fastnetmon

package module

v0.0.0-...-a5c1dc2 Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fastnetmon/fastnetmon-go

Links

Open Source Insights

README ¶

Go library for FastNetMon's API

Documentation ¶

Index ¶

func Create_host_group_with_all_options(fastnetmon_client *FastNetMonClient, new_host_group Ban_settings_t) error
type Ban_settings_t
type BlackholeAnnounces
type CallbackAttackDetails
type CallbackDetails
type CallbackPacketDumpEntry
type ErrorJson
type FastNetMonClient
- func NewClient(host string, port uint32, user, password string) (*FastNetMonClient, error)
type FlexibleThresholdsDetails
type ResponseArrayJson
type ResponseHostGroupConfigurationJson
type ResponseJson
type ResponseRemoteBlackholeListJson
type ThresholdStructure

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Create_host_group_with_all_options ¶

func Create_host_group_with_all_options(fastnetmon_client *FastNetMonClient, new_host_group Ban_settings_t) error

Creates specified host group with all fields TODO: it does not implement all options, only required subset

Types ¶

type Ban_settings_t ¶

type Ban_settings_t struct {
	Name                   string   `bson:"name" json:"name" fastnetmon_type:"string"`
	Description            string   `bson:"description" json:"description" fastnetmon_type:"string"`
	Networks               []string `bson:"networks" json:"networks" fastnetmon_type:"cidr_networks_list"`
	Enable_ban             bool     `bson:"enable_ban" json:"enable_ban" fastnetmon_type:"bool"`
	Ban_for_pps            bool     `bson:"ban_for_pps" json:"ban_for_pps" fastnetmon_type:"bool"`
	Ban_for_bandwidth      bool     `bson:"ban_for_bandwidth" json:"ban_for_bandwidth" fastnetmon_type:"bool"`
	Ban_for_flows          bool     `bson:"ban_for_flows" json:"ban_for_flows" fastnetmon_type:"bool"`
	Threshold_pps          uint     `bson:"threshold_pps" json:"threshold_pps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_mbps         uint     `bson:"threshold_mbps" json:"threshold_mbps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_flows        uint     `bson:"threshold_flows" json:"threshold_flows" fastnetmon_type:"positive_integer_without_zero"`
	Ban_for_tcp_bandwidth  bool     `bson:"ban_for_tcp_bandwidth" json:"ban_for_tcp_bandwidth" fastnetmon_type:"bool"`
	Ban_for_udp_bandwidth  bool     `bson:"ban_for_udp_bandwidth" json:"ban_for_udp_bandwidth" fastnetmon_type:"bool"`
	Ban_for_icmp_bandwidth bool     `bson:"ban_for_icmp_bandwidth" json:"ban_for_icmp_bandwidth" fastnetmon_type:"bool"`
	Ban_for_tcp_pps        bool     `bson:"ban_for_tcp_pps" json:"ban_for_tcp_pps" fastnetmon_type:"bool"`
	Ban_for_udp_pps        bool     `bson:"ban_for_udp_pps" json:"ban_for_udp_pps" fastnetmon_type:"bool"`
	Ban_for_icmp_pps       bool     `bson:"ban_for_icmp_pps" json:"ban_for_icmp_pps" fastnetmon_type:"bool"`
	Threshold_tcp_mbps     uint     `bson:"threshold_tcp_mbps" json:"threshold_tcp_mbps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_udp_mbps     uint     `bson:"threshold_udp_mbps" json:"threshold_udp_mbps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_icmp_mbps    uint     `bson:"threshold_icmp_mbps" json:"threshold_icmp_mbps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_tcp_pps      uint     `bson:"threshold_tcp_pps" json:"threshold_tcp_pps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_udp_pps      uint     `bson:"threshold_udp_pps" json:"threshold_udp_pps" fastnetmon_type:"positive_integer_without_zero"`
	Threshold_icmp_pps     uint     `bson:"threshold_icmp_pps" json:"threshold_icmp_pps" fastnetmon_type:"positive_integer_without_zero"`
}

type BlackholeAnnounces ¶

type BlackholeAnnounces struct {
	UUID string `json:"uuid"`
	IP   string `json:"ip"`
}

type CallbackAttackDetails ¶

type CallbackAttackDetails struct {
	// Example: 041eb504-2b33-4ff7-a6b7-8235408d5062
	AttackUUID string `json:"attack_uuid"`

	// low, middle, high, unknown
	AttackSeverity string `json:"attack_severity"`

	// Arbitrary string
	AttackType string `json:"attack_type"`

	// Hostgroup name, only for per host callbacks
	HostGroup string `json:"host_group"`

	// Parent hostgroup name, only for per host callbacks
	ParentHostGroup string `json:"parent_host_group"`

	// Host's network, only for per host callbacks
	HostNetwork string `json:"host_network"`

	// IPv4 or IPv6
	ProtocolVersion string `json:"protocol_version"`

	// Set to true when attack was triggered by flexible threshold
	AttackDetectionTriggeredByFlexibleThreshold bool `json:"attack_detection_triggered_by_flexible_threshold"`

	// List of flexible thresholds which triggered attack
	AttackDetectionFlexibleThresholds []string `json:"attack_detection_flexible_thresholds"`

	// Detailed information about thresholds which triggered attack
	Attack_DetectionFlexibleThresholdsDetailed map[string]FlexibleThresholdsDetails `json:"attack_detection_flexible_thresholds_detailed"`

	AttackDetectionThreshold          string `json:"attack_detection_threshold"`
	AttackDetectionThresholdDirection string `json:"attack_detection_threshold_direction"`

	// Incoming, outgoing or unknown. Deprecated field, please use AttackDetectionThresholdDirection instead
	AttackDirection string `json:"attack_direction"`

	// tcp, udp, icmp, unknown
	AttackProtocol string `json:"attack_protocol"`

	// automatic, manual, other
	AttackDetectionSource string `json:"attack_detection_source"`

	TotalIncomingTraffic uint64 `json:"total_incoming_traffic"`
	TotalOutgoingTraffic uint64 `json:"total_outgoing_traffic"`
	TotalIncomingPps     uint64 `json:"total_incoming_pps"`
	TotalOutgoingPps     uint64 `json:"total_outgoing_pps"`

	TotalIncomingFlows uint64 `json:"total_incoming_flows"`
	TotalOutgoingFlows uint64 `json:"total_outgoing_flows"`

	IncomingIPFragmentedTraffic uint64 `json:"incoming_ip_fragmented_traffic"`
	OutgoingIPFragmentedTraffic uint64 `json:"outgoing_ip_fragmented_traffic"`
	IncomingIPFragmentedPps     uint64 `json:"incoming_ip_fragmented_pps"`
	OutgoingIPFragmentedPps     uint64 `json:"outgoing_ip_fragmented_pps"`

	IncomingTCPTraffic uint64 `json:"incoming_tcp_traffic"`
	OutgoingTCPTraffic uint64 `json:"outgoing_tcp_traffic"`
	IncomingTCPPps     uint64 `json:"incoming_tcp_pps"`
	OutgoingTCPPps     uint64 `json:"outgoing_tcp_pps"`

	IncomingSYNTCPTraffic uint64 `json:"incoming_syn_tcp_traffic"`
	OutgoingSYNTCPTraffic uint64 `json:"outgoing_syn_tcp_traffic"`
	IncomingSYNTCPPps     uint64 `json:"incoming_syn_tcp_pps"`
	OutgoingSYNTCPPps     uint64 `json:"outgoing_syn_tcp_pps"`

	IncomingUDPTraffic uint64 `json:"incoming_udp_traffic"`
	OutgoingUDPTraffic uint64 `json:"outgoing_udp_traffic"`
	IncomingUDPPps     uint64 `json:"incoming_udp_pps"`
	OutgoingUDPPps     uint64 `json:"outgoing_udp_pps"`

	IncomingICMPTraffic uint64 `json:"incoming_icmp_traffic"`
	OutgoingICMPTraffic uint64 `json:"outgoing_icmp_traffic"`
	IncomingICMPPps     uint64 `json:"incoming_icmp_pps"`
	OutgoingICMPPps     uint64 `json:"outgoing_icmp_pps"`
}

Key information about attack

type CallbackDetails ¶

type CallbackDetails struct {
	// For IPv4 "127.0.0.1"
	// For IPv6 "2a03:5131....:1"
	IP string `json:"ip"`

	// ban, unban, attack_status, partial_block, partial_unblock
	Action string `json:"action"`

	AttackDetails CallbackAttackDetails `json:"attack_details"`

	// Callback type: host or hostgroup
	AlertScope string `json:"alert_scope"`

	// We populate it only for AlertScope set to hostgroup
	HostGroup string `json:"hostgroup_name"`

	// We populate it only for AlertScope set to hostgroup
	ParentHostGroup string `json:"parent_hostgroup_name"`

	// List of networks which belong to hostgroup
	HostGroupNetworks []string `json:"hostgroup_networks"`

	// Packet dump in string format for "ban" action only:
	// "2018-12-15 19:16:39.376373 127.0.0.10:0 > 127.0.0.1:8842 protocol: tcp flags: rst,ack frag: 0  packets: 1 size: 54 bytes ip size: 40 bytes ttl: 64 sample ratio: 1 ",
	PacketDump []string `json:"packet_dump"`

	// Detailed packet dump in parsed format
	PacketDumpDetailed []CallbackPacketDumpEntry `json:"packet_dump_detailed"`
}

JSON based callback script: https://fastnetmon.com/fastnetmon-json-formats/

type CallbackPacketDumpEntry ¶

type CallbackPacketDumpEntry struct {
	// ipv4 or ipv6
	IPVersion string `json:"ip_version"`

	// IPs represented as strings
	SourceIP      string `json:"source_ip"`
	DestinationIP string `json:"destination_ip"`

	// Applicable only for TCP and UDP
	SourcePort      uint64 `json:"source_port"`
	DestinationPort uint64 `json:"destination_port"`

	// TCP Flags as string
	TCPFlags string `json:"tcp_flags"`

	Fragmentation bool   `json:"fragmentation"`
	Packets       uint64 `json:"packets"`
	Length        uint64 `json:"length"`
	IPLength      uint64 `json:"ip_length"`
	TTL           uint64 `json:"ttl"`
	SampleRatio   uint64 `json:"sample_ratio"`

	// tcp, udp, icmp and unknown
	Protocol string `json"protocol"`
}

Detailed per field packet dump entry

type ErrorJson ¶

type ErrorJson struct {
	Success   bool   `json:"success"`
	ErrorText string `json:"error_text"`
}

type FastNetMonClient ¶

type FastNetMonClient struct {
	User     string `json:"api_user"`
	Password string `json:"api_password"`
	Host     string `json:"api_host"`
	Port     uint32 `json:"api_port"`
	Ro       *grequests.RequestOptions
	Prefix   string
}

func NewClient ¶

func NewClient(host string, port uint32, user, password string) (*FastNetMonClient, error)

Creates new client, just checks input, does not execute connection attemps

func (*FastNetMonClient) BlackholeRemote ¶

func (client *FastNetMonClient) BlackholeRemote(ip_address string) (bool, error)

Blocks some specified blackhole host

func (*FastNetMonClient) CreateHostGroup ¶

func (client *FastNetMonClient) CreateHostGroup(name string) (bool, error)

Creates host groups with specified name

func (*FastNetMonClient) GetAllHostgroups ¶

func (client *FastNetMonClient) GetAllHostgroups() ([]Ban_settings_t, error)

Retrieves all host groups

func (*FastNetMonClient) GetNetworks ¶

func (client *FastNetMonClient) GetNetworks() ([]string, error)

Returns all networks known by FastNetMon

func (*FastNetMonClient) GetRemoteBlackhole ¶

func (client *FastNetMonClient) GetRemoteBlackhole() ([]BlackholeAnnounces, error)

Returns all IPs blocked using remote blackhole

func (*FastNetMonClient) RemoveHostGroup ¶

func (client *FastNetMonClient) RemoveHostGroup(name string) (bool, error)

Removes host group by name

func (*FastNetMonClient) RemoveRemoteBlackhole ¶

func (client *FastNetMonClient) RemoveRemoteBlackhole(mitigation_uuid string) (bool, error)

Removes remote blackhole entry using UUID

func (*FastNetMonClient) SetBoolOptionHostGroup ¶

func (client *FastNetMonClient) SetBoolOptionHostGroup(hostgroup_name string, option_name string, value bool) (bool, error)

Set specified bool option for host group

func (*FastNetMonClient) SetStringListOptionHostGroup ¶

func (client *FastNetMonClient) SetStringListOptionHostGroup(hostgroup_name string, option_name string, value string) (bool, error)

Set specified string list option for host group

func (*FastNetMonClient) SetUnsignedIntegerOptionHostGroup ¶

func (client *FastNetMonClient) SetUnsignedIntegerOptionHostGroup(hostgroup_name string, option_name string, value uint) (bool, error)

Set specified int option for host group

type FlexibleThresholdsDetails ¶

type FlexibleThresholdsDetails struct {
	// Set when attack was triggered in incoming direction
	Incoming bool `json:"incoming"`
	// Set when attack was triggered in outgoing direction
	Outgoing        bool               `json:"outgoing"`
	IncomingDetails ThresholdStructure `json:"incoming_details"`
	OutgoingDetails ThresholdStructure `json:"outgoing_details"`
}

FlexibleThresholdsDetails keeps details about which flexible thresholds triggered attack In some cases incoming and outgoing both can be true when attack was triggered in both directions in same time

type ResponseArrayJson ¶

type ResponseArrayJson struct {
	Success   bool     `json:"success"`
	ErrorText string   `json:"error_text"`
	Values    []string `json:"values"`
}

type ResponseHostGroupConfigurationJson ¶

type ResponseHostGroupConfigurationJson struct {
	Success   bool             `json:"success"`
	ErrorText string           `json:"error_text"`
	Values    []Ban_settings_t `json:"values"`
}

type ResponseJson ¶

type ResponseJson struct {
	Success   bool   `json:"success"`
	ErrorText string `json:"error_text"`
	Value     string `json:"value"`
}

type ResponseRemoteBlackholeListJson ¶

type ResponseRemoteBlackholeListJson struct {
	Success   bool                 `json:"success"`
	ErrorText string               `json:"error_text"`
	Values    []BlackholeAnnounces `json:"values"`
}

type ThresholdStructure ¶

type ThresholdStructure struct {
	Flows   bool `json:"flows"`
	Mbits   bool `json:"mbits"`
	Packets bool `json:"packets"`
}

Keeps fields specific for threshold

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL