encoder

package
v0.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2020 License: GPL-3.0 Imports: 35 Imported by: 4

Documentation

Overview

Implements encoders to transform network packets into protocol buffers for various protocols

Index

Constants

This section is empty.

Variables

View Source
var (
	// LayerEncoders map contains initialized encoders at runtime
	// for usage from other packages
	LayerEncoders = map[gopacket.LayerType][]*LayerEncoder{}

	// set via encoder config
	// used to request a content from being set on the audit records
	AddContext bool
)
View Source
var (
	// LiveMode switch for all encoders
	LiveMode bool

	// CapturePayload for encoders that support it
	CapturePayload = false
)
View Source
var (
	// Connections hold all connections
	Connections = &AtomicConnMap{
		Items: make(map[string]*types.Connection),
	}
)
View Source
var (
	// CustomEncoders slice contains initialized encoders at runtime
	// for usage from other packages
	CustomEncoders = []*CustomEncoder{}
)
View Source
var (
	Flows = &AtomicFlowMap{
		Items: make(map[string]*types.Flow),
	}
)
View Source
var (

	// HTTPActive must be set to true to decode HTTP traffic
	HTTPActive bool
)
View Source
var (
	LinkFlows = &AtomicLinkFlowMap{
		Items: make(map[uint64]*types.LinkFlow),
	}
)
View Source
var (
	NetworkFlows = &AtomicNetworkFlowMap{
		Items: make(map[uint64]*types.NetworkFlow),
	}
)
View Source
var (
	TransportFlows = &AtomicTransportFlowMap{
		Items: make(map[uint64]*types.TransportFlow),
	}
)

Functions

func DecodeHTTP

func DecodeHTTP(packet gopacket.Packet)

DecodeHTTP passes TCP packets to the TCP stream reassembler in order to decode HTTP request and responses CAUTION: this function must be called sequentially, because the stream reassembly implementation currently does not handle out of order packets

func DumpTop5LinkFlows

func DumpTop5LinkFlows()

func DumpTop5NetworkFlows

func DumpTop5NetworkFlows()

func DumpTop5TransportFlows

func DumpTop5TransportFlows()

func Entropy

func Entropy(data []byte) (entropy float64)

Entropy returns the shannon entropy value https://rosettacode.org/wiki/Entropy#Go

func ExtractTLSHandShake

func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)

ExtractTLSHandShake extracts a TLS HandShake from a TCP Packet

func InitCustomEncoders

func InitCustomEncoders(c Config)

InitCustomEncoders initializes all custom encoders

func InitLayerEncoders

func InitLayerEncoders(c Config)

InitLayerEncoders initializes all layer encoders

func MarkdownOverview added in v0.4.0

func MarkdownOverview()

MarkdownOverview dumps a Markdown summary of all available encoders and their fields

func SetErrorMap

func SetErrorMap(m *AtomicCounterMap)

func ShowEncoders

func ShowEncoders()

Types

type AtomicConnMap

type AtomicConnMap struct {
	Items map[string]*types.Connection
	sync.Mutex
}

AtomicConnMap contains all connections and provides synchronized access

func (*AtomicConnMap) Size

func (a *AtomicConnMap) Size() int

Size returns the number of elements in the Items map

type AtomicCounterMap

type AtomicCounterMap struct {
	Items map[string]int64
	sync.Mutex
}

AtomicCounterMap maps strings to integers

func NewAtomicCounterMap

func NewAtomicCounterMap() *AtomicCounterMap

NewAtomicCounterMap returns a new AtomicCounterMap

func (*AtomicCounterMap) Inc

func (a *AtomicCounterMap) Inc(val string)

Inc increments a value

type AtomicFlowMap

type AtomicFlowMap struct {
	Items map[string]*types.Flow
	sync.Mutex
}

func (*AtomicFlowMap) Size

func (a *AtomicFlowMap) Size() int

type AtomicLinkFlowMap

type AtomicLinkFlowMap struct {
	Items map[uint64]*types.LinkFlow
	sync.Mutex
}

type AtomicNetworkFlowMap

type AtomicNetworkFlowMap struct {
	Items map[uint64]*types.NetworkFlow
	sync.Mutex
}

type AtomicTransportFlowMap

type AtomicTransportFlowMap struct {
	Items map[uint64]*types.TransportFlow
	sync.Mutex
}

type Config

type Config struct {
	Buffer          bool
	Compression     bool
	CSV             bool
	IncludeEncoders string
	ExcludeEncoders string
	Out             string
	WriteChan       bool
	Source          string
	Version         string
	IncludePayloads bool
	Export          bool
	AddContext      bool
	MemBufferSize   int
}

Config contains configuration parameters for the encoders

type ConnectionID

type ConnectionID struct {
	LinkFlowID      uint64
	NetworkFlowID   uint64
	TransportFlowID uint64
}

ConnectionID is a bidirectional connection between two devices over the network that includes the Link, Network and TransportLayer

func (ConnectionID) String

func (c ConnectionID) String() string

type Context

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

Context is the assembler context

func (*Context) GetCaptureInfo

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

GetCaptureInfo returns the gopacket.CaptureInfo from the context

type CustomEncoder

type CustomEncoder struct {

	// public fields
	Name string

	Type    types.Type
	Handler CustomEncoderHandler
	// contains filtered or unexported fields
}

CustomEncoder implements custom logic to decode data from a gopacket.Packet

func CreateCustomEncoder

func CreateCustomEncoder(t types.Type, name string, postinit func(*CustomEncoder) error, handler CustomEncoderHandler, deinit func(*CustomEncoder) error) *CustomEncoder

CreateCustomEncoder returns a new CustomEncoder instance

func (*CustomEncoder) Destroy

func (e *CustomEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers and calls deinit if set

func (*CustomEncoder) Encode

func (e *CustomEncoder) Encode(p gopacket.Packet) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*CustomEncoder) GetChan

func (e *CustomEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

func (*CustomEncoder) NumRecords added in v0.4.0

func (e *CustomEncoder) NumRecords() int64

NumRecords returns the number of written records

type CustomEncoderHandler

type CustomEncoderHandler = func(p gopacket.Packet) proto.Message

CustomEncoderHandler takes a gopacket.Packet and returns a proto.Message

type LayerEncoder

type LayerEncoder struct {

	// public fields
	Layer gopacket.LayerType
	Type  types.Type

	Handler LayerEncoderHandler
	// contains filtered or unexported fields
}

LayerEncoder represents an encoder for the gopacket.Layer type

func CreateLayerEncoder

func CreateLayerEncoder(nt types.Type, lt gopacket.LayerType, handler LayerEncoderHandler) *LayerEncoder

CreateLayerEncoder returns a new LayerEncoder instance

func (*LayerEncoder) Destroy

func (e *LayerEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers

func (*LayerEncoder) Encode

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*LayerEncoder) GetChan

func (e *LayerEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

type LayerEncoderHandler

type LayerEncoderHandler = func(layer gopacket.Layer, timestamp string) proto.Message

LayerEncoderHandler is the handler function for a layer encoder

type Stream

type Stream struct {
	// contains filtered or unexported fields
}

Stream contains both unidirectional flows for a connection

func (Stream) Reverse

func (s Stream) Reverse() Stream

Reverse flips source and destination

func (Stream) String

func (s Stream) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL