Packages

  • package root

    This is documentation for Mothra, a collection of Scala and Spark library functions for working with Internet-related data.

    This is documentation for Mothra, a collection of Scala and Spark library functions for working with Internet-related data. Some modules contain APIs of general use to Scala programmers. Some modules make those tools more useful on Spark data-processing systems.

    Please see the documentation for the individual packages for more details on their use.

    Scala Packages

    These packages are useful in Scala code without involving Spark:

    org.cert.netsa.data

    This package, which is collected as the netsa-data library, provides types for working with various kinds of information:

    org.cert.netsa.io.ipfix

    The netsa-io-ipfix library provides tools for reading and writing IETF IPFIX data from various connections and files.

    org.cert.netsa.io.silk

    To read and write CERT NetSA SiLK file formats and configuration files, use the netsa-io-silk library.

    org.cert.netsa.util

    The "junk drawer" of netsa-util so far provides only two features: First, a method for equipping Scala Iterators with exception handling. And second, a way to query the versions of NetSA libraries present in a JVM at runtime.

    Spark Packages

    These packages require the use of Apache Spark:

    org.cert.netsa.mothra.datasources

    Spark datasources for CERT file types. This package contains utility features which add methods to Apache Spark DataFrameReader objects, allowing IPFIX and SiLK flows to be opened using simple spark.read... calls.

    The mothra-datasources library contains both IPFIX and SiLK functionality, while mothra-datasources-ipfix and mothra-datasources-silk contain only what's needed for the named datasource.

    org.cert.netsa.mothra.analysis

    A grab-bag of analysis helper functions and example analyses.

    org.cert.netsa.mothra.functions

    This single Scala object provides Spark SQL functions for working with network data. It is the entirety of the mothra-functions library.

    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package cert
    Definition Classes
    org
  • package netsa
    Definition Classes
    cert
  • package data

    The org.cert.netsa.data.net package is for working with network-related data.

    The org.cert.netsa.data.net package is for working with network-related data. This includes types for IP addresses, port numbers, protocol numbers, and the like. Many of these types have namespaces managed by IANA, and the types provide mechanisms for looking up names from numbers and vice-versa based on embedded copies of IANA's tables.

    In org.cert.netsa.data.time you can find an Ordering for Java LocalDate objects, and a type LocalDateSet for working with sets of those dates.

    Finally, org.cert.netsa.data.unsigned contains types for working with unsigned integer values.

    Definition Classes
    netsa
  • package net

    Data types for working with network data.

    Data types for working with network data. This currently includes IP addresses and CIDR blocks (both v4 and v6), and a variety of ID numbers, many of which are given names by IANA.

    Overview

    IP addresses and CIDR blocks are represented by IPAddress and IPBlock types, like so:

    scala> val addr4 = IPAddress("1.2.3.4")
addr4: org.cert.netsa.data.net.IPAddress = 1.2.3.4

scala> val addr6 = IPAddress("ffef::a:b:c:d:1.2.3.4")
addr6: org.cert.netsa.data.net.IPAddress = ffef:0:a:b:c:d:102:304

scala> val cidr4 = IPBlock("1.2.0.0/16")
cidr4: org.cert.netsa.data.net.IPBlock = 1.2.0.0/16

scala> val cidr6 = IPBlock("feff::/16")
cidr6: org.cert.netsa.data.net.IPBlock = feff:0:0:0:0:0:0:0/16

scala> val a = cidr4.contains(addr4)
a: Boolean = true

scala> val b = cidr6.contains(addr6)
b: Boolean = false

scala> val c = cidr4.overlaps(cidr6)
c: Boolean = false

scala> val d = cidr4.overlaps(IPBlock("1.0.0.0/8"))
d: Boolean = true

    Types like Port and Protocol are used for IANA-registered service port numbers and information about those service mappings:

    scala> val port1 = Port(80)
port1: org.cert.netsa.data.net.Port = Port(80)

scala> val port2 = Port("https")
port2: org.cert.netsa.data.net.Port = Port(443)

scala> val port3 = Port(65535)
port3: org.cert.netsa.data.net.Port = Port(65535)

scala> for ( p <- Seq(port1, port2, port3) )
     |   println(f"${p.toString}%15s ${p.toShort}%6d ${p.serviceName}%15s")
       Port(80)     80      Some(http)
      Port(443)    443     Some(https)
    Port(65535)     -1            None

    In general, these types use the smallest available (signed) integer type as their bitwise representation. They provide a mechanism for getting the name given by IANA ("serviceName" for port numbers). Some also provide constants for easy access to the most common values:

    scala> Protocol.TCP
res0: org.cert.netsa.data.net.Protocol = Protocol(6)

    Others have additional methods to provide appropraite facilities for breaking the values down further, or provide nothing more than what is required to distinguish these IDs from integers.

    See the individual types in this package for more details.

    Definition Classes
    data
  • ApplicationLabel
  • DNSResourceRecordType
  • EmailAddress
  • ICMPCode
  • ICMPType
  • ICMPTypeCode
  • IPAddress
  • IPBlock
  • IPv4Address
  • IPv4Block
  • IPv6Address
  • IPv6Block
  • Port
  • Protocol
  • SNMPInterface
  • TCPFlags
  • TLSCipherSuite
  • YAFSSLObjectType

case class IPv4Block(address: IPv4Address, prefixLength: Int) extends IPBlock with Product with Serializable

Represents an IPv4 block.

address

an address contained in the block

prefixLength

the number of the address's bits that are significant (0 <= prefixLength <= 32)

Linear Supertypes
Serializable, Product, Equals, IPBlock, Ordered[IPBlock], Comparable[IPBlock], AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. IPv4Block
  2. Serializable
  3. Product
  4. Equals
  5. IPBlock
  6. Ordered
  7. Comparable
  8. AnyRef
  9. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new IPv4Block(address: IPv4Address, prefixLength: Int)

    An IPv4Block containing address with a prefixLength bit prefix.

    An IPv4Block containing address with a prefixLength bit prefix.

    address

    an address contained in the block

    prefixLength

    the number of the address's bits that are significant (0 <= prefixLength <= 32)

Value Members

  1. def <(that: IPBlock): Boolean
    Definition Classes
    Ordered
  2. def <=(that: IPBlock): Boolean
    Definition Classes
    Ordered
  3. def >(that: IPBlock): Boolean
    Definition Classes
    Ordered
  4. def >=(that: IPBlock): Boolean
    Definition Classes
    Ordered
  5. val address: IPv4Address
  6. def canEqual(that: Any): Boolean
    Definition Classes
    IPv4Block → Equals
  7. def compare(that: IPBlock): Int
    Definition Classes
    IPv4Block → Ordered
  8. def compare(that: IPv4Block): Int
  9. def compareTo(that: IPBlock): Int
    Definition Classes
    Ordered → Comparable
  10. def contains(a: IPAddress): Boolean

    True if a is contained within this block.

    True if a is contained within this block.

    Definition Classes
    IPv4BlockIPBlock
  11. def contains(a: IPv4Address): Boolean
  12. def equals(other: Any): Boolean
    Definition Classes
    IPv4Block → Equals → AnyRef → Any
  13. def hashCode(): Int
    Definition Classes
    IPv4Block → AnyRef → Any
  14. val max: IPv4Address

    The maximum address contained in the block.

    The maximum address contained in the block.

    Definition Classes
    IPv4BlockIPBlock
  15. val min: IPv4Address

    The minimum address contained in the block.

    The minimum address contained in the block.

    Definition Classes
    IPv4BlockIPBlock
  16. def overlaps(that: IPBlock): Boolean

    True if that overlaps this block.

    True if that overlaps this block.

    Definition Classes
    IPv4BlockIPBlock
  17. def overlaps(that: IPv4Block): Boolean
  18. val prefixLength: Int

    The prefix length of the block, in bits.

    The prefix length of the block, in bits.

    Definition Classes
    IPv4BlockIPBlock
  19. def productElementNames: Iterator[String]
    Definition Classes
    Product
  20. def toString(): String
    Definition Classes
    IPBlock → AnyRef → Any