encoding

package
v0.2.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 14, 2025 License: BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const EventMetaDataTypeTimestamp = 1

Variables

View Source 
var ErrInvalidProtocol = errors.New("not a valid Protocol")
View Source 
var ErrInvalidType = errors.New("not a valid Type")

Functions

This section is empty.

Types

type AckMessage 

type AckMessage struct {
	ConstType    string `json:"type"` // always "ack"
	EndpointUUID string `json:"endpoint"`
	Version      string `json:"version"`
}

AckMessage is the handshake sent by broker on connect.

type Data 

type Data struct {
	DataType  Type        `json:"@data-type"`
	DataValue interface{} `json:"data"`
}

Data is the recursive type/value structure used by the Zeek broker websocket encoding.

func Address 

func Address(value net.IP) Data

Address creates an encoding.Data of address type given the provided net.IP value.

func Boolean 

func Boolean(value bool) Data

Boolean creates an encoding.Data of boolean type given the provided bool value.

func Count 

func Count(value uint64) Data

Count creates an encoding.Data of count type given the provided uint64 value.

func EnumValue 

func EnumValue(value string) Data

EnumValue creates an encoding.Data of enum-value type given the provided string value.

func Integer 

func Integer(value int64) Data

Integer creates an encoding.Data of integer type given the provided int64 value.

func None 

func None() Data

None creates an encoding.Data of none type.

func Port 

func Port(value Service) Data

Port creates an encoding.Data of port type given the provided encoding.Service value.

func Real 

func Real(value float64) Data

Real creates an encoding.Data of real type given the provided float64 value.

func Set 

func Set(value map[Data]struct{}) Data

Set creates an encoding.Data of set type given the provided map of Data to struct{} value.

func String 

func String(value string) Data

String creates an encoding.Data of string type given the provided string value.

func Subnet 

func Subnet(value net.IPNet) Data

Subnet creates an encoding.Data of subnet type given the provided net.IPNet value.

func Table 

func Table(value map[Data]Data) Data

Table creates an encoding.Data of table type given the provided map of Data to Data value.

func Timespan 

func Timespan(value time.Duration) Data

Timespan creates an encoding.Data of timespan type given the provided time.Duration value.

func Timestamp 

func Timestamp(value time.Time) Data

Timespan creates an encoding.Data of timestamp type given the provided time.Time value.

func Vector 

func Vector(elements ...Data) Data

Vector creates an encoding.Data of vector type given the provided encoding.Data values.

func (*Data) MarshalJSON 

func (d *Data) MarshalJSON() ([]byte, error)

MarshalJSON implements the Marshaller interface for Data, taking care specific cases where json.Marshal doesn't produce output compliant to the zeek broker websocket JSON encoding (e.g., timestamps, ports, etc).

func (*Data) String 

func (d *Data) String() string

String implements the Stringer interface for encoding.Data and produces a compact string representation.

func (*Data) UnmarshalJSON 

func (d *Data) UnmarshalJSON(b []byte) error

UnmarshalJSON implemnts the Unmarshaller interface for Data. It calls json.Unmarshal to produce a map[string]interface{} which is then passed to Data.decode() which does the heavy lifting.

type DataMessage 

type DataMessage struct {
	ConstType string `json:"type"` // always "data-message"
	Topic     string `json:"topic"`
	Data      *Data
}

DataMessage handles the encoding of "data-message" structures (which are used to represent events and errors).

func (*DataMessage) GetEvent 

func (d *DataMessage) GetEvent() (topic string, evt Event, err error)

GetEvent obtains the topic, and Event from a zeek broker event encoded in a DataMessage.

func (DataMessage) MarshalJSON 

func (d DataMessage) MarshalJSON() ([]byte, error)

MarshalJSON implements the Marshaler interface for DataMessage.

func (*DataMessage) UnmarshalJSON 

func (d *DataMessage) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the Unmarshaler interface for DataMessage

type DataMessageUnknownTypeError 

type DataMessageUnknownTypeError struct {
	TypeValue string
}

DataMessageUnknownTypeError is raised when we receive a DataMessage that is neither an event or an error from broker.

func (DataMessageUnknownTypeError) Error 

func (e DataMessageUnknownTypeError) Error() string

Error implements the Error interface for DataMessageUnknownTypeError.

type ErrorMessage 

type ErrorMessage struct {
	ConstType string `json:"type"` // always "error"
	Code      string `json:"code"`
	Context   string `json:"context"`
}

ErrorMessage encodes error messages from broker.

func (ErrorMessage) Error 

func (e ErrorMessage) Error() string

Error implements the error interface for ErrorMessage

type Event 

type Event struct {
	Name      string
	Arguments []Data
	Metadata  []EventMetaEntry
}

Event is a more convenient representation of a Zeek event (as opposed to an encoding.DataMessage with special contents).

func NewEvent 

func NewEvent(name string, arguments ...Data) Event

NewEvent is a helper to create an encoding.Event using variadic arguments.

func (*Event) DeleteMetadata added in v0.2.0 

func (e *Event) DeleteMetadata(id uint8)

DeleteMetadata deletes event metadata matching id.

func (Event) Encode 

func (e Event) Encode(topic string) DataMessage

Encode encodes an Event into an encoding.DataMessage given the provided topic.

func (*Event) SetMetadata added in v0.2.0 

func (e *Event) SetMetadata(id uint8, value Data, replace bool)

SetMetadata adds or replaces the event metadata. If replace is true then value will be assigned to all existing entries with a matching id.

func (*Event) SetTimestamp added in v0.2.0 

func (e *Event) SetTimestamp(timestamp *time.Time)

SetTimestamp adds or replaces the event metadata timestamp (using the current time, if the timestamp argument is nil).

func (Event) String 

func (e Event) String() string

String implements the Stringer interface for Event and produces a compact string representation of a zeek event.

type EventMetaEntry added in v0.2.0 

type EventMetaEntry struct {
	ID    uint64
	Value Data
}

EventMetaEntry os a (id, value) tuple used to encode Zeek event metadata.

func (EventMetaEntry) Encode added in v0.2.0 

func (e EventMetaEntry) Encode() Data

Encode encodes an event metadata entry as a Zeek vector.

func (EventMetaEntry) String added in v0.2.0 

func (e EventMetaEntry) String() string

String renders an event metadata entry as a string.

type Protocol 

type Protocol string

Protocol represents an L4 protocol

ENUM( TCP = "tcp" UDP = "udp" ICMP = "icmp" Unknown = "?" ) 

const (
	// ProtocolTCP is a Protocol of type TCP.
	ProtocolTCP Protocol = "tcp"
	// ProtocolUDP is a Protocol of type UDP.
	ProtocolUDP Protocol = "udp"
	// ProtocolICMP is a Protocol of type ICMP.
	ProtocolICMP Protocol = "icmp"
	// ProtocolUnknown is a Protocol of type Unknown.
	ProtocolUnknown Protocol = "?"
)

func ParseProtocol 

func ParseProtocol(name string) (Protocol, error)

ParseProtocol attempts to convert a string to a Protocol.

func (Protocol) IsValid 

func (x Protocol) IsValid() bool

String implements the Stringer interface.

func (Protocol) MarshalText 

func (x Protocol) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method.

func (Protocol) String 

func (x Protocol) String() string

String implements the Stringer interface.

func (*Protocol) UnmarshalText 

func (x *Protocol) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method.

type Service 

type Service struct {
	Port     uint16
	Protocol Protocol
}

func ParseService 

func ParseService(stringValue string) (Service, error)

func (*Service) MarshalJSON 

func (s *Service) MarshalJSON() ([]byte, error)

type Type 

type Type string

Type represents the types specific to Zeek broker websocket encoding

ENUM( Boolean = "boolean" // Native JSON boolean (maps to bool) Count = "count" // 64 bit unsigned integer (maps to uint64) Integer = "integer" // Native JSON (signed) integer (maps to int64) Real = "real" // Native JSON "number" type (maps to float64) Timespan = "timespan" // String-encoded time span (maps to time.Duration) Timestamp = "timestamp" // ISO 8601 encoded time in YYYY-MM-DDThh:mm:ss.sss format (maps to time.Time) String = "string" // Native JSON string (maps to string) EnumValue = "enum-value" // Zeek enum value mapped to native JSON string (maps to string) Address = "address" // String-encoded IPv4/IPv6 address (maps to net.Addr) Subnet = "subnet" // String-encoded IPv4/IPv6 subnet in <address>/<prefix-length> format (maps to net.IPNet) Port = "port" // String-encoded service port in <port>/<protocol> format (maps to encoding.Service) Vector = "vector" // Sequence of encoding.Data (maps to []Data) Set = "set" // Sequence of encoding.Data with distinct objects (maps to map[Data]struct{}) Table = "table" // Map of encoding.Data keys to encoding.Data values (maps to map[Data]Data) None = "none" // JSON empty object, maps to nil ) 

const (
	// TypeBoolean is a Type of type Boolean.
	// Native JSON boolean (maps to bool)
	TypeBoolean Type = "boolean"
	// TypeCount is a Type of type Count.
	// 64 bit unsigned integer (maps to uint64)
	TypeCount Type = "count"
	// TypeInteger is a Type of type Integer.
	// Native JSON (signed) integer (maps to int64)
	TypeInteger Type = "integer"
	// TypeReal is a Type of type Real.
	// Native JSON "number" type (maps to float64)
	TypeReal Type = "real"
	// TypeTimespan is a Type of type Timespan.
	// String-encoded time span (maps to time.Duration)
	TypeTimespan Type = "timespan"
	// TypeTimestamp is a Type of type Timestamp.
	// ISO 8601 encoded time in YYYY-MM-DDThh:mm:ss.sss format (maps to time.Time)
	TypeTimestamp Type = "timestamp"
	// TypeString is a Type of type String.
	// Native JSON string (maps to string)
	TypeString Type = "string"
	// TypeEnumValue is a Type of type EnumValue.
	// Zeek enum value mapped to native JSON string (maps to string)
	TypeEnumValue Type = "enum-value"
	// TypeAddress is a Type of type Address.
	// String-encoded IPv4/IPv6 address (maps to net.Addr)
	TypeAddress Type = "address"
	// TypeSubnet is a Type of type Subnet.
	// String-encoded IPv4/IPv6 subnet in <address>/<prefix-length> format (maps to net.IPNet)
	TypeSubnet Type = "subnet"
	// TypePort is a Type of type Port.
	// String-encoded service port in <port>/<protocol> format (maps to encoding.Service)
	TypePort Type = "port"
	// TypeVector is a Type of type Vector.
	// Sequence of encoding.Data (maps to []Data)
	TypeVector Type = "vector"
	// TypeSet is a Type of type Set.
	// Sequence of encoding.Data with distinct objects (maps to map[Data]struct{})
	TypeSet Type = "set"
	// TypeTable is a Type of type Table.
	// Map of encoding.Data keys to encoding.Data values (maps to map[Data]Data)
	TypeTable Type = "table"
	// TypeNone is a Type of type None.
	// JSON empty object, maps to nil
	TypeNone Type = "none"
)

func ParseType 

func ParseType(name string) (Type, error)

ParseType attempts to convert a string to a Type.

func (Type) IsValid 

func (x Type) IsValid() bool

String implements the Stringer interface.

func (Type) MarshalText 

func (x Type) MarshalText() ([]byte, error)

MarshalText implements the text marshaller method.

func (Type) String 

func (x Type) String() string

String implements the Stringer interface.

func (*Type) UnmarshalText 

func (x *Type) UnmarshalText(text []byte) error

UnmarshalText implements the text unmarshaller method.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.