flow

package
v0.19.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2018 License: Apache-2.0 Imports: 29 Imported by: 74

Documentation

Index

Constants

View Source
const (
	// DefaultCaptureLength : default packet capture length
	DefaultCaptureLength uint32 = 256
	// MaxCaptureLength : maximum capture length accepted
	MaxCaptureLength uint32 = 4096
	// MaxRawPacketLimit : maximum raw packet captured, limitation could be removed once flow over tcp
	MaxRawPacketLimit uint32 = 10
	// DefaultProtobufFlowSize : the default protobuf size without any raw packet for a flow
	DefaultProtobufFlowSize = 500
)
View Source
const (
	Namespace = "Flow"
)

Namespace "Flow"

Variables

View Source
var (
	// ErrFlowProtocol invalid protocol error
	ErrFlowProtocol = errors.New("FlowProtocol invalid")
	// ErrLayerNotFound layer not present in the packet
	ErrLayerNotFound = errors.New("Layer not found")
)
View Source
var LayerTypeRawIP = gopacket.RegisterLayerType(55555, gopacket.LayerTypeMetadata{Name: "LayerTypeRawIP", Decoder: gopacket.DecodeFunc(decodeInGRELayer)})

LayerTypeRawIP creates a layer type, should be unique and high, so it doesn't conflict, giving it a name and a decoder to use.

Functions

func BPFFilterToRaw added in v0.10.0

func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)

BPFFilterToRaw creates a raw binary filter from a BPF expression

func DefaultLayerKeyModeName added in v0.18.0

func DefaultLayerKeyModeName() string

func GetFirstLayerType added in v0.17.0

func GetFirstLayerType(encapType string) (gopacket.LayerType, layers.LinkType)

GetFirstLayerType returns layer type and link type according to the given encapsulation

func LayersPath added in v0.18.0

func LayersPath(ls []gopacket.Layer) (string, string)

LayersPath returns path and the application of all the layers separated by a slash.

func NewFilterForFlowSet added in v0.10.0

func NewFilterForFlowSet(flowset *FlowSet) *filters.Filter

NewFilterForFlowSet creates a new filter based on a set of flows

func NewFilterForNodeTIDs added in v0.10.0

func NewFilterForNodeTIDs(uuids []string) *filters.Filter

NewFilterForNodeTIDs creates a new filter based on flow NodeTID

func NewFilterForNodes added in v0.5.0

func NewFilterForNodes(nodes []*graph.Node) *filters.Filter

NewFilterForNodes creates a new filter based on graph nodes

Types

type ApplicationPortMap added in v0.18.0

type ApplicationPortMap struct {
	UDP map[int]string
	TCP map[int]string
}

ApplicationPortMap maps UDP and TCP port numbers to service names

func NewApplicationPortMapFromConfig added in v0.18.0

func NewApplicationPortMapFromConfig() *ApplicationPortMap

NewApplicationPortMapFromConfig returns a new application port mapper and load it from the configuration file

type BPF added in v0.10.0

type BPF struct {
	// contains filtered or unexported fields
}

BPF describes a filter

func NewBPF added in v0.10.0

func NewBPF(linkType layers.LinkType, captureLength uint32, filter string) (*BPF, error)

NewBPF creates a new BPF filter

func (*BPF) Matches added in v0.10.0

func (b *BPF) Matches(data []byte) bool

Matches returns true data match the filter

type Enhancer added in v0.12.0

type Enhancer interface {
	Name() string
	Start() error
	Stop()
}

Enhancer should Enhance the flow via this interface

type EnhancerPipeline added in v0.12.0

type EnhancerPipeline struct {
	Enhancers map[string]Enhancer
}

EnhancerPipeline describes a list of flow enhancer

func NewEnhancerPipeline added in v0.12.0

func NewEnhancerPipeline(enhancers ...Enhancer) *EnhancerPipeline

NewEnhancerPipeline registers a list of flow Enhancer

func (*EnhancerPipeline) AddEnhancer added in v0.12.0

func (e *EnhancerPipeline) AddEnhancer(en Enhancer)

AddEnhancer registers a new flow enhancer

func (*EnhancerPipeline) Start added in v0.17.0

func (e *EnhancerPipeline) Start()

Start starts all the enhancers

func (*EnhancerPipeline) Stop added in v0.17.0

func (e *EnhancerPipeline) Stop()

Stop stops all the enhancers

type EnhancerPipelineConfig added in v0.13.0

type EnhancerPipelineConfig struct {
	// contains filtered or unexported fields
}

EnhancerPipelineConfig describes configuration of enabled enhancers

func NewEnhancerPipelineConfig added in v0.13.0

func NewEnhancerPipelineConfig() *EnhancerPipelineConfig

NewEnhancerPipelineConfig create a new enhancer pipeline config

func (*EnhancerPipelineConfig) Disable added in v0.13.0

func (epc *EnhancerPipelineConfig) Disable(name string)

Disable the named enhancer

func (*EnhancerPipelineConfig) Enable added in v0.13.0

func (epc *EnhancerPipelineConfig) Enable(name string)

Enable the named enhancer

func (*EnhancerPipelineConfig) IsEnabled added in v0.13.0

func (epc *EnhancerPipelineConfig) IsEnabled(name string) bool

IsEnabled return true if the named enhancer

type ExpireUpdateFunc added in v0.3.0

type ExpireUpdateFunc func(f []*Flow)

ExpireUpdateFunc defines expire and updates callback

type FlowOpts added in v0.13.0

type FlowOpts struct {
	TCPMetric    bool
	IPDefrag     bool
	LayerKeyMode LayerKeyMode
	AppPortMap   *ApplicationPortMap
}

FlowOpts describes options that can be used to process flows

type FlowUUIDs added in v0.13.0

type FlowUUIDs struct {
	ParentUUID string
	L2ID       int64
	L3ID       int64
}

FlowUUIDs describes UUIDs that can be applied to flows

type Handler added in v0.12.0

type Handler struct {
	// contains filtered or unexported fields
}

Handler defines a flow callback called every time

func NewFlowHandler added in v0.4.0

func NewFlowHandler(callback ExpireUpdateFunc, every time.Duration) *Handler

NewFlowHandler creates a flow callback handler that will be asynchronously called every time

type ICMPv4 added in v0.12.0

type ICMPv4 struct {
	layers.ICMPv4
	Type ICMPType
}

ICMPv4 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv4) Payload added in v0.12.0

func (i *ICMPv4) Payload() []byte

Payload returns the ICMP payload

type ICMPv6 added in v0.12.0

type ICMPv6 struct {
	layers.ICMPv6
	Type ICMPType
	ID   uint16
}

ICMPv6 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv6) Payload added in v0.12.0

func (i *ICMPv6) Payload() []byte

Payload returns the ICMP payload

type IPDefragger added in v0.18.0

type IPDefragger struct {
	common.RWMutex
	// contains filtered or unexported fields
}

IPDefragger defines an IPv4 defragmenter

func NewIPDefragger added in v0.18.0

func NewIPDefragger() *IPDefragger

NewIPDefragger returns a new IPv4 defragger

func (*IPDefragger) Defrag added in v0.18.0

func (d *IPDefragger) Defrag(packet gopacket.Packet) (*IPMetric, bool)

Defrag tries to defragment

func (*IPDefragger) FlushAll added in v0.18.0

func (d *IPDefragger) FlushAll()

FlushAll frees all the fragment resources

func (*IPDefragger) FlushOlderThan added in v0.18.0

func (d *IPDefragger) FlushOlderThan(t time.Time)

FlushOlderThan frees resources for fragment older than the give time

type IPDefraggerMetric added in v0.18.0

type IPDefraggerMetric struct {
	// contains filtered or unexported fields
}

IPDefraggerMetric defines the structure keeping metrics of fragments

type LayerKeyMode added in v0.18.0

type LayerKeyMode int

LayerKeyMode defines what are the layers used for the flow key calculation

const (
	DefaultLayerKeyMode              = L2KeyMode // default mode
	L2KeyMode           LayerKeyMode = 0         // uses Layer2 and Layer3 for hash computation, default mode
	L3PreferedKeyMode   LayerKeyMode = 1         // uses Layer3 only and layer2 if no Layer3
)

func LayerKeyModeByName added in v0.18.0

func LayerKeyModeByName(name string) (LayerKeyMode, error)

func (LayerKeyMode) String added in v0.18.0

func (l LayerKeyMode) String() string

type MergeContext added in v0.7.0

type MergeContext struct {
	Sort      bool
	SortBy    string
	SortOrder common.SortOrder
	Dedup     bool
	DedupBy   string
}

MergeContext describes a mechanism to merge flow sets

type Packet added in v0.12.0

type Packet struct {
	GoPacket gopacket.Packet // orignal gopacket

	Layers   []gopacket.Layer // layer of the sub packet
	Data     []byte           // byte of the sub packet
	Length   int64            // length of the original packet meaning layers + payload
	IPMetric *IPMetric
	// contains filtered or unexported fields
}

Packet describes one packet

func (*Packet) ApplicationFlow added in v0.18.0

func (p *Packet) ApplicationFlow() (gopacket.Flow, error)

ApplicationFlow returns first application flow

func (*Packet) Key added in v0.18.0

func (p *Packet) Key(parentUUID string, opts FlowOpts) string

Key returns the unique flow key The unique key is calculated based on parentUUID, network, transport and applicable layers

func (*Packet) Layer added in v0.18.0

func (p *Packet) Layer(t gopacket.LayerType) gopacket.Layer

Layer returns the given layer type

func (*Packet) LinkLayer added in v0.18.0

func (p *Packet) LinkLayer() gopacket.LinkLayer

LinkLayer returns first link layer

func (*Packet) NetworkLayer added in v0.18.0

func (p *Packet) NetworkLayer() gopacket.NetworkLayer

NetworkLayer return first network layer

func (*Packet) TransportFlow added in v0.18.0

func (p *Packet) TransportFlow() (gopacket.Flow, error)

TransportFlow returns first transport flow

func (*Packet) TransportLayer added in v0.18.0

func (p *Packet) TransportLayer() gopacket.TransportLayer

TransportLayer returns first transport layer

type PacketSequence added in v0.15.0

type PacketSequence struct {
	Packets []*Packet
}

PacketSequence represents a suite of parent/child Packet

func PacketSeqFromGoPacket added in v0.15.0

func PacketSeqFromGoPacket(packet gopacket.Packet, outerLength int64, bpf *BPF, defragger *IPDefragger) *PacketSequence

PacketSeqFromGoPacket split original packet into multiple packets in case of encapsulation like GRE, VXLAN, etc.

func PacketSeqFromSFlowSample added in v0.15.0

func PacketSeqFromSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF, defragger *IPDefragger) []*PacketSequence

PacketSeqFromSFlowSample returns an array of Packets as a sample contains mutlple records which generate a Packets each.

type PcapTableFeeder added in v0.12.0

type PcapTableFeeder struct {
	sync.WaitGroup
	// contains filtered or unexported fields
}

PcapTableFeeder replaies a pcap file

func NewPcapTableFeeder added in v0.12.0

func NewPcapTableFeeder(r io.ReadCloser, packetsChan chan *PacketSequence, replay bool, bpfFilter string) (*PcapTableFeeder, error)

NewPcapTableFeeder reads a pcap from a file reader and inject it in a flow table

func (*PcapTableFeeder) Start added in v0.12.0

func (p *PcapTableFeeder) Start()

Start a pcap injector

func (*PcapTableFeeder) Stop added in v0.12.0

func (p *PcapTableFeeder) Stop()

Stop a pcap injector

type PcapWriter added in v0.10.0

type PcapWriter struct {
	// contains filtered or unexported fields
}

PcapWriter provides helpers on top of gopacket pcap to write pcap files.

func NewPcapWriter added in v0.10.0

func NewPcapWriter(w io.Writer) *PcapWriter

NewPcapWriter returns a new PcapWriter based on the given io.Writer. Due to the current limitation of the gopacket pcap implementation only RawPacket with Ethernet link type are supported.

func (*PcapWriter) WriteRawPacket added in v0.12.0

func (p *PcapWriter) WriteRawPacket(r *RawPacket) error

WriteRawPacket writes a RawPacket

func (*PcapWriter) WriteRawPackets added in v0.12.0

func (p *PcapWriter) WriteRawPackets(fr *RawPackets) error

WriteRawPackets writes a RawPackets iterating over the RawPackets and using WriteRawPacket for each.

type RawPackets added in v0.12.0

type RawPackets struct {
	LinkType   layers.LinkType
	RawPackets []*RawPacket
}

RawPackets embeds flow RawPacket array with the associated link type

type TCPAssembler added in v0.18.0

type TCPAssembler struct {
	// contains filtered or unexported fields
}

TCPAssembler defines a tcp reassembler

func NewTCPAssembler added in v0.18.0

func NewTCPAssembler() *TCPAssembler

NewTCPAssembler returns a new TCPAssembler

func (*TCPAssembler) Assemble added in v0.18.0

func (t *TCPAssembler) Assemble(packet gopacket.Packet)

Assemble add a new packet to be reassembled

func (*TCPAssembler) FlushAll added in v0.18.0

func (t *TCPAssembler) FlushAll()

FlushAll frees all the resources

func (*TCPAssembler) FlushOlderThan added in v0.18.0

func (t *TCPAssembler) FlushOlderThan(tm time.Time)

FlushOlderThan frees the resources older than the given time

func (*TCPAssembler) New added in v0.18.0

func (t *TCPAssembler) New(network, transport gopacket.Flow) tcpassembly.Stream

New creates a new stream. It's called whenever the assembler sees a stream it isn't currently following.

func (*TCPAssembler) RegisterFlow added in v0.18.0

func (t *TCPAssembler) RegisterFlow(flow *Flow, packet gopacket.Packet)

RegisterFlow registers a new flow to be tracked

type TCPAssemblerStream added in v0.18.0

type TCPAssemblerStream struct {
	// contains filtered or unexported fields
}

TCPAssemblerStream will handle the actual tcp stream decoding

func (*TCPAssemblerStream) Reassembled added in v0.18.0

func (s *TCPAssemblerStream) Reassembled(reassemblies []tcpassembly.Reassembly)

Reassembled is called whenever new packet data is available for reading. Reassembly objects contain stream data in received order.

func (*TCPAssemblerStream) ReassemblyComplete added in v0.18.0

func (s *TCPAssemblerStream) ReassemblyComplete()

ReassemblyComplete is called when the TCP assembler believes a stream has finished.

type Table added in v0.4.0

type Table struct {
	Opts TableOpts
	// contains filtered or unexported fields
}

Table store the flow table and related metrics mechanism

func NewTable added in v0.4.0

func NewTable(updateHandler *Handler, expireHandler *Handler, pipeline *EnhancerPipeline, nodeTID string, opts ...TableOpts) *Table

NewTable creates a new flow table

func (*Table) FeedWithGoPacket added in v0.18.0

func (ft *Table) FeedWithGoPacket(packet gopacket.Packet, bpf *BPF)

FeedWithGoPacket feeds the table with a gopacket

func (*Table) FeedWithSFlowSample added in v0.18.0

func (ft *Table) FeedWithSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF)

FeedWithSFlowSample feeds the table with sflow samples

func (*Table) IPDefragger added in v0.18.0

func (ft *Table) IPDefragger() *IPDefragger

IPDefragger returns the ipDefragger if enabled

func (*Table) Query added in v0.4.0

func (ft *Table) Query(query *TableQuery) *TableReply

Query a flow table

func (*Table) Run added in v0.7.0

func (ft *Table) Run()

Run background jobs, like update/expire entries event

func (*Table) Start added in v0.4.0

func (ft *Table) Start() (chan *PacketSequence, chan *Flow)

Start the flow table

func (*Table) Stop added in v0.4.0

func (ft *Table) Stop()

Stop the flow table

type TableAllocator added in v0.4.0

type TableAllocator struct {
	common.RWMutex
	// contains filtered or unexported fields
}

TableAllocator aims to create/allocate a new flow table

func NewTableAllocator added in v0.4.0

func NewTableAllocator(update, expire time.Duration, pipeline *EnhancerPipeline) *TableAllocator

NewTableAllocator creates a new flow table

func (*TableAllocator) Alloc added in v0.4.0

func (a *TableAllocator) Alloc(flowCallBack ExpireUpdateFunc, nodeTID string, opts TableOpts) *Table

Alloc instanciate/allocate a new table

func (*TableAllocator) Expire added in v0.15.0

func (a *TableAllocator) Expire() time.Duration

Expire returns the expire parameter used by allocated tables

func (*TableAllocator) QueryTable added in v0.4.0

func (a *TableAllocator) QueryTable(query *TableQuery) *TableReply

QueryTable search/query within the flow table

func (*TableAllocator) Release added in v0.4.0

func (a *TableAllocator) Release(t *Table)

Release release/destroy a flow table

func (*TableAllocator) Update added in v0.15.0

func (a *TableAllocator) Update() time.Duration

Update returns the update parameter used by allocated tables

type TableClient added in v0.4.0

type TableClient struct {
	// contains filtered or unexported fields
}

TableClient describes a mechanism to Query a flow table via flowSet in JSON

func NewTableClient added in v0.4.0

func NewTableClient(w *ws.StructServer) *TableClient

NewTableClient creates a new table client based on websocket

func (*TableClient) LookupFlows added in v0.5.0

func (f *TableClient) LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlows query flow table based on a filter search query

func (*TableClient) LookupFlowsByNodes added in v0.4.0

func (f *TableClient) LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlowsByNodes query flow table based on multiple nodes

type TableOpts added in v0.12.0

type TableOpts struct {
	RawPacketLimit int64
	ExtraTCPMetric bool
	IPDefrag       bool
	ReassembleTCP  bool
	LayerKeyMode   LayerKeyMode
}

TableOpts defines flow table options

type TableQuery added in v0.4.0

type TableQuery struct {
	Type string
	Obj  []byte
}

TableQuery contains a type and a query obj as an array of bytes. The query can be encoded in different ways according the type.

type TableReply added in v0.4.0

type TableReply struct {
	Obj [][]byte
	// contains filtered or unexported fields
}

TableReply is the response to a TableQuery containing a Status and an array of replies that can be encoded in many ways, ex: json, protobuf.

type TableServer added in v0.4.0

type TableServer struct {
	TableAllocator *TableAllocator
}

TableServer describes a mechanism to Query a flow table via Websocket

func NewServer added in v0.4.0

func NewServer(allocator *TableAllocator, pool ws.StructSpeakerPool) *TableServer

NewServer creates a new flow table query server based on websocket

func (*TableServer) OnStructMessage added in v0.19.1

func (s *TableServer) OnStructMessage(c ws.Speaker, msg *ws.StructMessage)

OnStructMessage TableQuery

func (*TableServer) OnTableQuery added in v0.5.0

func (s *TableServer) OnTableQuery(c ws.Speaker, msg *ws.StructMessage)

OnTableQuery event

Directories

Path Synopsis
afpacket
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL