README
¶
mokumokuren 目目連
lightweight flow meter using gopacket
design inspired by the pathspider observer.
Here's more on the spirits this module is named after.
Documentation
¶
Index ¶
- Constants
- Variables
- func RegisterDataIndex() int
- type FlowChainFn
- type FlowEntry
- type FlowKey
- type FlowTable
- func (ft *FlowTable) AddEmitterFunction(fn FlowChainFn)
- func (ft *FlowTable) AddInitialFunction(fn PacketChainFn)
- func (ft *FlowTable) AddLayerFunction(fn LayerChainFn, layerType gopacket.LayerType)
- func (ft *FlowTable) CountPacketsAndOctets()
- func (ft *FlowTable) HandlePacket(pkt gopacket.Packet)
- func (ft *FlowTable) Shutdown()
- func (ft *FlowTable) TrackRoundTripTime()
- func (ft *FlowTable) TrackTCPClose()
- type IdleQueue
- type LayerChainFn
- type PacketChainFn
- type PacketEvent
- type QUICHeader
- type RTTData
Constants ¶
View Source
const ( QUICPktTypeShortP0P1 = 0x01 QUICPktTypeShortP0P2 = 0x02 QUICPktTypeShortP0P4 = 0x03 QUICPktTypeShortP1P1 = 0x21 QUICPktTypeShortP1P2 = 0x22 QUICPktTypeShortP1P4 = 0x23 QUICPktTypeShortCidP0P1 = 0x41 QUICPktTypeShortCidP0P2 = 0x42 QUICPktTypeShortCidP0P4 = 0x43 QUICPktTypeShortCidP1P1 = 0x61 QUICPktTypeShortCidP1P2 = 0x62 QUICPktTypeShortCidP1P4 = 0x63 QUICPktTypeVersionNego = 0x81 QUICPktTypeClientInitial = 0x82 QUICPktTypeServerStatelessRetry = 0x83 QUICPktTypeServerCleartext = 0x84 QUICPktTypeClientCleartext = 0x85 QUICPktTypeLongZeroRtt = 0x86 )
QUIC header packet types
View Source
const BIN_QUANTUM = 10
View Source
const IDLE_TIMEOUT = 30
Variables ¶
View Source
var MeasurementBytePresent bool = false
MeasurementBytePresent if true, causes the QUICHeader parser to snarf a measurement byte.
View Source
var NotQUIC error
Constant error returned by ExtractFromUDP when the packet is not a QUIC packet
View Source
var QUICHeaderTruncated error
Constant error returned by ExtractFromUDP when the packet doesn't have enough bytes
View Source
var QUICPort uint16 = 0
QUICPort if non-zero, enables port-based QUIC recognition.
View Source
var RTTDataIndex int
Functions ¶
func RegisterDataIndex ¶
func RegisterDataIndex() int
Types ¶
type FlowChainFn ¶
type FlowEntry ¶
type FlowEntry struct {
// Flow key
Key FlowKey
// Timestamp of first packet in the flow
StartTime *time.Time
// Timestamp of last packet in the flow
LastTime *time.Time
// Count of packets observed in the forward direction
FwdPktCount uint64
// Count of packets observed in the reverse direction
RevPktCount uint64
// Count of octets observed in the forward direction
FwdOctCount uint64
// Count of octets observed in the reverse direction
RevOctCount uint64
// Arbitrary data for non-core chain functions
Data []interface{}
// contains filtered or unexported fields
}
FIXME: make FlowEntry an interface? see #1.
type FlowKey ¶
type FlowKey struct {
Sip string // FIXME this is a stupid hack but net.IP isn't comparable
Dip string // FIXME this is a stupid hack but net.IP isn't comparable
Sp uint16
Dp uint16
P uint8
}
func ExtractFlowKey ¶
Extract a flow key from a packet
type FlowTable ¶
type FlowTable struct {
// contains filtered or unexported fields
}
Contains the set of currently active flows
func NewFlowTable ¶
func NewFlowTable() (ft *FlowTable)
func (*FlowTable) AddEmitterFunction ¶
func (ft *FlowTable) AddEmitterFunction(fn FlowChainFn)
func (*FlowTable) AddInitialFunction ¶
func (ft *FlowTable) AddInitialFunction(fn PacketChainFn)
func (*FlowTable) AddLayerFunction ¶
func (ft *FlowTable) AddLayerFunction(fn LayerChainFn, layerType gopacket.LayerType)
func (*FlowTable) CountPacketsAndOctets ¶
func (ft *FlowTable) CountPacketsAndOctets()
func (*FlowTable) HandlePacket ¶
func (*FlowTable) TrackRoundTripTime ¶
func (ft *FlowTable) TrackRoundTripTime()
func (*FlowTable) TrackTCPClose ¶
func (ft *FlowTable) TrackTCPClose()
Adds functions for finishing flows on TCP FIN and RST to a given flow table
type IdleQueue ¶
type IdleQueue struct {
// contains filtered or unexported fields
}
func (*IdleQueue) NextIdleBefore ¶
func (*IdleQueue) OldestFlowTime ¶
Get the time associated with the least recently active flow.
type LayerChainFn ¶
type LayerChainFn func(*FlowEntry, *PacketEvent, gopacket.Layer) bool
type PacketChainFn ¶
type PacketChainFn func(*FlowEntry, *PacketEvent) bool
type PacketEvent ¶
type PacketEvent struct {
// the packet that arrived
Packet gopacket.Packet
// time at which the packet arrived
Timestamp *time.Time
// set if the packet matched a reverse flow key
Reverse bool
}
PacketEvent represents the arrival of a packet at a given time.
type QUICHeader ¶
type QUICHeader struct {
PktType byte // packet type, not decoded
ConnID uint64 // Connection ID
PktNum uint32 // Packet Number
PktNumLen int // Length of packet number on wire
Version uint32 // Version number for VN packets
KeyPhase int // Key phase for short packets
MeasurementData []byte // Piet's measurement byte
Payload []byte
}
QUICHeader represents a QUIC packet header or QUIC special packet
func (*QUICHeader) ExtractFromUDP ¶
func (q *QUICHeader) ExtractFromUDP(udp *layers.UDP) error
func (*QUICHeader) FullPacketNumber ¶
func (q *QUICHeader) FullPacketNumber(last uint64) uint64
Given a last packet number, decode this packet's encoded packet number as a full packet number
type RTTData ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.