-
Notifications
You must be signed in to change notification settings - Fork 46
/
traffic_session.go
61 lines (51 loc) · 1.44 KB
/
traffic_session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package schema
import "github.com/jinzhu/gorm"
type TrafficSession struct {
gorm.Model
Uuid string `gorm:"index"`
// Traffic SessionType Means a TCP Session / ICMP Request-Response / UDP Request-Response
// DNS Request-Response
// HTTP Request-Response
// we can't treat Proto as any transport layer proto or application layer proto
// because we can't know the proto of a packet before we parse it
//
// just use session type as a hint / verbose to group some frames(packets).
//
// 1. tcp (reassembled)
// 2. udp (try figure out request-response)
// 3. dns
// 4. http (flow)
// 5. icmp (request-response)
// 6. sni (tls client hello)
SessionType string `gorm:"index"`
DeviceName string `gorm:"index"`
DeviceType string
// LinkLayer physical layer
IsLinkLayerEthernet bool
LinkLayerSrc string
LinkLayerDst string
// NetworkLayer network layer
IsIpv4 bool
IsIpv6 bool
NetworkSrcIP string
NetworkSrcIPInt int64
NetworkDstIP string
NetworkDstIPInt int64
// TransportLayer transport layer
IsTcpIpStack bool
TransportLayerSrcPort int
TransportLayerDstPort int
// TCP State Flags
// PDU Reassembled
IsTCPReassembled bool
// TCP SYN Detected? If so, it's a new TCP Session
// 'half' means we haven't seen a FIN or RST
IsHalfOpen bool
// TCP FIN Detected
IsClosed bool
// TCP RST Detected
IsForceClosed bool
// TLS ClientHello
HaveClientHello bool
SNI string
}