Documentation ¶
Overview ¶
Package types contains the basic types used by the library.
Index ¶
Constants ¶
const NoSource = ""
NoSource is returned if no classification was made.
Variables ¶
This section is empty.
Functions ¶
func BenchmarkModule ¶
BenchmarkModule runs a module on all available dump files. It is used for benchmarking the modules.
func FlushTrackedFlows ¶
func FlushTrackedFlows()
FlushTrackedFlows flushes the map used for tracking flows. Any new packets that arrive after this operation will be considered new flows.
Types ¶
type ClassificationResult ¶
type ClassificationResult struct { Protocol Protocol Source ClassificationSource }
ClassificationResult contains the detected protocol and the source of the classification from a classification attempt.
func (ClassificationResult) String ¶
func (result ClassificationResult) String() string
type ClassificationSource ¶
type ClassificationSource string
ClassificationSource is the module of the library that is responsible for the classification of a flow.
type Flow ¶
type Flow struct {
// contains filtered or unexported fields
}
Flow contains sufficient information to classify a flow.
func CreateFlowFromPacket ¶
CreateFlowFromPacket creates a flow with a single packet.
func GetFlowForPacket ¶
GetFlowForPacket finds any previous flow that the packet belongs to. It adds the packet to that flow and returns the flow. If no such flow is found, a new one is created.
func (*Flow) GetClassificationResult ¶
func (flow *Flow) GetClassificationResult() (result ClassificationResult)
GetClassificationResult returns the currently detected protocol for this flow and the source of that detection.
func (*Flow) GetPackets ¶
GetPackets returns the list of packets in a thread-safe way.
func (*Flow) SetClassificationResult ¶
func (flow *Flow) SetClassificationResult(protocol Protocol, source ClassificationSource)
SetClassificationResult sets the detected protocol and classification source for this flow.
type MockModule ¶
type MockModule struct { InitSuccess bool InitCalled int DestroySuccess bool DestroyCalled int ClassifySuccess bool ClassifyCalled int SourceName string }
MockModule is used in tests in order to test the functionality of modules.
func (*MockModule) ClassifyFlow ¶
func (module *MockModule) ClassifyFlow(flow *Flow) (result ClassificationResult)
ClassifyFlow logs the classification by the mock module.
func (*MockModule) ClassifyFlowAll ¶
func (module *MockModule) ClassifyFlowAll(flow *Flow) (results []ClassificationResult)
ClassifyFlowAll logs the multiple classification by the mock module.
func (*MockModule) Destroy ¶
func (module *MockModule) Destroy() error
Destroy logs the destruction of the mock module.
func (*MockModule) Initialize ¶
func (module *MockModule) Initialize() error
Initialize logs the initialization of the mock module.
type Module ¶
type Module interface { Initialize() error Destroy() error ClassifyFlow(*Flow) ClassificationResult ClassifyFlowAll(*Flow) []ClassificationResult }
Module is implemented by every classification module provided by the library. Each module has its own initialization and destruction methods, as well as their own method for classifying a flow. They may also be enabled or disabled and usually will also provide a configuration method.
type Protocol ¶
type Protocol string
Protocol is the type of each of the detected protocols.
const ( HTTP Protocol = "HTTP" DNS Protocol = "DNS" SSH Protocol = "SSH" RPC Protocol = "RPC" SMTP Protocol = "SMTP" RDP Protocol = "RDP" SMB Protocol = "SMB" ICMP Protocol = "ICMP" FTP Protocol = "FTP" SSL Protocol = "SSL" NetBIOS Protocol = "NetBIOS" JABBER Protocol = "JABBER" MQTT Protocol = "MQTT" Unknown Protocol = "" )
Protocol identifiers for the supported protocols