diff --git a/docs/content/en/docs/Inputs/filters_masks.md b/docs/content/en/docs/Inputs/filters_masks.md
index 29b473ed..f8f3997d 100644
--- a/docs/content/en/docs/Inputs/filters_masks.md
+++ b/docs/content/en/docs/Inputs/filters_masks.md
@@ -9,7 +9,7 @@ There are a few ways to manipulate incoming packets in various steps of `dnsmons
## BPF
{{< alert >}}Applied at kernel level{{< /alert >}}
-BPF is by far the most performant way to filter incoming packets. It's only supported on live capture (`--devName`). It uses the `tcpdump`'s [pcap-filter](https://www.tcpdump.org/manpages/pcap-filter.7.html) language to filter out the packets. There are plans to potentially move away from this method and accept base64-encoded `bpf` bytecode in the future.
+BPF is by far the most performant way to filter incoming packets. It's only supported on live capture (`--devName`). It uses the `tcpdump`'s [pcap-filter](https://www.tcpdump.org/manpages/pcap-filter.7.html) language to filter out the packets.
## Sample Ratio
{{< alert >}}Applied at capture level{{< /alert >}}
diff --git a/docs/content/en/docs/Outputs/parquet.md b/docs/content/en/docs/Outputs/parquet.md
new file mode 100644
index 00000000..db8008bd
--- /dev/null
+++ b/docs/content/en/docs/Outputs/parquet.md
@@ -0,0 +1,32 @@
+---
+title: "Parquet"
+linkTitle: "Apache Parquet"
+weight: 4
+---
+
+Parquet output module is designed to send `dnsmonster` logs to parquet files.
+
+
+## Configuration Parameters
+```ini
+[parquet_output]
+; What should be written to parquet file. options:
+; 0: Disable Output
+; 1: Enable Output without any filters
+; 2: Enable Output and apply skipdomains logic
+; 3: Enable Output and apply allowdomains logic
+; 4: Enable Output and apply both skip and allow domains logic
+parquetoutputtype = 0
+
+; Path to output folder. Used if parquetoutputtype is not none
+parquetoutputpath =
+
+; Number of records to write to parquet file before flushing
+parquetflushbatchsize = 10000
+
+; Number of workers to write to parquet file
+parquetworkercount = 4
+
+; Size of the write buffer in bytes
+parquetwritebuffersize = 256000
+```
\ No newline at end of file
diff --git a/docs/content/en/docs/Outputs/stdout-file-syslog.md b/docs/content/en/docs/Outputs/stdout-file-syslog.md
index 54794162..e53ab503 100644
--- a/docs/content/en/docs/Outputs/stdout-file-syslog.md
+++ b/docs/content/en/docs/Outputs/stdout-file-syslog.md
@@ -4,7 +4,9 @@ linkTitle: "Stdout, syslog, or Log File"
weight: 4
---
-Stdout, syslog and file are supported outputs for `dnsmonster` out of the box. They are useful specially if you have a SIEM agent reading the files as they come in. Note that `dnsmonster` does not provide support for log rotation and the capacity of the hard drive while writing into a file. You can use a tool like `logrotate` to perform cleanups on the log files. The signalling on log rotation (SIGHUP) has not been tested with `dnsmonster`.
+Stdout, syslog and file are supported outputs for `dnsmonster` out of the box. They are useful specially if you have a SIEM agent reading the files as they come in. Note that `dnsmonster` does not provide support for log rotation and the capacity of the hard drive while writing into a file. You can use a tool like `logrotate` to perform cleanups on the log files. The signalling on log rotation (SIGHUP) has not been tested with `dnsmonster`.
+
+The JSON schema used to send the logs can be configured to be compatible with Open Cybersecurity Schema Framework (OCSF) as well.
Currently, Syslog output is only supported on Linux.
@@ -23,7 +25,7 @@ FileOutputType = 0
; Path to output file. Used if fileOutputType is not none
FileOutputPath =
-; Output format for file. options:json,csv, csv_no_header, gotemplate. note that the csv splits the datetime format into multiple fields
+; Output format for file. options:json, json-ocsf, csv, csv_no_header, gotemplate. note that the csv splits the datetime format into multiple fields
FileOutputFormat = json
; Go Template to format the output as needed
diff --git a/docs/content/en/docs/Outputs/victorialogs.md b/docs/content/en/docs/Outputs/victorialogs.md
new file mode 100644
index 00000000..74f23dff
--- /dev/null
+++ b/docs/content/en/docs/Outputs/victorialogs.md
@@ -0,0 +1,35 @@
+---
+title: "VictoriaLogs"
+linkTitle: "VictoriaLogs"
+weight: 4
+---
+
+VictoriaLogs output module is designed to send `dnsmonster` logs to [victorialogs](https://docs.victoriametrics.com/victorialogs/index.html).
+
+
+## Configuration Parameters
+```ini
+[victoria_output]
+; Victoria Output Endpoint. example: http://localhost:9428/insert/jsonline?_msg_field=rcode_id&_time_field=time
+victoriaoutputendpoint =
+
+; What should be written to Microsoft Victoria. options:
+; 0: Disable Output
+; 1: Enable Output without any filters
+; 2: Enable Output and apply skipdomains logic
+; 3: Enable Output and apply allowdomains logic
+; 4: Enable Output and apply both skip and allow domains logic
+victoriaoutputtype = 0
+
+; Victoria Output Proxy in URI format
+victoriaoutputproxy =
+
+; Number of workers
+victoriaoutputworkers = 8
+
+; Victoria Batch Size
+victoriabatchsize = 100
+
+; Interval between sending results to Victoria if Batch size is not filled. Any value larger than zero takes precedence over Batch Size
+victoriabatchdelay = 0s
+```
\ No newline at end of file
diff --git a/docs/content/en/docs/Outputs/zinc.md b/docs/content/en/docs/Outputs/zinc.md
new file mode 100644
index 00000000..f789688b
--- /dev/null
+++ b/docs/content/en/docs/Outputs/zinc.md
@@ -0,0 +1,42 @@
+---
+title: "Zinc Search"
+linkTitle: "Zinc Search"
+weight: 4
+---
+
+Zinc Search output module is designed to send `dnsmonster` logs to [zincsearch](https://github.com/zincsearch/zincsearch).
+
+
+## Configuration Parameters
+```ini
+
+[zinc_output]
+; What should be written to zinc. options:
+; 0: Disable Output
+; 1: Enable Output without any filters
+; 2: Enable Output and apply skipdomains logic
+; 3: Enable Output and apply allowdomains logic
+; 4: Enable Output and apply both skip and allow domains logic
+zincoutputtype = 0
+
+; index used to save data in Zinc
+zincoutputindex = dnsmonster
+
+; zinc endpoint address, example: http://127.0.0.1:9200/api/default/_bulk. Used if zincOutputType is not none
+zincoutputendpoint =
+
+; zinc username, example: admin@admin.com. Used if zincOutputType is not none
+zincoutputusername =
+
+; zinc password, example: password. Used if zincOutputType is not none
+zincoutputpassword =
+
+; Send data to Zinc in batch sizes
+zincbatchsize = 1000
+
+; Interval between sending results to Zinc if Batch size is not filled
+zincbatchdelay = 1s
+
+; Zing request timeout
+zinctimeout = 10s
+```
\ No newline at end of file
diff --git a/go.mod b/go.mod
index a9b4f890..84d848f5 100644
--- a/go.mod
+++ b/go.mod
@@ -7,15 +7,16 @@ require (
github.com/arthurkiller/rollingwriter v1.1.3
github.com/deathowl/go-metrics-prometheus v0.0.0-20221009205350-f2a1482ba35b
github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
- github.com/gopacket/gopacket v1.3.0
+ github.com/gopacket/gopacket v1.3.1
github.com/hashicorp/go-syslog v1.0.0
github.com/influxdata/influxdb-client-go/v2 v2.14.0
github.com/jackc/pgx/v4 v4.18.3
- github.com/parquet-go/parquet-go v0.23.0
+ github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5
+ github.com/parquet-go/parquet-go v0.24.0
github.com/prometheus/client_golang v1.20.5
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
github.com/syntaqx/go-metrics-datadog v0.1.3
- golang.org/x/sync v0.8.0
+ golang.org/x/sync v0.10.0
)
require (
@@ -34,7 +35,7 @@ require (
github.com/fortytw2/leaktest v1.3.0 // indirect
github.com/go-faster/city v1.0.1 // indirect
github.com/go-faster/errors v0.7.1 // indirect
- github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect
+ github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/influxdata/line-protocol v0.0.0-20210922203350-b1ad95c89adf // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
@@ -46,36 +47,34 @@ require (
github.com/jackc/pgtype v1.14.4 // indirect
github.com/jackc/puddle v1.3.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
- github.com/klauspost/cpuid/v2 v2.2.8 // indirect
- github.com/kr/text v0.2.0 // indirect
+ github.com/klauspost/cpuid/v2 v2.2.9 // indirect
github.com/lib/pq v1.10.4 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/oapi-codegen/runtime v1.1.1 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/paulmach/orb v0.11.1 // indirect
- github.com/pierrec/lz4/v4 v4.1.21 // indirect
+ github.com/pierrec/lz4/v4 v4.1.22 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
- github.com/prometheus/common v0.60.1 // indirect
+ github.com/prometheus/common v0.61.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/segmentio/asm v1.2.0 // indirect
- github.com/segmentio/encoding v0.4.0 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/stretchr/objx v0.5.2 // indirect
github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
- go.opentelemetry.io/otel v1.31.0 // indirect
- go.opentelemetry.io/otel/trace v1.31.0 // indirect
- golang.org/x/arch v0.11.0 // indirect
- golang.org/x/mod v0.21.0 // indirect
- golang.org/x/text v0.19.0 // indirect
- golang.org/x/tools v0.26.0 // indirect
+ go.opentelemetry.io/otel v1.33.0 // indirect
+ go.opentelemetry.io/otel/trace v1.33.0 // indirect
+ golang.org/x/arch v0.12.0 // indirect
+ golang.org/x/mod v0.22.0 // indirect
+ golang.org/x/text v0.21.0 // indirect
+ golang.org/x/tools v0.28.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
require (
- github.com/bytedance/sonic v1.12.3
+ github.com/bytedance/sonic v1.12.5
github.com/dnstap/golang-dnstap v0.4.0
github.com/jessevdk/go-flags v1.6.1
github.com/klauspost/compress v1.17.11 // indirect
@@ -88,8 +87,8 @@ require (
github.com/rogpeppe/fastuuid v1.2.0
github.com/segmentio/kafka-go v0.4.47
github.com/sirupsen/logrus v1.9.3
- golang.org/x/crypto v0.28.0 // indirect
- golang.org/x/net v0.30.0
- golang.org/x/sys v0.26.0 // indirect
- google.golang.org/protobuf v1.35.1
+ golang.org/x/crypto v0.31.0 // indirect
+ golang.org/x/net v0.32.0
+ golang.org/x/sys v0.28.0 // indirect
+ google.golang.org/protobuf v1.35.2
)
diff --git a/go.sum b/go.sum
index 8764ab3b..cf3054a4 100644
--- a/go.sum
+++ b/go.sum
@@ -22,8 +22,8 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
-github.com/bytedance/sonic v1.12.3 h1:W2MGa7RCU1QTeYRTPE3+88mVC0yXmsRQRChiyVocVjU=
-github.com/bytedance/sonic v1.12.3/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
+github.com/bytedance/sonic v1.12.5 h1:hoZxY8uW+mT+OpkcUWw4k0fDINtOcVavEsGfzwzFU/w=
+github.com/bytedance/sonic v1.12.5/go.mod h1:B8Gt/XvtZ3Fqj+iSKMypzymZxw/FVwgIGKzMzT9r/rk=
github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
github.com/bytedance/sonic/loader v0.2.1 h1:1GgorWTqf12TA8mma4DDSbaQigE2wOgQo7iCjjJv3+E=
github.com/bytedance/sonic/loader v0.2.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
@@ -47,7 +47,6 @@ github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMe
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -101,13 +100,13 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20241023014458-598669927662 h1:SKMkD83p7FwUqKmBsPdLHF5dNyxq3jOWwu9w9UyH5vA=
-github.com/google/pprof v0.0.0-20241023014458-598669927662/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
+github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gopacket/gopacket v1.3.0 h1:MouZCc+ej0vnqzB0WeiaO/6+tGvb+KU7UczxoQ+X0Yc=
-github.com/gopacket/gopacket v1.3.0/go.mod h1:WnFrU1Xkf5lWKV38uKNR9+yYtppn+ZYzOyNqMeH4oNE=
+github.com/gopacket/gopacket v1.3.1 h1:ZppWyLrOJNZPe5XkdjLbtuTkfQoxQ0xyMJzQCqtqaPU=
+github.com/gopacket/gopacket v1.3.1/go.mod h1:3I13qcqSpB2R9fFQg866OOgzylYkZxLTmkvcXhvf6qg=
github.com/hashicorp/go-syslog v1.0.0 h1:KaodqZuhUoZereWVIYmpUgZysurB1kBLX2j0MwMrUAE=
github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@@ -185,8 +184,8 @@ github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHU
github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.8 h1:+StwCXwm9PdpiEkPyzBXIy+M9KUb4ODm0Zarf1kS5BM=
-github.com/klauspost/cpuid/v2 v2.2.8/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY=
+github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8=
github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -239,14 +238,16 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6
github.com/olivere/elastic v6.2.37+incompatible h1:UfSGJem5czY+x/LqxgeCBgjDn6St+z8OnsCuxwD3L0U=
github.com/olivere/elastic v6.2.37+incompatible/go.mod h1:J+q1zQJTgAz9woqsbVRqGeB5G1iqDKVBWLNSYW8yfJ8=
github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0=
-github.com/parquet-go/parquet-go v0.23.0 h1:dyEU5oiHCtbASyItMCD2tXtT2nPmoPbKpqf0+nnGrmk=
-github.com/parquet-go/parquet-go v0.23.0/go.mod h1:MnwbUcFHU6uBYMymKAlPPAw9yh3kE1wWl6Gl1uLdkNk=
+github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5 h1:p4VuaitqUAqSZSomd7Wb4BPV/Jj7Hno2/iqtfX7DZJI=
+github.com/packetcap/go-pcap v0.0.0-20240528124601-8c87ecf5dbc5/go.mod h1:zIAoVKeWP0mz4zXY50UYQt6NLg2uwKRswMDcGEqOms4=
+github.com/parquet-go/parquet-go v0.24.0 h1:VrsifmLPDnas8zpoHmYiWDZ1YHzLmc7NmNwPGkI2JM4=
+github.com/parquet-go/parquet-go v0.24.0/go.mod h1:OqBBRGBl7+llplCvDMql8dEKaDqjaFA/VAPw+OJiNiw=
github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
-github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
+github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -266,8 +267,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc=
-github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw=
+github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ=
+github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -293,8 +294,6 @@ github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThC
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
-github.com/segmentio/encoding v0.4.0 h1:MEBYvRqiUB2nfR2criEXWqwdY6HJOUrCn5hboVOVmy8=
-github.com/segmentio/encoding v0.4.0/go.mod h1:/d03Cd8PoaDeceuhUUUQWjU0KhWjrmYrWPgtJHYZSnI=
github.com/segmentio/kafka-go v0.4.47 h1:IqziR4pA3vrZq7YdRxaT3w1/5fvIH5qpCwstUanQQB0=
github.com/segmentio/kafka-go v0.4.47/go.mod h1:HjF6XbOKh0Pjlkr5GVZxt6CsjjwnmhVOfURM5KMd8qg=
github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
@@ -323,8 +322,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/syntaqx/go-metrics-datadog v0.1.3 h1:N2k1QfPCghydIs0OdTpN8lDFgn48rA5D4vc+8FLkD/w=
github.com/syntaqx/go-metrics-datadog v0.1.3/go.mod h1:MdS57ZQXnTjkNCObzSUxqo8cEWWNIuFA00AP1KFUBJ0=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -350,10 +349,10 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
go.mongodb.org/mongo-driver v1.11.4/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g=
-go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
-go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
-go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
-go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
+go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
+go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
+go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
@@ -365,8 +364,8 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
-golang.org/x/arch v0.11.0 h1:KXV8WWKCXm6tRpLirl2szsO5j/oOODwZf4hATmGVNs4=
-golang.org/x/arch v0.11.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
+golang.org/x/arch v0.12.0 h1:UsYJhbzPYGsT0HbEdmYcqtCv8UNGvnaL561NnIUvaKg=
+golang.org/x/arch v0.12.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@@ -382,8 +381,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
@@ -391,8 +390,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -409,8 +408,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -419,8 +418,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -448,8 +447,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -468,8 +467,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
@@ -484,8 +483,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
+golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -500,8 +499,8 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/internal/capture/afpacket_nonlinux.go b/internal/capture/afpacket_nonlinux.go
index 030ce76b..a8d71bc7 100644
--- a/internal/capture/afpacket_nonlinux.go
+++ b/internal/capture/afpacket_nonlinux.go
@@ -1,3 +1,6 @@
+//go:build !linux || android || nocgo
+// +build !linux android nocgo
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build !linux || android || nocgo
-// +build !linux android nocgo
-
package capture
// This entire file is a dummy one to make sure all our cross platform builds work even if the underlying OS doesn't suppot some of the functionality
@@ -63,4 +63,5 @@ func (afhandle *afpacketHandle) Stat() (uint, uint, error) {
func (config captureConfig) initializeLiveAFpacket(devName, filter string) *afpacketHandle {
return nil
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/compilebpf.go b/internal/capture/compilebpf.go
index a901b724..b4b5955f 100644
--- a/internal/capture/compilebpf.go
+++ b/internal/capture/compilebpf.go
@@ -1,3 +1,6 @@
+//go:build !nolibpcap && !nocgo
+// +build !nolibpcap,!nocgo
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build !nolibpcap && !nocgo
-// +build !nolibpcap,!nocgo
-
// this file's sole purpose is to convert a tcpdump filter into bpf bytecode
package capture
@@ -37,4 +37,5 @@ func tcpdumpToPcapgoBpf(filter string) []bpf.RawInstruction {
}
return returnByteCodes
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/compilebpf_nolibpcap.go b/internal/capture/compilebpf_nolibpcap.go
index 6d17cba0..3fd6eed5 100644
--- a/internal/capture/compilebpf_nolibpcap.go
+++ b/internal/capture/compilebpf_nolibpcap.go
@@ -1,3 +1,6 @@
+//go:build nolibpcap || nocgo
+// +build nolibpcap nocgo
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,81 +16,29 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build nolibpcap || nocgo
-// +build nolibpcap nocgo
-
// this file's sole purpose is to convert a tcpdump filter into bpf bytecode
package capture
import (
- "bytes"
- "compress/gzip"
- "encoding/base64"
- "io/ioutil"
- "strconv"
- "strings"
-
+ gopcap "github.com/packetcap/go-pcap/filter"
log "github.com/sirupsen/logrus"
"golang.org/x/net/bpf"
)
func tcpdumpToPcapgoBpf(filter string) []bpf.RawInstruction {
- log.Warnf("dnsmonster has been compiled without libpcap support. tcpdump-style BPF filters are not directly supported.")
- log.Warnf("to generate a filter, use tcpdump and unix ulitities like so:")
- log.Warnf(`tcpdump -ddd "port 53 and not vlan 1024" | gzip -9 | base64 -w0`)
- // H4sIAAAAAAAAA3WO0Q0AIQhD/5nCEaRW9PZf7EDU3M9FE+HZFkBhLXEUAvV3lsaOLpwLowZGCNpShMZSqsPv8XeuX0bZLlxKhZuDpgseynkHtP8B85Pvi9hTLKg+KjpGrk0ZONUO8kmHnU2DWeYYlNxNlRfV0U3mAQEAAA==
- log.Warnf("then provide the output base64 as a filter to dnsmonster")
- returnByteCodes := []bpf.RawInstruction{}
- z, err := base64.StdEncoding.DecodeString(filter)
+ log.Warnf("dnsmonster has been compiled without libpcap support. some advance bpf filters maybe unsupported.")
+
+ instructions, err := gopcap.NewExpression(filter).Compile().Compile()
if err != nil {
- log.Warnf("invalid base64 input, ignoring. error: %s", err)
+ log.Errorf("failed to compile filter: %s", err)
return nil
}
- r, err := gzip.NewReader(bytes.NewReader(z))
- if err != nil {
- log.Warnf("invalid gzip input, ignoring. error: %s", err)
- return nil
+ rawInstructions := make([]bpf.RawInstruction, len(instructions))
+ for i, inst := range instructions {
+ rawInstructions[i], _ = inst.Assemble()
}
- input, _ := ioutil.ReadAll(r)
- for _, line := range strings.Split(string(input), "\n") {
- // skip empty line
- if line == "" {
- continue
- }
- instruction := bpf.RawInstruction{}
- instructs := strings.Split(line, " ")
- // should be at least 1 per line. first line has one, the others have 4 each
- if t, err := strconv.ParseUint(instructs[0], 10, 16); err != nil {
- log.Warnf("invalid instructions %d, ignoring. err: %s", t, err)
- return nil
- } else {
- instruction.Op = uint16(t)
- }
- if len(instructs) == 4 {
- if t, err := strconv.ParseUint(instructs[1], 10, 8); err != nil {
- log.Warnf("invalid instructions, ignoring")
- return nil
- } else {
- instruction.Jt = uint8(t)
- }
- if t, err := strconv.ParseUint(instructs[2], 10, 8); err != nil {
- log.Warnf("invalid instructions, ignoring")
- return nil
- } else {
- instruction.Jf = uint8(t)
- }
- if t, err := strconv.ParseUint(instructs[3], 10, 32); err != nil {
- log.Warnf("invalid instructions, ignoring")
- return nil
- } else {
- instruction.K = uint32(t)
- }
- returnByteCodes = append(returnByteCodes, instruction)
- }
-
- }
-
- return returnByteCodes
+ return rawInstructions
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/detect_ip.go b/internal/capture/detect_ip.go
index 5f415834..7ed13798 100644
--- a/internal/capture/detect_ip.go
+++ b/internal/capture/detect_ip.go
@@ -50,4 +50,5 @@ func (i *detectIP) CanDecode() gopacket.LayerClass {
func (i *detectIP) NextLayerType() gopacket.LayerType {
return i.family.LayerType()
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/dnstap.go b/internal/capture/dnstap.go
index 7744f557..9e1f692f 100644
--- a/internal/capture/dnstap.go
+++ b/internal/capture/dnstap.go
@@ -178,4 +178,5 @@ func (config captureConfig) StartDNSTap(ctx context.Context) error {
}
}
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/livecap_bsd.go b/internal/capture/livecap_bsd.go
index 5c59b0e6..ad84307c 100644
--- a/internal/capture/livecap_bsd.go
+++ b/internal/capture/livecap_bsd.go
@@ -1,3 +1,6 @@
+//go:build darwin || dragonfly || freebsd || netbsd || openbsd
+// +build darwin dragonfly freebsd netbsd openbsd
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
-
package capture
import (
@@ -91,4 +91,5 @@ func (h *BsdHandle) Close() {
func (h *BsdHandle) Stat() (uint, uint, error) {
return h.readCnt, h.droppedCnt, nil
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/livecap_linux.go b/internal/capture/livecap_linux.go
index 91ecc5ac..a8b2f745 100644
--- a/internal/capture/livecap_linux.go
+++ b/internal/capture/livecap_linux.go
@@ -1,3 +1,6 @@
+//go:build linux
+// +build linux
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build linux
-// +build linux
-
package capture
import (
@@ -72,4 +72,5 @@ func (h *livePcapHandle) Stat() (uint, uint, error) {
}
return uint(stats.Packets), uint(stats.Drops), nil
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/livecap_windows.go b/internal/capture/livecap_windows.go
index 28898d32..ffd7ca63 100644
--- a/internal/capture/livecap_windows.go
+++ b/internal/capture/livecap_windows.go
@@ -1,3 +1,6 @@
+//go:build windows
+// +build windows
+
/* {{{ Copyright (C) 2022 Ali Mosajjal
*
* This program is free software: you can redistribute it and/or modify
@@ -13,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with this program. If not, see . }}} */
-//go:build windows
-// +build windows
-
package capture
import (
@@ -57,4 +57,5 @@ func (h *livePcapHandle) Stat() (uint, uint, error) {
}
return uint(stats.PacketsReceived), uint(stats.PacketsDropped), nil
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/pcapfile.go b/internal/capture/pcapfile.go
index ee608b15..8200906f 100644
--- a/internal/capture/pcapfile.go
+++ b/internal/capture/pcapfile.go
@@ -95,4 +95,5 @@ func (h *pcapFileHandle) Stat() (uint, uint, error) {
// it's controlled by I/O and not network
return h.pktsRead, 0, nil
}
+
// vim: foldmethod=marker
diff --git a/internal/capture/pcapngfile.go b/internal/capture/pcapngfile.go
index 26d44b33..d8e6d799 100644
--- a/internal/capture/pcapngfile.go
+++ b/internal/capture/pcapngfile.go
@@ -71,4 +71,5 @@ func (h *pcapngFileHandle) Stat() (uint, uint, error) {
// it's controlled by I/O and not network
return h.pktsRead, 0, nil
}
+
// vim: foldmethod=marker