Documentation
¶
Index ¶
- Variables
- func AddApplications(serviceIdent string, applications []string)
- func MatchServiceProbes(serv *service, banner []byte, ident string)
- func NewService(ts int64, numBytesServer, numBytesClient int, ip string) *service
- func ResetProbeEnums()
- func ResetStore()
- type HyperscanBuildStats
- type HyperscanCategory
- type HyperscanStatus
Constants ¶
This section is empty.
Variables ¶
var Decoder = &decoder.AbstractDecoder{ Type: types.Type_NC_Service, Name: "Service", Description: "A network service", PostInit: func(d *decoder.AbstractDecoder) error { var err error serviceLog, _, err = logging.InitZapLogger( decoderconfig.Instance.Out, "service", decoderconfig.Instance.Debug, ) if err != nil { return err } return initServiceProbes() }, DeInit: func(e *decoder.AbstractDecoder) error { // flush writer var err error for _, item := range Store.Items { item.Lock() if len(item.applications) > 0 { item.Service.Applications = make([]string, 0, len(item.applications)) for app := range item.applications { item.Service.Applications = append(item.Service.Applications, app) } } if len(item.Service.Applications) > 0 { item.Service.DetectedProtocolName = item.Service.Applications[0] } else if item.Service.Product != "" { item.Service.DetectedProtocolName = item.Service.Product } else if item.Service.Name != "" { item.Service.DetectedProtocolName = item.Service.Name } err = e.Writer.Write(item.Service) if err != nil { serviceLog.Error("failed to flush service audit record", zap.Error(err)) } item.Unlock() atomic.AddInt64(&e.NumRecordsWritten, 1) } return serviceLog.Sync() }, }
Decoder for protocol analysis and writing audit records to disk.
var Store = &atomicServiceMap{ Items: make(map[string]*service), }
Store ServiceStore holds all tcp service banners.
Functions ¶
func AddApplications ¶ added in v0.7.5
AddApplications adds DPI-detected application protocols to a service. This function is thread-safe and can be called from packet decoders.
func MatchServiceProbes ¶
MatchServiceProbes will check the service banner against the probes.
func NewService ¶
NewService creates a new network service.
func ResetProbeEnums ¶ added in v0.7.6
func ResetProbeEnums()
ResetProbeEnums clears the service probe enumeration map This should be called when resetting state between processing different files
func ResetStore ¶ added in v0.7.5
func ResetStore()
ResetStore clears all services from memory This should be called when resetting state between processing different files
Types ¶
type HyperscanBuildStats ¶ added in v0.9.1
type HyperscanBuildStats struct {
Categories int `json:"categories"`
PatternsTotal int `json:"patterns_total"`
PatternsHS int `json:"patterns_hyperscan"`
PatternsFallbk int `json:"patterns_fallback"`
}
HyperscanBuildStats is the stub-build twin of the tagged type.
type HyperscanCategory ¶ added in v0.9.1
type HyperscanCategory struct {
Name string `json:"name"`
Patterns int `json:"patterns"`
Rejections int `json:"rejections"`
Matches uint64 `json:"matches"`
Scans uint64 `json:"scans"`
ScanErrors uint64 `json:"scan_errors"`
SampleError string `json:"sample_error,omitempty"`
}
HyperscanCategory is the stub-build twin of the tagged type.
type HyperscanStatus ¶ added in v0.9.1
type HyperscanStatus struct {
Enabled bool `json:"enabled"`
LibVersion string `json:"lib_version"`
Build HyperscanBuildStats `json:"build"`
BuildError string `json:"build_error,omitempty"`
ScanFallbacks uint64 `json:"scan_fallbacks"`
Categories []HyperscanCategory `json:"categories,omitempty"`
}
HyperscanStatus is the stub-build twin of the tagged type.
func GetHyperscanStatus ¶ added in v0.9.1
func GetHyperscanStatus() HyperscanStatus
GetHyperscanStatus reports the integration as compiled-out so UI surfaces can render a clear "disabled" badge instead of guessing.
Source Files