Documentation
¶
Index ¶
- Constants
- Variables
- func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)
- func DefaultLayerKeyModeName() string
- func GetFirstLayerType(encapType string) (gopacket.LayerType, layers.LinkType)
- func LayersPath(ls []gopacket.Layer) (string, string)
- func NewFilterForFlowSet(flowset *FlowSet) *filters.Filter
- func NewFilterForNodeTIDs(uuids []string) *filters.Filter
- func NewFilterForNodes(nodes []*graph.Node) *filters.Filter
- func SetEBPFKernFlow(ebpfFlow *EBPFFlow, kernFlow unsafe.Pointer)
- type ApplicationPortMap
- type BPF
- type EBPFFlow
- type ExtraLayers
- type ICMPv4
- type ICMPv6
- type IPDefragger
- type IPDefraggerMetric
- type LayerKeyMode
- type MergeContext
- type Operation
- type OperationType
- type Opts
- type Packet
- func (p *Packet) ApplicationFlow() (gopacket.Flow, error)
- func (p *Packet) Keys(parentUUID string, uuids *UUIDs, opts *Opts) (uint64, uint64, uint64)
- func (p *Packet) Layer(t gopacket.LayerType) gopacket.Layer
- func (p *Packet) LinkLayer() gopacket.LinkLayer
- func (p *Packet) NetworkLayer() gopacket.NetworkLayer
- func (p *Packet) TransportFlow(swap bool) (gopacket.Flow, error)
- func (p *Packet) TransportLayer() gopacket.TransportLayer
- type PacketSequence
- type PcapTableFeeder
- type PcapWriter
- type Sender
- type TCPAssembler
- type TCPAssemblerStream
- type Table
- func (ft *Table) FeedWithGoPacket(packet gopacket.Packet, bpf *BPF)
- func (ft *Table) FeedWithSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF)
- func (ft *Table) IPDefragger() *IPDefragger
- func (ft *Table) Query(query *TableQuery) []byte
- func (ft *Table) Run()
- func (ft *Table) Start() (chan *PacketSequence, chan *EBPFFlow, chan *Operation)
- func (ft *Table) State() common.ServiceState
- func (ft *Table) Stop()
- type TableAllocator
- type TableClient
- type TableOpts
- type UUIDs
- type WSTableClient
- type WSTableServer
Constants ¶
const ( // DefaultCaptureLength : default packet capture length DefaultCaptureLength uint32 = 256 // MaxCaptureLength : maximum capture length accepted MaxCaptureLength uint32 = 4096 // MaxRawPacketLimit : maximum raw packet captured, limitation could be removed once flow over tcp MaxRawPacketLimit uint32 = 10 // DefaultProtobufFlowSize : the default protobuf size without any raw packet for a flow DefaultProtobufFlowSize = 500 )
const HoldTimeoutMilliseconds = int64(time.Duration(15) * time.Second / time.Millisecond)
HoldTimeoutMilliseconds is the number of milliseconds for holding ended flows before they get deleted from the flow table
const (
Namespace = "Flow"
)
Namespace "Flow"
Variables ¶
var ( // ErrFlowProtocol invalid protocol error ErrFlowProtocol = errors.New("FlowProtocol invalid") // ErrLayerNotFound layer not present in the packet ErrLayerNotFound = errors.New("Layer not found") )
var LayerTypeERSPanII = gopacket.RegisterLayerType(55557, gopacket.LayerTypeMetadata{Name: "LayerTypeERSPanII", Decoder: gopacket.DecodeFunc(decodeERSpanIILayer)})
LayerTypeERSPanII decoder
var LayerTypeRawIP = gopacket.RegisterLayerType(55555, gopacket.LayerTypeMetadata{Name: "LayerTypeRawIP", Decoder: gopacket.DecodeFunc(decodeInGRELayer)})
LayerTypeRawIP creates a layer type, should be unique and high, so it doesn't conflict, giving it a name and a decoder to use.
Functions ¶
func BPFFilterToRaw ¶
func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)
BPFFilterToRaw creates a raw binary filter from a BPF expression
func DefaultLayerKeyModeName ¶
func DefaultLayerKeyModeName() string
DefaultLayerKeyModeName returns the default layer key mode
func GetFirstLayerType ¶
GetFirstLayerType returns layer type and link type according to the given encapsulation
func LayersPath ¶
LayersPath returns path and the application of all the layers separated by a slash.
func NewFilterForFlowSet ¶
NewFilterForFlowSet creates a new filter based on a set of flows
func NewFilterForNodeTIDs ¶
NewFilterForNodeTIDs creates a new filter based on flow NodeTID
func NewFilterForNodes ¶
NewFilterForNodes creates a new filter based on graph nodes
func SetEBPFKernFlow ¶
SetEBPFKernFlow is an helper function that aims to provide a way to set kernFlow from external packages as Go doesn't allow to acces to C struct from different packages.
Types ¶
type ApplicationPortMap ¶
ApplicationPortMap maps UDP and TCP port numbers to service names
func NewApplicationPortMapFromConfig ¶
func NewApplicationPortMapFromConfig() *ApplicationPortMap
NewApplicationPortMapFromConfig returns a new application port mapper and load it from the configuration file
type BPF ¶
type BPF struct {
// contains filtered or unexported fields
}
BPF describes a filter
type ExtraLayers ¶
type ExtraLayers int
ExtraLayers defines extra layer to be pushed in flow
const ( // VRRPLayer extra layer VRRPLayer ExtraLayers = 1 // DNSLayer extra layer DNSLayer ExtraLayers = 2 // DHCPv4Layer extra layer DHCPv4Layer ExtraLayers = 4 // ALLLayer all extra layers ALLLayer ExtraLayers = 255 )
func (ExtraLayers) Extract ¶
func (e ExtraLayers) Extract() []string
Extract returns a string list of the ExtraLayers protocol
func (ExtraLayers) MarshalJSON ¶
func (e ExtraLayers) MarshalJSON() ([]byte, error)
MarshalJSON serializes the ExtraLayers structure
func (*ExtraLayers) Parse ¶
func (e *ExtraLayers) Parse(s ...string) error
Parse set the ExtraLayers struct with the given list of protocol strings
func (ExtraLayers) String ¶
func (e ExtraLayers) String() string
String returns a string of the list of the protocols
func (*ExtraLayers) UnmarshalJSON ¶
func (e *ExtraLayers) UnmarshalJSON(data []byte) error
UnmarshalJSON deserializes json input to ExtraLayers
type IPDefragger ¶
IPDefragger defines an IPv4 defragmenter
func NewIPDefragger ¶
func NewIPDefragger() *IPDefragger
NewIPDefragger returns a new IPv4 defragger
func (*IPDefragger) Defrag ¶
func (d *IPDefragger) Defrag(packet gopacket.Packet) (*IPMetric, bool)
Defrag tries to defragment
func (*IPDefragger) FlushAll ¶
func (d *IPDefragger) FlushAll()
FlushAll frees all the fragment resources
func (*IPDefragger) FlushOlderThan ¶
func (d *IPDefragger) FlushOlderThan(t time.Time)
FlushOlderThan frees resources for fragment older than the give time
type IPDefraggerMetric ¶
type IPDefraggerMetric struct {
// contains filtered or unexported fields
}
IPDefraggerMetric defines the structure keeping metrics of fragments
type LayerKeyMode ¶
type LayerKeyMode int
LayerKeyMode defines what are the layers used for the flow key calculation
const ( DefaultLayerKeyMode = L2KeyMode // default mode L2KeyMode LayerKeyMode = 0 // uses Layer2 and Layer3 for hash computation, default mode L3PreferedKeyMode LayerKeyMode = 1 // uses Layer3 only and layer2 if no Layer3 )
Flow key calculation modes
func LayerKeyModeByName ¶
func LayerKeyModeByName(name string) (LayerKeyMode, error)
LayerKeyModeByName converts a string to a layer key mode
func (LayerKeyMode) String ¶
func (l LayerKeyMode) String() string
type MergeContext ¶
type MergeContext struct {
Sort bool
SortBy string
SortOrder common.SortOrder
Dedup bool
DedupBy string
}
MergeContext describes a mechanism to merge flow sets
type Operation ¶
type Operation struct {
Key uint64
Flow *Flow
Type OperationType
}
Operation describes a flow operation
type OperationType ¶
type OperationType int
OperationType operation type of a Flow in a flow table
const ( // ReplaceOperation replace the flow ReplaceOperation OperationType = iota // UpdateOperation update the flow UpdateOperation )
type Opts ¶
type Opts struct {
TCPMetric bool
IPDefrag bool
LayerKeyMode LayerKeyMode
AppPortMap *ApplicationPortMap
ExtraLayers ExtraLayers
}
Opts describes options that can be used to process flows
type Packet ¶
type Packet struct {
GoPacket gopacket.Packet // orignal gopacket
Layers []gopacket.Layer // layer of the sub packet
Data []byte // byte of the sub packet
Length int64 // length of the original packet meaning layers + payload
IPMetric *IPMetric
// contains filtered or unexported fields
}
Packet describes one packet
func (*Packet) ApplicationFlow ¶
ApplicationFlow returns first application flow
func (*Packet) NetworkLayer ¶
func (p *Packet) NetworkLayer() gopacket.NetworkLayer
NetworkLayer return first network layer
func (*Packet) TransportFlow ¶
TransportFlow returns first transport flow
func (*Packet) TransportLayer ¶
func (p *Packet) TransportLayer() gopacket.TransportLayer
TransportLayer returns first transport layer
type PacketSequence ¶
type PacketSequence struct {
Packets []*Packet
}
PacketSequence represents a suite of parent/child Packet
func PacketSeqFromGoPacket ¶
func PacketSeqFromGoPacket(packet gopacket.Packet, outerLength int64, bpf *BPF, defragger *IPDefragger) *PacketSequence
PacketSeqFromGoPacket split original packet into multiple packets in case of encapsulation like GRE, VXLAN, etc.
func PacketSeqFromSFlowSample ¶
func PacketSeqFromSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF, defragger *IPDefragger) []*PacketSequence
PacketSeqFromSFlowSample returns an array of Packets as a sample contains multiple records which generate a Packets each.
type PcapTableFeeder ¶
PcapTableFeeder replaies a pcap file
func NewPcapTableFeeder ¶
func NewPcapTableFeeder(r io.ReadCloser, packetsChan chan *PacketSequence, replay bool, bpfFilter string) (*PcapTableFeeder, error)
NewPcapTableFeeder reads a pcap from a file reader and inject it in a flow table
type PcapWriter ¶
type PcapWriter struct {
// contains filtered or unexported fields
}
PcapWriter provides helpers on top of gopacket pcap to write pcap files.
func NewPcapWriter ¶
func NewPcapWriter(w io.Writer) *PcapWriter
NewPcapWriter returns a new PcapWriter based on the given io.Writer. Due to the current limitation of the gopacket pcap implementation only RawPacket with Ethernet link type are supported.
func (*PcapWriter) WriteRawPacket ¶
func (p *PcapWriter) WriteRawPacket(r *RawPacket) error
WriteRawPacket writes a RawPacket
func (*PcapWriter) WriteRawPackets ¶
func (p *PcapWriter) WriteRawPackets(fr []*RawPacket) error
WriteRawPackets writes a RawPackets iterating over the RawPackets and using WriteRawPacket for each.
type Sender ¶
type Sender interface {
SendFlows(flows []*Flow)
}
Sender defines a flows sender interface
type TCPAssembler ¶
type TCPAssembler struct {
// contains filtered or unexported fields
}
TCPAssembler defines a tcp reassembler
func NewTCPAssembler ¶
func NewTCPAssembler() *TCPAssembler
NewTCPAssembler returns a new TCPAssembler
func (*TCPAssembler) Assemble ¶
func (t *TCPAssembler) Assemble(packet gopacket.Packet)
Assemble add a new packet to be reassembled
func (*TCPAssembler) FlushOlderThan ¶
func (t *TCPAssembler) FlushOlderThan(tm time.Time)
FlushOlderThan frees the resources older than the given time
func (*TCPAssembler) New ¶
func (t *TCPAssembler) New(network, transport gopacket.Flow) tcpassembly.Stream
New creates a new stream. It's called whenever the assembler sees a stream it isn't currently following.
func (*TCPAssembler) RegisterFlow ¶
func (t *TCPAssembler) RegisterFlow(flow *Flow, packet gopacket.Packet)
RegisterFlow registers a new flow to be tracked
type TCPAssemblerStream ¶
type TCPAssemblerStream struct {
// contains filtered or unexported fields
}
TCPAssemblerStream will handle the actual tcp stream decoding
func (*TCPAssemblerStream) Reassembled ¶
func (s *TCPAssemblerStream) Reassembled(reassemblies []tcpassembly.Reassembly)
Reassembled is called whenever new packet data is available for reading. Reassembly objects contain stream data in received order.
func (*TCPAssemblerStream) ReassemblyComplete ¶
func (s *TCPAssemblerStream) ReassemblyComplete()
ReassemblyComplete is called when the TCP assembler believes a stream has finished.
type Table ¶
type Table struct {
Opts TableOpts
// contains filtered or unexported fields
}
Table store the flow table and related metrics mechanism
func NewTable ¶
func NewTable(updateEvery, expireAfter time.Duration, sender Sender, uuids UUIDs, opts ...TableOpts) *Table
NewTable creates a new flow table
func (*Table) FeedWithGoPacket ¶
FeedWithGoPacket feeds the table with a gopacket
func (*Table) FeedWithSFlowSample ¶
func (ft *Table) FeedWithSFlowSample(sample *layers.SFlowFlowSample, bpf *BPF)
FeedWithSFlowSample feeds the table with sflow samples
func (*Table) IPDefragger ¶
func (ft *Table) IPDefragger() *IPDefragger
IPDefragger returns the ipDefragger if enabled
func (*Table) Start ¶
func (ft *Table) Start() (chan *PacketSequence, chan *EBPFFlow, chan *Operation)
Start the flow table
func (*Table) State ¶
func (ft *Table) State() common.ServiceState
State returns the state of the flow table, stopped, running...
type TableAllocator ¶
TableAllocator aims to create/allocate a new flow table
func NewTableAllocator ¶
func NewTableAllocator(updateEvery, expireAfter time.Duration, sender Sender) *TableAllocator
NewTableAllocator creates a new flow table
func (*TableAllocator) Alloc ¶
func (a *TableAllocator) Alloc(uuids UUIDs, opts TableOpts) *Table
Alloc instantiate/allocate a new table
func (*TableAllocator) ExpireAfter ¶
func (a *TableAllocator) ExpireAfter() time.Duration
ExpireAfter returns the expiration duration
func (*TableAllocator) QueryTable ¶
func (a *TableAllocator) QueryTable(tq *TableQuery) *TableReply
QueryTable search/query within the flow table
func (*TableAllocator) Release ¶
func (a *TableAllocator) Release(t *Table)
Release release/destroy a flow table
type TableClient ¶
type TableClient interface {
LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)
LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)
}
TableClient describes a mechanism to query a flow table
type TableOpts ¶
type TableOpts struct {
RawPacketLimit int64
ExtraTCPMetric bool
IPDefrag bool
ReassembleTCP bool
LayerKeyMode LayerKeyMode
ExtraLayers ExtraLayers
}
TableOpts defines flow table options
type WSTableClient ¶
type WSTableClient struct {
// contains filtered or unexported fields
}
WSTableClient implements a flow table client using WebSocket
func NewWSTableClient ¶
func NewWSTableClient(w *ws.StructServer) *WSTableClient
NewWSTableClient creates a new table client based on websocket
func (*WSTableClient) LookupFlows ¶
func (f *WSTableClient) LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)
LookupFlows query flow table based on a filter search query
func (*WSTableClient) LookupFlowsByNodes ¶
func (f *WSTableClient) LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)
LookupFlowsByNodes query flow table based on multiple nodes
type WSTableServer ¶
type WSTableServer struct {
TableAllocator *TableAllocator
}
WSTableServer describes a mechanism to Query a flow table via Websocket
func NewWSTableServer ¶
func NewWSTableServer(allocator *TableAllocator, pool ws.StructSpeakerPool) *WSTableServer
NewWSTableServer creates a new flow table query server based on websocket
func (*WSTableServer) OnStructMessage ¶
func (s *WSTableServer) OnStructMessage(c ws.Speaker, msg *ws.StructMessage)
OnStructMessage TableQuery
func (*WSTableServer) OnTableQuery ¶
func (s *WSTableServer) OnTableQuery(c ws.Speaker, msg *ws.StructMessage)
OnTableQuery event
Source Files
Directories