flow

package
v0.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 12, 2019 License: Apache-2.0 Imports: 37 Imported by: 74

Documentation

Index

Constants

View Source 
const (
	// DefaultCaptureLength : default packet capture length
	DefaultCaptureLength uint32 = 256
	// MaxCaptureLength : maximum capture length accepted
	MaxCaptureLength uint32 = 4096
	// MaxRawPacketLimit : maximum raw packet captured, limitation could be removed once flow over tcp
	MaxRawPacketLimit uint32 = 10
	// DefaultProtobufFlowSize : the default protobuf size without any raw packet for a flow
	DefaultProtobufFlowSize = 500
)
View Source 
const HoldTimeoutMilliseconds = int64(time.Duration(15) * time.Second / time.Millisecond)

HoldTimeoutMilliseconds is the number of milliseconds for holding ended flows before they get deleted from the flow table

View Source 
const (
	Namespace = "Flow"
)

Namespace "Flow"

Variables

View Source 
var (
	// ErrFlowProtocol invalid protocol error
	ErrFlowProtocol = errors.New("FlowProtocol invalid")
	// ErrLayerNotFound layer not present in the packet
	ErrLayerNotFound = errors.New("Layer not found")
)
View Source 
var LayerTypeERSPanII = gopacket.RegisterLayerType(55557, gopacket.LayerTypeMetadata{Name: "LayerTypeERSPanII", Decoder: gopacket.DecodeFunc(decodeERSpanIILayer)})

LayerTypeERSPanII decoder

View Source 
var LayerTypeRawIP = gopacket.RegisterLayerType(55555, gopacket.LayerTypeMetadata{Name: "LayerTypeRawIP", Decoder: gopacket.DecodeFunc(decodeInGRELayer)})

LayerTypeRawIP creates a layer type, should be unique and high, so it doesn't conflict, giving it a name and a decoder to use.

Functions

func BPFFilterToRaw added in v0.10.0 

func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)

BPFFilterToRaw creates a raw binary filter from a BPF expression

func DefaultLayerKeyModeName added in v0.18.0 

func DefaultLayerKeyModeName() string

DefaultLayerKeyModeName returns the default layer key mode

func GetFirstLayerType added in v0.17.0 

func GetFirstLayerType(encapType string) (gopacket.LayerType, layers.LinkType)

GetFirstLayerType returns layer type and link type according to the given encapsulation

func LayersPath added in v0.18.0 

func LayersPath(ls []gopacket.Layer) (string, string)

LayersPath returns path and the application of all the layers separated by a slash.

func NewFilterForFlowSet added in v0.10.0 

func NewFilterForFlowSet(flowset *FlowSet) *filters.Filter

NewFilterForFlowSet creates a new filter based on a set of flows

func NewFilterForNodeTIDs added in v0.10.0 

func NewFilterForNodeTIDs(uuids []string) *filters.Filter

NewFilterForNodeTIDs creates a new filter based on flow NodeTID

func NewFilterForNodes added in v0.5.0 

func NewFilterForNodes(nodes []*graph.Node) *filters.Filter

NewFilterForNodes creates a new filter based on graph nodes

func SetEBPFKernFlow added in v0.24.0 

func SetEBPFKernFlow(ebpfFlow *EBPFFlow, kernFlow unsafe.Pointer)

SetEBPFKernFlow is an helper function that aims to provide a way to set kernFlow from external packages as Go doesn't allow to acces to C struct from different packages.

Types

type ApplicationPortMap added in v0.18.0 

type ApplicationPortMap struct {
	UDP map[int]string
	TCP map[int]string
}

ApplicationPortMap maps UDP and TCP port numbers to service names

func NewApplicationPortMapFromConfig added in v0.18.0 

func NewApplicationPortMapFromConfig() *ApplicationPortMap

NewApplicationPortMapFromConfig returns a new application port mapper and load it from the configuration file

type BPF added in v0.10.0 

type BPF struct {
	// contains filtered or unexported fields
}

BPF describes a filter

func NewBPF added in v0.10.0 

func NewBPF(linkType layers.LinkType, captureLength uint32, filter string) (*BPF, error)

NewBPF creates a new BPF filter

func (*BPF) Matches added in v0.10.0 

func (b *BPF) Matches(data []byte) bool

Matches returns true data match the filter

type EBPFFlow added in v0.24.0 

type EBPFFlow struct {
	Start        time.Time
	Last         time.Time
	KernFlow     *C.struct_flow
	StartKTimeNs int64
}

EBPFFlow Wrapper type used for passing flows from probe to main agent routine

type ExtraLayers added in v0.21.0 

type ExtraLayers int

ExtraLayers defines extra layer to be pushed in flow 

const (
	// VRRPLayer extra layer
	VRRPLayer ExtraLayers = 1
	// DNSLayer extra layer
	DNSLayer ExtraLayers = 2
	// DHCPv4Layer extra layer
	DHCPv4Layer ExtraLayers = 4
	// ALLLayer all extra layers
	ALLLayer ExtraLayers = 255
)

func (ExtraLayers) Extract added in v0.21.0 

func (e ExtraLayers) Extract() []string

Extract returns a string list of the ExtraLayers protocol

func (ExtraLayers) MarshalJSON added in v0.21.0 

func (e ExtraLayers) MarshalJSON() ([]byte, error)

MarshalJSON serializes the ExtraLayers structure

func (*ExtraLayers) Parse added in v0.21.0 

func (e *ExtraLayers) Parse(s ...string) error

Parse set the ExtraLayers struct with the given list of protocol strings

func (ExtraLayers) String added in v0.21.0 

func (e ExtraLayers) String() string

String returns a string of the list of the protocols

func (*ExtraLayers) UnmarshalJSON added in v0.21.0 

func (e *ExtraLayers) UnmarshalJSON(data []byte) error

UnmarshalJSON deserializes json input to ExtraLayers

type ICMPv4 added in v0.12.0 

type ICMPv4 struct {
	layers.ICMPv4
	Type ICMPType
}

ICMPv4 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv4) Payload added in v0.12.0 

func (i *ICMPv4) Payload() []byte

Payload returns the ICMP payload

type ICMPv6 added in v0.12.0 

type ICMPv6 struct {
	layers.ICMPv6
	Type ICMPType
	ID   uint16
}

ICMPv6 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv6) Payload added in v0.12.0 

func (i *ICMPv6) Payload() []byte

Payload returns the ICMP payload

type IPDefragger added in v0.18.0 

type IPDefragger struct {
	common.RWMutex
	// contains filtered or unexported fields
}

IPDefragger defines an IPv4 defragmenter

func NewIPDefragger added in v0.18.0 

func NewIPDefragger() *IPDefragger

NewIPDefragger returns a new IPv4 defragger

func (*IPDefragger) Defrag added in v0.18.0 

func (d *IPDefragger) Defrag(packet gopacket.Packet) (*IPMetric, bool)

Defrag tries to defragment

func (*IPDefragger) FlushAll added in v0.18.0 

func (d *IPDefragger) FlushAll()

FlushAll frees all the fragment resources

func (*IPDefragger) FlushOlderThan added in v0.18.0 

func (d *IPDefragger) FlushOlderThan(t time.Time)

FlushOlderThan frees resources for fragment older than the give time

type IPDefraggerMetric added in v0.18.0 

type IPDefraggerMetric struct {
	// contains filtered or unexported fields
}

IPDefraggerMetric defines the structure keeping metrics of fragments

type LayerKeyMode added in v0.18.0 

type LayerKeyMode int

LayerKeyMode defines what are the layers used for the flow key calculation 

const (
	DefaultLayerKeyMode              = L2KeyMode // default mode
	L2KeyMode           LayerKeyMode = 0         // uses Layer2 and Layer3 for hash computation, default mode
	L3PreferedKeyMode   LayerKeyMode = 1         // uses Layer3 only and layer2 if no Layer3
)

Flow key calculation modes

func LayerKeyModeByName added in v0.18.0 

func LayerKeyModeByName(name string) (LayerKeyMode, error)

LayerKeyModeByName converts a string to a layer key mode

func (LayerKeyMode) String added in v0.18.0 

func (l LayerKeyMode) String() string

type MergeContext added in v0.7.0 

type MergeContext struct {
	Sort      bool
	SortBy    string
	SortOrder common.SortOrder
	Dedup     bool
	DedupBy   string
}

MergeContext describes a mechanism to merge flow sets

type Operation added in v0.22.0 

type Operation struct {
	Key  uint64
	Flow *Flow
	Type OperationType
}

Operation describes a flow operation

type OperationType added in v0.22.0 

type OperationType int

OperationType operation type of a Flow in a flow table 

const (
	// ReplaceOperation replace the flow
	ReplaceOperation OperationType = iota
	// UpdateOperation update the flow
	UpdateOperation
)

type Opts added in v0.21.0 

type Opts struct {
	TCPMetric    bool
	IPDefrag     bool
	LayerKeyMode LayerKeyMode
	AppPortMap   *ApplicationPortMap
	ExtraLayers  ExtraLayers
}

Opts describes options that can be used to process flows

type Packet added in v0.12.0 

type Packet struct {
	GoPacket gopacket.Packet // orignal gopacket

	Layers   []gopacket.Layer // layer of the sub packet
	Data     []byte           // byte of the sub packet
	Length   int64            // length of the original packet meaning layers + payload
	IPMetric *IPMetric
	// contains filtered or unexported fields
}

Packet describes one packet

func (*Packet) ApplicationFlow added in v0.18.0 

func (p *Packet) ApplicationFlow() (gopacket.Flow, error)

ApplicationFlow returns first application flow

func (*Packet) Keys added in v0.24.0 

func (p *Packet) Keys(parentUUID string, uuids *UUIDs, opts *Opts) (uint64, uint64, uint64)

Keys returns keys of the packet

func (*Packet) Layer added in v0.18.0 

func (p *Packet) Layer(t gopacket.LayerType) gopacket.Layer

Layer returns the given layer type

func (*Packet) LinkLayer added in v0.18.0 

func (p *Packet) LinkLayer() gopacket.LinkLayer

LinkLayer returns first link layer

func (*Packet) NetworkLayer added in v0.18.0 

func (p *Packet) NetworkLayer() gopacket.NetworkLayer

NetworkLayer return first network layer

func (*Packet) TransportFlow added in v0.18.0 

func (p *Packet) TransportFlow(swap bool) (gopacket.Flow, error)

TransportFlow returns first transport flow

func (*Packet) TransportLayer added in v0.18.0 

func (p *Packet) TransportLayer() gopacket.TransportLayer

TransportLayer returns first transport layer

type PacketSequence added in v0.15.0 

type PacketSequence struct {
	Packets []*Packet
}

PacketSequence represents a suite of parent/child Packet

func PacketSeqFromGoPacket added in v0.15.0 

func PacketSeqFromGoPacket(packet gopacket.Packet, outerLength int64, bpf *BPF, defragger *IPDefragger) *PacketSequence

PacketSeqFromGoPacket split original packet into multiple packets in case of encapsulation like GRE, VXLAN, etc.

func PacketSeqFromSFlowSample added in v0.15.0 

func PacketSeqFromSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF, defragger *IPDefragger) []*PacketSequence

PacketSeqFromSFlowSample returns an array of Packets as a sample contains multiple records which generate a Packets each.

type PcapTableFeeder added in v0.12.0 

type PcapTableFeeder struct {
	sync.WaitGroup
	// contains filtered or unexported fields
}

PcapTableFeeder replaies a pcap file

func NewPcapTableFeeder added in v0.12.0 

func NewPcapTableFeeder(r io.ReadCloser, packetsChan chan *PacketSequence, replay bool, bpfFilter string) (*PcapTableFeeder, error)

NewPcapTableFeeder reads a pcap from a file reader and inject it in a flow table

func (*PcapTableFeeder) Start added in v0.12.0 

func (p *PcapTableFeeder) Start()

Start a pcap injector

func (*PcapTableFeeder) Stop added in v0.12.0 

func (p *PcapTableFeeder) Stop()

Stop a pcap injector

type PcapWriter added in v0.10.0 

type PcapWriter struct {
	// contains filtered or unexported fields
}

PcapWriter provides helpers on top of gopacket pcap to write pcap files.

func NewPcapWriter added in v0.10.0 

func NewPcapWriter(w io.Writer) *PcapWriter

NewPcapWriter returns a new PcapWriter based on the given io.Writer. Due to the current limitation of the gopacket pcap implementation only RawPacket with Ethernet link type are supported.

func (*PcapWriter) WriteRawPacket added in v0.12.0 

func (p *PcapWriter) WriteRawPacket(r *RawPacket) error

WriteRawPacket writes a RawPacket

func (*PcapWriter) WriteRawPackets added in v0.12.0 

func (p *PcapWriter) WriteRawPackets(fr []*RawPacket) error

WriteRawPackets writes a RawPackets iterating over the RawPackets and using WriteRawPacket for each.

type Sender added in v0.24.0 

type Sender interface {
	SendFlows(flows []*Flow)
}

Sender defines a flows sender interface

type TCPAssembler added in v0.18.0 

type TCPAssembler struct {
	// contains filtered or unexported fields
}

TCPAssembler defines a tcp reassembler

func NewTCPAssembler added in v0.18.0 

func NewTCPAssembler() *TCPAssembler

NewTCPAssembler returns a new TCPAssembler

func (*TCPAssembler) Assemble added in v0.18.0 

func (t *TCPAssembler) Assemble(packet gopacket.Packet)

Assemble add a new packet to be reassembled

func (*TCPAssembler) FlushAll added in v0.18.0 

func (t *TCPAssembler) FlushAll()

FlushAll frees all the resources

func (*TCPAssembler) FlushOlderThan added in v0.18.0 

func (t *TCPAssembler) FlushOlderThan(tm time.Time)

FlushOlderThan frees the resources older than the given time

func (*TCPAssembler) New added in v0.18.0 

func (t *TCPAssembler) New(network, transport gopacket.Flow) tcpassembly.Stream

New creates a new stream. It's called whenever the assembler sees a stream it isn't currently following.

func (*TCPAssembler) RegisterFlow added in v0.18.0 

func (t *TCPAssembler) RegisterFlow(flow *Flow, packet gopacket.Packet)

RegisterFlow registers a new flow to be tracked

type TCPAssemblerStream added in v0.18.0 

type TCPAssemblerStream struct {
	// contains filtered or unexported fields
}

TCPAssemblerStream will handle the actual tcp stream decoding

func (*TCPAssemblerStream) Reassembled added in v0.18.0 

func (s *TCPAssemblerStream) Reassembled(reassemblies []tcpassembly.Reassembly)

Reassembled is called whenever new packet data is available for reading. Reassembly objects contain stream data in received order.

func (*TCPAssemblerStream) ReassemblyComplete added in v0.18.0 

func (s *TCPAssemblerStream) ReassemblyComplete()

ReassemblyComplete is called when the TCP assembler believes a stream has finished.

type Table added in v0.4.0 

type Table struct {
	Opts TableOpts
	// contains filtered or unexported fields
}

Table store the flow table and related metrics mechanism

func NewTable added in v0.4.0 

func NewTable(updateEvery, expireAfter time.Duration, sender Sender, uuids UUIDs, opts ...TableOpts) *Table

NewTable creates a new flow table

func (*Table) FeedWithGoPacket added in v0.18.0 

func (ft *Table) FeedWithGoPacket(packet gopacket.Packet, bpf *BPF)

FeedWithGoPacket feeds the table with a gopacket

func (*Table) FeedWithSFlowSample added in v0.18.0 

func (ft *Table) FeedWithSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF)

FeedWithSFlowSample feeds the table with sflow samples

func (*Table) IPDefragger added in v0.18.0 

func (ft *Table) IPDefragger() *IPDefragger

IPDefragger returns the ipDefragger if enabled

func (*Table) Query added in v0.4.0 

func (ft *Table) Query(query *TableQuery) []byte

Query a flow table

func (*Table) Run added in v0.7.0 

func (ft *Table) Run()

Run background jobs, like update/expire entries event

func (*Table) Start added in v0.4.0 

func (ft *Table) Start() (chan *PacketSequence, chan *EBPFFlow, chan *Operation)

Start the flow table

func (*Table) State added in v0.20.0 

func (ft *Table) State() common.ServiceState

State returns the state of the flow table, stopped, running...

func (*Table) Stop added in v0.4.0 

func (ft *Table) Stop()

Stop the flow table

type TableAllocator added in v0.4.0 

type TableAllocator struct {
	common.RWMutex
	// contains filtered or unexported fields
}

TableAllocator aims to create/allocate a new flow table

func NewTableAllocator added in v0.4.0 

func NewTableAllocator(updateEvery, expireAfter time.Duration, sender Sender) *TableAllocator

NewTableAllocator creates a new flow table

func (*TableAllocator) Alloc added in v0.4.0 

func (a *TableAllocator) Alloc(uuids UUIDs, opts TableOpts) *Table

Alloc instantiate/allocate a new table

func (*TableAllocator) ExpireAfter added in v0.24.0 

func (a *TableAllocator) ExpireAfter() time.Duration

ExpireAfter returns the expiration duration

func (*TableAllocator) QueryTable added in v0.4.0 

func (a *TableAllocator) QueryTable(tq *TableQuery) *TableReply

QueryTable search/query within the flow table

func (*TableAllocator) Release added in v0.4.0 

func (a *TableAllocator) Release(t *Table)

Release release/destroy a flow table

type TableClient added in v0.4.0 

type TableClient interface {
	LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)
	LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)
}

TableClient describes a mechanism to query a flow table

type TableOpts added in v0.12.0 

type TableOpts struct {
	RawPacketLimit int64
	ExtraTCPMetric bool
	IPDefrag       bool
	ReassembleTCP  bool
	LayerKeyMode   LayerKeyMode
	ExtraLayers    ExtraLayers
}

TableOpts defines flow table options

type UUIDs added in v0.21.0 

type UUIDs struct {
	NodeTID   string
	CaptureID string
}

UUIDs describes UUIDs that can be applied to flows table wise

type WSTableClient added in v0.20.0 

type WSTableClient struct {
	// contains filtered or unexported fields
}

WSTableClient implements a flow table client using WebSocket

func NewWSTableClient added in v0.20.0 

func NewWSTableClient(w *ws.StructServer) *WSTableClient

NewWSTableClient creates a new table client based on websocket

func (*WSTableClient) LookupFlows added in v0.20.0 

func (f *WSTableClient) LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlows query flow table based on a filter search query

func (*WSTableClient) LookupFlowsByNodes added in v0.20.0 

func (f *WSTableClient) LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlowsByNodes query flow table based on multiple nodes

type WSTableServer added in v0.20.0 

type WSTableServer struct {
	TableAllocator *TableAllocator
}

WSTableServer describes a mechanism to Query a flow table via Websocket

func NewWSTableServer added in v0.20.0 

func NewWSTableServer(allocator *TableAllocator, pool ws.StructSpeakerPool) *WSTableServer

NewWSTableServer creates a new flow table query server based on websocket

func (*WSTableServer) OnStructMessage added in v0.20.0 

func (s *WSTableServer) OnStructMessage(c ws.Speaker, msg *ws.StructMessage)

OnStructMessage TableQuery

func (*WSTableServer) OnTableQuery added in v0.20.0 

func (s *WSTableServer) OnTableQuery(c ws.Speaker, msg *ws.StructMessage)

OnTableQuery event

Source Files

View all Source files

Directories

Path Synopsis
client
server
targets
elasticsearch
orientdb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.