Documentation
¶
Index ¶
- Constants
- Variables
- func Register(name string, plugin ProtocolPlugin)
- type Packet
- type Plugin
- type PortsConfig
- type Protocol
- type ProtocolData
- type ProtocolPlugin
- type Protocols
- type ProtocolsStruct
- func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string
- func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin
- func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin
- func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin
- func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin
- func (s ProtocolsStruct) Init(testMode bool, pub reporterFactory, configs map[string]*common.Config, ...) error
- type Reporter
- type TCPPlugin
- type UDPPlugin
Constants ¶
Variables ¶
View Source
var Protos = ProtocolsStruct{ // contains filtered or unexported fields }
Singleton of Protocols type.
Functions ¶
func Register ¶
func Register(name string, plugin ProtocolPlugin)
Types ¶
type Plugin ¶
type Plugin interface {
// Called to return the configured ports
GetPorts() []int
}
Functions to be exported by a protocol plugin
type PortsConfig ¶
type PortsConfig struct {
Ports []int
}
Protocol Plugin Port configuration with validation on init
func (*PortsConfig) Init ¶
func (p *PortsConfig) Init(ports ...int) error
func (*PortsConfig) Set ¶
func (p *PortsConfig) Set(ports []int) error
type ProtocolData ¶
type ProtocolData interface{}
ProtocolData interface to represent an upper protocol private data. Used with types like HttpStream, MysqlStream, etc.
type ProtocolPlugin ¶
type Protocols ¶
type ProtocolsStruct ¶
type ProtocolsStruct struct {
// contains filtered or unexported fields
}
list of protocol plugins
func (ProtocolsStruct) BpfFilter ¶
func (s ProtocolsStruct) BpfFilter(withVlans bool, withICMP bool) string
BpfFilter returns a Berkeley Packer Filter (BFP) expression that will match against packets for the registered protocols. If with_vlans is true the filter will match against both IEEE 802.1Q VLAN encapsulated and unencapsulated packets
func (ProtocolsStruct) GetAllTCP ¶
func (s ProtocolsStruct) GetAllTCP() map[Protocol]TCPPlugin
func (ProtocolsStruct) GetAllUDP ¶
func (s ProtocolsStruct) GetAllUDP() map[Protocol]UDPPlugin
func (ProtocolsStruct) GetTCP ¶
func (s ProtocolsStruct) GetTCP(proto Protocol) TCPPlugin
func (ProtocolsStruct) GetUDP ¶
func (s ProtocolsStruct) GetUDP(proto Protocol) UDPPlugin
type Reporter ¶
Reporter is used by plugin instances to report new transaction events.
type TCPPlugin ¶
type TCPPlugin interface {
Plugin
// Called when TCP payload data is available for parsing.
Parse(pkt *Packet, tcptuple *common.TCPTuple,
dir uint8, private ProtocolData) ProtocolData
// Called when the FIN flag is seen in the TCP stream.
ReceivedFin(tcptuple *common.TCPTuple, dir uint8,
private ProtocolData) ProtocolData
// Called when a packets are missing from the tcp
// stream.
GapInStream(tcptuple *common.TCPTuple, dir uint8, nbytes int,
private ProtocolData) (priv ProtocolData, drop bool)
// ConnectionTimeout returns the per stream connection timeout.
// Return <=0 to set default tcp module transaction timeout.
ConnectionTimeout() time.Duration
}
Source Files
¶
- protos.go
- registry.go
Directories
¶
| Path | Synopsis |
|---|---|
|
Package applayer provides common definitions with common fields for use with application layer protocols among beats.
|
Package applayer provides common definitions with common fields for use with application layer protocols among beats. |
|
Package dns provides support for parsing DNS messages and reporting the results.
|
Package dns provides support for parsing DNS messages and reporting the results. |
Click to show internal directories.
Click to hide internal directories.