Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var Protocols = []Protocol{ TLSProtocol{}, SSHProtocol{}, HTTPProtocol{}, }
Protocols is the ordered list of supported L7 protocols. Detection is first-match; order matters.
Functions ¶
func CapturesSchema ¶
func HTTPSchema ¶
Types ¶
type HTTPProtocol ¶
type HTTPProtocol struct{}
HTTPProtocol detects HTTP/1.x by matching well-known request method prefixes or a response status line.
func (HTTPProtocol) Detect ¶
func (HTTPProtocol) Detect(payload []byte) bool
func (HTTPProtocol) Name ¶
func (HTTPProtocol) Name() string
func (HTTPProtocol) NewSession ¶
func (HTTPProtocol) NewSession(streamID uuid.UUID, sessionID uint64) Session
type HTTPSession ¶
type HTTPSession struct {
// contains filtered or unexported fields
}
HTTPSession extracts the request method, host and path from the first payload chunk of an HTTP/1.x stream.
func (*HTTPSession) Columns ¶
func (s *HTTPSession) Columns() []string
func (*HTTPSession) Feed ¶
func (s *HTTPSession) Feed(payload []byte)
Feed scans payload lines looking for the request line and Host header. Stops feeding once both method and host are found.
func (*HTTPSession) Table ¶
func (s *HTTPSession) Table() string
func (*HTTPSession) Values ¶
func (s *HTTPSession) Values() []any
type Protocol ¶
type Protocol interface {
Name() string // e.g. "HTTP", "TLS", "SSH"
Detect(payload []byte) bool // true if payload matches this protocol
}
Protocol is implemented by each supported L7 protocol.
type SSHProtocol ¶
type SSHProtocol struct{}
SSHProtocol detects SSH by its protocol banner prefix.
func (SSHProtocol) Detect ¶
func (SSHProtocol) Detect(payload []byte) bool
func (SSHProtocol) Name ¶
func (SSHProtocol) Name() string
type SessionProtocol ¶
type SessionProtocol interface {
Protocol
NewSession(streamID uuid.UUID, sessionID uint64) Session
}
SessionProtocol extends Protocol for protocols that extract queryable L7 fields and have their own per-stream table.
type StreamRecord ¶
type StreamRecord struct {
SessionID uint64
StreamID uuid.UUID
SynSrcIP netip.Addr
SynDstIP netip.Addr
SynSrcPort uint16
SynDstPort uint16
HasSYN bool
HasSYNACK bool
Proto Protocol
Session Session
FirstPacketID uint32
LastPacketID uint32
PacketCount uint64
ByteCount uint64
}
StreamRecord is the exported view of a completed stream for insertion.
type TLSProtocol ¶
type TLSProtocol struct{}
TLSProtocol detects TLS handshake records by their content-type (0x16) and legacy record-layer version byte (0x03).
func (TLSProtocol) Detect ¶
func (TLSProtocol) Detect(payload []byte) bool
func (TLSProtocol) Name ¶
func (TLSProtocol) Name() string
type Tracker ¶
type Tracker struct {
// contains filtered or unexported fields
}
Tracker observes encoded TCP packets and accumulates per-stream state.
func (*Tracker) Observe ¶
func (t *Tracker) Observe(nucleus components.PacketNucleus, comps []components.Component)
Observe processes one encoded packet. Only packets with the TCP component set are considered. Safe for concurrent use.
func (*Tracker) QualifyingStreams ¶
func (t *Tracker) QualifyingStreams() []*StreamRecord
QualifyingStreams drains the tracker and returns streams where both SYN and SYN-ACK were observed and L7 protocol was identified.
Source Files