Documentation
¶
Overview ¶
Package types contains the basic types used by the library.
Index ¶
Constants ¶
View Source
const NoSource = ""
NoSource is returned if no classification was made.
Variables ¶
This section is empty.
Functions ¶
func BenchmarkModule ¶
BenchmarkModule runs a module on all available dump files. It is used for benchmarking the modules.
func FlushTrackedFlows ¶
func FlushTrackedFlows()
FlushTrackedFlows flushes the map used for tracking flows. Any new packets that arrive after this operation will be considered new flows.
Types ¶
type ClassificationResult ¶
type ClassificationResult struct {
Protocol Protocol
Source ClassificationSource
}
ClassificationResult contains the detected protocol and the source of the classification from a classification attempt.
func (ClassificationResult) String ¶
func (result ClassificationResult) String() string
type ClassificationSource ¶
type ClassificationSource string
ClassificationSource is the module of the library that is responsible for the classification of a flow.
type Flow ¶
type Flow struct {
// contains filtered or unexported fields
}
Flow contains sufficient information to classify a flow.
func CreateFlowFromPacket ¶
CreateFlowFromPacket creates a flow with a single packet.
func GetFlowForPacket ¶
GetFlowForPacket finds any previous flow that the packet belongs to. It adds the packet to that flow and returns the flow. If no such flow is found, a new one is created.
func (*Flow) GetClassificationResult ¶
func (flow *Flow) GetClassificationResult() (result ClassificationResult)
GetClassificationResult returns the currently detected protocol for this flow and the source of that detection.
func (*Flow) GetPackets ¶
GetPackets returns the list of packets in a thread-safe way.
func (*Flow) SetClassificationResult ¶
func (flow *Flow) SetClassificationResult(protocol Protocol, source ClassificationSource)
SetClassificationResult sets the detected protocol and classification source for this flow.
type MockModule ¶
type MockModule struct {
InitSuccess bool
InitCalled int
DestroySuccess bool
DestroyCalled int
ClassifySuccess bool
ClassifyCalled int
SourceName string
}
MockModule is used in tests in order to test the functionality of modules.
func (*MockModule) ClassifyFlow ¶
func (module *MockModule) ClassifyFlow(flow *Flow) (result ClassificationResult)
ClassifyFlow logs the classification by the mock module.
func (*MockModule) ClassifyFlowAll ¶
func (module *MockModule) ClassifyFlowAll(flow *Flow) (results []ClassificationResult)
ClassifyFlowAll logs the multiple classification by the mock module.
func (*MockModule) Destroy ¶
func (module *MockModule) Destroy() error
Destroy logs the destruction of the mock module.
func (*MockModule) Initialize ¶
func (module *MockModule) Initialize() error
Initialize logs the initialization of the mock module.
type Module ¶
type Module interface {
Initialize() error
Destroy() error
ClassifyFlow(*Flow) ClassificationResult
ClassifyFlowAll(*Flow) []ClassificationResult
}
Module is implemented by every classification module provided by the library. Each module has its own initialization and destruction methods, as well as their own method for classifying a flow. They may also be enabled or disabled and usually will also provide a configuration method.
type Protocol ¶
type Protocol string
Protocol is the type of each of the detected protocols.
const ( //SIZE Protocol = "SIZE" UNKNOWN Protocol = "" Unknown Protocol = UNKNOWN FTP_CONTROL Protocol = "FTP_CONTROL" /* Tomasz Bujlow <tomasz@skatnet.dk> */ FTP Protocol = FTP_CONTROL MAIL_POP Protocol = "MAIL_POP" MAIL_SMTP Protocol = "MAIL_SMTP" SMTP Protocol = MAIL_SMTP MAIL_IMAP Protocol = "MAIL_IMAP" DNS Protocol = "DNS" IPP Protocol = "IPP" HTTP Protocol = "HTTP" MDNS Protocol = "MDNS" NTP Protocol = "NTP" NETBIOS Protocol = "NETBIOS" NetBIOS Protocol = NETBIOS NFS Protocol = "NFS" SSDP Protocol = "SSDP" BGP Protocol = "BGP" SNMP Protocol = "SNMP" XDMCP Protocol = "XDMCP" SMB Protocol = "SMB" SYSLOG Protocol = "SYSLOG" DHCP Protocol = "DHCP" POSTGRES Protocol = "POSTGRES" MYSQL Protocol = "MYSQL" HOTMAIL Protocol = "HOTMAIL" DIRECT_DOWNLOAD_LINK Protocol = "DIRECT_DOWNLOAD_LINK" MAIL_POPS Protocol = "MAIL_POPS" APPLEJUICE Protocol = "APPLEJUICE" DIRECTCONNECT Protocol = "DIRECTCONNECT" SOCRATES Protocol = "SOCRATES" COAP Protocol = "COAP" VMWARE Protocol = "VMWARE" MAIL_SMTPS Protocol = "MAIL_SMTPS" FILETOPIA Protocol = "FILETOPIA" UBNTAC2 Protocol = "UBNTAC2" /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom <thomas+ndpi@fjellstrom.ca> */ KONTIKI Protocol = "KONTIKI" OPENFT Protocol = "OPENFT" FASTTRACK Protocol = "FASTTRACK" GNUTELLA Protocol = "GNUTELLA" EDONKEY Protocol = "EDONKEY" /* Tomasz Bujlow <tomasz@skatnet.dk> */ BITTORRENT Protocol = "BITTORRENT" EPP Protocol = "EPP" AVI Protocol = "AVI" FLASH Protocol = "FLASH" OGG Protocol = "OGG" MPEG Protocol = "MPEG" QUICKTIME Protocol = "QUICKTIME" REALMEDIA Protocol = "REALMEDIA" WINDOWSMEDIA Protocol = "WINDOWSMEDIA" MMS Protocol = "MMS" XBOX Protocol = "XBOX" QQ Protocol = "QQ" MOVE Protocol = "MOVE" RTSP Protocol = "RTSP" MAIL_IMAPS Protocol = "MAIL_IMAPS" ICECAST Protocol = "ICECAST" PPLIVE Protocol = "PPLIVE" /* Tomasz Bujlow <tomasz@skatnet.dk> */ PPSTREAM Protocol = "PPSTREAM" ZATTOO Protocol = "ZATTOO" SHOUTCAST Protocol = "SHOUTCAST" SOPCAST Protocol = "SOPCAST" TVANTS Protocol = "TVANTS" TVUPLAYER Protocol = "TVUPLAYER" HTTP_DOWNLOAD Protocol = "HTTP_DOWNLOAD" QQLIVE Protocol = "QQLIVE" THUNDER Protocol = "THUNDER" SOULSEEK Protocol = "SOULSEEK" SSL_NO_CERT Protocol = "SSL_NO_CERT" IRC Protocol = "IRC" AYIYA Protocol = "AYIYA" UNENCRYPTED_JABBER Protocol = "UNENCRYPTED_JABBER" JABBER Protocol = UNENCRYPTED_JABBER MSN Protocol = "MSN" OSCAR Protocol = "OSCAR" YAHOO Protocol = "YAHOO" BATTLEFIELD Protocol = "BATTLEFIELD" GOOGLE_PLUS Protocol = "GOOGLE_PLUS" IP_VRRP Protocol = "IP_VRRP" STEAM Protocol = "STEAM" /* Tomasz Bujlow <tomasz@skatnet.dk> */ HALFLIFE2 Protocol = "HALFLIFE2" WORLDOFWARCRAFT Protocol = "WORLDOFWARCRAFT" TELNET Protocol = "TELNET" STUN Protocol = "STUN" IP_IPSEC Protocol = "IP_IPSEC" IP_GRE Protocol = "IP_GRE" IP_ICMP Protocol = "IP_ICMP" ICMP Protocol = IP_ICMP IP_IGMP Protocol = "IP_IGMP" IP_EGP Protocol = "IP_EGP" IP_SCTP Protocol = "IP_SCTP" IP_OSPF Protocol = "IP_OSPF" IP_IP_IN_IP Protocol = "IP_IP_IN_IP" RTP Protocol = "RTP" RDP Protocol = "RDP" VNC Protocol = "VNC" PCANYWHERE Protocol = "PCANYWHERE" SSL Protocol = "SSL" SSH Protocol = "SSH" USENET Protocol = "USENET" MGCP Protocol = "MGCP" IAX Protocol = "IAX" TFTP Protocol = "TFTP" AFP Protocol = "AFP" STEALTHNET Protocol = "STEALTHNET" AIMINI Protocol = "AIMINI" SIP Protocol = "SIP" TRUPHONE Protocol = "TRUPHONE" IP_ICMPV6 Protocol = "IP_ICMPV6" DHCPV6 Protocol = "DHCPV6" ARMAGETRON Protocol = "ARMAGETRON" CROSSFIRE Protocol = "CROSSFIRE" DOFUS Protocol = "DOFUS" FIESTA Protocol = "FIESTA" FLORENSIA Protocol = "FLORENSIA" GUILDWARS Protocol = "GUILDWARS" HTTP_APPLICATION_ACTIVESYNC Protocol = "HTTP_APPLICATION_ACTIVESYNC" /*avoid large declarations in the future*/ KERBEROS Protocol = "KERBEROS" LDAP Protocol = "LDAP" MAPLESTORY Protocol = "MAPLESTORY" MSSQL_TDS Protocol = "MSSQL_TDS" PPTP Protocol = "PPTP" WARCRAFT3 Protocol = "WARCRAFT3" WORLD_OF_KUNG_FU Protocol = "WORLD_OF_KUNG_FU" SLACK Protocol = "SLACK" FACEBOOK Protocol = "FACEBOOK" TWITTER Protocol = "TWITTER" DROPBOX Protocol = "DROPBOX" GMAIL Protocol = "GMAIL" GOOGLE_MAPS Protocol = "GOOGLE_MAPS" YOUTUBE Protocol = "YOUTUBE" SKYPE Protocol = "SKYPE" GOOGLE Protocol = "GOOGLE" DCERPC Protocol = "DCERPC" RPC Protocol = DCERPC NETFLOW Protocol = "NETFLOW" SFLOW Protocol = "SFLOW" HTTP_CONNECT Protocol = "HTTP_CONNECT" HTTP_PROXY Protocol = "HTTP_PROXY" CITRIX Protocol = "CITRIX" NETFLIX Protocol = "NETFLIX" LASTFM Protocol = "LASTFM" WAZE Protocol = "WAZE" YOUTUBE_UPLOAD Protocol = "YOUTUBE_UPLOAD" /* Upload files to youtube */ ICQ Protocol = "ICQ" CHECKMK Protocol = "CHECKMK" CITRIX_ONLINE Protocol = "CITRIX_ONLINE" APPLE Protocol = "APPLE" WEBEX Protocol = "WEBEX" WHATSAPP Protocol = "WHATSAPP" APPLE_ICLOUD Protocol = "APPLE_ICLOUD" VIBER Protocol = "VIBER" APPLE_ITUNES Protocol = "APPLE_ITUNES" RADIUS Protocol = "RADIUS" WINDOWS_UPDATE Protocol = "WINDOWS_UPDATE" TEAMVIEWER Protocol = "TEAMVIEWER" /* xplico.org */ TUENTI Protocol = "TUENTI" LOTUS_NOTES Protocol = "LOTUS_NOTES" SAP Protocol = "SAP" GTP Protocol = "GTP" UPNP Protocol = "UPNP" LLMNR Protocol = "LLMNR" REMOTE_SCAN Protocol = "REMOTE_SCAN" SPOTIFY Protocol = "SPOTIFY" WEBM Protocol = "WEBM" H323 Protocol = "H323" /* Remy Mudingay <mudingay@ill.fr> */ OPENVPN Protocol = "OPENVPN" /* Remy Mudingay <mudingay@ill.fr> */ NOE Protocol = "NOE" /* Remy Mudingay <mudingay@ill.fr> */ CISCOVPN Protocol = "CISCOVPN" /* Remy Mudingay <mudingay@ill.fr> */ TEAMSPEAK Protocol = "TEAMSPEAK" /* Remy Mudingay <mudingay@ill.fr> */ TOR Protocol = "TOR" /* Remy Mudingay <mudingay@ill.fr> */ SKINNY Protocol = "SKINNY" /* Remy Mudingay <mudingay@ill.fr> */ RTCP Protocol = "RTCP" /* Remy Mudingay <mudingay@ill.fr> */ RSYNC Protocol = "RSYNC" /* Remy Mudingay <mudingay@ill.fr> */ ORACLE Protocol = "ORACLE" /* Remy Mudingay <mudingay@ill.fr> */ CORBA Protocol = "CORBA" /* Remy Mudingay <mudingay@ill.fr> */ UBUNTUONE Protocol = "UBUNTUONE" /* Remy Mudingay <mudingay@ill.fr> */ WHOIS_DAS Protocol = "WHOIS_DAS" COLLECTD Protocol = "COLLECTD" SOCKS Protocol = "SOCKS" /* Tomasz Bujlow <tomasz@skatnet.dk> */ NINTENDO Protocol = "NINTENDO" RTMP Protocol = "RTMP" /* Tomasz Bujlow <tomasz@skatnet.dk> */ FTP_DATA Protocol = "FTP_DATA" /* Tomasz Bujlow <tomasz@skatnet.dk> */ WIKIPEDIA Protocol = "WIKIPEDIA" /* Tomasz Bujlow <tomasz@skatnet.dk> */ ZMQ Protocol = "ZMQ" AMAZON Protocol = "AMAZON" /* Tomasz Bujlow <tomasz@skatnet.dk> */ EBAY Protocol = "EBAY" /* Tomasz Bujlow <tomasz@skatnet.dk> */ CNN Protocol = "CNN" /* Tomasz Bujlow <tomasz@skatnet.dk> */ MEGACO Protocol = "MEGACO" /* Gianluca Costa <g.costa@xplico.org> */ REDIS Protocol = "REDIS" PANDO Protocol = "PANDO" /* Tomasz Bujlow <tomasz@skatnet.dk> */ VHUA Protocol = "VHUA" TELEGRAM Protocol = "TELEGRAM" /* Gianluca Costa <g.costa@xplico.org> */ VEVO Protocol = "VEVO" PANDORA Protocol = "PANDORA" QUIC Protocol = "QUIC" /* Andrea Buscarinu <andrea.buscarinu@gmail.com> - Michele Campus <michelecampus5@gmail.com> */ WHATSAPP_VOICE Protocol = "WHATSAPP_VOICE" EAQ Protocol = "EAQ" OOKLA Protocol = "OOKLA" AMQP Protocol = "AMQP" KAKAOTALK Protocol = "KAKAOTALK" /* KakaoTalk Chat (no voice call) */ KAKAOTALK_VOICE Protocol = "KAKAOTALK_VOICE" /* KakaoTalk Voice */ TWITCH Protocol = "TWITCH" /* Edoardo Dominici <edoaramis@gmail.com> */ QUICKPLAY Protocol = "QUICKPLAY" /* Streaming service used by various services such as hooq.tv */ WECHAT Protocol = "WECHAT" MPEGTS Protocol = "MPEGTS" SNAPCHAT Protocol = "SNAPCHAT" SINA Protocol = "SINA" HANGOUT Protocol = "HANGOUT" IFLIX Protocol = "IFLIX" /* www.vizuamatix.com R&D team & M.Mallawaarachchie <manoj_ws@yahoo.com> */ GITHUB Protocol = "GITHUB" BJNP Protocol = "BJNP" ONEKXUN Protocol = "1KXUN" IQIYI Protocol = "IQIYI" SMPP Protocol = "SMPP" /* Damir Franusic <df@release14.org> */ DNSCRYPT Protocol = "DNSCRYPT" TINC Protocol = "TINC" /* William Guglielmo <william@deselmo.com> */ DEEZER Protocol = "DEEZER" INSTAGRAM Protocol = "INSTAGRAM" /* Andrea Buscarinu <andrea.buscarinu@gmail.com> */ MICROSOFT Protocol = "MICROSOFT" STARCRAFT Protocol = "STARCRAFT" /* Matteo Bracci <matteobracci1@gmail.com> */ TEREDO Protocol = "TEREDO" HOTSPOT_SHIELD Protocol = "HOTSPOT_SHIELD" HEP Protocol = "HEP" /* sipcapture.org QXIP BV */ GOOGLE_DRIVE Protocol = "GOOGLE_DRIVE" OCS Protocol = "OCS" OFFICE_365 Protocol = "OFFICE_365" CLOUDFLARE Protocol = "CLOUDFLARE" MS_ONE_DRIVE Protocol = "MS_ONE_DRIVE" MQTT Protocol = "MQTT" RX Protocol = "RX" APPLESTORE Protocol = "APPLESTORE" OPENDNS Protocol = "OPENDNS" GIT Protocol = "GIT" DRDA Protocol = "DRDA" PLAYSTORE Protocol = "PLAYSTORE" SOMEIP Protocol = "SOMEIP" FIX Protocol = "FIX" PLAYSTATION Protocol = "PLAYSTATION" PASTEBIN Protocol = "PASTEBIN" /* Paulo Angelo <pa@pauloangelo.com> */ LINKEDIN Protocol = "LINKEDIN" /* Paulo Angelo <pa@pauloangelo.com> */ SOUNDCLOUD Protocol = "SOUNDCLOUD" CSGO Protocol = "CSGO" /* Counter-Strike Global Offensive Protocol = "CSGO, /* Counter-Strike Global Offensive" Dota 2 */ LISP Protocol = "LISP" DIAMETER Protocol = "DIAMETER" APPLE_PUSH Protocol = "APPLE_PUSH" GOOGLE_SERVICES Protocol = "GOOGLE_SERVICES" AMAZON_VIDEO Protocol = "AMAZON_VIDEO" GOOGLE_DOCS Protocol = "GOOGLE_DOCS" WHATSAPP_FILES Protocol = "WHATSAPP_FILES" /* Videos, pictures Protocol = "WHATSAPP_FILES, /* Videos, pictures" voice messages... */ )
Protocol identifiers for the supported protocols
Source Files
Click to show internal directories.
Click to hide internal directories.