types

package
v0.0.0-...-3e1ec68 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2020 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

Package types contains the basic types used by the library.

Index

Constants

View Source 
const NoSource = ""

NoSource is returned if no classification was made.

Variables

This section is empty.

Functions

func BenchmarkModule 

func BenchmarkModule(dumpsDir string, module Module, times int) error

BenchmarkModule runs a module on all available dump files. It is used for benchmarking the modules.

func DestroyCache 

func DestroyCache()

DestroyCache frees the resources used by the flow cache.

func FlushTrackedFlows 

func FlushTrackedFlows()

FlushTrackedFlows flushes the map used for tracking flows. Any new packets that arrive after this operation will be considered new flows.

func InitCache 

func InitCache(expirationTime time.Duration)

InitCache initializes the flow cache. It must be called before the cache is utilised. Flows will be discarded if they are inactive for the given duration. If that value is negative, flows will never expire.

Types

type ClassificationResult 

type ClassificationResult struct {
	Protocol Protocol
	Source   ClassificationSource
}

ClassificationResult contains the detected protocol and the source of the classification from a classification attempt.

func (ClassificationResult) String 

func (result ClassificationResult) String() string

type ClassificationSource 

type ClassificationSource string

ClassificationSource is the module of the library that is responsible for the classification of a flow.

type Flow 

type Flow struct {
	// contains filtered or unexported fields
}

Flow contains sufficient information to classify a flow.

func CreateFlowFromPacket 

func CreateFlowFromPacket(packet gopacket.Packet) (flow *Flow)

CreateFlowFromPacket creates a flow with a single packet.

func GetFlowForPacket 

func GetFlowForPacket(packet gopacket.Packet) (flow *Flow, isNew bool)

GetFlowForPacket finds any previous flow that the packet belongs to. It adds the packet to that flow and returns the flow. If no such flow is found, a new one is created.

func NewFlow 

func NewFlow() (flow *Flow)

NewFlow creates an empty flow.

func (*Flow) AddPacket 

func (flow *Flow) AddPacket(packet gopacket.Packet)

AddPacket adds a new packet to the flow.

func (*Flow) GetClassificationResult 

func (flow *Flow) GetClassificationResult() (result ClassificationResult)

GetClassificationResult returns the currently detected protocol for this flow and the source of that detection.

func (*Flow) GetPackets 

func (flow *Flow) GetPackets() (packets []gopacket.Packet)

GetPackets returns the list of packets in a thread-safe way.

func (*Flow) SetClassificationResult 

func (flow *Flow) SetClassificationResult(protocol Protocol, source ClassificationSource)

SetClassificationResult sets the detected protocol and classification source for this flow.

type MockModule 

type MockModule struct {
	InitSuccess     bool
	InitCalled      int
	DestroySuccess  bool
	DestroyCalled   int
	ClassifySuccess bool
	ClassifyCalled  int
	SourceName      string
}

MockModule is used in tests in order to test the functionality of modules.

func (*MockModule) ClassifyFlow 

func (module *MockModule) ClassifyFlow(flow *Flow) (result ClassificationResult)

ClassifyFlow logs the classification by the mock module.

func (*MockModule) ClassifyFlowAll 

func (module *MockModule) ClassifyFlowAll(flow *Flow) (results []ClassificationResult)

ClassifyFlowAll logs the multiple classification by the mock module.

func (*MockModule) Destroy 

func (module *MockModule) Destroy() error

Destroy logs the destruction of the mock module.

func (*MockModule) Initialize 

func (module *MockModule) Initialize() error

Initialize logs the initialization of the mock module.

type Module 

type Module interface {
	Initialize() error
	Destroy() error
	ClassifyFlow(*Flow) ClassificationResult
	ClassifyFlowAll(*Flow) []ClassificationResult
}

Module is implemented by every classification module provided by the library. Each module has its own initialization and destruction methods, as well as their own method for classifying a flow. They may also be enabled or disabled and usually will also provide a configuration method.

type Protocol 

type Protocol string

Protocol is the type of each of the detected protocols. 

const (
	FTP                Protocol = "FtpControl"         //NDPI_PROTOCOL_FTP_CONTROL           = 1, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	MAILPOP            Protocol = "MailPop"            //NDPI_PROTOCOL_MAIL_POP              = 2,
	SMTP               Protocol = "MailSmtp"           //NDPI_PROTOCOL_MAIL_SMTP             = 3,
	MAILIMP            Protocol = "MailImp"            //NDPI_PROTOCOL_MAIL_IMAP             = 4,
	DNS                Protocol = "DNS"                //NDPI_PROTOCOL_DNS                   = 5,
	HTTP               Protocol = "HTTP"               //NDPI_PROTOCOL_HTTP                  = 7,
	MDNS               Protocol = "MDNS"               //NDPI_PROTOCOL_MDNS                  = 8,
	NTP                Protocol = "NTP"                //NDPI_PROTOCOL_NTP                   = 9,
	NetBIOS            Protocol = "NetBIOS"            //NDPI_PROTOCOL_NETBIOS               = 10,
	NFS                Protocol = "NFS"                //NDPI_PROTOCOL_NFS                   = 11,
	SSDP               Protocol = "SSDP"               //NDPI_PROTOCOL_SSDP                  = 12,
	SNMP               Protocol = "SNMP"               //NDPI_PROTOCOL_SNMP                  = 14,
	SMB                Protocol = "SMBV1"              //NDPI_PROTOCOL_SMBV1                 = 16, /* SMB version 1 */
	SYSLOG             Protocol = "SYSLOG"             //NDPI_PROTOCOL_SYSLOG                = 17,
	DHCP               Protocol = "DHCP"               //NDPI_PROTOCOL_DHCP                  = 18,
	POSTGRES           Protocol = "POSTGRES"           //NDPI_PROTOCOL_POSTGRES              = 19,
	MYSQL              Protocol = "MYSQL"              //NDPI_PROTOCOL_MYSQL                 = 20,
	HOTMAIL            Protocol = "HOTMAIL"            //NDPI_PROTOCOL_HOTMAIL               = 21,
	DIRECTDOWNLOADLINK Protocol = "DirectDownloadLink" //NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK  = 22,
	MAILPOPS           Protocol = "MailPops"           // NDPI_PROTOCOL_MAIL_POPS             = 23,
	APPLEJUICE         Protocol = "AppleJuice"         //NDPI_PROTOCOL_APPLEJUICE            = 24,
	DIRECTCONNECT      Protocol = "DirectConnect"      //NDPI_PROTOCOL_DIRECTCONNECT         = 25,
	NTOP               Protocol = "NTOP"               //NDPI_PROTOCOL_NTOP                  = 26,
	VMWARE             Protocol = "WMWARE"             //NDPI_PROTOCOL_VMWARE                = 28,
	MAILSMTPS          Protocol = "MailSmtps"          //NDPI_PROTOCOL_MAIL_SMTPS            = 29,
	UBNTAC2            Protocol = "UBNTAC2"            //NDPI_PROTOCOL_UBNTAC2               = 31, /* Ubiquity UBNT AirControl = 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */
	CONTIKI            Protocol = "CONTKI"             //NDPI_PROTOCOL_KONTIKI               = 32,
	OPENFT             Protocol = "OPENFT"             //NDPI_PROTOCOL_OPENFT                = 33,
	FASTTRACK          Protocol = "FastTrack"          //NDPI_PROTOCOL_FASTTRACK             = 34,
	GNUTELLA           Protocol = "GnuTella"           //NDPI_PROTOCOL_GNUTELLA              = 35,
	EDONKEY            Protocol = "EDONKEY"            //NDPI_PROTOCOL_EDONKEY               = 36, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	BITTORRENT         Protocol = "BitTorrent"         //NDPI_PROTOCOL_BITTORRENT            = 37,
	SKYPECALL          Protocol = "SkypeCall"          //NDPI_PROTOCOL_SKYPE_CALL            = 38, /* Skype call and videocalls */
	SIGNAL             Protocol = "SINGAL"             //NDPI_PROTOCOL_SIGNAL                = 39,
	MEMCACHED          Protocol = "MemCached"          //NDPI_PROTOCOL_MEMCACHED             = 40, /* Memcached - Darryl Sokoloski <darryl@egloo.ca> */
	SMBV23             Protocol = "SMBV23"             // NDPI_PROTOCOL_SMBV23                = 41, /* SMB version 2/3 */
	MINING             Protocol = "MINING"             //NDPI_PROTOCOL_MINING                = 42, /* Bitcoin, Ethereum, ZCash, Monero */
	NESTLOGSINK        Protocol = "NestLogSink"        //NDPI_PROTOCOL_NEST_LOG_SINK         = 43, /* Nest Log Sink (Nest Protect) - Darryl Sokoloski <darryl@egloo.ca> */
	MODBUS             Protocol = "MODBUS"             // NDPI_PROTOCOL_MODBUS                = 44, /* Modbus */
	WHATSAPPCALL       Protocol = "WhatsAppCall"       //NDPI_PROTOCOL_WHATSAPP_CALL         = 45, /* WhatsApp video ad audio calls go here */
	DATASAVER          Protocol = "DataSaver"          //NDPI_PROTOCOL_DATASAVER             = 46, /* Protocols used to save data on Internet communications */
	XBOX               Protocol = "XBOX"               //NDPI_PROTOCOL_XBOX                  = 47,
	QQ                 Protocol = "QQ"                 //NDPI_PROTOCOL_QQ                    = 48,
	TIKTOK             Protocol = "TikTok"             //NDPI_PROTOCOL_TIKTOK                = 49,
	RTSP               Protocol = "RTSP"               //NDPI_PROTOCOL_RTSP                  = 50,
	MAILIMAPS          Protocol = "MailIMaps"          //NDPI_PROTOCOL_MAIL_IMAPS            = 51,
	PPLIVE             Protocol = "PPlive"             //NDPI_PROTOCOL_PPLIVE                = 53, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	PPSTREAM           Protocol = "PPStream"           //NDPI_PROTOCOL_PPSTREAM              = 54,
	HTTPDOWNLOAD       Protocol = "HttpDownload"       //NDPI_PROTOCOL_HTTP_DOWNLOAD         = 60,
	QQLIVE             Protocol = "QQLive"             //NDPI_PROTOCOL_QQLIVE                = 61,
	THUNDER            Protocol = "Thunder"            //NDPI_PROTOCOL_THUNDER               = 62,
	IRC                Protocol = "IRC"                //NDPI_PROTOCOL_IRC                   = 65,
	JABBER             Protocol = "UncryptedJabber"    //NDPI_PROTOCOL_UNENCRYPTED_JABBER    = 67,
	MSN                Protocol = "MSN"                //NDPI_PROTOCOL_MSN                   = 68,
	YAHOO              Protocol = "YAHOO"              //NDPI_PROTOCOL_YAHOO                 = 70,
	BATTLEFIELD        Protocol = "BattleField"        //NDPI_PROTOCOL_BATTLEFIELD           = 71,
	GOOGLEPLUS         Protocol = "GooglePlus"         //NDPI_PROTOCOL_GOOGLE_PLUS           = 72,
	IPVRRP             Protocol = "IPVRRP"             //NDPI_PROTOCOL_IP_VRRP               = 73,
	STEAM              Protocol = "STEAM"              //NDPI_PROTOCOL_STEAM                 = 74, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	HALFLIFE2          Protocol = "HalfLife2"          //NDPI_PROTOCOL_HALFLIFE2             = 75,
	WORLDOFWARCRAFT    Protocol = "WorldOfWarcraft"    //NDPI_PROTOCOL_WORLDOFWARCRAFT       = 76,
	TELNET             Protocol = "TELNET"             //NDPI_PROTOCOL_TELNET                = 77,
	ICMP               Protocol = "IPICMP"             //NDPI_PROTOCOL_IP_ICMP               = 81,
	IPIGMP             Protocol = "IPIGMP"             //NDPI_PROTOCOL_IP_IGMP               = 82,
	VNC                Protocol = "VNC"                //NDPI_PROTOCOL_VNC                   = 89,
	TLS                Protocol = "TLS"                //NDPI_PROTOCOL_TLS                   = 91,
	SSH                Protocol = "SSH"                //NDPI_PROTOCOL_SSH                   = 92,
	TFTP               Protocol = "TFTP"               //NDPI_PROTOCOL_TFTP                  = 96,
	IPICMPV6           Protocol = "IPICMPV6"           //NDPI_PROTOCOL_IP_ICMPV6             = 102,
	DHCPV6             Protocol = "DHCPV6"             //NDPI_PROTOCOL_DHCPV6                = 103,
	GUILDWARS          Protocol = "GuildWars"          //NDPI_PROTOCOL_GUILDWARS             = 109,
	HTTPACTIVESYNC     Protocol = "HttpActiveSync"     //NDPI_PROTOCOL_HTTP_ACTIVESYNC       = 110,
	LDAP               Protocol = "LADAP"              //NDPI_PROTOCOL_LDAP                  = 112,
	MSSQLTDS           Protocol = "MssqlTds"           //NDPI_PROTOCOL_MSSQL_TDS             = 114,
	PPTP               Protocol = "PPTP"               //NDPI_PROTOCOL_PPTP                  = 115,
	WARCRAFT3          Protocol = "WarCraft3"          //NDPI_PROTOCOL_WARCRAFT3             = 116,
	WORLDOFKUNGFU      Protocol = "WorldOfKungfu"      //NDPI_PROTOCOL_WORLD_OF_KUNG_FU      = 117,
	FACEBOOK           Protocol = "FACEBOOK"           //NDPI_PROTOCOL_FACEBOOK              = 119,
	TWITTER            Protocol = "TWITTER"            //NDPI_PROTOCOL_TWITTER               = 120,
	DROPBOX            Protocol = "DROPBOX"            //NDPI_PROTOCOL_DROPBOX               = 121,
	GMAIL              Protocol = "GMAIL"              //NDPI_PROTOCOL_GMAIL                 = 122,
	GOOGLEMAPS         Protocol = "GoogleMaps"         //NDPI_PROTOCOL_GOOGLE_MAPS           = 123,
	YOUTUBE            Protocol = "YOUTUBE"            //NDPI_PROTOCOL_YOUTUBE               = 124,
	SKYPE              Protocol = "SKYPE"              //NDPI_PROTOCOL_SKYPE                 = 125,
	GOOGLE             Protocol = "GOOGLE"             //NDPI_PROTOCOL_GOOGLE                = 126,
	NETFLOW            Protocol = "NETFLOW"            //NDPI_PROTOCOL_NETFLOW               = 128,
	SFLOW              Protocol = "SFLOW"              //NDPI_PROTOCOL_SFLOW                 = 129,
	HTTPCONNECT        Protocol = "HttpConnect"        //NDPI_PROTOCOL_HTTP_CONNECT          = 130,
	HTTPPROXY          Protocol = "HttpProxy"          //NDPI_PROTOCOL_HTTP_PROXY            = 131,
	HTTPWAZE           Protocol = "HttpWaze"           //NDPI_PROTOCOL_WAZE                  = 135,
	HTTPYOUTUBEUPLOAD  Protocol = "HttpYoutubeUpload"  //NDPI_PROTOCOL_YOUTUBE_UPLOAD        = 136, /* Upload files to youtube */
	APPLE              Protocol = "APPLE"              //NDPI_PROTOCOL_APPLE                 = 140,
	WEBEX              Protocol = "WEBEX"              //NDPI_PROTOCOL_WEBEX                 = 141,
	WHATSAPP           Protocol = "WHATSAPP"           //NDPI_PROTOCOL_WHATSAPP              = 142,
	ICLOUD             Protocol = "ICLOUD"             //NDPI_PROTOCOL_APPLE_ICLOUD          = 143,
	APPLEITUNES        Protocol = "AppleITunes"        //NDPI_PROTOCOL_APPLE_ITUNES          = 145,
	WINDOWSUPDATE      Protocol = "WindowsUpdate"      //NDPI_PROTOCOL_WINDOWS_UPDATE        = 147,
	TEAMVIEWER         Protocol = "TEAMVIEWER"         //NDPI_PROTOCOL_TEAMVIEWER            = 148, /* xplico.org */
	UPNP               Protocol = "UPNP"               //NDPI_PROTOCOL_UPNP                  = 153,
	REMOTESCAN         Protocol = "RemoteScan"         //NDPI_PROTOCOL_REMOTE_SCAN           = 155,
	MESSENGER          Protocol = "MESSENGER"          //NDPI_PROTOCOL_MESSENGER             = 157,
	H323               Protocol = "H323"               //NDPI_PROTOCOL_H323                  = 158, /* Remy Mudingay <mudingay@ill.fr> */
	OPENVPN            Protocol = "OPENVPN"            //NDPI_PROTOCOL_OPENVPN               = 159, /* Remy Mudingay <mudingay@ill.fr> */
	CISCOVPN           Protocol = "CISCOVPN"           //NDPI_PROTOCOL_CISCOVPN              = 161, /* Remy Mudingay <mudingay@ill.fr> */
	RSYNC              Protocol = "RSYNC"              //NDPI_PROTOCOL_RSYNC                 = 166, /* Remy Mudingay <mudingay@ill.fr> */
	SOCKS              Protocol = "SPCKS"              //NDPI_PROTOCOL_SOCKS                 = 172, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	FTPDATA            Protocol = "FTPDATA"            //NDPI_PROTOCOL_FTP_DATA              = 175, /* Tomasz Bujlow <tomasz@skatnet.dk> */
	TELEGRAM           Protocol = "TELEGRAM"           //NDPI_PROTOCOL_TELEGRAM              = 185, /* Gianluca Costa <g.costa@xplico.org> */
	ZOOM               Protocol = "ZOOM"               //NDPI_PROTOCOL_ZOOM                  = 189, /* Zoom video conference. */
	DOHDOT             Protocol = "DPHDOT"             //NDPI_PROTOCOL_DOH_DOT               = 196, /* DoH (DNS over HTTPS), DoT (DNS over TLS) */
	WECHAT             Protocol = "WECHAT"             //NDPI_PROTOCOL_WECHAT                = 197,
	SNAPCHAT           Protocol = "SNAPCHAT"           //NDPI_PROTOCOL_SNAPCHAT              = 199,
	SINA               Protocol = "SINA"               //NDPI_PROTOCOL_SINA                  = 200,
	STARCRAFT          Protocol = "STARCRAFT"          //NDPI_PROTOCOL_STARCRAFT             = 213, /* Matteo Bracci <matteobracci1@gmail.com> */
	GOOGLEDRIVE        Protocol = "GOOGLEDRIVE"        //NDPI_PROTOCOL_GOOGLE_DRIVE          = 217,
	MSONEDRIVE         Protocol = "MSONEDRIVE"         //NDPI_PROTOCOL_MS_ONE_DRIVE          = 221,
	MQTT               Protocol = "MQTT"               //NDPI_PROTOCOL_MQTT                  = 222,
	APPLESTORE         Protocol = "APPLESTORE"         //NDPI_PROTOCOL_APPLESTORE            = 224,
	APPLEPUSH          Protocol = "APPLEPUSH"          //NDPI_PROTOCOL_APPLE_PUSH            = 238,
	GOOGLESERVICES     Protocol = "GOOGLESERVICES"     //NDPI_PROTOCOL_GOOGLE_SERVICES       = 239,
	AMAZONVIDEO        Protocol = "AMAZONVIDEO"        //NDPI_PROTOCOL_AMAZON_VIDEO          = 240,
	GOOGLEDOCS         Protocol = "GOOGLEDOCS"         //NDPI_PROTOCOL_GOOGLE_DOCS           = 241,
	WHATAPPFILES       Protocol = "WHATSAPPFILES"      //NDPI_PROTOCOL_WHATSAPP_FILES        = 242, /* Videos, pictures, voice messages... */
	RPC                Protocol = "RPC"                //NDPI_PROTOCOL_DCERPC
	RDP                Protocol = "RDP"                //NDPI_PROTOCOL_RDP
	SSL                Protocol = "SSL"                //SSL that isn't HTTPS
	HTTPS              Protocol = "HTTPS"              //
	YOUKU              Protocol = "YOUKU"              // you ku
	IPOP               Protocol = "IPOP"               //IP over P2P
	TAOBAO             Protocol = "TAOBAO"             //Custom protocol seen on Taobao CDN
	TENCENTGAMES       Protocol = "TencentGames"       //Games operated by Tencent
	QQDOWNLOAD         Protocol = "QQDOWNLOAD"         // QQ DOWNLOAD
	QQSPEEDMOBILE      Protocol = "QQSPEEDMOBILE"      //
	HTTPTUNNEL         Protocol = "HTTPTUNNEL"         //Tunnelling via HTTP
	LOL                Protocol = "LOL"                //League of Legends
	BITCOIN            Protocol = "BITCOIN"
	Unknown            Protocol = ""
)

Protocol identifiers for the supported protocols

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.