iedb

package

v0.0.0-...-456f7df Latest Latest Go to latest Published: Oct 1, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zartbot/goflow

Links

Open Source Insights

README ¶

IPFIX IANA: https://www.iana.org/assignments/ipfix/ipfix.xhtml CSV: https://www.iana.org/assignments/ipfix/ipfix-information-elements.csv

Documentation ¶

Index ¶

Variables
func ConvertDataType(b *[]byte, t DataType) interface{}
func ParseCiscoAppVarString(b []byte) map[CiscoAppVarStringKey]string
func ParseCiscoETA_IDP(b []byte) *gopacket.Packet
func PrintTCPFlags(b byte) string
func ReadCiscoIE(filename string)
func ReadIANA(filename string)
func ShowIEDB()
type CiscoAppVarStringKey
type CiscoETASPLT
- func ParseCiscoETA_SPLT(b []byte) *CiscoETASPLT
type CiscoFARecord
- func ParseCiscoFA(b []byte) *CiscoFARecord
- func (fa *CiscoFARecord) String() string
type CiscoURLHitItem
- func ParseCiscoURLHitString(b []byte) []CiscoURLHitItem
type DataType
type ElementKey
type InformationElement
type TcpCtrlBits
- func ParseTcpControlBits(b []byte) TcpCtrlBits

Constants ¶

This section is empty.

Variables ¶

View Source

var DataTypeMap = map[string]DataType{
	"octetArray":           OctetArray,
	"unsigned8":            Unsigned8,
	"unsigned16":           Unsigned16,
	"unsigned32":           Unsigned32,
	"unsigned64":           Unsigned64,
	"signed8":              Signed8,
	"signed16":             Signed16,
	"signed32":             Signed32,
	"signed64":             Signed64,
	"float32":              Float32,
	"float64":              Float64,
	"boolean":              Boolean,
	"macAddress":           MacAddress,
	"string":               String,
	"dateTimeSeconds":      DateTimeSeconds,
	"dateTimeMilliseconds": DateTimeMilliseconds,
	"dateTimeMicroseconds": DateTimeMicroseconds,
	"dateTimeNanoseconds":  DateTimeNanoseconds,
	"ipv4Address":          Ipv4Address,
	"ipv6Address":          Ipv6Address,
	"basicList":            BasicList,
	"subTemplateList":      SubTemplateList,
	"subTemplateMultiList": SubTemplateMultiList,
	"ciscoappvarstring":    CiscoAppVarString,
	"ciscourlhits":         CiscoURLHits,
	"tcpflag":              TcpFlag,
	"CiscoETA_SPLT":        CiscoETA_SPLT,
	"ciscofa":              CiscoFA,
	"dyanmic2B4B":          dyanmic2B4B,
}

View Source

var IEDatabase sync.Map

Functions ¶

func ConvertDataType ¶

func ConvertDataType(b *[]byte, t DataType) interface{}

func ParseCiscoAppVarString ¶

func ParseCiscoAppVarString(b []byte) map[CiscoAppVarStringKey]string

ParseCiscoAppVarString : Parse 9:12235 Field, return structure

func ParseCiscoETA_IDP ¶

func ParseCiscoETA_IDP(b []byte) *gopacket.Packet

ParseCiscoETAIDP : Parse Cisco ETA IDP packet

func PrintTCPFlags ¶

func PrintTCPFlags(b byte) string

func ReadCiscoIE ¶

func ReadCiscoIE(filename string)

func ReadIANA ¶

func ReadIANA(filename string)

func ShowIEDB ¶

func ShowIEDB()

Types ¶

type CiscoAppVarStringKey ¶

type CiscoAppVarStringKey struct {
	AppID     uint32
	SubAppTag uint32
}

CiscoAppVarStringElement : Handle Cisco App

      This type is used to handle IE: 9:12235
		 based on different config,this IE could be observed
		 multiple times in single record:

		 Multiple collect type share this IE with different SubAppID

		 http: url,useragent,refer
		 dns:  domain name
		 ssl:  common name

type CiscoETASPLT ¶

type CiscoETASPLT struct {
	Length   [10]uint16
	Interval [10]uint16
}

func ParseCiscoETA_SPLT ¶

func ParseCiscoETA_SPLT(b []byte) *CiscoETASPLT

ParseCiscoETA_SPLT : Parse Cisco ETA SPLT packet

type CiscoFARecord ¶

type CiscoFARecord struct {
	PacketNum     uint8
	FlowDirection [16]uint8
	TCPFlag       [16]byte
	Interval      [16]uint16
}

func ParseCiscoFA ¶

func ParseCiscoFA(b []byte) *CiscoFARecord

ParseCiscoFA : Parse Cisco FA packet

func (*CiscoFARecord) String ¶

func (fa *CiscoFARecord) String() string

type CiscoURLHitItem ¶

type CiscoURLHitItem struct {
	Name   string
	Number uint16
}

CiscoURLHitElement : URL Hit Field This field use '/0' as delimeter

func ParseCiscoURLHitString ¶

func ParseCiscoURLHitString(b []byte) []CiscoURLHitItem

type DataType ¶

type DataType int

const (
	//https://www.iana.org/assignments/ipfix/ipfix-information-element-data-types.csv
	OctetArray DataType = iota
	Unsigned8
	Unsigned16
	Unsigned32
	Unsigned64
	Signed8
	Signed16
	Signed32
	Signed64
	Float32
	Float64
	Boolean
	MacAddress
	String
	DateTimeSeconds
	DateTimeMilliseconds
	DateTimeMicroseconds
	DateTimeNanoseconds
	Ipv4Address
	Ipv6Address
	BasicList
	SubTemplateList
	SubTemplateMultiList
	CiscoAppVarString
	CiscoURLHits
	TcpFlag
	CiscoETA_SPLT
	//CiscoETA_IDP
	CiscoFA
)

type ElementKey ¶

type ElementKey struct {
	EnterpriseNo uint32
	ElementID    uint16
}

type InformationElement ¶

type InformationElement struct {
	Name  string
	Type  string
	Dtype DataType
}

type TcpCtrlBits ¶

type TcpCtrlBits struct {
	//FlagMap    map[string]int
	FlagName    string
	RawCtrlBits byte
}

func ParseTcpControlBits ¶

func ParseTcpControlBits(b []byte) TcpCtrlBits

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL