akinet

package
v0.0.0-...-0af65b8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 15 Imported by: 16

README

Akita network library.

Contains interfaces and custom parsers used by the Akita broker to parse packets on the fly.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Tee 

func Tee(in <-chan ParsedNetworkTraffic) (<-chan ParsedNetworkTraffic, <-chan ParsedNetworkTraffic)

Types

type AcceptDecision 

type AcceptDecision int
const (
	Reject AcceptDecision = iota
	Accept
	NeedMoreData
)

func (AcceptDecision) String 

func (d AcceptDecision) String() string

type AkitaPineapple 

type AkitaPineapple string

For testing only.

func (AkitaPineapple) ReleaseBuffers 

func (AkitaPineapple) ReleaseBuffers()

type AkitaPrince 

type AkitaPrince string

For testing only.

func (AkitaPrince) ReleaseBuffers 

func (AkitaPrince) ReleaseBuffers()

type DroppedBytes 

type DroppedBytes int64

func (DroppedBytes) ReleaseBuffers 

func (DroppedBytes) ReleaseBuffers()

func (DroppedBytes) String 

func (db DroppedBytes) String() string

type HTTP2ConnectionPreface 

type HTTP2ConnectionPreface struct {
}

Represents an observed HTTP/2 connection preface; no data from it is stored.

func (HTTP2ConnectionPreface) ReleaseBuffers 

func (HTTP2ConnectionPreface) ReleaseBuffers()

type HTTPRequest 

type HTTPRequest struct {
	// StreamID and Seq uniquely identify a pair of request and response.
	StreamID uuid.UUID
	Seq      int

	Method           string
	ProtoMajor       int // e.g. 1 in HTTP/1.0
	ProtoMinor       int // e.g. 0 in HTTP/1.0
	URL              *url.URL
	Host             string
	Header           http.Header
	Body             memview.MemView
	BodyDecompressed bool // true if the body is already decompressed
	Cookies          []*http.Cookie
	// contains filtered or unexported fields
}

func FromStdRequest 

func FromStdRequest(streamID uuid.UUID, seq int, src *http.Request, body buffer_pool.Buffer) HTTPRequest

func (HTTPRequest) GetStreamKey 

func (r HTTPRequest) GetStreamKey() string

Returns a string key that associates this request with its corresponding response.

func (HTTPRequest) ReleaseBuffers 

func (r HTTPRequest) ReleaseBuffers()

func (HTTPRequest) ToStdRequest 

func (r HTTPRequest) ToStdRequest() *http.Request

type HTTPResponse 

type HTTPResponse struct {
	// StreamID and Seq uniquely identify a pair of request and response.
	StreamID uuid.UUID
	Seq      int

	StatusCode       int
	ProtoMajor       int // e.g. 1 in HTTP/1.0
	ProtoMinor       int // e.g. 0 in HTTP/1.0
	Header           http.Header
	Body             memview.MemView
	BodyDecompressed bool // true if the body is already decompressed
	Cookies          []*http.Cookie
	// contains filtered or unexported fields
}

func FromStdResponse 

func FromStdResponse(streamID uuid.UUID, seq int, src *http.Response, body buffer_pool.Buffer) HTTPResponse

func (HTTPResponse) GetStreamKey 

func (r HTTPResponse) GetStreamKey() string

Returns a string key that associates this response with its corresponding request.

func (HTTPResponse) ReleaseBuffers 

func (r HTTPResponse) ReleaseBuffers()

func (HTTPResponse) ToStdResponse 

func (r HTTPResponse) ToStdResponse() *http.Response

type ParsedNetworkContent 

type ParsedNetworkContent interface {

	// Releases back to their buffer pools the storage for any buffers held in
	// this ParsedNetworkContent. Must be called before this ParsedNetworkContent
	// becomes garbage.
	ReleaseBuffers()
	// contains filtered or unexported methods
}

Interface implemented by all types of data that can be parsed from the network.

type ParsedNetworkTraffic 

type ParsedNetworkTraffic struct {
	SrcIP     net.IP
	SrcPort   int
	DstIP     net.IP
	DstPort   int
	Content   ParsedNetworkContent
	Interface string

	// The time at which the first packet was observed
	ObservationTime time.Time

	// The time at which the final packet arrived, for
	// multi-packet content.  Equal to ObservationTime
	// for single packets.
	FinalPacketTime time.Time
}

Represents a generic network traffic that has been parsed from the wire.

type QUICHandshakeMetadata 

type QUICHandshakeMetadata struct {
}

Represents an observed QUIC handshake (initial packet). Currently empty because we're only interested in the presence of QUIC traffic, not its payload.

func (QUICHandshakeMetadata) ReleaseBuffers 

func (QUICHandshakeMetadata) ReleaseBuffers()

type TCPBidiID 

type TCPBidiID uuid.UUID

An ID that uniquely identifies a pair of uni-directional flows in a TCP stream. We use UUID instead of a hash of the ip/port tuple (src IP, dst IP, src port, dst port) because we want to uniquely identify the pair as a specific interaction between 2 hosts at a particular time, whereas IPs and ports may be reused, particularly in test setup.

type TCPConnectionEndState 

type TCPConnectionEndState string

Indicates whether a TCP connection was closed, and if so, how. 

const (
	// Neither the FIN nor RST flag was seen.
	ConnectionOpen TCPConnectionEndState = "OPEN"

	// The FIN flag was seen, but not the RST flag.
	ConnectionClosed TCPConnectionEndState = "CLOSED"

	// The RST flag was seen.
	ConnectionReset TCPConnectionEndState = "RESET"
)

type TCPConnectionInitiator 

type TCPConnectionInitiator int

Identifies which of the two endpoints of a connection initiated that connection. 

const (
	UnknownTCPConnectionInitiator TCPConnectionInitiator = iota

	// Indicates that the "source" endpoint initiated the connection.
	SourceInitiator

	// Indicates that the "destination" endpoint initiated the connection.
	DestInitiator
)

type TCPConnectionMetadata 

type TCPConnectionMetadata struct {
	// Uniquely identifies a TCP connection.
	ConnectionID akid.ConnectionID

	// Identifies which side of the connection was the connection initiator.
	Initiator TCPConnectionInitiator

	// Whether and how the connection was closed.
	EndState TCPConnectionEndState
}

Represents metadata from an observed TCP connection.

func (TCPConnectionMetadata) ReleaseBuffers 

func (TCPConnectionMetadata) ReleaseBuffers()

type TCPPacketMetadata 

type TCPPacketMetadata struct {
	// Uniquely identifies a TCP connection.
	ConnectionID akid.ConnectionID

	// Whether the SYN flag was set in the observed packet.
	SYN bool

	// Whether the ACK flag was set in the observed packet.
	ACK bool

	// Whether the FIN flag was set in the observed packet.
	FIN bool

	// Whether the RST flag was set in the observed packet.
	RST bool

	// The size of the TCP payload.
	PayloadLength_bytes int
}

Represents metadata from an observed TCP packet.

func (TCPPacketMetadata) ReleaseBuffers 

func (TCPPacketMetadata) ReleaseBuffers()

type TCPParser 

type TCPParser interface {
	Name() string

	// Caller should repeatedly supply data from the TCP flow until a non-nil
	// result or an error is returned.
	//
	// The result will be non-nil when parsing is successfully completed, and
	// unused will contain the portion of all the input ever supplied that was not
	// used to generate the result (e.g. trailing bytes after an HTTP response
	// body). Additionally, totalBytesConsumed will report the number of bytes in
	// the TCP stream that were used to produce the parsed result.
	//
	// An error will be returned when parsing fails. In this case, unused will be
	// empty, and totalBytesConsumed will report the total number of bytes ever
	// supplied to the parser.
	//
	// If no more data is forthcoming, the caller should specify isEnd=true to let
	// the parser know. In this case, the parser implementation must return a
	// non-nil result or an error.
	Parse(input memview.MemView, isEnd bool) (result ParsedNetworkContent, unused memview.MemView, totalBytesConsumed int64, err error)
}

TCPParser converts a TCP flow into ParsedNetworkContent. It is meant to be SINGLE USE, meaning that a new parser instance should be used as soon as the current instance generates a result, even if the flow has more data available. For example, if we have a flow carrying 5 HTTP responses due to TCP connection re-use, we need to create 5 instances of TCPParser to parse the flow. This allows us to simplify implementations while leaving room for future support of flows that carry multiple types of protocols (e.g. websocket upgrade from HTTP/1.1).

type TCPParserFactory 

type TCPParserFactory interface {
	Name() string

	// The caller passes a slice from the current position of the TCP flow to
	// check whether this TCP flow can be parsed by this parser.
	// If this function returns NeedMoreData, the caller should supply new data by
	// appending them to the old data and send the combined result to the Accepts
	// function again (after accounting for discardFront).
	// Implementations must return a non-negative integer for discardFront. It
	// indicates to the caller that those bytes at the start of input are not
	// useful and MUST be discarded before using the parser generated by this
	// factory in the case of ACCEPT. If the implementation returns REJECT,
	// discardFront should be the the length of input.
	//
	// If no more data is forthcoming, the caller should specify isEnd=true to let
	// the factory know. In this case, the factory implementation must return
	// either ACCEPT or REJECT.
	Accepts(input memview.MemView, isEnd bool) (decision AcceptDecision, discardFront int64)

	// Creates a new TCPParser, supplying the bidirectional ID and the TCP seq/ack
	// numbers found on the FIRST packet in the TCP flow that this parser will
	// parse. This information helps to pair up parsed results generated by
	// separate parsers operating on the two TCP flows in a TCP stream (e.g.
	// pairing up HTTP request and response on the same connection).
	CreateParser(id TCPBidiID, initialSeq, initialAck reassembly.Sequence) TCPParser
}

TCPParserFactory is responsible for creating TCPParsers and deciding whether a TCP flow can be parsed with the parser type created by this factory. Implementations must be be thread-safe.

type TCPParserFactorySelector 

type TCPParserFactorySelector []TCPParserFactory

TCPParserSelector helps to select a TCPParserFactory from a list of factories.

func (TCPParserFactorySelector) Select 

func (s TCPParserFactorySelector) Select(input memview.MemView, isEnd bool) (f TCPParserFactory, decision AcceptDecision, discardFront int64)

SelectFactory selects a TCPParserFactory that suitable for input. The possible set of return values:

  • f=nil, decision=Reject, discardFront=len(input)
  • no factory is suitable
  • f=nil, decision=NeedMoreData, discardFront>=0
  • no factory returned Accept
  • at least one factory requested more data
  • discardFront is the MIN of all the discardFronts returned by factories requesting more data
  • f!=nil, decision=Accept, discardFront>=0
  • a factory has been selected
  • caller must discard discardFront number of bytes from input before feeding input to the parser generated by the factory.

type TLSClientHello 

type TLSClientHello struct {
	// Identifies the TCP connection to which this message belongs.
	ConnectionID akid.ConnectionID

	// The DNS hostname extracted from the SNI extension, if any.
	Hostname *string

	// The list of protocols supported by the client, as seen in the ALPN
	// extension.
	SupportedProtocols []string
}

Represents metadata from an observed TLS 1.2 or 1.3 Client Hello message.

func (TLSClientHello) ReleaseBuffers 

func (TLSClientHello) ReleaseBuffers()

type TLSHandshakeMetadata 

type TLSHandshakeMetadata struct {
	// Uniquely identifies the underlying TCP connection.
	ConnectionID akid.ConnectionID

	// The inferred TLS version. Only populated if the Server Hello was seen.
	Version *TLSVersion

	// The DNS hostname extracted from the client's SNI extension, if any.
	SNIHostname *string

	// The list of protocols supported by the client, as seen in the ALPN
	// extension.
	SupportedProtocols []string

	// The selected application-layer protocol, as seen in the server's ALPN
	// extension, if any.
	SelectedProtocol *string

	// The SANs seen in the server's certificate. The server's certificate is
	// encrypted in TLS 1.3, so this is only populated for TLS 1.2 connections.
	SubjectAlternativeNames []string
	// contains filtered or unexported fields
}

Metadata from an observed TLS handshake.

func (*TLSHandshakeMetadata) AddClientHello 

func (tls *TLSHandshakeMetadata) AddClientHello(hello *TLSClientHello) error

func (*TLSHandshakeMetadata) AddServerHello 

func (tls *TLSHandshakeMetadata) AddServerHello(hello *TLSServerHello) error

func (*TLSHandshakeMetadata) ApplicationLatencyMeasurable 

func (tls *TLSHandshakeMetadata) ApplicationLatencyMeasurable() bool

Determines whether the response latency in the application layer can be measured.

func (*TLSHandshakeMetadata) HandshakeComplete 

func (tls *TLSHandshakeMetadata) HandshakeComplete() bool

func (TLSHandshakeMetadata) ReleaseBuffers 

func (TLSHandshakeMetadata) ReleaseBuffers()

type TLSServerHello 

type TLSServerHello struct {
	// Identifies the TCP connection to which this message belongs.
	ConnectionID akid.ConnectionID

	// The inferred TLS version.
	Version TLSVersion

	// The selected application-layer protocol, as seen in the ALPN extension, if
	// any.
	SelectedProtocol *string

	// The DNS host names appearing in the SAN extensions of the server's
	// certificate, if observed. The server's certificate is encrypted in TLS 1.3,
	// so this is only populated for TLS 1.2 connections.
	DNSNames []string
}

Represents metadata from an observed TLS 1.2 or 1.3 Server Hello message.

func (TLSServerHello) ReleaseBuffers 

func (TLSServerHello) ReleaseBuffers()

type TLSVersion 

type TLSVersion string
const (
	TLS_v1_2 TLSVersion = "1.2"
	TLS_v1_3 TLSVersion = "1.3"
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.