Documentation
¶
Overview ¶
Package packet Package decoder implements decoders to transform network packets into protocol buffers for various protocols
Index ¶
- Variables
- func ApplyActionToGoPacketDecoders(action func(*GoPacketDecoder))
- func ApplyActionToGoPacketDecodersAsync(action func(*GoPacketDecoder))
- func ApplyActionToPacketDecoders(action func(DecoderAPI))
- func ApplyActionToPacketDecodersAsync(action func(DecoderAPI))
- func InitGoPacketDecoders(c *config.Config) (decoders map[gopacket.LayerType][]*GoPacketDecoder, err error)
- func MarkdownOverview()
- func SetConfig(cfg *config.Config)
- func SetDecoderLogger(lg *zap.Logger)
- func ShowDecoders(verbose bool)
- type Decoder
- func (pd *Decoder) DeInitFunc() error
- func (pd *Decoder) Decode(p gopacket.Packet) error
- func (pd *Decoder) Destroy() (name string, size int64)
- func (pd *Decoder) GetChan() <-chan []byte
- func (pd *Decoder) GetDescription() string
- func (pd *Decoder) GetName() string
- func (pd *Decoder) GetType() types.Type
- func (pd *Decoder) NumRecords() int64
- func (pd *Decoder) PostInitFunc() error
- func (pd *Decoder) SetWriter(w io.AuditRecordWriter)
- type DecoderAPI
- type GoPacketDecoder
- func (dec *GoPacketDecoder) DeInitFunc() error
- func (dec *GoPacketDecoder) Decode(ctx *types.PacketContext, p gopacket.Packet, l gopacket.Layer) error
- func (dec *GoPacketDecoder) Destroy() (name string, size int64)
- func (cd *GoPacketDecoder) GetChan() <-chan []byte
- func (dec *GoPacketDecoder) GetDescription() string
- func (dec *GoPacketDecoder) GetName() string
- func (dec *GoPacketDecoder) GetType() types.Type
- func (dec *GoPacketDecoder) NumRecords() int64
- func (dec *GoPacketDecoder) PostInitFunc() error
- func (dec *GoPacketDecoder) SetWriter(writer io.AuditRecordWriter)
Constants ¶
This section is empty.
Variables ¶
var ( // DeviceProfiles hold all connections. DeviceProfiles = &atomicDeviceProfileMap{ Items: make(map[string]*deviceProfile), } )
var ( // ErrInvalidDecoder occurs when a decoder name is unknown during initialization. ErrInvalidDecoder = errors.New("invalid decoder") )
var ( // LocalDNS controls whether the DNS names shall be resolved locally // without contacting a nameserver. LocalDNS = true )
Functions ¶
func ApplyActionToGoPacketDecoders ¶
func ApplyActionToGoPacketDecoders(action func(*GoPacketDecoder))
ApplyActionToGoPacketDecoders can be used to run custom code for all gopacket decoders.
func ApplyActionToGoPacketDecodersAsync ¶
func ApplyActionToGoPacketDecodersAsync(action func(*GoPacketDecoder))
ApplyActionToGoPacketDecodersAsync can be used to run custom code for all gopacket decoders asynchronously.
func ApplyActionToPacketDecoders ¶
func ApplyActionToPacketDecoders(action func(DecoderAPI))
ApplyActionToPacketDecoders can be used to run custom code for all packet decoders.
func ApplyActionToPacketDecodersAsync ¶
func ApplyActionToPacketDecodersAsync(action func(DecoderAPI))
ApplyActionToPacketDecodersAsync can be used to run custom code for all packet decoders asynchronously.
func InitGoPacketDecoders ¶
func InitGoPacketDecoders(c *config.Config) (decoders map[gopacket.LayerType][]*GoPacketDecoder, err error)
InitGoPacketDecoders initializes all gopacket decoders.
func MarkdownOverview ¶
func MarkdownOverview()
MarkdownOverview dumps a Markdown summary of all available decoders and their fields.
func SetDecoderLogger ¶
SetDecoderLogger sets the general decoder logger for the decoder package.
Types ¶
type Decoder ¶
type Decoder struct {
// used to keep track of the number of generated audit records
NumRecordsWritten int64
// Name of the decoder
Name string
// Description of the decoder
Description string
// Icon name for the decoder (for Maltego)
Icon string
// Handler to process packets
Handler packetDecoderHandler
// init functions
PostInit func(*Decoder) error
DeInit func(*Decoder) error
// Writer for audit records
Writer io.AuditRecordWriter
// Type of the audit records produced by this decoder
Type types.Type
}
Decoder implements custom logic to decode data from a gopacket.Packet this structure has an optimized field order to avoid excessive padding.
func (*Decoder) DeInitFunc ¶
DeInitFunc is called prior to teardown.
func (*Decoder) Decode ¶
Decode is called for each layer this calls the handler function of the decoder and writes the serialized protobuf into the data pipe.
func (*Decoder) GetChan ¶
GetChan returns a channel to receive serialized protobuf data from the decoder.
func (*Decoder) GetDescription ¶
GetDescription returns the description of the decoder.
func (*Decoder) NumRecords ¶
NumRecords returns the number of written records.
func (*Decoder) PostInitFunc ¶
PostInitFunc is called after the decoder has been initialized.
func (*Decoder) SetWriter ¶
func (pd *Decoder) SetWriter(w io.AuditRecordWriter)
SetWriter sets the netcap writer to use for the decoder.
type DecoderAPI ¶
type DecoderAPI interface {
core.DecoderAPI
// Decode parses a gopacket and returns an error
Decode(p gopacket.Packet) error
}
DecoderAPI PacketDecoderAPI describes an interface that all custom decoders need to implement this allows to supply a custom structure and maintain state for advanced protocol analysis.
func InitPacketDecoders ¶
func InitPacketDecoders(c *config.Config) (decoders []DecoderAPI, err error)
InitPacketDecoders initializes all packet decoders.
type GoPacketDecoder ¶
type GoPacketDecoder struct {
Description string
Layer gopacket.LayerType
Handler goPacketDecoderHandler
Type types.Type
// contains filtered or unexported fields
}
GoPacketDecoder represents an decoder for the gopacket.Layer type this structure has an optimized field order to avoid excessive padding.
func (*GoPacketDecoder) DeInitFunc ¶
func (dec *GoPacketDecoder) DeInitFunc() error
func (*GoPacketDecoder) Decode ¶
func (dec *GoPacketDecoder) Decode(ctx *types.PacketContext, p gopacket.Packet, l gopacket.Layer) error
Decode is called for each layer this calls the handler function of the decoder and writes the serialized protobuf into the data pipe.
func (*GoPacketDecoder) Destroy ¶
func (dec *GoPacketDecoder) Destroy() (name string, size int64)
Destroy closes and flushes all writers.
func (*GoPacketDecoder) GetChan ¶
func (cd *GoPacketDecoder) GetChan() <-chan []byte
GetChan returns a channel to receive serialized protobuf data from the decoder.
func (*GoPacketDecoder) GetDescription ¶
func (dec *GoPacketDecoder) GetDescription() string
func (*GoPacketDecoder) GetName ¶
func (dec *GoPacketDecoder) GetName() string
func (*GoPacketDecoder) GetType ¶
func (dec *GoPacketDecoder) GetType() types.Type
func (*GoPacketDecoder) NumRecords ¶
func (dec *GoPacketDecoder) NumRecords() int64
func (*GoPacketDecoder) PostInitFunc ¶
func (dec *GoPacketDecoder) PostInitFunc() error
func (*GoPacketDecoder) SetWriter ¶
func (dec *GoPacketDecoder) SetWriter(writer io.AuditRecordWriter)
Source Files
¶
- arp.go
- bfd.go
- cip.go
- cisco_dicovery_info.go
- cisco_discovery.go
- connection.go
- device_profile.go
- dhcp4.go
- dhcp6.go
- diameter.go
- dns.go
- dot11.go
- dot1q.go
- eap.go
- eapol.go
- eapolkey.go
- enip.go
- eth.go
- ethctp.go
- ethctpr.go
- fddi.go
- geneve.go
- gopacket_decoder.go
- gre.go
- icmp4.go
- icmp6.go
- icmp6e.go
- icmp6na.go
- icmp6ns.go
- icmp6ra.go
- icmp6rs.go
- igmp.go
- init.go
- ip4.go
- ip6.go
- ip6hop.go
- ip_profile.go
- ipsecah.go
- ipsecesp.go
- ipv6fragment.go
- lcm.go
- llc.go
- lld.go
- lldi.go
- log.go
- modbus.go
- mpls.go
- nortel_discovery.go
- ntp.go
- ospfv2.go
- ospfv3.go
- packet_decoder.go
- sctp.go
- sip.go
- snap.go
- tcp.go
- tls_client_hello.go
- tls_server_hello.go
- udp.go
- usb.go
- usb_request_block_setup.go
- utils.go
- vrrpv2.go
- vxlan.go