netflow

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 22, 2023 License: MIT Imports: 22 Imported by: 0

Documentation

Overview

Package netflow collects eBPF-network netflow metrics

Index

Constants

View Source 
const (
	ConnL3Mask uint32 = 0xFF
	ConnL3IPv4 uint32 = 0x00 // 0x00
	ConnL3IPv6 uint32 = 0x01 // 0x01

	ConnL4Mask uint32 = 0xFF00
	ConnL4TCP  uint32 = 0x0000 // 0x00 << 8
	ConnL4UDP  uint32 = 0x0100 // 0x01 << 8
)
View Source 
const (
	ConnDirectionAuto = iota
	ConnDirectionIncoming
	ConnDirectionOutgoing
	ConnDirectionUnknown
)
View Source 
const (
	TCP_ESTABLISHED = iota + 1
	TCP_SYN_SENT
	TCP_SYN_RECV
	TCP_FIN_WAIT1
	TCP_FIN_WAIT2
	TCP_TIME_WAIT
	TCP_CLOSE
	TCP_CLOSE_WAIT
	TCP_LAST_ACK
	TCP_LISTEN
	TCP_CLOSING
	TCP_NEW_SYN_RECV
	TCP_MAX_STATES
)
View Source 
const (
	NoValue           = "N/A"
	DirectionOutgoing = "outgoing"
	DirectionIncoming = "incoming"
)
View Source 
const (
	EphemeralPortMin = 32768
	EphemeralPortMax = 60999
)
View Source 
const KernelTaskCommLen = 16

Variables

View Source 
var SrcIPPortRecorder = func() *srcIPPortRecorder {
	ptr := &srcIPPortRecorder{
		Record: map[[4]uint32]IPPortRecord{},
	}
	go ptr.AutoClean()
	return ptr
}()

Functions

func AddK8sTags2Map 

func AddK8sTags2Map(k8sNetInfo *k8sinfo.K8sNetInfo,
	basekey *BaseKey, mTags map[string]string,
) map[string]string

func ConnAddrIsIPv4 

func ConnAddrIsIPv4(meta uint32) bool

func ConnCmpNoPid 

func ConnCmpNoPid(expected, actual ConnectionInfo) bool

func ConnCmpNoSPort 

func ConnCmpNoSPort(expected, actual ConnectionInfo) bool

func ConnDirection2Str 

func ConnDirection2Str(direction uint8) string

func ConnIPv4Type 

func ConnIPv4Type(addr uint32) string

func ConnIPv6Type 

func ConnIPv6Type(addr [4]uint32) string

func ConnNotNeedToFilter 

func ConnNotNeedToFilter(conn *ConnectionInfo, connStats *ConnFullStats) bool

ConnNotNeedToFilter rules: 1. Filter connections with the same source IP and destination IP; 2. Filter the connection of loopback ip; 3. Filter connections without data sending and receiving within a collection cycle; 4. Filter connections with port 0 or ip address :: or 0.0.0.0; Need to filter, the function returns False.

func ConnProtocolIsTCP 

func ConnProtocolIsTCP(meta uint32) bool

func ConvConn2M 

func ConvConn2M(k ConnectionInfo, v ConnFullStats, name string,
	gTags map[string]string, ptTime time.Time, pidMap map[int][2]string,
) (*client.Point, error)

func IPPortFilterIn 

func IPPortFilterIn(conn *ConnectionInfo) bool

func IsEphemeralPort 

func IsEphemeralPort(port uint32) bool

func IsIncomingFromK8s 

func IsIncomingFromK8s(k8sNetInfo *k8sinfo.K8sNetInfo, srcIP string,
	srcPort uint32, transport string,
) bool

func NewNetFlowManger 

func NewNetFlowManger(constEditor []manager.ConstantEditor, ctMap map[string]*ebpf.Map, closedEventHandler func(cpu int, data []byte,
	perfmap *manager.PerfMap, manager *manager.Manager),
) (*manager.Manager, error)

func SetDNSRecord 

func SetDNSRecord(r dnsRecorder)

func SetEphemeralPortMin 

func SetEphemeralPortMin(val int32)

func SetK8sNetInfo 

func SetK8sNetInfo(n *k8sinfo.K8sNetInfo)

func SetLogger 

func SetLogger(nl *logger.Logger)

func SwapU16 

func SwapU16(v uint16) uint16

func U32BEToIP 

func U32BEToIP(addr [4]uint32, isIPv6 bool) net.IP

func U32BEToIPv4Array 

func U32BEToIPv4Array(addr uint32) [4]uint8

func U32BEToIPv6Array 

func U32BEToIPv6Array(addr [4]uint32) [8]uint16

Types

type BaseKey 

type BaseKey struct {
	SAddr string
	DAddr string

	SPort uint32
	DPort uint32

	Transport string

	DNATAddr string
	DNATPort uint32
}

type ConnFullStats 

type ConnFullStats struct {
	Stats    ConnectionStats
	TCPStats ConnectionTCPStats

	TotalClosed      int64
	TotalEstablished int64
}

func StatsOp 

func StatsOp(op string, fullConn ConnFullStats, connStats ConnectionStats) ConnFullStats

StatsOp fullConn = connStats op("+", "-", ...) fullConn.

func StatsTCPOp 

func StatsTCPOp(op string, fullConn ConnFullStats, connStats ConnectionStats,
	tcpstats ConnectionTCPStats) ConnFullStats

StatsTCPOp op: operator; fullConn: a saved connection statistics; connStat: new connection statistics; tcpstats: TCP statistics.

type ConnResult 

type ConnResult struct {
	// contains filtered or unexported fields
}

type ConnStatsRecord 

type ConnStatsRecord struct {
	sync.Mutex
	// contains filtered or unexported fields
}

type ConncetionClosedInfo 

type ConncetionClosedInfo struct {
	Info     ConnectionInfo
	Stats    ConnectionStats
	TCPStats ConnectionTCPStats
}

type ConncetionClosedInfoC 

type ConncetionClosedInfoC C.struct_connection_closed_info

type ConnectionInfo 

type ConnectionInfo struct {
	Saddr [4]uint32
	Daddr [4]uint32
	Sport uint32
	Dport uint32
	Pid   uint32
	Netns uint32
	Meta  uint32

	NATDaddr [4]uint32
	NATDport uint32

	ProcessName string
}

func (ConnectionInfo) String 

func (conn ConnectionInfo) String() string

type ConnectionInfoC 

type ConnectionInfoC C.struct_connection_info

type ConnectionStats 

type ConnectionStats struct {
	SentBytes   uint64
	RecvBytes   uint64
	SentPackets uint64
	RecvPackets uint64
	Timestamp   uint64
	Flags       uint32

	NATDaddr [4]uint32
	NATDport uint32

	Direction uint8
}

type ConnectionStatsC 

type ConnectionStatsC C.struct_connection_stats

type ConnectionTCPStats 

type ConnectionTCPStats struct {
	StateTransitions uint16
	Retransmits      int32
	Rtt              uint32
	RttVar           uint32
}

type ConnectionTCPStatsC 

type ConnectionTCPStatsC C.struct_connection_tcp_stats

type FlowAgg 

type FlowAgg struct {
	// contains filtered or unexported fields
}

func (*FlowAgg) Append 

func (agg *FlowAgg) Append(info ConnectionInfo, stats ConnFullStats) error

func (*FlowAgg) Clean 

func (agg *FlowAgg) Clean()

func (*FlowAgg) Len 

func (agg *FlowAgg) Len() int

func (*FlowAgg) ToPoint 

func (agg *FlowAgg) ToPoint(tags map[string]string,
	k8sInfo *k8sinfo.K8sNetInfo,
) []*client.Point

type IPPortRecord 

type IPPortRecord struct {
	IP [4]uint32
	TS time.Time
}

type NetFlowTracer 

type NetFlowTracer struct {
	// contains filtered or unexported fields
}

func NewNetFlowTracer 

func NewNetFlowTracer(procFilter *tracing.ProcessFilter) *NetFlowTracer

func (*NetFlowTracer) ClosedEventHandler 

func (tracer *NetFlowTracer) ClosedEventHandler(cpu int, data []byte,
	perfmap *manager.PerfMap, manager *manager.Manager,
)

func (*NetFlowTracer) Run 

func (tracer *NetFlowTracer) Run(ctx context.Context, bpfManger *manager.Manager,
	datakitPostURL string, gTags map[string]string, interval time.Duration,
) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.