
	Client         StreamReader
	Server         StreamReader
	TcpState       *reassembly.TCPSimpleFSM
	OptChecker     reassembly.TCPOptionCheck
	Net, Transport gopacket.Flow

	Ident               string `bson:"ident"`
	ProtocolFlags       types.ProtocolFlags
	Metadata            types.Metadata
	SrcIP               string                 `bson:"src_ip"`
	DstIP               string                 `bson:"dst_ip"`
	RejectFSM           int                    `bson:"reject_fsm"` // FSM (Finite State Machine)有限状态机
	RejectConnFsm       int                    `bson:"reject_conn_fsm"`
	RejectOpt           int                    `bson:"reject_opt"`
	MissBytes           int                    `bson:"miss_bytes"`
	BytesCount          int                    `bson:"bytes_count"`
	PacketsCount        int                    `bson:"packets_count"`
	Reassembled         int                    `bson:"reassembled"`
	OutOfOrderPackets   int                    `bson:"out_of_order_packets"`
	OutOfOrderBytes     int                    `bson:"out_of_order_bytes"`
	BiggestChunkBytes   int                    `bson:"biggest_chunk_bytes"`
	BiggestChunkPackets int                    `bson:"biggest_chunk_packets"`
	OverlapBytes        int                    `bson:"overlap_bytes"`
	OverlapPackets      int                    `bson:"overlap_packets"`
	ApplicationProtocol protocols.ProtocolType `bson:"application_protocol"`
	// contains filtered or unexported fields
}

Stream 流

func (*Stream) Accept 

func (s *Stream) Accept(tcp *layers.TCP, ci gopacket.CaptureInfo, dir reassembly.TCPFlowDirection, nextSeq reassembly.Sequence, start *bool, ac reassembly.AssemblerContext) bool

func (*Stream) ReassembledSG 

func (s *Stream) ReassembledSG(sg reassembly.ScatterGather, ac reassembly.AssemblerContext)

func (*Stream) ReassemblyComplete 

func (s *Stream) ReassemblyComplete(ac reassembly.AssemblerContext) bool

type StreamReader 

type StreamReader struct {
	Ident    string
	Parent   *Stream
	IsClient bool
	Bytes    chan []byte

	Protocol protocols.ProtocolType
	SrcIP    string
	DstIP    string
	SrcPort  string
	DstPort  string
	Handlers map[protocols.ProtocolType]protocols.ProtocolHandler
	// contains filtered or unexported fields
}

func (*StreamReader) GetIdent 

func (sr *StreamReader) GetIdent() bool

GetIdent 获取流方向

func (*StreamReader) GetIdentifier 

func (sr *StreamReader) GetIdentifier(buffer []byte) protocols.ProtocolType

GetIdentifier 获取协议标识

func (*StreamReader) GetUrls 

func (sr *StreamReader) GetUrls() []string

func (*StreamReader) LockParent 

func (sr *StreamReader) LockParent()

func (*StreamReader) Read 

func (sr *StreamReader) Read(p []byte) (n int, err error)

func (*StreamReader) Run 

func (sr *StreamReader) Run(wg *sync.WaitGroup)

func (*StreamReader) SetApplicationProtocol 

func (sr *StreamReader) SetApplicationProtocol(applicationProtocol protocols.ProtocolType)

func (*StreamReader) SetHttpInfo 

func (sr *StreamReader) SetHttpInfo(host, userAgent, contentType, upgrade string)

func (*StreamReader) SetTlsInfo 

func (sr *StreamReader) SetTlsInfo(sni, version, cipherSuite string)

SetTlsInfo SetHostName

func (*StreamReader) SetUrls 

func (sr *StreamReader) SetUrls(urls string)

SetUrls 设置Urls

func (*StreamReader) UnLockParent 

func (sr *StreamReader) UnLockParent()

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.