Namespace com.teracloud.streams.network.dns

Operators

  • DNSPacketDPDKSource: DNSPacketDPDKSource is an operator for the Streams product that receives network packets from a supported ethernet adapter.
  • DNSPacketFileSource: DNSPacketFileSource is an operator for the Streams product that reads prerecorded DNS packets from 'packet capture (PCAP)' files, parses the network headers and the fields of the DNS message, and emits tuples containing packet data.
  • DNSPacketLiveSource: DNSPacketLiveSource is an operator for the Streams product that captures live DNS packets from an ethernet interface, parses their network headers and the fields of the DNS message, and emits tuples containing packet data.

Functions

  • CAPTURE_MICROSECONDS(): This function returns the number of microseconds since the value of the CAPTURE_SECONDS() function until the current packet was captured, according to the system clock on the machine that captured it.
  • CAPTURE_SECONDS(): This function returns the number of seconds since the beginning of the Unix epoch (midnight on January 1st, 1970 in Greenwich, England) until the current packet was captured, according to the system clock on the machine that captured it.
  • CAPTURE_TSC_MICROSECONDS(): This function returns the value of the machine's timestamp counter when the packet was captured, that is, the number of microseconds since the machine was booted.
  • DNS_ADDITIONAL_CLASSES(): This parser result function returns a list of the 'class' fields in the 'additional' resource records in the current message.
  • DNS_ADDITIONAL_COUNT(): This parser result function returns the number of 'additional' resource records in the current message.
  • DNS_ADDITIONAL_DATA(): This parser result function returns a list of the 'data' fields in the 'additional' resource records in the current message.
  • DNS_ADDITIONAL_DATA(rstring): This parser result function returns a list of the 'data' fields in the 'additional' resource records in the current message.
  • DNS_ADDITIONAL_NAMES(): This parser result function returns a list of the 'name' fields in the 'additional' resource records in the current message.
  • DNS_ADDITIONAL_TTLS(): This parser result function returns a list of the 'time to live' fields in the 'additional' resource records in the current message.
  • DNS_ADDITIONAL_TYPES(): This parser result function returns a list of the 'type' fields in the 'additional' resource records in the current message.
  • DNS_ALL_FIELDS(rstring, rstring, rstring): This parser result function returns a string containing 'flattened' representation of the DNS packet, including selected fields from the IP and UDP headers, all fields from the DNS header, and all fields from all DNS resource records, represented as appropriate, separated by the specified record and field delimiters, and for SOA resource records, a subfield delimiter.
  • DNS_ALL_FIELDS(rstring, rstring, rstring, list<uint16>): This parser result function returns a string containing 'flattened' representation of the DNS packet, including selected fields from the IP and UDP headers, all fields from the DNS header, and all fields from seleccted DNS resource records, represented as appropriate, separated by the specified record and field delimiters, and for SOA resource records, a subfield delimiter.
  • DNS_ALL_FLAGS(): This parser result function returns a 16-bit value containing all of the DNS header flags from the current message.
  • DNS_ANSWER_ADDRESS(): This parser result function returns the 'data' field of the first 'answer' resource record, if there is one with a 'type' value of '1' or '28' (meaning, the answer is an IP version 4 or version 6 address from a type 'A' or 'AAAA' record, respectively), as a string value, or an empty string if not.
  • DNS_ANSWER_ADDRESSES(): This parser result function returns a list of the 'data' fields in the 'answer' resource records that have a 'type' value of '1' or '28' (meaning, the answer is an IP version 4 or version 6 address from a type 'A' or 'AAAA' record, respectively), as string values.
  • DNS_ANSWER_CANONICAL(): This parser result function returns the 'data' field of the first 'answer' resource record, if there is one with a 'type' value of '5' (meaning, the answer is a canonical domain name from a type 'CNAME' record), or an empty string if not.
  • DNS_ANSWER_CLASSES(): This parser result function returns a list of the 'class' fields in the 'answer' resource records in the current message.
  • DNS_ANSWER_COUNT(): This parser result function returns the number of 'answer' resource records in the current message.
  • DNS_ANSWER_DATA(): This parser result function returns a list of the 'data' fields in the 'answer' resource records in the current message.
  • DNS_ANSWER_IPV4_ADDRESS(): This parser result function returns the 'data' field of the first 'answer' resource record, if there is one with a 'type' value of '1' (meaning, the answer is an IP version 4 address from a type 'A' record), as a binary value, or zero if not.
  • DNS_ANSWER_IPV4_ADDRESSES(): This parser result function returns the 'data' fields of the 'answer' resource records that have 'type' values of '1' (meaning, the answers are IP version 4 addresses from type 'A' records), as a list of binary values.
  • DNS_ANSWER_IPV6_ADDRESS(): This parser result function returns the 'data' field of the first 'answer' resource record, if there is one with a 'type' value of '28' (meaning, the answer is an IP version 6 address from a type 'AAAA' record), as a binary value, or zero if not.
  • DNS_ANSWER_IPV6_ADDRESSES(): This parser result function returns the 'data' fields of the 'answer' resource records that have 'type' values of '28' (meaning, the answers IP version 6 addresses from type 'AAAA' records), as a binary values.
  • DNS_ANSWER_NAMES(): This parser result function returns a list of the 'name' fields in the 'answer' resource records in the current message.
  • DNS_ANSWER_TTLS(): This parser result function returns a list of the 'time to live' fields in the 'answer' resource records in the current message.
  • DNS_ANSWER_TYPES(): This parser result function returns a list of the 'type' fields in the 'answer' resource records in the current message.
  • DNS_AUTHORITATIVE_FLAG(): This parser result function returns true if the 'authoritative' flag is set in the current message, or false if not.
  • DNS_EXTRA_DATA(): This parser result function returns any extra data in the DNS message that follows the last resource record.
  • DNS_IDENTIFIER(): This parser result function returns the DNS client's request correlator in the current message, and returned by the server in its response.
  • DNS_INCOMPATIBLE_FLAGS(): This DNS parser result function returns a non-zero integer to indicate that an encoding error was found while decoding the current packet, or zero if no enoding errors were found.
  • DNS_NAMESERVER_CLASSES(): This parser result function returns a list of the 'class' fields in the 'name server' resource records in the current message.
  • DNS_NAMESERVER_COUNT(): This parser result function returns the number of 'name server' resource records in the current message.
  • DNS_NAMESERVER_DATA(): This parser result function returns a list of the 'data' fields in the 'name server' resource records in the current message.
  • DNS_NAMESERVER_DATA(rstring): This parser result function returns a list of the 'data' fields in the 'name server' resource records in the current message.
  • DNS_NAMESERVER_NAMES(): This parser result function returns a list of the 'name' fields in the 'name server' resource records in the current message.
  • DNS_NAMESERVER_TTLS(): This parser result function returns a list of the 'time to live' fields in the 'name server' resource records in the current message.
  • DNS_NAMESERVER_TYPES(): This parser result function returns a list of the 'type' fields in the 'name server' resource records in the current message.
  • DNS_OPCODE(): This parser result function returns the operation code requested by the DNS client in the current message, for example,
  • DNS_QUESTION_CLASS(): This parser result function returns the 'class' field of the first 'question' resource record in the current message, for example, '1' for Internet adddresses ('IN' records),
  • DNS_QUESTION_CLASSES(): This parser result function returns a list of the 'class' fields in the 'question' resource records in the current message.
  • DNS_QUESTION_COUNT(): This parser result function returns the number of 'question' resource records in the current message.
  • DNS_QUESTION_NAME(): This parser result function returns the 'name' field of the first 'question' resource record in the current message, if there is one, or an empty string if not.
  • DNS_QUESTION_NAMES(): This parser result function returns a list of the 'name' fields in the 'question' resource records in the current message.
  • DNS_QUESTION_TYPE(): This parser result function returns the 'type' field of the first 'question' resource record in the current message, for example:
  • DNS_QUESTION_TYPES(): This parser result function returns a list of the 'type' fields in the 'question' resource records in the current message.
  • DNS_RESPONSE_CODE(): This parser result function returns the response code from the DNS server in the current message, for example,
  • DNS_RESPONSE_FLAG(): This parser result function returns true if the current message is a response sent by a DNS server, or false if it is a request sent by a DNS client.
  • DNS_TRUNCATION_FLAG(): This parser result function returns true if the 'truncation' flag is set in the current message, or false if not.
  • ETHER_DST_ADDRESS(): This function returns the ethernet destination address of the current packet.
  • ETHER_DST_ADDRESS_64(): This function returns the ethernet destination address of the current packet in the 48 low-order bits of a uint64.
  • ETHER_PROTOCOL(): This function returns the ethernet protocol (that is, the EtherType) of the current packet, for example, '2048' for IP version 4, or '34,525' for IP version 6.
  • ETHER_SRC_ADDRESS(): This function returns the ethernet source address of the current packet.
  • IPV4_DST_ADDRESS(): This function returns the IP version 4 destination address of the current packet, if it has one, or zero otherwise.
  • IPV4_SRC_ADDRESS(): This function returns the IP version 4 source address of the current packet, if it has one, or zero otherwise.
  • IPV6_DST_ADDRESS(): This function returns the IP version 6 destination address of the current packet, if it has one, or an empty list otherwise.
  • IPV6_SRC_ADDRESS(): This function returns the IP version 6 source address of the current packet, if it has one, or an empty list otherwise.
  • IP_DONT_FRAGMENT(): This function returns the IP "don't fragment" flag of the current packet.
  • IP_FRAGMENT_OFFSET(): This function returns the IP "fragment offset" field of the current packet, multiplied by eight, When a router fragments a packet, it stores the offset from the front of the packet to the front of the fragment, measured in eight-byte steps, in each fragment.
  • IP_IDENTIFIER(): This function returns the IP identifier of the current packet.
  • IP_MORE_FRAGMENTS(): This function returns the IP "more fragments" flag of the current packet.
  • IP_PROTOCOL(): This function returns the IP protocol of the current packet, for example, '6' for TCP, or '17' for UDP, or zero if the ethernet packet does not contain an IP packet.
  • IP_VERSION(): This function returns the IP version of the current packet ('4' for IP version 4, or '6' for IP version 6), if the ethernet packet contains an IP packet, or zero otherwise.
  • PACKET_DATA(): This function returns the network data in the current packet, including all network headers.
  • PACKET_LENGTH(): This function returns the number of bytes of network data in the current packet, including all network headers.
  • PAYLOAD_DATA(): This function returns the payload data in the current packet, excluding all network headers.
  • PAYLOAD_LENGTH(): This function returns the number of bytes of payload data in the current packet, excluding all network headers.
  • RATE_LIMITED(): This function returns false when an amount of time between packets has passed such that the rate is limited to the value given in the rateLimit paramater.
  • UDP_DST_PORT(): This function returns the UDP destination port number of the current packet, if it has one, or zero otherwise.
  • UDP_PORT(uint16): This function returns true if the current packet is a UDP packet and the argument matches its source or destination port, or false otherwise.
  • UDP_SRC_PORT(): This function returns the UDP source port number of the current packet, if it has one, or zero otherwise.
  • VLAN_TAGS(): This function returns a list of 0 to N VLAN tags found in the current packet.
  • bytesProcessed(): This function returns the number of bytes of network data processed by the operator since it started, including the current packet, excluding any packets that were ignored by the input filter, if the inputFilter parameter was specified.
  • bytesReceived(): This function returns the number of bytes received from the network interface since the operator started, as of the most recent metrics interval, if there is one, or zero if not.
  • metricsIntervalBytesProcessed(): This function returns the number of bytes of network data processed by the operator during the most recent metrics interval, excluding any packets that were ignored by the input filter, if the inputFilter parameter was specified.
  • metricsIntervalBytesReceived(): This function returns the number of bytes received from the network interface during the most recent metrics interval, if there is one, or zero if not.
  • metricsIntervalElapsed(): This function returns the duration of the most recent metrics interval, in seconds with a resolution of at least microseconds, if there is one, or zero if not.
  • metricsIntervalMaxQueueDepthSW(): This function returns the software receive queue (if implemented) high water mark from the most recent metrics interval.
  • metricsIntervalPacketsDropped(): This function returns the number of packets dropped by the network interface during the most recent metrics interval, if there is one, or zero if not.
  • metricsIntervalPacketsDroppedSW(): This function returns the number of packets dropped by the software packet receive queue (if implemented) in the most recent metrics interval.
  • metricsIntervalPacketsProcessed(): This function returns the number of network packets processed by the operator during the most recent metrics interval, excluding any packets that were ignored by the input filter, if the inputFilter parameter was specified.
  • metricsIntervalPacketsReceived(): This function returns the number of packets received from the network interface during the most recent metrics interval, if there is one, or zero if not.
  • metricsUpdated(): This function returns true for the first tuple produced after a new metrics interval begins, and returns false for all subsequent tuples produced in the same metrics interval.
  • packetsDropped(): This function returns the number of packets dropped by the network interface since the operator started, as of the most recent metrics interval, if there is one, or zero if not.
  • packetsDroppedSW(): This function returns the total number of packets dropped by the software packet receive queue (if implemented).
  • packetsProcessed(): This function returns the number of network packets processed by the operator since it started, including the current packet, but excluding any packets that were ignored by the input filter, if the inputFilter parameter was specified.
  • packetsReceived(): This function returns the number of packets received from the network interface since the operator started, as of the most recent metrics interval, if there is one, or zero if not.
  • parseError(): This DNS parser result function returns true if an encoding error was detected while decoding the current packet, or false otherwise.
  • parseErrorCode(): This DNS parser result function returns a non-zero integer to indicate that an encoding error was found while decoding the current packet, or zero if no enoding errors were found.
  • parseErrorDescription(): This DNS parser result function returns a description of an encoding error found while decoding the current packet, or an empty string if no enoding errors were found.
  • parseErrorOffset(): This DNS parser result function returns the offset from the beginning of the message to the encoding error found, or zero if no encoding errors were found.