Documentation ¶
Overview ¶
Package dispatch provides dispatching of network/kernel events to various subscribers It provides an API for plugins to subscribe to for 3 types of network events 1) NFqueue (netfilter queue) packets 2) Conntrack events (New, Update, Destroy) 3) Netlogger events (from NFLOG target) The dispatch will register global callbacks with the kernel package and then dispatch events to subscribers accordingly
Index ¶
- Constants
- func AttachNfqueueSubscriptions(session *Session)
- func GetConntrackTable() map[uint32]*Conntrack
- func HandleWarehouseCleanup()
- func HandleWarehousePlayback()
- func InsertConntrackSubscription(owner string, priority int, function ConntrackHandlerFunction)
- func InsertNetloggerSubscription(owner string, priority int, function NetloggerHandlerFunction)
- func InsertNfqueueSubscription(owner string, priority int, function NfqueueHandlerFunction)
- func MirrorNfqueueSubscriptions(session *Session) map[string]SubscriptionHolder
- func ReleaseSession(session *Session, owner string)
- func Shutdown()
- func Startup(ctInterval int)
- type Conntrack
- type ConntrackHandlerFunction
- type NetloggerHandlerFunction
- type NetloggerMessage
- type NfqueueHandlerFunction
- type NfqueueMessage
- type NfqueueResult
- type Session
- func (sess *Session) AddByteCount(value uint64) uint64
- func (sess *Session) AddEventCount(value uint64) uint64
- func (sess *Session) AddPacketCount(value uint64) uint64
- func (sess *Session) DeleteAttachment(name string) bool
- func (sess *Session) GetAttachment(name string) interface{}
- func (sess *Session) GetByteCount() uint64
- func (sess *Session) GetClientInterfaceID() uint8
- func (sess *Session) GetClientInterfaceType() uint8
- func (sess *Session) GetClientSideTuple() Tuple
- func (sess *Session) GetConntrackConfirmed() bool
- func (sess *Session) GetConntrackID() uint32
- func (sess *Session) GetConntrackPointer() *Conntrack
- func (sess *Session) GetCreationTime() time.Time
- func (sess *Session) GetEventCount() uint64
- func (sess *Session) GetLastActivity() time.Time
- func (sess *Session) GetPacketCount() uint64
- func (sess *Session) GetServerInterfaceID() uint8
- func (sess *Session) GetServerInterfaceType() uint8
- func (sess *Session) GetServerSideTuple() Tuple
- func (sess *Session) GetSessionID() uint64
- func (sess *Session) LockAttachments() map[string]interface{}
- func (sess *Session) PutAttachment(name string, value interface{})
- func (sess *Session) SetByteCount(value uint64) uint64
- func (sess *Session) SetClientInterfaceID(value uint8) uint8
- func (sess *Session) SetClientInterfaceType(value uint8) uint8
- func (sess *Session) SetClientSideTuple(tuple Tuple)
- func (sess *Session) SetConntrackConfirmed(argument bool)
- func (sess *Session) SetConntrackID(value uint32) uint32
- func (sess *Session) SetConntrackPointer(pointer *Conntrack)
- func (sess *Session) SetCreationTime(value time.Time)
- func (sess *Session) SetEventCount(value uint64) uint64
- func (sess *Session) SetLastActivity(value time.Time)
- func (sess *Session) SetPacketCount(value uint64) uint64
- func (sess *Session) SetServerInterfaceID(value uint8) uint8
- func (sess *Session) SetServerInterfaceType(value uint8) uint8
- func (sess *Session) SetServerSideTuple(tuple Tuple)
- func (sess *Session) SetSessionID(value uint64) uint64
- func (sess *Session) UnlockAttachments()
- type SubscriptionHolder
- type Tuple
Constants ¶
const CertfetchPriority = 2
CertfetchPriority ...
const CertsniffPriority = 2
CertsniffPriority ...
const ClassifyPriority = 2
ClassifyPriority ...
const DNSPriority = 2
DNSPriority ...
const ExamplePriority = 2
ExamplePriority ...
const GeoipPriority = 2
GeoipPriority ...
const NfAccept = 1
NfAccept is the NF_ACCEPT constant
const NfDrop = 0
NfDrop is NF_DROP constant
const ReporterPriority = 1
ReporterPriority ... We want this to be called FIRST
const RevDNSPriority = 2
RevDNSPriority ...
const SniPriority = 2
SniPriority ...
const StatsPriority = 3
StatsPriority ... We want this to be called LAST
Variables ¶
This section is empty.
Functions ¶
func AttachNfqueueSubscriptions ¶
func AttachNfqueueSubscriptions(session *Session)
AttachNfqueueSubscriptions attaches active nfqueue subscriptions to the argumented Session
func GetConntrackTable ¶ added in v0.1.2
GetConntrackTable table Note: this returns a copy of the table, but with the same pointers do not modify the values in the conntrack entries
func HandleWarehouseCleanup ¶ added in v0.1.2
func HandleWarehouseCleanup()
HandleWarehouseCleanup removes the nfqueue and conntrack entries that were created by the previous warehouse playback operation
func HandleWarehousePlayback ¶ added in v0.1.2
func HandleWarehousePlayback()
HandleWarehousePlayback spins up a goroutine that will playback a warehouse capture file, wait until the playback is finished, and save the netfilter and conntrack cleanup lists that are returned from the playback function
func InsertConntrackSubscription ¶
func InsertConntrackSubscription(owner string, priority int, function ConntrackHandlerFunction)
InsertConntrackSubscription adds a subscription for receiving conntrack messages
func InsertNetloggerSubscription ¶
func InsertNetloggerSubscription(owner string, priority int, function NetloggerHandlerFunction)
InsertNetloggerSubscription adds a subscription for receiving netlogger messages
func InsertNfqueueSubscription ¶
func InsertNfqueueSubscription(owner string, priority int, function NfqueueHandlerFunction)
InsertNfqueueSubscription adds a subscription for receiving nfqueue messages
func MirrorNfqueueSubscriptions ¶ added in v0.1.2
func MirrorNfqueueSubscriptions(session *Session) map[string]SubscriptionHolder
MirrorNfqueueSubscriptions creates a copy of the subscriptions for the argumented Session
func ReleaseSession ¶
ReleaseSession is called by a subscriber to stop receiving traffic for a session
Types ¶
type Conntrack ¶ added in v0.1.2
type Conntrack struct { ConntrackID uint32 ConnMark uint32 Session *Session SessionID uint64 Family uint8 CreationTime time.Time LastUpdateTime time.Time LastActivityTime time.Time ClientSideTuple Tuple ServerSideTuple Tuple TimeoutSeconds uint32 TimestampStart uint64 TimestampStop uint64 TCPState uint8 EventCount uint64 ClientBytes uint64 ServerBytes uint64 TotalBytes uint64 ClientPackets uint64 ServerPackets uint64 TotalPackets uint64 ClientBytesDiff uint64 // the ClientBytes diff since last update ServerBytesDiff uint64 // the ServerBytes diff since last update TotalBytesDiff uint64 // the TotalBytes diff since last update ClientPacketsDiff uint64 // the ClientPackets diff since last update ServerPacketsDiff uint64 // the ServerPackets diff since last update TotalPacketsDiff uint64 // the TotalPackets diff since last update ClientByteRate float32 // the Client byte rate site the last update ServerByteRate float32 // the Server byte rate site the last update TotalByteRate float32 // the Total byte rate site the last update ClientPacketRate float32 // the Client packet rate site the last update ServerPacketRate float32 // the Server packet rate site the last update TotalPacketRate float32 // the Total packet rate site the last update Guardian sync.RWMutex }
Conntrack stores the details of a conntrack entry
type ConntrackHandlerFunction ¶
ConntrackHandlerFunction defines a pointer to a conntrack callback function
type NetloggerHandlerFunction ¶
type NetloggerHandlerFunction func(*NetloggerMessage)
NetloggerHandlerFunction defines a pointer to a netlogger callback function
type NetloggerMessage ¶
type NetloggerMessage struct { Version uint8 Protocol uint8 IcmpType uint16 SrcInterface uint8 DstInterface uint8 SrcAddress string DstAddress string SrcPort uint16 DstPort uint16 Mark uint32 Prefix string }
NetloggerMessage is used to pass the details of NFLOG events to interested plugins
type NfqueueHandlerFunction ¶
type NfqueueHandlerFunction func(NfqueueMessage, uint32, bool) NfqueueResult
NfqueueHandlerFunction defines a pointer to a nfqueue callback function
type NfqueueMessage ¶
type NfqueueMessage struct { Session *Session MsgTuple Tuple Family int Packet gopacket.Packet PacketMark uint32 Length int ClientToServer bool IP4Layer *layers.IPv4 IP6Layer *layers.IPv6 TCPLayer *layers.TCP UDPLayer *layers.UDP ICMPv4Layer *layers.ICMPv4 Payload []byte }
NfqueueMessage is used to pass nfqueue traffic to interested plugins
type NfqueueResult ¶
type NfqueueResult struct {
SessionRelease bool
}
NfqueueResult returns status and other information from a subscription handler function
type Session ¶ added in v0.1.2
type Session struct {
// contains filtered or unexported fields
}
Session stores information about a packetd session All fields are private and must be access with the get and set functions defined below to ensure there are no data races
func (*Session) AddByteCount ¶ added in v0.1.2
AddByteCount increases the byte count by the argumented value
func (*Session) AddEventCount ¶ added in v0.1.2
AddEventCount increases the event count by the argumented value
func (*Session) AddPacketCount ¶ added in v0.1.2
AddPacketCount increases the packet count by the argumented value
func (*Session) DeleteAttachment ¶ added in v0.1.2
DeleteAttachment is used to safely delete an attachment from a session object
func (*Session) GetAttachment ¶ added in v0.1.2
GetAttachment is used to safely get an attachment from a session object
func (*Session) GetByteCount ¶ added in v0.1.2
GetByteCount gets the byte count
func (*Session) GetClientInterfaceID ¶ added in v0.1.2
GetClientInterfaceID gets the client interface ID
func (*Session) GetClientInterfaceType ¶ added in v0.1.2
GetClientInterfaceType gets the client interface type
func (*Session) GetClientSideTuple ¶ added in v0.1.2
GetClientSideTuple gets the client side Tuple
func (*Session) GetConntrackConfirmed ¶ added in v0.1.2
GetConntrackConfirmed gets the conntrack confirmed flag
func (*Session) GetConntrackID ¶ added in v0.1.2
GetConntrackID gets the conntrack ID
func (*Session) GetConntrackPointer ¶ added in v0.1.2
GetConntrackPointer gets the conntrack pointer
func (*Session) GetCreationTime ¶ added in v0.1.2
GetCreationTime gets the time the entry was created
func (*Session) GetEventCount ¶ added in v0.1.2
GetEventCount gets the event count
func (*Session) GetLastActivity ¶ added in v0.1.2
GetLastActivity gets the time of the last session activity
func (*Session) GetPacketCount ¶ added in v0.1.2
GetPacketCount gets the packet count
func (*Session) GetServerInterfaceID ¶ added in v0.1.2
GetServerInterfaceID gets the server interface ID
func (*Session) GetServerInterfaceType ¶ added in v0.1.2
GetServerInterfaceType gets the server interface type
func (*Session) GetServerSideTuple ¶ added in v0.1.2
GetServerSideTuple gets the server side Tuple
func (*Session) GetSessionID ¶ added in v0.1.2
GetSessionID gets the session ID
func (*Session) LockAttachments ¶ added in v0.1.2
LockAttachments locks the attatchments mutex and returns the attachment map to the caller
func (*Session) PutAttachment ¶ added in v0.1.2
PutAttachment is used to safely add an attachment to a session object
func (*Session) SetByteCount ¶ added in v0.1.2
SetByteCount sets the byte count
func (*Session) SetClientInterfaceID ¶ added in v0.1.2
SetClientInterfaceID sets the client interface ID
func (*Session) SetClientInterfaceType ¶ added in v0.1.2
SetClientInterfaceType sets the client interface type
func (*Session) SetClientSideTuple ¶ added in v0.1.2
SetClientSideTuple sets the client side Tuple
func (*Session) SetConntrackConfirmed ¶ added in v0.1.2
SetConntrackConfirmed sets the conntrack confirmed flag
func (*Session) SetConntrackID ¶ added in v0.1.2
SetConntrackID sets the conntrack ID
func (*Session) SetConntrackPointer ¶ added in v0.1.2
SetConntrackPointer sets the conntrack pointer
func (*Session) SetCreationTime ¶ added in v0.1.2
SetCreationTime sets the time the entry was created
func (*Session) SetEventCount ¶ added in v0.1.2
SetEventCount sets the event count
func (*Session) SetLastActivity ¶ added in v0.1.2
SetLastActivity sets the time of the last session activity
func (*Session) SetPacketCount ¶ added in v0.1.2
SetPacketCount sets the packet count
func (*Session) SetServerInterfaceID ¶ added in v0.1.2
SetServerInterfaceID sets the server interface ID
func (*Session) SetServerInterfaceType ¶ added in v0.1.2
SetServerInterfaceType sets the server interface type
func (*Session) SetServerSideTuple ¶ added in v0.1.2
SetServerSideTuple sets the server side Tuple
func (*Session) SetSessionID ¶ added in v0.1.2
SetSessionID sets the seession ID
func (*Session) UnlockAttachments ¶ added in v0.1.2
func (sess *Session) UnlockAttachments()
UnlockAttachments unlocks the attachments mutex
type SubscriptionHolder ¶
type SubscriptionHolder struct { Owner string Priority int NfqueueFunc NfqueueHandlerFunction ConntrackFunc ConntrackHandlerFunction NetloggerFunc NetloggerHandlerFunction }
SubscriptionHolder stores the details of a data callback subscription
type Tuple ¶
type Tuple struct { Protocol uint8 ClientAddress net.IP ClientPort uint16 ServerAddress net.IP ServerPort uint16 }
Tuple represent a session using the protocol and source and destination address and port values.
func (Tuple) EqualReverse ¶
EqualReverse returns true if two Tuples are equal when one is inversed in the other direction, false otherwise 1.2.3.4:5 -> 6.7.8.9:0 == 6.7.8.9:0 -> 1.2.3.4:5 = true
func (Tuple) StringReverse ¶
StringReverse returns string representation of reverse tuple