bpf

package module
v0.0.0-...-a8af5a2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2019 License: MIT Imports: 4 Imported by: 1

README

BPF Parser

Build Status

A simple BPF parser written in Go using particle library.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var QDirection = &directionList{
	Src: Direction{Src: true},
	Dst: Direction{Dst: true},
}
View Source 
var QProtocol = &protocolList{
	TCP:   Protocol{TCP: true},
	UDP:   Protocol{UDP: true},
	Ether: Protocol{Ether: true},
}
View Source 
var QType = &typeList{
	Host: Type{Host: true},
	Net:  Type{Net: true},
	Port: Type{Port: true},
}

Functions

This section is empty.

Types

type Direction 

type Direction struct {
	Src bool `  @ "src"`
	Dst bool `| @ "dst"`
}

Direction specify a particular transfer direction to and/or from id. Possible directions are src, dst

type Expression 

type Expression struct {
	Primitive *Primitive  ` @@  `
	Op        string      `[ @( "and" | "or" ) `
	Next      *Expression ` @@ ]`
}

Expression consists of one or more Primitives

func (*Expression) Qualifiers 

func (e *Expression) Qualifiers() map[string][]string

Qualifiers returns a map containing the qualifiers of the expression where the key is the qualifier and the values are the Id's from the primitive

type Filter 

type Filter struct {
	Primitives *Expression ` @@ `
}

Filter expressions wrapper

func Parse 

func Parse(s string) (*Filter, error)

Parse receives a BPF expression and returns an Filter object from the parsed expression

type Primitive 

type Primitive struct {
	Qualifiers []*Qualifier `@@ { @@ }`
	Id         string       `(@Mac | @Host | @Number)`
}

Primitive consist of an id (name or number) preceded by one or more qualifiers

type Protocol 

type Protocol struct {
	TCP   bool `  @ "tcp"`
	UDP   bool `| @ "udp"`
	Ether bool `| @ "ether"`
}

Protocol restricts the match to a particular protocol. Possible protos are: ether, tcp and udp. E.g., 'ether src foo' 'tcp port 21'

type Qualifier 

type Qualifier struct {
	Type  *Type      `  @@`
	Dir   *Direction `| @@`
	Proto *Protocol  `| @@`
}

Qualifier there are tree types of qualifiers in a BPF expression type, dir, proto

func (*Qualifier) Compare 

func (q *Qualifier) Compare(t *Qualifier) bool

Compare compares the qualifier value

func (*Qualifier) String 

func (q *Qualifier) String() string

type Type 

type Type struct {
	Host bool `  @ "host"`
	Net  bool `| @ "net"`
	Port bool `| @ "port"`
}

Type kind of thing the id name or number refers to. Possible types are host, net , port

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.