flow

package
v0.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2017 License: Apache-2.0 Imports: 27 Imported by: 74

Documentation

Index

Constants

View Source 
const (
	// DefaultCaptureLength : default packet capture length
	DefaultCaptureLength uint32 = 256
	// MaxCaptureLength : maximum capture length accepted
	MaxCaptureLength uint32 = 4096
	// MaxRawPacketLimit : maximum raw packet captured, limitation could be removed once flow over tcp
	MaxRawPacketLimit uint32 = 10
	// DefaultFlowProtobufSize : the default protobuf size without any raw packet for a flow
	DefaultProtobufFlowSize = 500
)
View Source 
const (
	Namespace = "Flow"
)

Namespace "Flow"

Variables

View Source 
var ErrFlowProtocol = errors.New("FlowProtocol invalid")

ErrFlowProtocol invalid protocol error

View Source 
var LayerTypeInGRE = gopacket.RegisterLayerType(55555, gopacket.LayerTypeMetadata{Name: "LayerTypeInGRE", Decoder: gopacket.DecodeFunc(decodeInGRELayer)})

LayerTypeInGRE creates a layer type, should be unique and high, so it doesn't conflict, giving it a name and a decoder to use.

Functions

func BPFFilterToRaw added in v0.10.0 

func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)

BPFFilterToRaw creates a raw binary filter from a BPF expression

func HashFromValues added in v0.4.0 

func HashFromValues(ab interface{}, ba interface{}) []byte

HashFromValues calculates a unique symetric flow layer hash

func LayerPathFromGoPacket added in v0.15.0 

func LayerPathFromGoPacket(packet *gopacket.Packet) string

LayerPathFromGoPacket returns path of all the layers separated by a slash.

func NewFilterForFlowSet added in v0.10.0 

func NewFilterForFlowSet(flowset *FlowSet) *filters.Filter

NewFilterForFlowSet creates a new filter based on a set of flows

func NewFilterForNodeTIDs added in v0.10.0 

func NewFilterForNodeTIDs(uuids []string) *filters.Filter

NewFilterForNodeTIDs creates a new filter based on flow NodeTID, ANodeTID, BNodeTID

func NewFilterForNodes added in v0.5.0 

func NewFilterForNodes(nodes []*graph.Node) *filters.Filter

NewFilterForNodes creates a new filter based on graph nodes

Types

type BPF added in v0.10.0 

type BPF struct {
	// contains filtered or unexported fields
}

BPF describes a filter

func NewBPF added in v0.10.0 

func NewBPF(linkType layers.LinkType, captureLength uint32, filter string) (*BPF, error)

NewBPF creates a new BPF filter

func (*BPF) Matches added in v0.10.0 

func (b *BPF) Matches(data []byte) bool

Matches returns true data match the filter

type Enhancer added in v0.12.0 

type Enhancer interface {
	Name() string
	Enhance(flow *Flow)
}

Enhancer should Enhance the flow via this interface

type EnhancerPipeline added in v0.12.0 

type EnhancerPipeline struct {
	Enhancers map[string]Enhancer
}

EnhancerPipeline describes a list of flow enhancer

func NewEnhancerPipeline added in v0.12.0 

func NewEnhancerPipeline(enhancers ...Enhancer) *EnhancerPipeline

NewEnhancerPipeline registers a list of flow Enhancer

func (*EnhancerPipeline) AddEnhancer added in v0.12.0 

func (e *EnhancerPipeline) AddEnhancer(en Enhancer)

AddEnhancer registers a new flow enhancer

func (*EnhancerPipeline) Enhance added in v0.12.0 

func (e *EnhancerPipeline) Enhance(cfg *EnhancerPipelineConfig, flows []*Flow)

Enhance a list of flows

func (*EnhancerPipeline) EnhanceFlow added in v0.12.0 

func (e *EnhancerPipeline) EnhanceFlow(cfg *EnhancerPipelineConfig, flow *Flow)

EnhanceFlow enhance a flow from with all registered enhancer

type EnhancerPipelineConfig added in v0.13.0 

type EnhancerPipelineConfig struct {
	// contains filtered or unexported fields
}

EnhancerPipelineConfig describes configuration of enabled enhancers

func NewEnhancerPipelineConfig added in v0.13.0 

func NewEnhancerPipelineConfig() *EnhancerPipelineConfig

NewEnhancerPipelineConfig create a new enhancer pipeline config

func (*EnhancerPipelineConfig) Disable added in v0.13.0 

func (epc *EnhancerPipelineConfig) Disable(name string)

Disable the named enhancer

func (*EnhancerPipelineConfig) Enable added in v0.13.0 

func (epc *EnhancerPipelineConfig) Enable(name string)

Enable the named enhancer

func (*EnhancerPipelineConfig) IsEnabled added in v0.13.0 

func (epc *EnhancerPipelineConfig) IsEnabled(name string) bool

IsEnabled return true if the named enhancer

type ExpireUpdateFunc added in v0.3.0 

type ExpireUpdateFunc func(f []*Flow)

ExpireUpdateFunc defines expire and updates callback

type FlowOpts added in v0.13.0 

type FlowOpts struct {
	TCPMetric bool
}

FlowOpts describes options that can be used to process flows

type FlowUUIDs added in v0.13.0 

type FlowUUIDs struct {
	ParentUUID string
	L2ID       int64
	L3ID       int64
}

FlowUUIDs describes UUIDs that can be applied to flows

type Handler added in v0.12.0 

type Handler struct {
	// contains filtered or unexported fields
}

Handler defines a flow callback called every time

func NewFlowHandler added in v0.4.0 

func NewFlowHandler(callback ExpireUpdateFunc, every time.Duration) *Handler

NewFlowHandler creates a flow callback handler that will be asynchronously called every time

type ICMPv4 added in v0.12.0 

type ICMPv4 struct {
	layers.ICMPv4
	Type ICMPType
}

ICMPv4 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv4) Payload added in v0.12.0 

func (i *ICMPv4) Payload() []byte

Payload returns the ICMP payload

type ICMPv6 added in v0.12.0 

type ICMPv6 struct {
	layers.ICMPv6
	Type ICMPType
	Id   uint16
}

ICMPv6 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv6) Payload added in v0.12.0 

func (i *ICMPv6) Payload() []byte

Payload returns the ICMP payload

type Key added in v0.12.0 

type Key string

Key describes a unique flow Key

func KeyFromGoPacket added in v0.12.0 

func KeyFromGoPacket(p *gopacket.Packet, parentUUID string) Key

KeyFromGoPacket returns the unique flow key The unique key is calculated based on parentUUID, network, transport and applicable layers

func (Key) String added in v0.12.0 

func (f Key) String() string

type MergeContext added in v0.7.0 

type MergeContext struct {
	Sort      bool
	SortBy    string
	SortOrder common.SortOrder
	Dedup     bool
	DedupBy   string
}

MergeContext describes a mechanism to merge flow sets

type Packet added in v0.12.0 

type Packet struct {
	// contains filtered or unexported fields
}

Packet describes one packet

type PacketSequence added in v0.15.0 

type PacketSequence struct {
	Packets   []Packet
	Timestamp int64
}

PacketSequence represents a suite of parent/child Packet

func PacketSeqFromGoPacket added in v0.15.0 

func PacketSeqFromGoPacket(packet *gopacket.Packet, outerLength int64, t int64, bpf *BPF) *PacketSequence

PacketSeqFromGoPacket split original packet into multiple packets in case of encapsulation like GRE, VXLAN, etc.

func PacketSeqFromSFlowSample added in v0.15.0 

func PacketSeqFromSFlowSample(sample *layers.SFlowFlowSample, t int64, bpf *BPF) []*PacketSequence

PacketSeqFromSFlowSample returns an array of Packets as a sample contains mutlple records which generate a Packets each.

type PcapTableFeeder added in v0.12.0 

type PcapTableFeeder struct {
	sync.WaitGroup
	// contains filtered or unexported fields
}

PcapTableFeeder replaies a pcap file

func NewPcapTableFeeder added in v0.12.0 

func NewPcapTableFeeder(r io.ReadCloser, packetsChan chan *PacketSequence, replay bool, bpfFilter string) (*PcapTableFeeder, error)

NewPcapTableFeeder reads a pcap from a file reader and inject it in a flow table

func (*PcapTableFeeder) Start added in v0.12.0 

func (p *PcapTableFeeder) Start()

Start a pcap injector

func (*PcapTableFeeder) Stop added in v0.12.0 

func (p *PcapTableFeeder) Stop()

Stop a pcap injector

type PcapWriter added in v0.10.0 

type PcapWriter struct {
	// contains filtered or unexported fields
}

PcapWriter provides helpers on top of gopacket pcap to write pcap files.

func NewPcapWriter added in v0.10.0 

func NewPcapWriter(w io.Writer) *PcapWriter

NewPcapWriter returns a new PcapWriter based on the given io.Writer. Due to the current limitation of the gopacket pcap implementation only RawPacket with Ethernet link type are supported.

func (*PcapWriter) WriteRawPacket added in v0.12.0 

func (p *PcapWriter) WriteRawPacket(r *RawPacket) error

WriteRawPacket writes a RawPacket

func (*PcapWriter) WriteRawPackets added in v0.12.0 

func (p *PcapWriter) WriteRawPackets(fr *RawPackets) error

WriteRawPackets writes a RawPackets iterating over the RawPackets and using WriteRawPacket for each.

type RawPackets added in v0.12.0 

type RawPackets struct {
	LinkType   layers.LinkType
	RawPackets []*RawPacket
}

RawPackets embeds flow RawPacket array with the associated link type

type Table added in v0.4.0 

type Table struct {
	Opts TableOpts
	// contains filtered or unexported fields
}

Table store the flow table and related metrics mechanism

func NewTable added in v0.4.0 

func NewTable(updateHandler *Handler, expireHandler *Handler, pipeline *EnhancerPipeline, nodeTID string, opts ...TableOpts) *Table

NewTable creates a new flow table

func (*Table) Query added in v0.4.0 

func (ft *Table) Query(query *TableQuery) *TableReply

Query a flow table

func (*Table) Run added in v0.7.0 

func (ft *Table) Run()

Run background jobs, like update/expire entries event

func (*Table) Start added in v0.4.0 

func (ft *Table) Start() (chan *PacketSequence, chan *Flow)

Start the flow table

func (*Table) Stop added in v0.4.0 

func (ft *Table) Stop()

Stop the flow table

type TableAllocator added in v0.4.0 

type TableAllocator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

TableAllocator aims to create/allocate a new flow table

func NewTableAllocator added in v0.4.0 

func NewTableAllocator(update, expire time.Duration, pipeline *EnhancerPipeline) *TableAllocator

NewTableAllocator creates a new flow table

func (*TableAllocator) Alloc added in v0.4.0 

func (a *TableAllocator) Alloc(flowCallBack ExpireUpdateFunc, nodeTID string, opts TableOpts) *Table

Alloc instanciate/allocate a new table

func (*TableAllocator) Expire added in v0.15.0 

func (a *TableAllocator) Expire() time.Duration

Expire returns the expire parameter used by allocated tables

func (*TableAllocator) QueryTable added in v0.4.0 

func (a *TableAllocator) QueryTable(query *TableQuery) *TableReply

QueryTable search/query within the flow table

func (*TableAllocator) Release added in v0.4.0 

func (a *TableAllocator) Release(t *Table)

Release release/destroy a flow table

func (*TableAllocator) Update added in v0.15.0 

func (a *TableAllocator) Update() time.Duration

Update returns the update parameter used by allocated tables

type TableClient added in v0.4.0 

type TableClient struct {
	WSJSONServer *shttp.WSJSONServer
}

TableClient describes a mechanism to Query a flow table via flowSet in JSON

func NewTableClient added in v0.4.0 

func NewTableClient(w *shttp.WSJSONServer) *TableClient

NewTableClient creates a new table client based on websocket

func (*TableClient) LookupFlows added in v0.5.0 

func (f *TableClient) LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlows query flow table based on a filter search query

func (*TableClient) LookupFlowsByNodes added in v0.4.0 

func (f *TableClient) LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlowsByNodes query flow table based on multiple nodes

type TableOpts added in v0.12.0 

type TableOpts struct {
	RawPacketLimit int64
	TCPMetric      bool
	SocketInfo     bool
}

TableOpt defines flow table options

type TableQuery added in v0.4.0 

type TableQuery struct {
	Type string
	Obj  []byte
}

TableQuery contains a type and a query obj as an array of bytes. The query can be encoded in different ways according the type.

type TableReply added in v0.4.0 

type TableReply struct {
	Obj [][]byte
	// contains filtered or unexported fields
}

TableReply is the response to a TableQuery containing a Status and an array of replies that can be encoded in many ways, ex: json, protobuf.

type TableServer added in v0.4.0 

type TableServer struct {
	TableAllocator *TableAllocator
}

TableServer describes a mechanism to Query a flow table via Websocket

func NewServer added in v0.4.0 

func NewServer(allocator *TableAllocator, pool shttp.WSJSONSpeakerPool) *TableServer

NewServer creates a new flow table query server based on websocket

func (*TableServer) OnTableQuery added in v0.5.0 

func (s *TableServer) OnTableQuery(c shttp.WSSpeaker, msg *shttp.WSJSONMessage)

OnTableQuery event

func (*TableServer) OnWSJSONMessage added in v0.13.0 

func (s *TableServer) OnWSJSONMessage(c shttp.WSSpeaker, msg *shttp.WSJSONMessage)

OnWSMessage TableQuery

Source Files

View all Source files

Directories

Path Synopsis
client
server
afpacket
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
 Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
elasticsearch
orientdb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.