Documentation ¶
Index ¶
- Constants
- Variables
- func Register(name string, plugin ProtocolPlugin)
- type Packet
- type Plugin
- type PortsConfig
- type Protocol
- type ProtocolData
- type ProtocolPlugin
- type Protocols
- type ProtocolsStruct
- func (protocols ProtocolsStruct) BpfFilter(with_vlans bool, with_icmp bool) string
- func (protocols ProtocolsStruct) GetAll() map[Protocol]Plugin
- func (protocols ProtocolsStruct) GetAllTcp() map[Protocol]TcpPlugin
- func (protocols ProtocolsStruct) GetAllUdp() map[Protocol]UdpPlugin
- func (protocols ProtocolsStruct) GetTcp(proto Protocol) TcpPlugin
- func (protocols ProtocolsStruct) GetUdp(proto Protocol) UdpPlugin
- func (protocols ProtocolsStruct) Init(testMode bool, results publish.Transactions, configs map[string]*ucfg.Config) error
- type TcpPlugin
- type UdpPlugin
Constants ¶
View Source
const ( DefaultTransactionHashSize = 2 ^ 16 DefaultTransactionExpiration time.Duration = 10 * time.Second DefaultTransactionTimeout = 10 )
Variables ¶
View Source
var ErrInvalidPort = errors.New("port number out of range")
View Source
var Protos = ProtocolsStruct{ // contains filtered or unexported fields }
Singleton of Protocols type.
Functions ¶
func Register ¶
func Register(name string, plugin ProtocolPlugin)
Types ¶
type Plugin ¶
type Plugin interface { // Called to return the configured ports GetPorts() []int }
Functions to be exported by a protocol plugin
type PortsConfig ¶
type PortsConfig struct {
Ports []int
}
Protocol Plugin Port configuration with validation on init
func (*PortsConfig) Init ¶
func (p *PortsConfig) Init(ports ...int) error
func (*PortsConfig) Set ¶
func (p *PortsConfig) Set(ports []int) error
type ProtocolData ¶
type ProtocolData interface{}
ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.
type ProtocolPlugin ¶
type ProtocolsStruct ¶
type ProtocolsStruct struct {
// contains filtered or unexported fields
}
list of protocol plugins
func (ProtocolsStruct) BpfFilter ¶
func (protocols ProtocolsStruct) BpfFilter(with_vlans bool, with_icmp bool) string
BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets
func (ProtocolsStruct) GetAll ¶
func (protocols ProtocolsStruct) GetAll() map[Protocol]Plugin
func (ProtocolsStruct) GetAllTcp ¶
func (protocols ProtocolsStruct) GetAllTcp() map[Protocol]TcpPlugin
func (ProtocolsStruct) GetAllUdp ¶
func (protocols ProtocolsStruct) GetAllUdp() map[Protocol]UdpPlugin
func (ProtocolsStruct) GetTcp ¶
func (protocols ProtocolsStruct) GetTcp(proto Protocol) TcpPlugin
func (ProtocolsStruct) GetUdp ¶
func (protocols ProtocolsStruct) GetUdp(proto Protocol) UdpPlugin
func (ProtocolsStruct) Init ¶
func (protocols ProtocolsStruct) Init( testMode bool, results publish.Transactions, configs map[string]*ucfg.Config, ) error
type TcpPlugin ¶
type TcpPlugin interface { Plugin // Called when TCP payload data is available for parsing. Parse(pkt *Packet, tcptuple *common.TcpTuple, dir uint8, private ProtocolData) ProtocolData // Called when the FIN flag is seen in the TCP stream. ReceivedFin(tcptuple *common.TcpTuple, dir uint8, private ProtocolData) ProtocolData // Called when a packets are missing from the tcp // stream. GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int, private ProtocolData) (priv ProtocolData, drop bool) // ConnectionTimeout returns the per stream connection timeout. // Return <=0 to set default tcp module transaction timeout. ConnectionTimeout() time.Duration }
Directories ¶
Path | Synopsis |
---|---|
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
|
The applayer module provides common definitions with common fields for use with application layer protocols among beats. |
This file contains the name mapping data used to convert various DNS IDs to their string values.
|
This file contains the name mapping data used to convert various DNS IDs to their string values. |
Click to show internal directories.
Click to hide internal directories.