Documentation
¶
Index ¶
Constants ¶
const ( DirectionIngress = uint8(0) DirectionEgress = uint8(1) )
Values according to field 61 in https://www.iana.org/assignments/ipfix/ipfix.xhtml
const IPv6Type = 0x86DD
IPv6Type value as defined in IEEE 802: https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml
const MacLen = 6
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Accounter ¶
type Accounter struct {
// contains filtered or unexported fields
}
Accounter accumulates flows metrics in memory and eventually evicts them via an evictor channel. The accounting process is usually done at kernel-space. This type reimplements it at userspace for the edge case where packets are submitted directly via ring-buffer because the kernel-side accounting map is full.
func NewAccounter ¶
func NewAccounter( maxEntries int, evictTimeout time.Duration, ifaceNamer InterfaceNamer, clock func() time.Time, monoClock func() time.Duration, ) *Accounter
NewAccounter creates a new Accounter. The cache has no limit and it's assumed that eviction is done by the caller.
type HumanBytes ¶
type HumanBytes uint64
type IPAddr ¶ added in v0.1.1
IPAddr encodes v4 and v6 IPs with a fixed length. IPv4 addresses are encoded as IPv6 addresses with prefix ::ffff/96 as described in https://datatracker.ietf.org/doc/html/rfc4038#section-4.2 (same behavior as Go's net.IP type)
func (*IPAddr) IntEncodeV4 ¶ added in v0.1.1
IntEncodeV4 encodes an IPv4 address as an integer (in network encoding, big endian). It assumes that the passed IP is already IPv4. Otherwise it would just encode the last 4 bytes of an IPv6 address
func (*IPAddr) MarshalJSON ¶ added in v0.1.1
type InterfaceNamer ¶ added in v0.2.0
type MacAddr ¶
func (*MacAddr) MarshalJSON ¶
type RawRecord ¶ added in v0.2.0
type RawRecord struct {
RecordKey
RecordMetrics
}
record structure as parsed from eBPF it's important to emphasize that the fields in this structure have to coincide, byte by byte, with the flow_record_t structure in the bpf/flow.h file
type Record ¶
type Record struct {
RawRecord
// TODO: redundant field from RecordMetrics. Reorganize structs
TimeFlowStart time.Time
TimeFlowEnd time.Time
Interface string
}
Record contains accumulated metrics from a flow
func NewRecord ¶ added in v0.2.0
func NewRecord( key RecordKey, metrics RecordMetrics, currentTime time.Time, monotonicCurrentTime uint64, namer InterfaceNamer, ) *Record
type RecordKey ¶ added in v0.2.0
type RecordKey struct {
EthProtocol uint16 `json:"Etype"`
Direction uint8 `json:"FlowDirection"`
DataLink
Network
Transport
IFIndex uint32
}
RecordKey identifies a flow Must coincide byte by byte with kernel-side flow_id_t (bpf/flow.h)
type RecordMetrics ¶ added in v0.2.0
type RecordMetrics struct {
Packets uint32
Bytes uint64
// StartMonoTimeNs and EndMonoTimeNs are the start and end times as system monotonic timestamps
// in nanoseconds, as output from bpf_ktime_get_ns() (kernel space)
// and monotime.Now() (user space)
StartMonoTimeNs uint64
EndMonoTimeNs uint64
}
RecordMetrics provides flows metrics and timing information Must coincide byte by byte with kernel-side flow_metrics_t (bpf/flow.h)
func (*RecordMetrics) Accumulate ¶ added in v0.2.0
func (r *RecordMetrics) Accumulate(src *RecordMetrics)
Source Files