Documentation
¶
Index ¶
- Constants
- Variables
- func DayTimestamp(timestamp int64) int64
- func HasDNSAttributes(attributes []Attribute) bool
- func IPStringToBytes(ip string) ([]byte, error)
- func InitDBLog() error
- func LockDBSummary(dbpath string) (acquired bool, err error)
- func ModifyDBSummary(dbpath string, timeout time.Duration, ...) (modErr error)
- func ParseTimeArgument(timeString string) (int64, error)
- func SanitizeUserInput(conditional string) (string, error)
- func TokenizeConditional(condExpression string) ([]string, error)
- func UnlockDBSummary(dbpath string) (err error)
- func WriteDBSummary(dbpath string, summ *DBSummary) error
- func WriteMetadata(path string, meta *Metadata) error
- type AggFlowMap
- type Attribute
- type BlockMetadata
- type BytesRecStringParser
- type BytesSentStringParser
- type DBData
- type DBLog
- type DBSummary
- type DBWorkManager
- func (w *DBWorkManager) CreateWorkerJobs(tfirst int64, tlast int64, query *Query) (nonempty bool, err error)
- func (w *DBWorkManager) ExecuteWorkerReadJobs(mapChan chan map[ExtraKey]Val)
- func (w *DBWorkManager) GetCoveredTimeInterval() (time.Time, time.Time)
- func (w *DBWorkManager) GetNumWorkers() int
- type DBWorkload
- type DBWriter
- type DipAttribute
- type DipStringParser
- type DportAttribute
- type DportStringParser
- type ExtraKey
- type GPFile
- func (f *GPFile) BlocksUsed() (int, error)
- func (f *GPFile) Close() error
- func (f *GPFile) GetBlocks() []int64
- func (f *GPFile) GetTimestamps() []int64
- func (f *GPFile) ReadBlock(block int) ([]byte, error)
- func (f *GPFile) ReadTimedBlock(timestamp int64) ([]byte, error)
- func (f *GPFile) WriteTimedBlock(timestamp int64, data []byte, comp int) error
- type GPFiler
- type IfaceStringParser
- type InterfaceSummary
- type InterfaceSummaryUpdate
- type Key
- type Metadata
- type NOPStringParser
- type Node
- type PacketsRecStringParser
- type PacketsSentStringParser
- type ProtoAttribute
- type ProtoStringParser
- type Query
- type SipAttribute
- type SipStringParser
- type StringKeyParser
- type StringValParser
- type SyslogDBWriter
- type TimeStringParser
- type Val
Constants ¶
const ( EPOCH_DAY int64 = 86400 // one day in seconds DB_WRITE_INTERVAL int64 = 300 // write out interval of capture probe )
const ( BUF_SIZE = 4096 // 512 * 64bit N_ELEM = BUF_SIZE / 8 // 512 )
const ( // First the attribute columns... SIP_COLIDX, _ columnIndex = iota, iota DIP_COLIDX, _ PROTO_COLIDX, _ DPORT_COLIDX, _ // ... and then the columns we aggregate BYTESRCVD_COLIDX, COLIDX_ATTRIBUTE_COUNT BYTESSENT_COLIDX, _ PKTSRCVD_COLIDX, _ PKTSSENT_COLIDX, _ COLIDX_COUNT, _ )
Indizes for all column types
const ( SIP_SIZEOF int = 16 DIP_SIZEOF int = 16 PROTO_SIZEOF int = 1 DPORT_SIZEOF int = 2 BYTESRCVD_SIZEOF int = 8 BYTESSENT_SIZEOF int = 8 PKTSRCVD_SIZEOF int = 8 PKTSSENT_SIZEOF int = 8 )
Sizeof (entry) for all column types
const ( SUMMARY_FILE_NAME = "summary.json" SUMMARY_LOCK_FILE_NAME = "summary.lock" )
const ( // Used for compression applied by GPFile. COMPRESSION_LEVEL = 512 METADATA_FILE_NAME = "meta.json" )
const SLOG_ADDR = "127.0.0.1"
const SLOG_PORT = "514"
const (
SOCKET_PATH = "/var/run/goprobe.sock"
)
Variables ¶
var SysLog *syslog.Writer
var TimeFormats []string = []string{ time.ANSIC, time.RubyDate, time.RFC822Z, time.RFC1123Z, time.RFC3339, "2006-01-02 15:04:05 -0700", "2006-01-02 15:04:05", "2006-01-02 15:04 -0700", "2006-01-02 15:04", "02.01.2006 15:04", "02.01.2006 15:04 -0700", "02.01.06 15:04", "02.01.06 15:04 -0700", "2.1.06 15:04:05", "2.1.06 15:04:05 -0700", "2.1.06 15:04", "2.1.06 15:04 -0700", "2.1.2006 15:04:05", "2.1.2006 15:04:05 -0700", "2.1.2006 15:04", "2.1.2006 15:04 -0700", "02.1.2006 15:04:05", "02.1.2006 15:04:05 -0700", "02.1.2006 15:04", "02.1.2006 15:04 -0700", "2.01.2006 15:04:05", "2.01.2006 15:04:05 -0700", "2.01.2006 15:04", "2.01.2006 15:04 -0700", "02.1.06 15:04:05", "02.1.06 15:04:05 -0700", "02.1.06 15:04", "02.1.06 15:04 -0700", "2.01.06 15:04:05", "2.01.06 15:04:05 -0700", "2.01.06 15:04", "2.01.06 15:04 -0700"}
Utility variables and functions for time parsing -----------------------------
Functions ¶
func DayTimestamp ¶
DayTimestamp returns timestamp rounded down to the nearest day
func HasDNSAttributes ¶
Find out if any of the attributes are usable for a reverse DNS lookup (e.g. check for IP attributes)
func IPStringToBytes ¶
Condition conversion utility functions ------------------------------------------------
func LockDBSummary ¶
LockDBSummary tries to acquire a lockfile for the database summary. Its return values indicate whether it successfully acquired the lock and whether a file system error occurred.
func ModifyDBSummary ¶
func ModifyDBSummary(dbpath string, timeout time.Duration, modify func(*DBSummary) (*DBSummary, error)) (modErr error)
Safely modifies the database summary when there are multiple processes accessing it.
If no lock can be acquired after (roughly) timeout time, returns an error.
modify is expected to obey the following contract:
- The input summary is nil if no summary file is present.
- modify returns the summary to be written (must be non-nil) and an error.
- Since the summary is locked while modify is running, modify shouldn't take longer than roughly half a second.
func ParseTimeArgument ¶
Entry point for external calls -------------------------------------------------
func SanitizeUserInput ¶
SanitizeUserInput sanitizes a conditional string provided by the user. Its main purpose is to convert other forms of precedence and logical operators to the condition grammar used. For example, some people may prefer a more verbose forms such as "dport=443 or dport=8080" or exotic forms such as "{dport=443 || dport=8080}". These should be caught and converted to the grammar-conforming expression "(dport=443|dport=8080)"
Input:
conditional: string containing the conditional specified in "user grammar"
Output:
string: conditional string in the condition grammar. Note that this may still
include syntactical errors or malspecified conditions. These will be caught
at a latter stage
error: any error from golang's regex module
NOTE: the current implementation of GPDPIProtocols.go has to make sure that the map keys
of "proto" to numbers are all lower case
func TokenizeConditional ¶
TokenizeConditional tokenizes the given conditional. Note that the tokenization is "loose": All valid conditionals will be correctly tokenized, but there are invalid conditionals that will also be tokenized. Its the parser's job to catch those. Whitespace in conditionals is only useful for tokenization and not needed afterwards. TokenizeConditional doesn't emit any whitespace tokens.
Limitations: Only ASCII is supported. May give strange results on fancy Unicode strings.
func UnlockDBSummary ¶
LockDBSummary removes the lockfile for the database summary. Its return values indicates whether a file system error occurred.
func WriteDBSummary ¶
Writes a new summary for the given database. If multiple processes might be operating on the summary simultaneously, you should lock it first.
func WriteMetadata ¶
Types ¶
type AggFlowMap ¶
type Attribute ¶
type Attribute interface {
Name() string
// Some attributes use more than a single output column.
ExtraColumns() []string
// ExtractStrings() extracts a list of records representing the
// attribute from a given key.
// You may assume that the length of the returned list is always
// the length of ExtraColumns() + 1.
ExtractStrings(key *ExtraKey) []string
// contains filtered or unexported methods
}
Interface for attributes This interface is not meant to be implemented by structs outside this package
func NewAttribute ¶
Returns an Attribute for the given name. If no such attribute exists, an error is returned.
func ParseQueryType ¶
func ParseQueryType(queryType string) (attributes []Attribute, hasAttrTime, hasAttrIface bool, err error)
Parses the given query type into a list of attributes. The returned list is guaranteed to have no duplicates. A valid query type can either be a comma-separated list of attribute names (e.g. "sip,dip,dport") or something like "talk_conv". The return variable hasAttrTime indicates whether the special time attribute is present. (time is never a part of the returned attribute list.) The time attribute is present for the query type 'raw', or if it is explicitly mentioned in a list of attribute names.
type BlockMetadata ¶
type BlockMetadata struct {
Timestamp int64 `json:"timestamp"`
PcapPacketsReceived int `json:"pcap_packets_received"`
PcapPacketsDropped int `json:"pcap_packets_dropped"`
PcapPacketsIfDropped int `json:"pcap_packets_if_dropped"`
PacketsLogged int `json:"packets_logged"`
// As in Summary
FlowCount uint64 `json:"flowcount"`
Traffic uint64 `json:"traffic"`
}
Represents metadata for one database block.
type BytesSentStringParser ¶
type BytesSentStringParser struct{}
type DBData ¶
type DBSummary ¶
type DBSummary struct {
Interfaces map[string]InterfaceSummary `json:"interfaces"`
}
Summary for an entire database
func NewDBSummary ¶
func NewDBSummary() *DBSummary
func ReadDBSummary ¶
Reads the summary of the given database. If multiple processes might be operating on the summary simultaneously, you should lock it first.
func (*DBSummary) Update ¶
func (s *DBSummary) Update(u InterfaceSummaryUpdate)
type DBWorkManager ¶
type DBWorkManager struct {
// contains filtered or unexported fields
}
func NewDBWorkManager ¶
func NewDBWorkManager(dbpath string, iface string, numProcessingUnits int) (*DBWorkManager, error)
func (*DBWorkManager) CreateWorkerJobs ¶
func (*DBWorkManager) ExecuteWorkerReadJobs ¶
func (w *DBWorkManager) ExecuteWorkerReadJobs(mapChan chan map[ExtraKey]Val)
Spawning of processing units and pushing of workload onto factory channel -----------
func (*DBWorkManager) GetCoveredTimeInterval ¶
func (w *DBWorkManager) GetCoveredTimeInterval() (time.Time, time.Time)
used to determine the time span actually covered by the query
func (*DBWorkManager) GetNumWorkers ¶
func (w *DBWorkManager) GetNumWorkers() int
make number of workloads available to the outside world for loop bounds etc.
type DBWorkload ¶
type DBWorkload struct {
// contains filtered or unexported fields
}
type DBWriter ¶
type DBWriter struct {
// contains filtered or unexported fields
}
func NewDBWriter ¶
func (*DBWriter) Write ¶
func (w *DBWriter) Write(flowmap AggFlowMap, meta BlockMetadata, timestamp int64) (InterfaceSummaryUpdate, error)
type DipAttribute ¶
type DipAttribute struct{}
func (DipAttribute) ExtraColumns ¶
func (_ DipAttribute) ExtraColumns() []string
func (DipAttribute) ExtractStrings ¶
func (_ DipAttribute) ExtractStrings(key *ExtraKey) []string
func (DipAttribute) Name ¶
func (_ DipAttribute) Name() string
type DipStringParser ¶
type DipStringParser struct{}
type DportAttribute ¶
type DportAttribute struct{}
func (DportAttribute) ExtraColumns ¶
func (_ DportAttribute) ExtraColumns() []string
func (DportAttribute) ExtractStrings ¶
func (_ DportAttribute) ExtractStrings(key *ExtraKey) []string
func (DportAttribute) Name ¶
func (_ DportAttribute) Name() string
type DportStringParser ¶
type DportStringParser struct{}
type GPFile ¶
type GPFile struct {
// contains filtered or unexported fields
}
func (*GPFile) BlocksUsed ¶
func (*GPFile) GetTimestamps ¶
type IfaceStringParser ¶
type IfaceStringParser struct{}
type InterfaceSummary ¶
type InterfaceSummary struct {
// Number of flows
FlowCount uint64 `json:"flowcount"`
// Total traffic volume in byte
Traffic uint64 `json:"traffic"`
Begin int64 `json:"begin"`
End int64 `json:"end"`
}
Summary for a single interface
type InterfaceSummaryUpdate ¶
type Metadata ¶
type Metadata struct {
Blocks []BlockMetadata `json:"blocks"`
}
Metadata for a collection of database blocks. By convention all blocks belong the same day.
func NewMetadata ¶
func NewMetadata() *Metadata
func ReadMetadata ¶
Reads the given metadata file.
func TryReadMetadata ¶
Tries to read the given metadata file. If an error occurs, a fresh Metadata struct is returned.
type NOPStringParser ¶
type NOPStringParser struct{}
type Node ¶
An AST node for the conditional grammar This interface is not meant to be implemented by structs outside of this package.
type PacketsRecStringParser ¶
type PacketsRecStringParser struct{}
type PacketsSentStringParser ¶
type PacketsSentStringParser struct{}
type ProtoAttribute ¶
type ProtoAttribute struct{}
func (ProtoAttribute) ExtraColumns ¶
func (_ ProtoAttribute) ExtraColumns() []string
func (ProtoAttribute) ExtractStrings ¶
func (_ ProtoAttribute) ExtractStrings(key *ExtraKey) []string
func (ProtoAttribute) Name ¶
func (_ ProtoAttribute) Name() string
type ProtoStringParser ¶
type ProtoStringParser struct{}
type Query ¶
type SipAttribute ¶
type SipAttribute struct{}
func (SipAttribute) ExtraColumns ¶
func (_ SipAttribute) ExtraColumns() []string
func (SipAttribute) ExtractStrings ¶
func (_ SipAttribute) ExtractStrings(key *ExtraKey) []string
func (SipAttribute) Name ¶
func (_ SipAttribute) Name() string
type StringKeyParser ¶
func NewStringKeyParser ¶
func NewStringKeyParser(kind string) StringKeyParser
type StringValParser ¶
func NewStringValParser ¶
func NewStringValParser(kind string) StringValParser
type SyslogDBWriter ¶
type SyslogDBWriter struct {
// contains filtered or unexported fields
}
func NewSyslogDBWriter ¶
func NewSyslogDBWriter() (*SyslogDBWriter, error)
func (*SyslogDBWriter) Write ¶
func (s *SyslogDBWriter) Write(flowmap AggFlowMap, iface string, timestamp int64)
Source Files
¶
- Attribute.go
- Conditional.go
- DBLog.go
- DBTime.go
- DBWorkManager.go
- DesugarConditional.go
- GPFile.go
- GPGeneralDefs.go
- InstrumentConditional.go
- ParseConditional.go
- Query.go
- ResolveConditional.go
- StringParser.go
- Summary.go
- SyslogConsts_public.go
- SyslogDBWriter.go
- TokenizeConditional.go
- db_writer.go
- keyval.go
- liblz4_linux.go
- metadata.go
Directories