Documentation
¶
Overview ¶
Package applayer provides common definitions with common fields for use with application layer protocols among beats.
Index ¶
Constants ¶
This section is empty.
Variables ¶
Error code if stream exceeds max allowed size on Append.
Functions ¶
This section is empty.
Types ¶
type Message ¶
type Message struct {
Ts time.Time
Tuple common.IPPortTuple
Transport Transport
CmdlineTuple *common.CmdlineTuple
Direction NetDirection
IsRequest bool
Size uint64
Notes []string
}
Message defines common application layer message fields. Some of these fields are required to initialize a Transaction (see (*Transaction).InitWithMsg).
type NetDirection ¶
type NetDirection uint8
A Message its direction indicator
const ( // Message due to a response by server NetReverseDirection NetDirection = 0 // Message was send by client NetOriginalDirection NetDirection = 1 )
type Stream ¶
type Stream struct {
// Buf provides the buffering with parsing support
Buf streambuf.Buffer
// MaxDataInStream sets the maximum number of bytes held in buffer.
// If limit is reached append function will return an error.
MaxDataInStream int
}
A Stream provides buffering data if stream based protocol is used. Use Init to initialize a stream with en empty buffer and buffering limit. A Stream its zero value is a valid unlimited stream buffer.
func (*Stream) Append ¶
Append adds data to the Stream its buffer. If internal buffer is nil, data will be retained as is. Use Write if you don't intend to retain the buffer in the stream.
func (*Stream) Init ¶
Init initializes a stream with an empty buffer and max size. Calling Init twice will fully re-initialize the buffer, such that calling Init before putting the stream in some object pool, no memory will be leaked.
type Transaction ¶
type Transaction struct {
// Type is the name of the application layer protocol transaction be represented.
Type string
// Transaction source and destination IPs and Ports.
Tuple common.IPPortTuple
// Transport layer type
Transport Transport
// Src describes the transaction source/initiator endpoint
Src common.Endpoint
// Dst describes the transaction destination endpoint
Dst common.Endpoint
// Ts sets the transaction its initial timestamp
Ts TransactionTimestamp
// ResponseTime is the transaction duration in milliseconds. Should be set
// to -1 if duration is unknown
ResponseTime int32
// Status of final transaction
Status string // see libbeat/common/statuses.go
// Notes holds a list of interesting events and errors encountered when
// processing the transaction
Notes []string
// BytesIn is the number of bytes returned by destination endpoint
BytesIn uint64
// BytesOut is the number of bytes send by source endpoint to destination endpoint
BytesOut uint64
}
A Transaction defines common fields for all application layer protocols.
func (*Transaction) Event ¶
func (t *Transaction) Event(event *beat.Event) error
Event fills common event fields.
func (*Transaction) Init ¶
func (t *Transaction) Init( typ string, tuple common.IPPortTuple, transport Transport, direction NetDirection, time time.Time, cmdline *common.CmdlineTuple, notes []string, )
Init initializes some common fields. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.
func (*Transaction) InitWithMsg ¶
func (t *Transaction) InitWithMsg( typ string, msg *Message, )
InitWithMsg initializes some common fields from a Message. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.
type TransactionTimestamp ¶
TransactionTimestamp defines a transaction its initial timestamps as unix timestamp in milliseconds and time.Time struct.
Source Files
¶
- applayer.go