Documentation
¶
Index ¶
- Constants
- type AddressRule
- type ContentRule
- type ContentRuleConfig
- type DNSRule
- type FlowRule
- type HTTPConfig
- type ICMPLayerRule
- type IPLayerRule
- type Modifier
- type PCRE
- type PortRule
- type Rule
- type RuleSyntaxVisitor
- func (r *RuleSyntaxVisitor) Errorf(msg string, items ...interface{})
- func (r *RuleSyntaxVisitor) MergeErrors() error
- func (r *RuleSyntaxVisitor) ShowErrors()
- func (v *RuleSyntaxVisitor) VisitAddress(i *parser.AddressContext) *AddressRule
- func (v *RuleSyntaxVisitor) VisitDstAddress(i *parser.Dest_addressContext) *AddressRule
- func (v *RuleSyntaxVisitor) VisitDstPort(i *parser.Dest_portContext) *PortRule
- func (r *RuleSyntaxVisitor) VisitParams(i *parser.ParamsContext, rule *Rule)
- func (v *RuleSyntaxVisitor) VisitPortRule(i *parser.PortContext) *PortRule
- func (r *RuleSyntaxVisitor) VisitRule(rule *parser.RuleContext) interface{}
- func (r *RuleSyntaxVisitor) VisitRules(ctx *parser.RulesContext) interface{}
- func (v *RuleSyntaxVisitor) VisitSrcAddress(i *parser.Src_addressContext) *AddressRule
- func (v *RuleSyntaxVisitor) VisitSrcPort(i *parser.Src_portContext) *PortRule
- type TCPLayerRule
- type ThresholdingConfig
- type UDPLayerRule
Constants ¶
View Source
const ( TCP = "tcp" UDP = "udp" ICMP = "icmp" DNS = "dns" HTTP = "http" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AddressRule ¶
type AddressRule struct { // 这两个是修饰词 Any bool Negative bool IPv4CIDR string IPv6CIDR string SubRules []*AddressRule Env string // contains filtered or unexported fields }
func (*AddressRule) GetLocalIPAddress ¶
func (r *AddressRule) GetLocalIPAddress() string
func (*AddressRule) Match ¶ added in v1.2.3
func (a *AddressRule) Match(i string) bool
type ContentRule ¶
type ContentRule struct { Negative bool Content []byte // payload config Nocase bool // case insensitive Depth *int Offset *int StartsWith bool EndsWith bool Distance *int Within *int // no effect RawBytes bool IsDataAt string BSize string DSize string // won't support ByteTest string // won't support ByteMath string // won't support ByteJump string // won't support ByteExtract string // won't support RPC string // sunrpc call // won't support Replace []byte PCRE string FastPattern bool // e.g set,bihinder3 FlowBits string FlowInt string XBits string NoAlert bool Base64Decode string Base64Data bool ExtraFlags []string Modifier Modifier }
func (*ContentRule) PCREStringGenerator ¶
func (c *ContentRule) PCREStringGenerator(count int) []*ContentRule
type ContentRuleConfig ¶
type ContentRuleConfig struct { Flow *FlowRule Thresholding *ThresholdingConfig /* DNS Config*/ DNS *DNSRule /* HTTP Config */ HTTPConfig *HTTPConfig /* IP */ IPConfig *IPLayerRule /* TCP */ TcpConfig *TCPLayerRule /* UDP */ UdpConfig *UDPLayerRule /* ICMP */ IcmpConfig *ICMPLayerRule /* Payload Match */ ContentRules []*ContentRule // PrefilterRule is a contentRuleConfig with no more than single config. // not implement yet PrefilterRule *ContentRuleConfig }
type HTTPConfig ¶ added in v1.2.4
type ICMPLayerRule ¶
type IPLayerRule ¶
type IPLayerRule struct { TTL int /* IP Option Description rr Record Route eol End of List nop No Op ts Time Stamp sec IP Security esec IP Extended Security lsrr Loose Source Routing ssrr Strict Source Routing satid Stream Identifier any any IP options are set */ IPOpts string Sameip bool IPProto string Id int Geoip string FragBits string FragOffset string Tos string }
type Modifier ¶ added in v1.2.4
type Modifier uint32
const ( Default Modifier = iota // http req HTTPUri HTTPUriRaw HTTPMethod HTTPRequestLine HTTPRequestBody HTTPUserAgent HTTPHost HTTPHostRaw HTTPAccept HTTPAcceptLang HTTPAcceptEnc HTTPReferer // http resp HTTPStatMsg HTTPStatCode HTTPResponseLine HTTPResponseBody HTTPServer HTTPLocation // http common HTTPHeader HTTPHeaderRaw HTTPCookie HTTPConnection FileData HTTPContentType HTTPContentLen HTTPStart HTTPProtocol HTTPHeaderNames // DNS DNSQuery // IP IPv4HDR IPv6HDR )
type PCRE ¶ added in v1.2.5
type PCRE struct {
// contains filtered or unexported fields
}
func ParsePCREStr ¶ added in v1.2.5
type PortRule ¶
type PortRule struct { Any bool Negative bool Ports []int Rules []*PortRule Env string // contains filtered or unexported fields }
func (*PortRule) GetAvailablePort ¶
func (*PortRule) GetHighPort ¶
type Rule ¶
type Rule struct { Raw string `json:"raw"` Message string `json:"message"` Action string `json:"action"` Protocol string `json:"protocol"` SourceAddress *AddressRule `json:"source_address"` DestinationAddress *AddressRule `json:"destination_address"` SourcePort *PortRule `json:"source_port"` DestinationPort *PortRule `json:"destination_port"` Sid int Rev int Gid int ClassType string Reference map[string]string Priority int Metadata []string Target string // src_ip/dest_ip ContentRuleConfig *ContentRuleConfig }
type RuleSyntaxVisitor ¶
type RuleSyntaxVisitor struct { Raw []byte Errors []error Rules []*Rule // 设置环境变量规则 Environment map[string]string }
func (*RuleSyntaxVisitor) Errorf ¶
func (r *RuleSyntaxVisitor) Errorf(msg string, items ...interface{})
func (*RuleSyntaxVisitor) MergeErrors ¶
func (r *RuleSyntaxVisitor) MergeErrors() error
func (*RuleSyntaxVisitor) ShowErrors ¶
func (r *RuleSyntaxVisitor) ShowErrors()
func (*RuleSyntaxVisitor) VisitAddress ¶
func (v *RuleSyntaxVisitor) VisitAddress(i *parser.AddressContext) *AddressRule
func (*RuleSyntaxVisitor) VisitDstAddress ¶
func (v *RuleSyntaxVisitor) VisitDstAddress(i *parser.Dest_addressContext) *AddressRule
func (*RuleSyntaxVisitor) VisitDstPort ¶
func (v *RuleSyntaxVisitor) VisitDstPort(i *parser.Dest_portContext) *PortRule
func (*RuleSyntaxVisitor) VisitParams ¶
func (r *RuleSyntaxVisitor) VisitParams(i *parser.ParamsContext, rule *Rule)
func (*RuleSyntaxVisitor) VisitPortRule ¶
func (v *RuleSyntaxVisitor) VisitPortRule(i *parser.PortContext) *PortRule
func (*RuleSyntaxVisitor) VisitRule ¶
func (r *RuleSyntaxVisitor) VisitRule(rule *parser.RuleContext) interface{}
func (*RuleSyntaxVisitor) VisitRules ¶
func (r *RuleSyntaxVisitor) VisitRules(ctx *parser.RulesContext) interface{}
func (*RuleSyntaxVisitor) VisitSrcAddress ¶
func (v *RuleSyntaxVisitor) VisitSrcAddress(i *parser.Src_addressContext) *AddressRule
func (*RuleSyntaxVisitor) VisitSrcPort ¶
func (v *RuleSyntaxVisitor) VisitSrcPort(i *parser.Src_portContext) *PortRule
type TCPLayerRule ¶
type ThresholdingConfig ¶
type ThresholdingConfig struct { ThresholdMode bool LimitMode bool Count int Seconds int Track string }
func (*ThresholdingConfig) Repeat ¶
func (t *ThresholdingConfig) Repeat() int
type UDPLayerRule ¶
type UDPLayerRule struct {
UDPHeader bool
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.