encoder

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2020 License: GPL-3.0 Imports: 35 Imported by: 4

Documentation

Overview

Implements encoders to transform network packets into protocol buffers for various protocols

Index

Constants

This section is empty.

Variables

View Source 
var (
	// LayerEncoders map contains initialized encoders at runtime
	// for usage from other packages
	LayerEncoders = map[gopacket.LayerType][]*LayerEncoder{}

	// set via encoder config
	// used to request a content from being set on the audit records
	AddContext bool
)
View Source 
var (
	// LiveMode switch for all encoders
	LiveMode bool

	// CapturePayload for encoders that support it
	CapturePayload = false
)
View Source 
var (
	// Connections hold all connections
	Connections = &AtomicConnMap{
		Items: make(map[string]*types.Connection),
	}
)
View Source 
var (
	// CustomEncoders slice contains initialized encoders at runtime
	// for usage from other packages
	CustomEncoders = []*CustomEncoder{}
)
View Source 
var (
	Flows = &AtomicFlowMap{
		Items: make(map[string]*types.Flow),
	}
)
View Source 
var (

	// HTTPActive must be set to true to decode HTTP traffic
	HTTPActive bool
)
View Source 
var (
	LinkFlows = &AtomicLinkFlowMap{
		Items: make(map[uint64]*types.LinkFlow),
	}
)
View Source 
var (
	NetworkFlows = &AtomicNetworkFlowMap{
		Items: make(map[uint64]*types.NetworkFlow),
	}
)
View Source 
var (
	TransportFlows = &AtomicTransportFlowMap{
		Items: make(map[uint64]*types.TransportFlow),
	}
)

Functions

func Debug 

func Debug(s string, a ...interface{})

func DecodeHTTP 

func DecodeHTTP(packet gopacket.Packet)

DecodeHTTP passes TCP packets to the TCP stream reassembler in order to decode HTTP request and responses CAUTION: this function must be called sequentially, because the stream reassembly implementation currently does not handle out of order packets

func DumpTop5LinkFlows 

func DumpTop5LinkFlows()

func DumpTop5NetworkFlows 

func DumpTop5NetworkFlows()

func DumpTop5TransportFlows 

func DumpTop5TransportFlows()

func Entropy 

func Entropy(data []byte) (entropy float64)

Entropy returns the shannon entropy value https://rosettacode.org/wiki/Entropy#Go

func Error 

func Error(t string, s string, a ...interface{})

func ExtractTLSHandShake 

func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)

ExtractTLSHandShake extracts a TLS HandShake from a TCP Packet

func Info 

func Info(s string, a ...interface{})

func InitCustomEncoders 

func InitCustomEncoders(c Config)

InitCustomEncoders initializes all custom encoders

func InitLayerEncoders 

func InitLayerEncoders(c Config)

InitLayerEncoders initializes all layer encoders

func MarkdownOverview added in v0.4.0 

func MarkdownOverview()

MarkdownOverview dumps a Markdown summary of all available encoders and their fields

func SetErrorMap 

func SetErrorMap(m *AtomicCounterMap)

func ShowEncoders 

func ShowEncoders()

Types

type AtomicConnMap 

type AtomicConnMap struct {
	Items map[string]*types.Connection
	sync.Mutex
}

AtomicConnMap contains all connections and provides synchronized access

func (*AtomicConnMap) Size 

func (a *AtomicConnMap) Size() int

Size returns the number of elements in the Items map

type AtomicCounterMap 

type AtomicCounterMap struct {
	Items map[string]int64
	sync.Mutex
}

AtomicCounterMap maps strings to integers

func NewAtomicCounterMap 

func NewAtomicCounterMap() *AtomicCounterMap

NewAtomicCounterMap returns a new AtomicCounterMap

func (*AtomicCounterMap) Inc 

func (a *AtomicCounterMap) Inc(val string)

Inc increments a value

type AtomicFlowMap 

type AtomicFlowMap struct {
	Items map[string]*types.Flow
	sync.Mutex
}

func (*AtomicFlowMap) Size 

func (a *AtomicFlowMap) Size() int

type AtomicLinkFlowMap 

type AtomicLinkFlowMap struct {
	Items map[uint64]*types.LinkFlow
	sync.Mutex
}

type AtomicNetworkFlowMap 

type AtomicNetworkFlowMap struct {
	Items map[uint64]*types.NetworkFlow
	sync.Mutex
}

type AtomicTransportFlowMap 

type AtomicTransportFlowMap struct {
	Items map[uint64]*types.TransportFlow
	sync.Mutex
}

type Config 

type Config struct {
	Buffer          bool
	Compression     bool
	CSV             bool
	IncludeEncoders string
	ExcludeEncoders string
	Out             string
	WriteChan       bool
	Source          string
	Version         string
	IncludePayloads bool
	Export          bool
	AddContext      bool
}

Config contains configuration parameters for the encoders

type ConnectionID 

type ConnectionID struct {
	LinkFlowID      uint64
	NetworkFlowID   uint64
	TransportFlowID uint64
}

ConnectionID is a bidirectional connection between two devices over the network that includes the Link, Network and TransportLayer

func (ConnectionID) String 

func (c ConnectionID) String() string

type Context 

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

* The assembler context

func (*Context) GetCaptureInfo 

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

type CustomEncoder 

type CustomEncoder struct {

	// public fields
	Name string

	Type    types.Type
	Handler CustomEncoderHandler
	// contains filtered or unexported fields
}

CustomEncoder implements custom logic to decode data from a gopacket.Packet

func CreateCustomEncoder 

func CreateCustomEncoder(t types.Type, name string, postinit func(*CustomEncoder) error, handler CustomEncoderHandler, deinit func(*CustomEncoder) error) *CustomEncoder

CreateCustomEncoder returns a new CustomEncoder instance

func (*CustomEncoder) Destroy 

func (e *CustomEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers and calls deinit if set

func (*CustomEncoder) Encode 

func (e *CustomEncoder) Encode(p gopacket.Packet) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*CustomEncoder) GetChan 

func (e *CustomEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

func (*CustomEncoder) NumRecords added in v0.4.0 

func (e *CustomEncoder) NumRecords() int64

NumRecords returns the number of written records

type CustomEncoderHandler 

type CustomEncoderHandler = func(p gopacket.Packet) proto.Message

CustomEncoderHandler takes a gopacket.Packet and returns a proto.Message

type LayerEncoder 

type LayerEncoder struct {

	// public fields
	Layer gopacket.LayerType
	Type  types.Type

	Handler LayerEncoderHandler
	// contains filtered or unexported fields
}

LayerEncoder represents an encoder for the gopacket.Layer type

func CreateLayerEncoder 

func CreateLayerEncoder(nt types.Type, lt gopacket.LayerType, handler LayerEncoderHandler) *LayerEncoder

CreateLayerEncoder returns a new LayerEncoder instance

func (*LayerEncoder) Destroy 

func (e *LayerEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers

func (*LayerEncoder) Encode 

func (e *LayerEncoder) Encode(ctx *types.PacketContext, p gopacket.Packet, l gopacket.Layer) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*LayerEncoder) GetChan 

func (e *LayerEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

type LayerEncoderHandler 

type LayerEncoderHandler = func(layer gopacket.Layer, timestamp string) proto.Message

LayerEncoderHandler is the handler function for a layer encoder

type Stream 

type Stream struct {
	// contains filtered or unexported fields
}

Stream contains both unidirectional flows for a connection

func (Stream) Reverse 

func (s Stream) Reverse() Stream

Reverse flips source and destination

func (Stream) String 

func (s Stream) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.