encoder

package
v0.3.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2019 License: GPL-3.0 Imports: 36 Imported by: 0

Documentation

Overview

* NETCAP - Traffic Analysis Framework * Copyright (c) 2017 Philipp Mieden <dreadl0ck [at] protonmail [dot] ch> * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// LiveMode switch for all encoders
	LiveMode bool

	// BlockSize is the file system block size
	BlockSize int
)
View Source 
var (
	// Connections hold all connections
	Connections = &AtomicConnMap{
		Items: make(map[string]*types.Connection),
	}
)
View Source 
var (
	// CustomEncoders slice contains initialized encoders at runtime
	// for usage from other packages
	CustomEncoders = []*CustomEncoder{}
)
View Source 
var (
	Flows = &AtomicFlowMap{
		Items: make(map[string]*types.Flow),
	}
)
View Source 
var (
	HTTPActive bool
)
View Source 
var (
	// LayerEncoders map contains initialized encoders at runtime
	// for usage from other packages
	LayerEncoders = map[gopacket.LayerType]*LayerEncoder{}
)
View Source 
var (
	LinkFlows = &AtomicLinkFlowMap{
		Items: make(map[uint64]*types.LinkFlow),
	}
)
View Source 
var (
	NetworkFlows = &AtomicNetworkFlowMap{
		Items: make(map[uint64]*types.NetworkFlow),
	}
)
View Source 
var (
	TransportFlows = &AtomicTransportFlowMap{
		Items: make(map[uint64]*types.TransportFlow),
	}
)

Functions

func CloseFile 

func CloseFile(outDir string, file *os.File, typ string) (name string, size int64)

func CloseGzipWriters 

func CloseGzipWriters(writers ...*gzip.Writer)

func CreateFile 

func CreateFile(name, ext string) *os.File

func Debug 

func Debug(s string, a ...interface{})

func DecodeHTTP 

func DecodeHTTP(packet gopacket.Packet)

DecodeHTTP passes TCP packets to the TCP stream reassembler in order to decode HTTP request and responses CAUTION: this function must be called sequentially, because the stream reassembly implementation currently does not handle out of order packets

func DumpTop5LinkFlows 

func DumpTop5LinkFlows()

func DumpTop5NetworkFlows 

func DumpTop5NetworkFlows()

func DumpTop5TransportFlows 

func DumpTop5TransportFlows()

func Entropy 

func Entropy(data []byte) (entropy float64)

Entropy returns the shannon entropy value https://rosettacode.org/wiki/Entropy#Go

func Error 

func Error(t string, s string, a ...interface{})

func ExtractTLSHandShake 

func ExtractTLSHandShake(tcp *layers.TCP) (*tlsx.ClientHello, bool)

ExtractTLSHandShake extracts a TLS HandShake from a TCP Packet

func FlushWriters 

func FlushWriters(writers ...flushableWriter)

func Info 

func Info(s string, a ...interface{})

func InitCustomEncoders 

func InitCustomEncoders(c Config)

InitCustomEncoders initializes all custom encoders

func InitLayerEncoders 

func InitLayerEncoders(c Config)

InitLayerEncoders initializes all layer encoders

func NewCSVWriter 

func NewCSVWriter(w io.Writer) *csvWriter

func NewHeader 

func NewHeader(t types.Type, c Config) *types.Header

func Overview 

func Overview()

func RemoveEmptyFile 

func RemoveEmptyFile(name string) (size int64)

func SetErrorMap 

func SetErrorMap(m *AtomicCounterMap)

func ShowEncoders 

func ShowEncoders()

Types

type AtomicConnMap 

type AtomicConnMap struct {
	Items map[string]*types.Connection
	sync.Mutex
}

AtomicConnMap contains all connections and provides synchronized access

func (*AtomicConnMap) Size 

func (a *AtomicConnMap) Size() int

Size returns the number of elements in the Items map

type AtomicCounterMap 

type AtomicCounterMap struct {
	Items map[string]int64
	sync.Mutex
}

AtomicCounterMap maps strings to integers

func NewAtomicCounterMap 

func NewAtomicCounterMap() *AtomicCounterMap

NewAtomicCounterMap returns a new AtomicCounterMap

func (*AtomicCounterMap) Inc 

func (a *AtomicCounterMap) Inc(val string)

Inc increments a value

type AtomicDelimitedWriter 

type AtomicDelimitedWriter struct {
	sync.Mutex
	// contains filtered or unexported fields
}

AtomicDelimitedWriter writes delimited proto messages synchronized

func NewAtomicDelimitedWriter 

func NewAtomicDelimitedWriter(w *delimited.Writer) *AtomicDelimitedWriter

NewAtomicDelimitedWriter takes a delimited.WriterAtomic and returns an atomic version

func (*AtomicDelimitedWriter) PutProto 

func (a *AtomicDelimitedWriter) PutProto(pb proto.Message) error

PutProto writes a protocol buffer into the writer and returns an error

type AtomicFlowMap 

type AtomicFlowMap struct {
	Items map[string]*types.Flow
	sync.Mutex
}

func (*AtomicFlowMap) Size 

func (a *AtomicFlowMap) Size() int

type AtomicLinkFlowMap 

type AtomicLinkFlowMap struct {
	Items map[uint64]*types.LinkFlow
	sync.Mutex
}

type AtomicNetworkFlowMap 

type AtomicNetworkFlowMap struct {
	Items map[uint64]*types.NetworkFlow
	sync.Mutex
}

type AtomicTransportFlowMap 

type AtomicTransportFlowMap struct {
	Items map[uint64]*types.TransportFlow
	sync.Mutex
}

type Config 

type Config struct {
	Buffer          bool
	Compression     bool
	CSV             bool
	IncludeEncoders string
	ExcludeEncoders string
	Out             string
	WriteChan       bool
	Source          string
	Version         string
}

Config contains configuration parameters for the encoders

type ConnectionID 

type ConnectionID struct {
	LinkFlowID      uint64
	NetworkFlowID   uint64
	TransportFlowID uint64
}

ConnectionID is a bidirectional connection between two devices over the network that includes the Link, Network and TransportLayer

func (ConnectionID) String 

func (c ConnectionID) String() string

type Context 

type Context struct {
	CaptureInfo gopacket.CaptureInfo
}

* The assembler context

func (*Context) GetCaptureInfo 

func (c *Context) GetCaptureInfo() gopacket.CaptureInfo

type CustomEncoder 

type CustomEncoder struct {

	// public fields
	Name string
	Type types.Type

	Handler CustomEncoderHandler
	// contains filtered or unexported fields
}

CustomEncoder implements custom logic to decode data from a gopacket.Packet

func CreateCustomEncoder 

func CreateCustomEncoder(t types.Type, name string, postinit func(*CustomEncoder) error, handler CustomEncoderHandler, deinit func(*CustomEncoder) error) *CustomEncoder

CreateCustomEncoder returns a new CustomEncoder instance

func (*CustomEncoder) Destroy 

func (d *CustomEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers and calls deinit if set

func (*CustomEncoder) Encode 

func (d *CustomEncoder) Encode(p gopacket.Packet) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*CustomEncoder) GetChan 

func (d *CustomEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

func (*CustomEncoder) Init 

func (d *CustomEncoder) Init(buffer, compress, csv bool, out string, writeChan bool)

Init initializes and configures the encoder

type CustomEncoderHandler 

type CustomEncoderHandler = func(p gopacket.Packet) proto.Message

CustomEncoderHandler takes a gopacket.Packet and returns a proto.Message

type LayerEncoder 

type LayerEncoder struct {

	// public fields
	Layer gopacket.LayerType
	Type  types.Type

	Handler LayerEncoderHandler
	// contains filtered or unexported fields
}

LayerEncoder represents an encoder for the gopacket.Layer type

func CreateLayerEncoder 

func CreateLayerEncoder(nt types.Type, lt gopacket.LayerType, handler LayerEncoderHandler) *LayerEncoder

CreateLayerEncoder returns a new LayerEncoder instance

func (*LayerEncoder) Destroy 

func (d *LayerEncoder) Destroy() (name string, size int64)

Destroy closes and flushes all writers

func (*LayerEncoder) Encode 

func (d *LayerEncoder) Encode(l gopacket.Layer, timestamp time.Time) error

Encode is called for each layer this calls the handler function of the encoder and writes the serialized protobuf into the data pipe

func (*LayerEncoder) GetChan 

func (d *LayerEncoder) GetChan() <-chan []byte

GetChan returns a channel to receive serialized protobuf data from the encoder

func (*LayerEncoder) Init 

func (d *LayerEncoder) Init(buffer, compress, csv bool, out string, writeChan bool)

Init initializes and configures the encoder

type LayerEncoderHandler 

type LayerEncoderHandler = func(layer gopacket.Layer, timestamp string) proto.Message

LayerEncoderHandler is the handler function for a layer encoder

type Stream 

type Stream struct {
	// contains filtered or unexported fields
}

func (Stream) Reverse 

func (s Stream) Reverse() Stream

func (Stream) String 

func (s Stream) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.