nfs

package
v5.0.0-alpha1.0...-e8cd593 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2016 License: Apache-2.0 Imports: 9 Imported by: 0

README

NFS packetbeat

NFS v3 and v4 protocols parsing for packetbeat.

Can be extended to handle other SunRPC based protocols as well.

Sample output:

{
  "@timestamp": "2016-03-28T06:18:18.431Z",
  "beat": {
    "hostname": "localhost",
    "name": "localhost"
  },
  "count": 1,
  "dst": "127.0.0.1",
  "dst_port": 2049,
  "nfs": {
    "minor_version": 1,
    "opcode": "GETATTR",
    "status": "NFSERR_NOENT",
    "tag": "",
    "version": 4
  },
  "rpc": {
    "auth_flavor": "unix",
    "call_size": 200,
    "cred": {
      "gid": 500,
      "gids": [
        491,
        499,
        500
      ],
      "machinename": "localhost",
      "stamp": 4597002,
      "uid": 500
    },
    "reply_size": 96, 
    "status": "success",
    "time": 25631000,
    "time_str": "25.631ms",
    "xid": "2cf0c876"
  },
  "src": "127.0.0.1",
  "src_port": 975,
  "type": "nfs"
}

Documentation

Index

Constants

View Source
const (
	OP_ACCESS               = 3
	OP_CLOSE                = 4
	OP_COMMIT               = 5
	OP_CREATE               = 6
	OP_DELEGPURGE           = 7
	OP_DELEGRETURN          = 8
	OP_GETATTR              = 9
	OP_GETFH                = 10
	OP_LINK                 = 11
	OP_LOCK                 = 12
	OP_LOCKT                = 13
	OP_LOCKU                = 14
	OP_LOOKUP               = 15
	OP_LOOKUPP              = 16
	OP_NVERIFY              = 17
	OP_OPEN                 = 18
	OP_OPENATTR             = 19
	OP_OPEN_CONFIRM         = 20
	OP_OPEN_DOWNGRADE       = 21
	OP_PUTFH                = 22
	OP_PUTPUBFH             = 23
	OP_PUTROOTFH            = 24
	OP_READ                 = 25
	OP_READDIR              = 26
	OP_READLINK             = 27
	OP_REMOVE               = 28
	OP_RENAME               = 29
	OP_RENEW                = 30
	OP_RESTOREFH            = 31
	OP_SAVEFH               = 32
	OP_SECINFO              = 33
	OP_SETATTR              = 34
	OP_SETCLIENTID          = 35
	OP_SETCLIENTID_CONFIRM  = 36
	OP_VERIFY               = 37
	OP_WRITE                = 38
	OP_RELEASE_LOCKOWNER    = 39
	OP_BACKCHANNEL_CTL      = 40
	OP_BIND_CONN_TO_SESSION = 41
	OP_EXCHANGE_ID          = 42
	OP_CREATE_SESSION       = 43
	OP_DESTROY_SESSION      = 44
	OP_FREE_STATEID         = 45
	OP_GET_DIR_DELEGATION   = 46
	OP_GETDEVICEINFO        = 47
	OP_GETDEVICELIST        = 48
	OP_LAYOUTCOMMIT         = 49
	OP_LAYOUTGET            = 50
	OP_LAYOUTRETURN         = 51
	OP_SECINFO_NO_NAME      = 52
	OP_SEQUENCE             = 53
	OP_SET_SSV              = 54
	OP_TEST_STATEID         = 55
	OP_WANT_DELEGATION      = 56
	OP_DESTROY_CLIENTID     = 57
	OP_RECLAIM_COMPLETE     = 58
	OP_ILLEGAL              = 10044
)
View Source
const (
	RPC_LAST_FRAG = 0x80000000
	RPC_SIZE_MASK = 0x7fffffff
)
View Source
const (
	RPC_CALL  = 0
	RPC_REPLY = 1
)
View Source
const NFS_PROGRAM_NUMBER = 100003

Variables

View Source
var ACCEPT_STATUS = [...]string{
	"success",
	"prog_unavail",
	"prog_mismatch",
	"proc_unavail",
	"garbage_args",
	"system_err",
}
View Source
var NFS_STATUS = map[int]string{}/* 108 elements not displayed */

Functions

func New

func New(
	testMode bool,
	results publish.Transactions,
	cfg *common.Config,
) (protos.Plugin, error)

Types

type Nfs

type Nfs struct {
	// contains filtered or unexported fields
}

type Rpc

type Rpc struct {
	// Configuration data.
	Ports []int
	// contains filtered or unexported fields
}

func (*Rpc) ConnectionTimeout

func (rpc *Rpc) ConnectionTimeout() time.Duration

ConnectionTimeout returns the per stream connection timeout. Return <=0 to set default tcp module transaction timeout.

func (*Rpc) GapInStream

func (rpc *Rpc) GapInStream(tcptuple *common.TcpTuple, dir uint8,
	nbytes int, private protos.ProtocolData) (priv protos.ProtocolData, drop bool)

Called when a packets are missing from the tcp stream.

func (*Rpc) GetPorts

func (rpc *Rpc) GetPorts() []int

func (*Rpc) Parse

func (rpc *Rpc) Parse(
	pkt *protos.Packet,
	tcptuple *common.TcpTuple,
	dir uint8,
	private protos.ProtocolData,
) protos.ProtocolData

Called when TCP payload data is available for parsing.

func (*Rpc) ReceivedFin

func (rpc *Rpc) ReceivedFin(tcptuple *common.TcpTuple, dir uint8,
	private protos.ProtocolData) protos.ProtocolData

Called when the FIN flag is seen in the TCP stream.

type RpcMessage

type RpcMessage struct {
	// contains filtered or unexported fields
}

type RpcStream

type RpcStream struct {
	// contains filtered or unexported fields
}

type Xdr

type Xdr struct {
	// contains filtered or unexported fields
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL