Documentation
¶
Index ¶
- Constants
- func Bytes_Htohl(b []byte) uint32
- func Bytes_Ntohl(b []byte) uint32
- func Bytes_Ntohll(b []byte) uint64
- func Bytes_Ntohs(b []byte) uint16
- func DumpInCSVFormat(fields []string, rows [][]string) string
- func Ipv4_Ntoa(ip uint32) string
- func IsLoopback(ip_str string) (bool, error)
- func LocalIpAddrs() ([]net.IP, error)
- func LocalIpAddrsAsStrings(include_loopbacks bool) ([]string, error)
- func ReadString(s []byte) (string, error)
- type CmdlineTuple
- type Endpoint
- type HashableIpPortTuple
- type HashableTcpTuple
- type IpPortTuple
- type MapStr
- type TcpTuple
- type Time
Constants ¶
const ( OK_STATUS = "OK" ERROR_STATUS = "Error" )
standardized status values
const MaxIpPortTupleRawSize = 16 + 16 + 2 + 2
const MaxTcpTupleRawSize = 16 + 16 + 2 + 2 + 4
const TsLayout = "2006-01-02T15:04:05.000Z"
Layout to be used in the timestamp marshaling/unmarshaling everywhere. The timezone must always be UTC.
Variables ¶
This section is empty.
Functions ¶
func Bytes_Htohl ¶
func Bytes_Ntohl ¶
func Bytes_Ntohll ¶
func DumpInCSVFormat ¶
Takes a set of fields and rows and returns a string representing the CSV representation for the fields and rows.
func IsLoopback ¶
IsLoopback check if a particular IP notation corresponds to a loopback interface.
func LocalIpAddrs ¶
LocalIpAddrs finds the IP addresses of the hosts on which the agent currently runs on.
func LocalIpAddrsAsStrings ¶
LocalIpAddrs finds the IP addresses of the hosts on which the agent currently runs on and returns them as an array of strings.
func ReadString ¶
Types ¶
type CmdlineTuple ¶
type CmdlineTuple struct {
Src, Dst []byte
}
Source and destination process names, as found by the proc module.
type HashableIpPortTuple ¶
type HashableIpPortTuple [MaxIpPortTupleRawSize]byte
type HashableTcpTuple ¶
type HashableTcpTuple [MaxTcpTupleRawSize]byte
type IpPortTuple ¶
type IpPortTuple struct {
Ip_length int
Src_ip, Dst_ip net.IP
Src_port, Dst_port uint16
// contains filtered or unexported fields
}
func NewIpPortTuple ¶
func (*IpPortTuple) ComputeHashebles ¶
func (t *IpPortTuple) ComputeHashebles()
func (*IpPortTuple) Hashable ¶
func (t *IpPortTuple) Hashable() HashableIpPortTuple
Hashable returns a hashable value that uniquely identifies the IP-port tuple.
func (*IpPortTuple) RevHashable ¶
func (t *IpPortTuple) RevHashable() HashableIpPortTuple
Hashable returns a hashable value that uniquely identifies the IP-port tuple after swapping the source and destination.
func (*IpPortTuple) String ¶
func (t *IpPortTuple) String() string
type MapStr ¶
type MapStr map[string]interface{}
Commonly used map of things, used in JSON creation and the like.
func MapStrUnion ¶
MapStrUnion creates a new MapStr containing the union of the key-value pairs of the two maps. If the same key is present in both, the key-value pairs from dict2 overwrite the ones from dict1.
func (MapStr) EnsureCountField ¶
func (MapStr) EnsureTimestampField ¶
Checks if a @timestamp field exists and if it doesn't it adds one by using the injected now() function as a time source.
type TcpTuple ¶
type TcpTuple struct {
Ip_length int
Src_ip, Dst_ip net.IP
Src_port, Dst_port uint16
Stream_id uint32
// contains filtered or unexported fields
}
func TcpTupleFromIpPort ¶
func TcpTupleFromIpPort(t *IpPortTuple, tcp_id uint32) TcpTuple
func (*TcpTuple) ComputeHashebles ¶
func (t *TcpTuple) ComputeHashebles()
func (*TcpTuple) Hashable ¶
func (t *TcpTuple) Hashable() HashableTcpTuple
Hashable() returns a hashable value that uniquely identifies the TCP tuple.
func (TcpTuple) IpPort ¶
func (t TcpTuple) IpPort() *IpPortTuple
Returns a pointer to the equivalent IpPortTuple.
type Time ¶
func MustParseTime ¶
MustParseTime is a convenience equivalent of the ParseTime function that panics in case of errors.
func (Time) MarshalJSON ¶
MarshalJSON implements json.Marshaler interface. The time is a quoted string in the JsTsLayout format.
func (*Time) UnmarshalJSON ¶
UnmarshalJSON implements js.Unmarshaler interface. The time is expected to be a quoted string in TsLayout format.
Source Files
Directories