netlink

package
v0.0.0-...-143a17b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package netlink contains the bare minimum needed to partially parse netlink messages.

Package netlink contains the bare minimum needed to partially parse netlink messages.

Index

Constants

View Source 
const (
	RTA_ALIGNTO    = 4
	SizeofNlMsghdr = 0x10
	SizeofNlAttr   = 0x4
	SizeofRtAttr   = 0x4

	EINVAL = syscall.Errno(0x16)
)

TODO - get these from sys/unix or syscall

Variables

View Source 
var (
	ErrNotType20   = errors.New("NetlinkMessage wrong type")
	ErrParseFailed = errors.New("Unable to parse InetDiagMsg")
)

Error types.

Functions

This section is empty.

Types

type ArchivalRecord 

type ArchivalRecord struct {
	// Timestamp should be truncated to 1 millisecond for best compression.
	// Using int64 milliseconds instead reduces compressed size by 0.5 bytes/record, or about 1.5%
	Timestamp time.Time `json:",omitempty"`

	// Storing the RawIDM instead of the parsed InetDiagMsg reduces Marshalling by 2.6 usec, and
	// typical compressed size by 3-4 bytes/record
	RawIDM inetdiag.RawInetDiagMsg `json:",omitempty"` // RawInetDiagMsg within NLMsg
	// Saving just the .Value fields reduces Marshalling by 1.9 usec.
	Attributes [][]byte `json:",omitempty"` // byte slices from RouteAttr.Value, backed by NLMsg

	// Metadata contains connection level metadata.  It is typically included in the very first record
	// in a file.
	Metadata *Metadata `json:",omitempty"`
}

ArchivalRecord is a container for parsed InetDiag messages and attributes.

func LoadAllArchivalRecords 

func LoadAllArchivalRecords(rdr io.Reader) ([]*ArchivalRecord, error)

LoadAllArchivalRecords reads all PMs from a jsonl stream.

func MakeArchivalRecord 

func MakeArchivalRecord(msg *NetlinkMessage, exclude *ExcludeConfig) (*ArchivalRecord, error)

MakeArchivalRecord parses the NetlinkMessage into a ArchivalRecord. If exclude is not nil, MakeArchivalRecord will return nil for any condition matching the exclude config options, e.g. localhost, or source ports. Note that Parse does not populate the Timestamp field, so caller should do so.

func (*ArchivalRecord) Compare 

func (pm *ArchivalRecord) Compare(previous *ArchivalRecord) (ChangeType, error)

Compare compares important fields to determine whether significant updates have occurred. We ignore a bunch of fields:

  • The TCPInfo fields matching last_* are rapidly changing, but don't have much significance. Are they elapsed time fields?
  • The InetDiagMsg.Expires is also rapidly changing in many connections, but also seems unimportant.

Significant updates are reflected in the packet, segment and byte count updates, so we generally want to record a snapshot when any of those change. They are in the latter part of the linux struct, following the pmtu field.

The simplest test that seems to tell us what we care about is to look at all the fields in the TCPInfo struct related to packets, bytes, and segments. In addition to the TCPState and CAState fields, these are probably adequate, but we also check for new or missing attributes and any attribute difference outside of the TCPInfo (INET_DIAG_INFO) attribute.

func (*ArchivalRecord) GetStats 

func (pm *ArchivalRecord) GetStats() (uint64, uint64)

GetStats returns basic stats from the TCPInfo snapshot.

func (*ArchivalRecord) HasDiagInfo 

func (pm *ArchivalRecord) HasDiagInfo() bool

HasDiagInfo returns true if there is a DIAG_INFO message.

func (*ArchivalRecord) SetBytesReceived 

func (pm *ArchivalRecord) SetBytesReceived(value uint64) uint64

SetBytesReceived sets the field for hacking unit tests.

func (*ArchivalRecord) SetBytesSent 

func (pm *ArchivalRecord) SetBytesSent(value uint64) uint64

SetBytesSent sets the field for hacking unit tests.

type ArchiveReader 

type ArchiveReader interface {
	// Next returns the next ArchivalRecord.  Returns nil, EOF if no more records, or other error if there is a problem.
	Next() (*ArchivalRecord, error)
}

ArchiveReader produces ArchivedRecord structs from some source.

func NewArchiveReader 

func NewArchiveReader(rdr io.Reader) ArchiveReader

NewArchiveReader wraps a source of JSONL ArchiveRecords to create ArchiveReader

func NewRawReader 

func NewRawReader(rdr io.Reader) ArchiveReader

NewRawReader wraps an io.Reader to create and ArchiveReader

type ChangeType 

type ChangeType int

ChangeType indicates why a new record is worthwhile saving. 

const (
	NoMajorChange        ChangeType = iota
	IDiagStateChange                // The IDiagState changed
	NoTCPInfo                       // There is no TCPInfo attribute
	NewAttribute                    // There is a new attribute
	LostAttribute                   // There is a dropped attribute
	AttributeLength                 // The length of an attribute changed
	StateOrCounterChange            // One of the early fields in DIAG_INFO changed.
	PacketCountChange               // One of the packet/byte/segment counts (or other late field) changed
	PreviousWasNil                  // The previous message was nil
	Other                           // Some other attribute changed
)

Constants to describe the degree of change between two different ParsedMessages.

type ExcludeConfig 

type ExcludeConfig struct {
	// Local excludes connections from loopback, local unicast, multicast, or unspecified connections.
	Local bool
	// SrcPorts excludes connections from specific source ports.
	SrcPorts map[uint16]bool
	DstIPs   map[[16]byte]bool
}

ExcludeConfig provides options for excluding some measurements from archival messages.

func (*ExcludeConfig) AddDstIP 

func (ex *ExcludeConfig) AddDstIP(dst string) error

AddDstIP adds the given dst IP address to the set of destination IPs to exclude.

func (*ExcludeConfig) AddSrcPort 

func (ex *ExcludeConfig) AddSrcPort(port string) error

AddSrcPort adds the given port to the set of source ports to exclude.

type MessageBlock 

type MessageBlock struct {
	V4Time     time.Time         // Time at which netlink message block was received.
	V4Messages []*NetlinkMessage // Array of raw messages.

	V6Time     time.Time
	V6Messages []*NetlinkMessage
}

MessageBlock contains timestamps and message arrays for v4 and v6 from a single collection cycle.

type Metadata 

type Metadata struct {
	UUID      string
	Sequence  int
	StartTime time.Time
}

Metadata contains the metadata for a particular TCP stream.

type NetlinkMessage 

type NetlinkMessage = syscall.NetlinkMessage

func LoadRawNetlinkMessage 

func LoadRawNetlinkMessage(rdr io.Reader) (*NetlinkMessage, error)

LoadRawNetlinkMessage is a simple utility to read the next NetlinkMessage from a source reader, e.g. from a file of naked binary netlink messages. NOTE: This is a bit fragile if there are any bit errors in the message headers.

type NetlinkRouteAttr 

type NetlinkRouteAttr = syscall.NetlinkRouteAttr

func ParseRouteAttr 

func ParseRouteAttr(b []byte) ([]NetlinkRouteAttr, error)

ParseRouteAttr parses a byte array into slice of NetlinkRouteAttr struct. Derived from "github.com/vishvananda/netlink/nl/nl_linux.go"

type NlMsghdr 

type NlMsghdr = syscall.NlMsghdr

TODO use unix instead.

type RtAttr 

type RtAttr = syscall.RtAttr

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.