protos

package
v0.0.0-...-320d922 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 10, 2018 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultTransactionHashSize                 = 2 ^ 16
	DefaultTransactionExpiration time.Duration = 10 * time.Second
	DefaultTransactionTimeout                  = 10
)

Variables

View Source
var ErrInvalidPort = errors.New("port number out of range")
View Source
var Protos = ProtocolsStruct{
	// contains filtered or unexported fields
}

Singleton of Protocols type.

Functions

func Register

func Register(name string, plugin ProtocolPlugin)

Types

type Packet

type Packet struct {
	Ts      time.Time
	Tuple   common.IpPortTuple
	Payload []byte
}

type Plugin

type Plugin interface {
	// Called to return the configured ports
	GetPorts() []int
}

Functions to be exported by a protocol plugin

type PortsConfig

type PortsConfig struct {
	Ports []int
}

Protocol Plugin Port configuration with validation on init

func (*PortsConfig) Init

func (p *PortsConfig) Init(ports ...int) error

func (*PortsConfig) Set

func (p *PortsConfig) Set(ports []int) error

type Protocol

type Protocol uint16

Protocol identifier.

const (
	UnknownProtocol Protocol = iota
)

Protocol constants.

func Lookup

func Lookup(name string) Protocol

func (Protocol) String

func (p Protocol) String() string

type ProtocolData

type ProtocolData interface{}

ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.

type ProtocolPlugin

type ProtocolPlugin func(
	testMode bool,
	results publish.Transactions,
	cfg *ucfg.Config,
) (Plugin, error)

type Protocols

type Protocols interface {
	BpfFilter(with_vlans bool, with_icmp bool) string
	GetTcp(proto Protocol) TcpPlugin
	GetUdp(proto Protocol) UdpPlugin
	GetAll() map[Protocol]Plugin
	GetAllTcp() map[Protocol]TcpPlugin
	GetAllUdp() map[Protocol]UdpPlugin
}

type ProtocolsStruct

type ProtocolsStruct struct {
	// contains filtered or unexported fields
}

list of protocol plugins

func (ProtocolsStruct) BpfFilter

func (protocols ProtocolsStruct) BpfFilter(with_vlans bool, with_icmp bool) string

BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets

func (ProtocolsStruct) GetAll

func (protocols ProtocolsStruct) GetAll() map[Protocol]Plugin

func (ProtocolsStruct) GetAllTcp

func (protocols ProtocolsStruct) GetAllTcp() map[Protocol]TcpPlugin

func (ProtocolsStruct) GetAllUdp

func (protocols ProtocolsStruct) GetAllUdp() map[Protocol]UdpPlugin

func (ProtocolsStruct) GetTcp

func (protocols ProtocolsStruct) GetTcp(proto Protocol) TcpPlugin

func (ProtocolsStruct) GetUdp

func (protocols ProtocolsStruct) GetUdp(proto Protocol) UdpPlugin

func (ProtocolsStruct) Init

func (protocols ProtocolsStruct) Init(
	testMode bool,
	results publish.Transactions,
	configs map[string]*ucfg.Config,
) error

type TcpPlugin

type TcpPlugin interface {
	Plugin

	// Called when TCP payload data is available for parsing.
	Parse(pkt *Packet, tcptuple *common.TcpTuple,
		dir uint8, private ProtocolData) ProtocolData

	// Called when the FIN flag is seen in the TCP stream.
	ReceivedFin(tcptuple *common.TcpTuple, dir uint8,
		private ProtocolData) ProtocolData

	// Called when a packets are missing from the tcp
	// stream.
	GapInStream(tcptuple *common.TcpTuple, dir uint8, nbytes int,
		private ProtocolData) (priv ProtocolData, drop bool)

	// ConnectionTimeout returns the per stream connection timeout.
	// Return <=0 to set default tcp module transaction timeout.
	ConnectionTimeout() time.Duration
}

type UdpPlugin

type UdpPlugin interface {
	Plugin

	// ParseUdp is invoked when UDP payload data is available for parsing.
	ParseUdp(pkt *Packet)
}

Directories

Path Synopsis
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
This file contains the name mapping data used to convert various DNS IDs to their string values.
This file contains the name mapping data used to convert various DNS IDs to their string values.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL