Documentation ¶
Overview ¶
Package conntracer provides a way to capture network connection events for Linux. It uses the BPF kprobe.
Example ¶
package main import ( "fmt" "time" conntracer "github.com/yuuki/go-conntracer-bpf" ) func main() { // Load bpf program to kernel. t, err := conntracer.NewTracer() if err != nil { fmt.Println("failed to prepare tracer: ", err) return } defer t.Close() cb := func(flows []*conntracer.Flow) error { for _, flow := range flows { fmt.Printf("%v\n", flow) } return nil } // Start process of periodically polling network flows. t.Start(cb, 1*time.Second) // Stop process of polling them. t.Stop() }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Flow ¶
type Flow struct { SAddr *net.IP DAddr *net.IP ProcessName string LPort uint16 // Listening port Direction FlowDirection LastPID uint32 Stat *FlowStat }
Flow is a bunch of aggregated connections group by listening port.
type FlowDirection ¶
type FlowDirection uint8
FlowDirection are bitmask that represents both Active or Passive.
const ( // FlowUnknown are unknown flow. FlowUnknown FlowDirection = 1 << iota // FlowActive are 'active open'. FlowActive // FlowPassive are 'passive open' FlowPassive )
Click to show internal directories.
Click to hide internal directories.