dispatch

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2019 License: GPL-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package dispatch provides dispatching of network/kernel events to various subscribers It provides an API for plugins to subscribe to for 3 types of network events 1) NFqueue (netfilter queue) packets 2) Conntrack events (New, Update, Destroy) 3) Netlogger events (from NFLOG target) The dispatch will register global callbacks with the kernel package and then dispatch events to subscribers accordingly

Index

Constants

View Source 
const CertfetchPriority = 2

CertfetchPriority ...

View Source 
const CertsniffPriority = 2

CertsniffPriority ...

View Source 
const ClassifyPriority = 2

ClassifyPriority ...

View Source 
const DNSPriority = 2

DNSPriority ...

View Source 
const ExamplePriority = 2

ExamplePriority ...

View Source 
const GeoipPriority = 2

GeoipPriority ...

View Source 
const NfAccept = 1

NfAccept is the NF_ACCEPT constant

View Source 
const NfDrop = 0

NfDrop is NF_DROP constant

View Source 
const ReporterPriority = 1

ReporterPriority ... We want this to be called FIRST

View Source 
const RevDNSPriority = 2

RevDNSPriority ...

View Source 
const SniPriority = 2

SniPriority ...

View Source 
const StatsPriority = 3

StatsPriority ... We want this to be called LAST

Variables

This section is empty.

Functions

func AttachNfqueueSubscriptions 

func AttachNfqueueSubscriptions(session *Session)

AttachNfqueueSubscriptions attaches active nfqueue subscriptions to the argumented Session

func GetConntrackTable added in v0.1.2 

func GetConntrackTable() map[uint32]*Conntrack

GetConntrackTable table Note: this returns a copy of the table, but with the same pointers do not modify the values in the conntrack entries

func HandleWarehouseCleanup added in v0.1.2 

func HandleWarehouseCleanup()

HandleWarehouseCleanup removes the nfqueue and conntrack entries that were created by the previous warehouse playback operation

func HandleWarehousePlayback added in v0.1.2 

func HandleWarehousePlayback()

HandleWarehousePlayback spins up a goroutine that will playback a warehouse capture file, wait until the playback is finished, and save the netfilter and conntrack cleanup lists that are returned from the playback function

func InsertConntrackSubscription 

func InsertConntrackSubscription(owner string, priority int, function ConntrackHandlerFunction)

InsertConntrackSubscription adds a subscription for receiving conntrack messages

func InsertNetloggerSubscription 

func InsertNetloggerSubscription(owner string, priority int, function NetloggerHandlerFunction)

InsertNetloggerSubscription adds a subscription for receiving netlogger messages

func InsertNfqueueSubscription 

func InsertNfqueueSubscription(owner string, priority int, function NfqueueHandlerFunction)

InsertNfqueueSubscription adds a subscription for receiving nfqueue messages

func MirrorNfqueueSubscriptions added in v0.1.2 

func MirrorNfqueueSubscriptions(session *Session) map[string]SubscriptionHolder

MirrorNfqueueSubscriptions creates a copy of the subscriptions for the argumented Session

func ReleaseSession 

func ReleaseSession(session *Session, owner string)

ReleaseSession is called by a subscriber to stop receiving traffic for a session

func Shutdown 

func Shutdown()

Shutdown stops the event handling service

func Startup 

func Startup(ctInterval int)

Startup starts the event handling service

Types

type Conntrack added in v0.1.2 

type Conntrack struct {
	ConntrackID       uint32
	ConnMark          uint32
	Session           *Session
	SessionID         uint64
	Family            uint8
	CreationTime      time.Time
	LastUpdateTime    time.Time
	LastActivityTime  time.Time
	ClientSideTuple   Tuple
	ServerSideTuple   Tuple
	TimeoutSeconds    uint32
	TimestampStart    uint64
	TimestampStop     uint64
	TCPState          uint8
	EventCount        uint64
	ClientBytes       uint64
	ServerBytes       uint64
	TotalBytes        uint64
	ClientPackets     uint64
	ServerPackets     uint64
	TotalPackets      uint64
	ClientBytesDiff   uint64  // the ClientBytes diff since last update
	ServerBytesDiff   uint64  // the ServerBytes diff since last update
	TotalBytesDiff    uint64  // the TotalBytes diff since last update
	ClientPacketsDiff uint64  // the ClientPackets diff since last update
	ServerPacketsDiff uint64  // the ServerPackets diff since last update
	TotalPacketsDiff  uint64  // the TotalPackets diff since last update
	ClientByteRate    float32 // the Client byte rate site the last update
	ServerByteRate    float32 // the Server byte rate site the last update
	TotalByteRate     float32 // the Total byte rate site the last update
	ClientPacketRate  float32 // the Client packet rate site the last update
	ServerPacketRate  float32 // the Server packet rate site the last update
	TotalPacketRate   float32 // the Total packet rate site the last update
	Guardian          sync.RWMutex
}

Conntrack stores the details of a conntrack entry

func (*Conntrack) String added in v0.1.2 

func (ct *Conntrack) String() string

String returns string representation of conntrack

type ConntrackHandlerFunction 

type ConntrackHandlerFunction func(int, *Conntrack)

ConntrackHandlerFunction defines a pointer to a conntrack callback function

type NetloggerHandlerFunction 

type NetloggerHandlerFunction func(*NetloggerMessage)

NetloggerHandlerFunction defines a pointer to a netlogger callback function

type NetloggerMessage 

type NetloggerMessage struct {
	Version      uint8
	Protocol     uint8
	IcmpType     uint16
	SrcInterface uint8
	DstInterface uint8
	SrcAddress   string
	DstAddress   string
	SrcPort      uint16
	DstPort      uint16
	Mark         uint32
	Prefix       string
}

NetloggerMessage is used to pass the details of NFLOG events to interested plugins

type NfqueueHandlerFunction 

type NfqueueHandlerFunction func(NfqueueMessage, uint32, bool) NfqueueResult

NfqueueHandlerFunction defines a pointer to a nfqueue callback function

type NfqueueMessage 

type NfqueueMessage struct {
	Session        *Session
	MsgTuple       Tuple
	Family         int
	Packet         gopacket.Packet
	PacketMark     uint32
	Length         int
	ClientToServer bool
	IP4Layer       *layers.IPv4
	IP6Layer       *layers.IPv6
	TCPLayer       *layers.TCP
	UDPLayer       *layers.UDP
	ICMPv4Layer    *layers.ICMPv4
	Payload        []byte
}

NfqueueMessage is used to pass nfqueue traffic to interested plugins

type NfqueueResult 

type NfqueueResult struct {
	SessionRelease bool
}

NfqueueResult returns status and other information from a subscription handler function

type Session added in v0.1.2 

type Session struct {
	// contains filtered or unexported fields
}

Session stores information about a packetd session All fields are private and must be access with the get and set functions defined below to ensure there are no data races

func (*Session) AddByteCount added in v0.1.2 

func (sess *Session) AddByteCount(value uint64) uint64

AddByteCount increases the byte count by the argumented value

func (*Session) AddEventCount added in v0.1.2 

func (sess *Session) AddEventCount(value uint64) uint64

AddEventCount increases the event count by the argumented value

func (*Session) AddPacketCount added in v0.1.2 

func (sess *Session) AddPacketCount(value uint64) uint64

AddPacketCount increases the packet count by the argumented value

func (*Session) DeleteAttachment added in v0.1.2 

func (sess *Session) DeleteAttachment(name string) bool

DeleteAttachment is used to safely delete an attachment from a session object

func (*Session) GetAttachment added in v0.1.2 

func (sess *Session) GetAttachment(name string) interface{}

GetAttachment is used to safely get an attachment from a session object

func (*Session) GetByteCount added in v0.1.2 

func (sess *Session) GetByteCount() uint64

GetByteCount gets the byte count

func (*Session) GetClientInterfaceID added in v0.1.2 

func (sess *Session) GetClientInterfaceID() uint8

GetClientInterfaceID gets the client interface ID

func (*Session) GetClientInterfaceType added in v0.1.2 

func (sess *Session) GetClientInterfaceType() uint8

GetClientInterfaceType gets the client interface type

func (*Session) GetClientSideTuple added in v0.1.2 

func (sess *Session) GetClientSideTuple() Tuple

GetClientSideTuple gets the client side Tuple

func (*Session) GetConntrackConfirmed added in v0.1.2 

func (sess *Session) GetConntrackConfirmed() bool

GetConntrackConfirmed gets the conntrack confirmed flag

func (*Session) GetConntrackID added in v0.1.2 

func (sess *Session) GetConntrackID() uint32

GetConntrackID gets the conntrack ID

func (*Session) GetConntrackPointer added in v0.1.2 

func (sess *Session) GetConntrackPointer() *Conntrack

GetConntrackPointer gets the conntrack pointer

func (*Session) GetCreationTime added in v0.1.2 

func (sess *Session) GetCreationTime() time.Time

GetCreationTime gets the time the entry was created

func (*Session) GetEventCount added in v0.1.2 

func (sess *Session) GetEventCount() uint64

GetEventCount gets the event count

func (*Session) GetLastActivity added in v0.1.2 

func (sess *Session) GetLastActivity() time.Time

GetLastActivity gets the time of the last session activity

func (*Session) GetPacketCount added in v0.1.2 

func (sess *Session) GetPacketCount() uint64

GetPacketCount gets the packet count

func (*Session) GetServerInterfaceID added in v0.1.2 

func (sess *Session) GetServerInterfaceID() uint8

GetServerInterfaceID gets the server interface ID

func (*Session) GetServerInterfaceType added in v0.1.2 

func (sess *Session) GetServerInterfaceType() uint8

GetServerInterfaceType gets the server interface type

func (*Session) GetServerSideTuple added in v0.1.2 

func (sess *Session) GetServerSideTuple() Tuple

GetServerSideTuple gets the server side Tuple

func (*Session) GetSessionID added in v0.1.2 

func (sess *Session) GetSessionID() uint64

GetSessionID gets the session ID

func (*Session) LockAttachments added in v0.1.2 

func (sess *Session) LockAttachments() map[string]interface{}

LockAttachments locks the attatchments mutex and returns the attachment map to the caller

func (*Session) PutAttachment added in v0.1.2 

func (sess *Session) PutAttachment(name string, value interface{})

PutAttachment is used to safely add an attachment to a session object

func (*Session) SetByteCount added in v0.1.2 

func (sess *Session) SetByteCount(value uint64) uint64

SetByteCount sets the byte count

func (*Session) SetClientInterfaceID added in v0.1.2 

func (sess *Session) SetClientInterfaceID(value uint8) uint8

SetClientInterfaceID sets the client interface ID

func (*Session) SetClientInterfaceType added in v0.1.2 

func (sess *Session) SetClientInterfaceType(value uint8) uint8

SetClientInterfaceType sets the client interface type

func (*Session) SetClientSideTuple added in v0.1.2 

func (sess *Session) SetClientSideTuple(tuple Tuple)

SetClientSideTuple sets the client side Tuple

func (*Session) SetConntrackConfirmed added in v0.1.2 

func (sess *Session) SetConntrackConfirmed(argument bool)

SetConntrackConfirmed sets the conntrack confirmed flag

func (*Session) SetConntrackID added in v0.1.2 

func (sess *Session) SetConntrackID(value uint32) uint32

SetConntrackID sets the conntrack ID

func (*Session) SetConntrackPointer added in v0.1.2 

func (sess *Session) SetConntrackPointer(pointer *Conntrack)

SetConntrackPointer sets the conntrack pointer

func (*Session) SetCreationTime added in v0.1.2 

func (sess *Session) SetCreationTime(value time.Time)

SetCreationTime sets the time the entry was created

func (*Session) SetEventCount added in v0.1.2 

func (sess *Session) SetEventCount(value uint64) uint64

SetEventCount sets the event count

func (*Session) SetLastActivity added in v0.1.2 

func (sess *Session) SetLastActivity(value time.Time)

SetLastActivity sets the time of the last session activity

func (*Session) SetPacketCount added in v0.1.2 

func (sess *Session) SetPacketCount(value uint64) uint64

SetPacketCount sets the packet count

func (*Session) SetServerInterfaceID added in v0.1.2 

func (sess *Session) SetServerInterfaceID(value uint8) uint8

SetServerInterfaceID sets the server interface ID

func (*Session) SetServerInterfaceType added in v0.1.2 

func (sess *Session) SetServerInterfaceType(value uint8) uint8

SetServerInterfaceType sets the server interface type

func (*Session) SetServerSideTuple added in v0.1.2 

func (sess *Session) SetServerSideTuple(tuple Tuple)

SetServerSideTuple sets the server side Tuple

func (*Session) SetSessionID added in v0.1.2 

func (sess *Session) SetSessionID(value uint64) uint64

SetSessionID sets the seession ID

func (*Session) UnlockAttachments added in v0.1.2 

func (sess *Session) UnlockAttachments()

UnlockAttachments unlocks the attachments mutex

type SubscriptionHolder 

type SubscriptionHolder struct {
	Owner         string
	Priority      int
	NfqueueFunc   NfqueueHandlerFunction
	ConntrackFunc ConntrackHandlerFunction
	NetloggerFunc NetloggerHandlerFunction
}

SubscriptionHolder stores the details of a data callback subscription

type Tuple 

type Tuple struct {
	Protocol      uint8
	ClientAddress net.IP
	ClientPort    uint16
	ServerAddress net.IP
	ServerPort    uint16
}

Tuple represent a session using the protocol and source and destination address and port values.

func (Tuple) Equal 

func (t Tuple) Equal(o Tuple) bool

Equal returns true if two Tuples are equal, false otherwise

func (Tuple) EqualReverse 

func (t Tuple) EqualReverse(o Tuple) bool

EqualReverse returns true if two Tuples are equal when one is inversed in the other direction, false otherwise 1.2.3.4:5 -> 6.7.8.9:0 == 6.7.8.9:0 -> 1.2.3.4:5 = true

func (Tuple) String 

func (t Tuple) String() string

String returns string representation of tuple

func (Tuple) StringReverse 

func (t Tuple) StringReverse() string

StringReverse returns string representation of reverse tuple

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.