flow

package
v0.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2017 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultCaptureLength : default packet capture length
	DefaultCaptureLength uint32 = 256
	// MaxCaptureLength : maximum capture length accepted
	MaxCaptureLength uint32 = 4096
	// MaxRawPacketLimit : maximum raw packet captured, limitation could be removed once flow over tcp
	MaxRawPacketLimit uint32 = 10
	// DefaultFlowProtobufSize : the default protobuf size without any raw packet for a flow
	DefaultProtobufFlowSize = 500
)
View Source 
const (
	Namespace = "Flow"
)

Namespace "Flow"

Variables

View Source 
var ErrFlowProtocol = errors.New("FlowProtocol invalid")

ErrFlowProtocol invalid protocol error

View Source 
var LayerTypeInGRE = gopacket.RegisterLayerType(55555, gopacket.LayerTypeMetadata{Name: "LayerTypeInGRE", Decoder: gopacket.DecodeFunc(decodeInGRELayer)})

LayerTypeInGRE creates a layer type, should be unique and high, so it doesn't conflict, giving it a name and a decoder to use.

Functions

func BPFFilterToRaw added in v0.12.0 

func BPFFilterToRaw(linkType layers.LinkType, captureLength uint32, filter string) ([]bpf.RawInstruction, error)

BPFFilterToRaw creates a raw binary filter from a BPF expression

func HashFromValues added in v0.5.0 

func HashFromValues(ab interface{}, ba interface{}) []byte

HashFromValues calculates a unique symetric flow layer hash

func NewFilterForFlowSet added in v0.12.0 

func NewFilterForFlowSet(flowset *FlowSet) *filters.Filter

NewFilterForFlowSet creates a new filter based on a set of flows

func NewFilterForNodeTIDs added in v0.12.0 

func NewFilterForNodeTIDs(uuids []string) *filters.Filter

NewFilterForNodeTIDs creates a new filter based on flow NodeTID, ANodeTID, BNodeTID

func NewFilterForNodes added in v0.5.0 

func NewFilterForNodes(nodes []*graph.Node) *filters.Filter

NewFilterForNodes creates a new filter based on graph nodes

Types

type BPF added in v0.12.0 

type BPF struct {
	// contains filtered or unexported fields
}

BPF describes a filter

func NewBPF added in v0.12.0 

func NewBPF(linkType layers.LinkType, captureLength uint32, filter string) (*BPF, error)

NewBPF creates a new BPF filter

func (*BPF) Matches added in v0.12.0 

func (b *BPF) Matches(data []byte) bool

Matches returns true data match the filter

type Enhancer added in v0.12.0 

type Enhancer interface {
	Enhance(flow *Flow)
}

Enhancer should Enhance the flow via this interface

type EnhancerPipeline added in v0.12.0 

type EnhancerPipeline struct {
	Enhancers []Enhancer
}

EnhancerPipeline describes a list of flow enhancer

func NewEnhancerPipeline added in v0.12.0 

func NewEnhancerPipeline(enhancers ...Enhancer) *EnhancerPipeline

NewEnhancerPipeline registers a list of flow Enhancer

func (*EnhancerPipeline) AddEnhancer added in v0.12.0 

func (e *EnhancerPipeline) AddEnhancer(en Enhancer)

AddEnhancer registers a new flow enhancer

func (*EnhancerPipeline) Enhance added in v0.12.0 

func (e *EnhancerPipeline) Enhance(flows []*Flow)

Enhance a list of flows

func (*EnhancerPipeline) EnhanceFlow added in v0.12.0 

func (e *EnhancerPipeline) EnhanceFlow(flow *Flow)

EnhanceFlow enhance a flow from with all registered enhancer

type ExpireUpdateFunc added in v0.3.0 

type ExpireUpdateFunc func(f []*Flow)

ExpireUpdateFunc defines expire and updates callback

type Handler added in v0.12.0 

type Handler struct {
	// contains filtered or unexported fields
}

Handler defines a flow callback called every time

func NewFlowHandler added in v0.5.0 

func NewFlowHandler(callback ExpireUpdateFunc, every time.Duration) *Handler

NewFlowHandler creates a flow callback handler that will be asynchronously called every time

type ICMPv4 added in v0.12.0 

type ICMPv4 struct {
	layers.ICMPv4
	Type ICMPType
}

ICMPv4 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv4) Payload added in v0.12.0 

func (i *ICMPv4) Payload() []byte

Payload returns the ICMP payload

type ICMPv6 added in v0.12.0 

type ICMPv6 struct {
	layers.ICMPv6
	Type ICMPType
	Id   uint16
}

ICMPv6 aims to store ICMP metadata and aims to be used for the flow hash key

func (*ICMPv6) Payload added in v0.12.0 

func (i *ICMPv6) Payload() []byte

Payload returns the ICMP payload

type Key added in v0.12.0 

type Key string

Key describes a unique flow Key

func KeyFromGoPacket added in v0.12.0 

func KeyFromGoPacket(p *gopacket.Packet, parentUUID string) Key

KeyFromGoPacket returns the unique flow key The unique key is calculated based on parentUUID, network, transport and applicable layers

func (Key) String added in v0.12.0 

func (f Key) String() string

type MergeContext added in v0.9.0 

type MergeContext struct {
	Sort      bool
	SortBy    string
	SortOrder common.SortOrder
	Dedup     bool
	DedupBy   string
}

MergeContext describes a mechanism to merge flow sets

type Packet added in v0.12.0 

type Packet struct {
	// contains filtered or unexported fields
}

Packet describes one packet

type Packets added in v0.12.0 

type Packets struct {
	Packets   []Packet
	Timestamp int64
}

Packets represents a suite of parent/child Packet

func PacketsFromGoPacket added in v0.12.0 

func PacketsFromGoPacket(packet *gopacket.Packet, outerLength int64, t int64, bpf *BPF) *Packets

PacketsFromGoPacket split original packet into multiple packets in case of encapsulation like GRE, VXLAN, etc.

func PacketsFromSFlowSample added in v0.12.0 

func PacketsFromSFlowSample(sample *layers.SFlowFlowSample, t int64, bpf *BPF) []*Packets

PacketsFromSFlowSample returns an array of Packets as a sample contains mutlple records which generate a Packets each.

type PcapTableFeeder added in v0.12.0 

type PcapTableFeeder struct {
	sync.WaitGroup
	// contains filtered or unexported fields
}

PcapTableFeeder replaies a pcap file

func NewPcapTableFeeder added in v0.12.0 

func NewPcapTableFeeder(r io.ReadCloser, packetsChan chan *Packets, replay bool, bpfFilter string) (*PcapTableFeeder, error)

NewPcapTableFeeder reads a pcap from a file reader and inject it in a flow table

func (*PcapTableFeeder) Start added in v0.12.0 

func (p *PcapTableFeeder) Start()

Start a pcap injector

func (*PcapTableFeeder) Stop added in v0.12.0 

func (p *PcapTableFeeder) Stop()

Stop a pcap injector

type PcapWriter added in v0.12.0 

type PcapWriter struct {
	// contains filtered or unexported fields
}

PcapWriter provides helpers on top of gopacket pcap to write pcap files.

func NewPcapWriter added in v0.12.0 

func NewPcapWriter(w io.Writer) *PcapWriter

NewPcapWriter returns a new PcapWriter based on the given io.Writer. Due to the current limitation of the gopacket pcap implementation only RawPacket with Ethernet link type are supported.

func (*PcapWriter) WriteRawPacket added in v0.12.0 

func (p *PcapWriter) WriteRawPacket(r *RawPacket) error

WriteRawPacket writes a RawPacket

func (*PcapWriter) WriteRawPackets added in v0.12.0 

func (p *PcapWriter) WriteRawPackets(fr *RawPackets) error

WriteRawPackets writes a RawPackets iterating over the RawPackets and using WriteRawPacket for each.

type RawPackets added in v0.12.0 

type RawPackets struct {
	LinkType   layers.LinkType
	RawPackets []*RawPacket
}

RawPackets embeds flow RawPacket array with the associated link type

type Table added in v0.5.0 

type Table struct {
	Opts        TableOpts
	PacketsChan chan *Packets
	// contains filtered or unexported fields
}

Table store the flow table and related metrics mechanism

func NewTable added in v0.5.0 

func NewTable(updateHandler *Handler, expireHandler *Handler, pipeline *EnhancerPipeline, nodeTID string, opts ...TableOpts) *Table

NewTable creates a new flow table

func (*Table) Query added in v0.5.0 

func (ft *Table) Query(query *TableQuery) *TableReply

Query a flow table

func (*Table) Run added in v0.9.0 

func (ft *Table) Run()

Run background jobs, like update/expire entries event

func (*Table) Start added in v0.5.0 

func (ft *Table) Start() chan *Packets

Start the flow table

func (*Table) Stop added in v0.5.0 

func (ft *Table) Stop()

Stop the flow table

type TableAllocator added in v0.5.0 

type TableAllocator struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

TableAllocator aims to create/allocate a new flow table

func NewTableAllocator added in v0.5.0 

func NewTableAllocator(update, expire time.Duration, pipeline *EnhancerPipeline) *TableAllocator

NewTableAllocator creates a new flow table

func (*TableAllocator) Alloc added in v0.5.0 

func (a *TableAllocator) Alloc(flowCallBack ExpireUpdateFunc, nodeTID string, opts TableOpts) *Table

Alloc instanciate/allocate a new table

func (*TableAllocator) QueryTable added in v0.5.0 

func (a *TableAllocator) QueryTable(query *TableQuery) *TableReply

QueryTable search/query within the flow table

func (*TableAllocator) Release added in v0.5.0 

func (a *TableAllocator) Release(t *Table)

Release release/destroy a flow table

type TableClient added in v0.5.0 

type TableClient struct {
	shttp.DefaultWSServerEventHandler
	WSServer *shttp.WSServer
	// contains filtered or unexported fields
}

TableClient describes a mechanism to Query a flow table via flowSet in JSON

func NewTableClient added in v0.5.0 

func NewTableClient(w *shttp.WSServer) *TableClient

NewTableClient creates a new table client based on websocket

func (*TableClient) LookupFlows added in v0.5.0 

func (f *TableClient) LookupFlows(flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlows query flow table based on a filter search query

func (*TableClient) LookupFlowsByNodes added in v0.5.0 

func (f *TableClient) LookupFlowsByNodes(hnmap topology.HostNodeTIDMap, flowSearchQuery filters.SearchQuery) (*FlowSet, error)

LookupFlowsByNodes query flow table based on multiple nodes

func (*TableClient) OnMessage added in v0.5.0 

func (f *TableClient) OnMessage(c *shttp.WSClient, m shttp.WSMessage)

OnMessage event

type TableOpts added in v0.12.0 

type TableOpts struct {
	RawPacketLimit int64
}

TableOpt defines flow table options

type TableQuery added in v0.5.0 

type TableQuery struct {
	Type string
	Obj  []byte
}

TableQuery contains a type and a query obj as an array of bytes. The query can be encoded in different ways according the type.

type TableReply added in v0.5.0 

type TableReply struct {
	Obj [][]byte
	// contains filtered or unexported fields
}

TableReply is the response to a TableQuery containing a Status and an array of replies that can be encoded in many ways, ex: json, protobuf.

type TableServer added in v0.5.0 

type TableServer struct {
	shttp.DefaultWSClientEventHandler
	WSAsyncClientPool *shttp.WSAsyncClientPool
	TableAllocator    *TableAllocator
}

TableServer describes a mechanism to Query a flow table via Websocket

func NewServer added in v0.5.0 

func NewServer(allocator *TableAllocator, wspool *shttp.WSAsyncClientPool) *TableServer

NewServer creates a new flow table query server based on websocket

func (*TableServer) OnMessage added in v0.5.0 

func (s *TableServer) OnMessage(c *shttp.WSAsyncClient, msg shttp.WSMessage)

OnMessage TableQuery

func (*TableServer) OnTableQuery added in v0.5.0 

func (s *TableServer) OnTableQuery(c *shttp.WSAsyncClient, msg shttp.WSMessage)

OnTableQuery event

Source Files

  • allocator.go
  • bpf.go
  • client.go
  • decoder.go
  • filters.go
  • flow.go
  • hash.go
  • metrics.go
  • pcap.go
  • pipeline.go
  • server.go
  • set.go
  • table.go

Directories

Path Synopsis
client
server
afpacket
Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
 Package afpacket provides Go bindings for MMap'd AF_PACKET socket reading.
elasticsearch
orientdb

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.