netlink

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2023 License: Apache-2.0 Imports: 17 Imported by: 1

Documentation

Overview

Package netlink contains the bare minimum needed to partially parse netlink messages.

Package netlink contains the bare minimum needed to partially parse netlink messages.

Index

Constants

View Source 
const (
	RTA_ALIGNTO    = 4
	SizeofNlMsghdr = 0x10
	SizeofNlAttr   = 0x4
	SizeofRtAttr   = 0x4

	EINVAL = syscall.Errno(0x16)
)

TODO - get these from sys/unix or syscall

Variables

View Source 
var (
	ErrNotType20   = errors.New("NetlinkMessage wrong type")
	ErrParseFailed = errors.New("Unable to parse InetDiagMsg")
)

Error types.

Functions

This section is empty.

Types

type ArchivalRecord added in v0.0.8 

type ArchivalRecord struct {
	// Timestamp should be truncated to 1 millisecond for best compression.
	// Using int64 milliseconds instead reduces compressed size by 0.5 bytes/record, or about 1.5%
	Timestamp time.Time `json:",omitempty"`

	// Storing the RawIDM instead of the parsed InetDiagMsg reduces Marshalling by 2.6 usec, and
	// typical compressed size by 3-4 bytes/record
	RawIDM inetdiag.RawInetDiagMsg `json:",omitempty"` // RawInetDiagMsg within NLMsg
	// Saving just the .Value fields reduces Marshalling by 1.9 usec.
	Attributes [][]byte `json:",omitempty"` // byte slices from RouteAttr.Value, backed by NLMsg

	// Metadata contains connection level metadata.  It is typically included in the very first record
	// in a file.
	Metadata *Metadata `json:",omitempty"`
}

ArchivalRecord is a container for parsed InetDiag messages and attributes.

func LoadAllArchivalRecords added in v0.0.8 

func LoadAllArchivalRecords(rdr io.Reader) ([]*ArchivalRecord, error)

LoadAllArchivalRecords reads all PMs from a jsonl stream.

func MakeArchivalRecord added in v0.0.8 

func MakeArchivalRecord(msg *NetlinkMessage, exclude *ExcludeConfig) (*ArchivalRecord, error)

MakeArchivalRecord parses the NetlinkMessage into a ArchivalRecord. If exclude is not nil, MakeArchivalRecord will return nil for any condition matching the exclude config options, e.g. localhost, or source ports. Note that Parse does not populate the Timestamp field, so caller should do so.

func (*ArchivalRecord) Compare added in v0.0.8 

func (pm *ArchivalRecord) Compare(previous *ArchivalRecord) (ChangeType, error)

Compare compares important fields to determine whether significant updates have occurred. We ignore a bunch of fields:

  • The TCPInfo fields matching last_* are rapidly changing, but don't have much significance. Are they elapsed time fields?
  • The InetDiagMsg.Expires is also rapidly changing in many connections, but also seems unimportant.

Significant updates are reflected in the packet, segment and byte count updates, so we generally want to record a snapshot when any of those change. They are in the latter part of the linux struct, following the pmtu field.

The simplest test that seems to tell us what we care about is to look at all the fields in the TCPInfo struct related to packets, bytes, and segments. In addition to the TCPState and CAState fields, these are probably adequate, but we also check for new or missing attributes and any attribute difference outside of the TCPInfo (INET_DIAG_INFO) attribute.

func (*ArchivalRecord) GetStats added in v1.0.0 

func (pm *ArchivalRecord) GetStats() (uint64, uint64)

GetStats returns basic stats from the TCPInfo snapshot.

func (*ArchivalRecord) HasDiagInfo added in v1.1.0 

func (pm *ArchivalRecord) HasDiagInfo() bool

HasDiagInfo returns true if there is a DIAG_INFO message.

func (*ArchivalRecord) SetBytesReceived added in v1.0.0 

func (pm *ArchivalRecord) SetBytesReceived(value uint64) uint64

SetBytesReceived sets the field for hacking unit tests.

func (*ArchivalRecord) SetBytesSent added in v1.0.0 

func (pm *ArchivalRecord) SetBytesSent(value uint64) uint64

SetBytesSent sets the field for hacking unit tests.

type ArchiveReader added in v0.0.8 

type ArchiveReader interface {
	// Next returns the next ArchivalRecord.  Returns nil, EOF if no more records, or other error if there is a problem.
	Next() (*ArchivalRecord, error)
}

ArchiveReader produces ArchivedRecord structs from some source.

func NewArchiveReader added in v0.0.8 

func NewArchiveReader(rdr io.Reader) ArchiveReader

NewArchiveReader wraps a source of JSONL ArchiveRecords to create ArchiveReader

func NewRawReader added in v0.0.8 

func NewRawReader(rdr io.Reader) ArchiveReader

NewRawReader wraps an io.Reader to create and ArchiveReader

type ChangeType 

type ChangeType int

ChangeType indicates why a new record is worthwhile saving. 

const (
	NoMajorChange        ChangeType = iota
	IDiagStateChange                // The IDiagState changed
	NoTCPInfo                       // There is no TCPInfo attribute
	NewAttribute                    // There is a new attribute
	LostAttribute                   // There is a dropped attribute
	AttributeLength                 // The length of an attribute changed
	StateOrCounterChange            // One of the early fields in DIAG_INFO changed.
	PacketCountChange               // One of the packet/byte/segment counts (or other late field) changed
	PreviousWasNil                  // The previous message was nil
	Other                           // Some other attribute changed
)

Constants to describe the degree of change between two different ParsedMessages.

type ExcludeConfig added in v1.7.0 

type ExcludeConfig struct {
	// Local excludes connections from loopback, local unicast, multicast, or unspecified connections.
	Local bool
	// SrcPorts excludes connections from specific source ports.
	SrcPorts map[uint16]bool
	DstIPs   map[[16]byte]bool
}

ExcludeConfig provides options for excluding some measurements from archival messages.

func (*ExcludeConfig) AddDstIP added in v1.8.0 

func (ex *ExcludeConfig) AddDstIP(dst string) error

AddDstIP adds the given dst IP address to the set of destination IPs to exclude.

func (*ExcludeConfig) AddSrcPort added in v1.8.0 

func (ex *ExcludeConfig) AddSrcPort(port string) error

AddSrcPort adds the given port to the set of source ports to exclude.

type MessageBlock added in v1.0.0 

type MessageBlock struct {
	V4Time     time.Time         // Time at which netlink message block was received.
	V4Messages []*NetlinkMessage // Array of raw messages.

	V6Time     time.Time
	V6Messages []*NetlinkMessage
}

MessageBlock contains timestamps and message arrays for v4 and v6 from a single collection cycle.

type Metadata 

type Metadata struct {
	UUID      string
	Sequence  int
	StartTime time.Time
}

Metadata contains the metadata for a particular TCP stream.

type NetlinkMessage added in v0.0.9 

type NetlinkMessage = syscall.NetlinkMessage

func LoadRawNetlinkMessage added in v0.0.8 

func LoadRawNetlinkMessage(rdr io.Reader) (*NetlinkMessage, error)

LoadRawNetlinkMessage is a simple utility to read the next NetlinkMessage from a source reader, e.g. from a file of naked binary netlink messages. NOTE: This is a bit fragile if there are any bit errors in the message headers.

type NetlinkRouteAttr added in v0.0.9 

type NetlinkRouteAttr = syscall.NetlinkRouteAttr

func ParseRouteAttr 

func ParseRouteAttr(b []byte) ([]NetlinkRouteAttr, error)

ParseRouteAttr parses a byte array into slice of NetlinkRouteAttr struct. Derived from "github.com/vishvananda/netlink/nl/nl_linux.go"

type NlMsghdr added in v0.0.9 

type NlMsghdr = syscall.NlMsghdr

TODO use unix instead.

type RtAttr added in v0.0.9 

type RtAttr = syscall.RtAttr

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.