public interface KrakenProtocolConfiguration
KrakenProtocolConfigurationBuilderImpl
should be used to obtain an implementation of this interface.
Due to the current design of the Kraken-PCAP-library all application layer protocols
rely on either a UDP (UdpProtocolMapper
) or a TCP
(TcpProtocolMapper
) protocol mapper.
One of the design goals of this framework is the abstraction of this mechanism to enable customizations that do
not require modifications of existing application layer parsers (e.g. HTTP over a custom transport layer protocol
or multiple ports).
A first step to achieve this goal is the introduction of a generic
TransportLayerMappingStrategy
.
However, currently only a port/service based approach has been implemented. Since Kraken apparently does not allow
the use of multiple ports per application layer parser (since the TCP/UDP-Mapper would override the bindings with
the default parser), a custom PortSpecification
approach
was implemented on an application layer basis, i.e. a single application layer protocol may be bound to a
Kraken-application layer parser for a single, multiple, all or no port(s).
However, as soon as JNetPcap provides suitable application layer parsers for the currently supported protocols,
this mechanism should be replaced by JNetPcap-bindings which is more elegant and convenient.
This interface is implemented by
KrakenProtocolConfigurationBuilderImpl.KrakenProtocolConfigurationImpl
.
Modifier and Type | Method and Description |
---|---|
Map<ProtocolId,KrakenBaseProtocol> |
getBoundProtocols()
Represents a primitive protocol to Kraken-protocol decoder mapping mechanism.
|
PcapHandler<PcapActivityListener> |
getPcapHandler()
The underlying source of all PCAP-packets for this application layer protocol.
|
PortSpecification |
getPortSpecification()
|
KrakenTransportLayerMappingFactory |
getTransportLayerMappingFactory()
This
KrakenTransportLayerMappingFactory may be used
by the KrakenBaseProtocol parsers
to obtain instances of the configured getTransportLayerMappingStrategy() . |
String |
getTransportLayerMappingStrategy()
The transport layer mapping strategy to use for this Kraken-application layer protocol decoder.
|
PcapHandler<PcapActivityListener> getPcapHandler()
PcapActivity
-objects.
All parsed PCAP-packets will be either parsed by a Kraken-Application layer parser for this protocol or
discarded by the transport layer mapping strategy and/or port-specification.PcapHandler
to use as input stream for
PcapActivity
-objects.getTransportLayerMappingStrategy()
,
getPortSpecification()
Map<ProtocolId,KrakenBaseProtocol> getBoundProtocols()
ProtocolId
. Therefore a mapping of a protocol to
an appropriate Kraken-protocol decoder/parser is needed. All
KrakenBaseProtocol
implementations provide a method to
retrieve a suitable identifier
BaseProtocol.getProtocolId()
.
These bindings may be configured by using a
KrakenProtocolConfigurationBuilderImpl
.String getTransportLayerMappingStrategy()
TransportLayerMappingStrategy
by using
KrakenTransportLayerMappingFactory
.PortSpecification getPortSpecification()
PortRange
s or
Port
s which filters packets at the transport layer
for this application layer protocol. A simpler alternative to this method is the use of
PortSpecification.UniversalPortSpecification
and
by restricting all transport layer packets globally via a BP-Filter,
see PcapHandler
.PortSpecification
as a transport layer
filter for this application layer protocol onlyPortSpecification.UniversalPortSpecification
KrakenTransportLayerMappingFactory getTransportLayerMappingFactory()
KrakenTransportLayerMappingFactory
may be used
by the KrakenBaseProtocol
parsers
to obtain instances of the configured getTransportLayerMappingStrategy()
.Copyright © 2013–2015 Institute of networks and security. All rights reserved.