Documentation
¶
Overview ¶
Package util provides the general configuration and variable types needed for differnet parts of dnsmonster Logging, metrics, and the search trees for allowlist and skiplist are generated and updated here.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // GlobalParser is the top-level argument parser. each output, capture, metric etc flag is registered // under Globalparser. This makes it easier for output modules to incorporate their own flags GlobalParser = flags.NewNamedParser("dnsmonster", flags.PassDoubleDash|flags.PrintErrors) // GeneralFlags is an ad-hoc solution to make all the flags available // to capture, metrics, util and output plugins. GeneralFlags generalConfig GlobalCancel context.CancelFunc )
var GlobalDispatchList = make([]GenericOutput, 0, 1024) // 1024 outputs is an absurdly high number
GlobalDispatchList acts as a fanout mechanism, sending the dnsresult channel to all the outputs
Functions ¶
func CheckIfWeSkip ¶
CheckIfWeSkip checks a fqdn against an output type and make a decision if the fqdn is meant to be sent to output or not.
func LoadDomainsCsv ¶
func LoadDomainsCsv(Filename string) (*tst.TernarySearchTree, *tst.TernarySearchTree, map[string]uint8)
LoadDomainsCsv loads a domains Csv file/URL. returns 3 parameters: 1. a TST for all the prefixes (type 1) 2. a TST for all the suffixes (type 2) 3. a hashtable for all the full match fqdn (type 3)
func ProcessFlags ¶
ProcessFlags kickstarts `dnsmonster`. it adds the basic module's flags checks their validity, sets up logging, metrics and loads input files associated with skipDomain and allowDomain
Types ¶
type DNSResult ¶
type DNSResult struct {
Timestamp time.Time
DNS mkdns.Msg
IPVersion uint8
SrcIP net.IP
SrcPort uint16 `json:",omitempty"`
DstIP net.IP
DstPort uint16 `json:",omitempty"`
Protocol string
PacketLength uint16
Identity string `json:",omitempty"`
Version string `json:",omitempty"`
}
DNSResult is the middleware that connects the packet encoder to Any output. For DNStap, this is probably going to be replaced with something else.
type DNSResultBinary ¶
type DNSResultBinary struct {
Timestamp time.Time
DNS []byte //packed version of dns.msg (dns.Msg.Pack())
IPVersion uint8
SrcIP net.IP
SrcPort uint16 `json:",omitempty"`
DstIP net.IP
DstPort uint16 `json:",omitempty"`
Protocol string
PacketLength uint16
Identity string `json:",omitempty"`
Version string `json:",omitempty"`
}
type GenericOutput ¶
type GenericOutput interface {
Initialize(context.Context) error // try to initialize the output by checking flags and connections
Output(context.Context) // the output is a goroutine that fetches data from the registered channel and pushes it to output, possibly in multiple workers
OutputChannel() chan DNSResult // returns the output channel associated with the output
Close() // close down the connections and exit cleanly
}
GenericOutput is an interface to speficy the behaviour of output modules and make it extendable
type OutputMarshaller ¶
type OutputMarshaller interface {
Marshal(d DNSResult) []byte // marshal the DNSResult into the output format
Init() (string, error) // initialize the output format
}
OutputMarshaller is an interface to make it easier to build output formats regardless of the output.
func OutputFormatToMarshaller ¶
func OutputFormatToMarshaller(outputFormat string, t string) (OutputMarshaller, string, error)
OutputFormatToMarshaller gets the outputFormat string and a template used in gotemplate
Source Files