Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Packet ¶
type Packet struct {
SrcIP, DstIP string
SrcPort, DstPort string
Network, Transport int // byte counts
}
Packet is an intermediate, decoded form of a packet, with the information that the Scope data model cares about. Designed to decouple the packet data source loop, which should be as fast as possible, and the process of merging the packet information to a report, which may take some time and allocations.
type Sniffer ¶
type Sniffer struct {
// contains filtered or unexported fields
}
Sniffer is a packet-sniffing reporter.
func New ¶
func New(hostID string, localNets report.Networks, src gopacket.ZeroCopyPacketDataSource, on, off time.Duration) *Sniffer
New returns a new sniffing reporter that samples traffic by turning its packet capture facilities on and off. Note that the on and off durations represent a way to bound CPU burn. Effective sample rate needs to be calculated as (packets decoded / packets observed).
func (*Sniffer) Merge ¶
Merge puts the packet into the report.
Note that, for the moment, we encode bidirectional traffic as ingress and egress traffic on a single edge whose src is local and dst is remote. That is, if we see a packet from the remote addr 9.8.7.6 to the local addr 1.2.3.4, we apply it as *ingress* on the edge (1.2.3.4 -> 9.8.7.6).