func (this *HookSwitchInspector) Start() error { log.Debugf("Initializing Ethernet Inspector %#v", this) var err error if this.EnableTCPWatcher { this.tcpWatcher = tcpwatcher.New() } this.trans, err = transceiver.NewTransceiver(this.OrchestratorURL, this.EntityID) if err != nil { return err } this.trans.Start() zmqSocket, err := zmq.NewSocket(zmq.Pair) if err != nil { return err } zmqSocket.Bind(this.HookSwitchZMQAddr) defer zmqSocket.Close() this.zmqChannels = zmqSocket.Channels() for { select { case msgBytes := <-this.zmqChannels.In(): meta, ethBytes, err := this.decodeZMQMessageBytes(msgBytes) if err != nil { log.Error(err) continue } eth, ip, tcp := parseEthernetBytes(ethBytes) // note: tcpwatcher is not thread-safe if this.EnableTCPWatcher && this.tcpWatcher.IsTCPRetrans(ip, tcp) { meta.Op = hookswitch.Drop err = this.sendZMQMessage(*meta, nil) if err != nil { log.Error(err) } continue } go func() { if err := this.onHookSwitchMessage(*meta, eth, ip, tcp); err != nil { log.Error(err) } }() case err := <-this.zmqChannels.Errors(): return err } } // NOTREACHED }
func (this *NFQInspector) Start() error { log.Debugf("Initializing Ethernet Inspector %#v", this) var err error if this.EnableTCPWatcher { this.tcpWatcher = tcpwatcher.New() } this.trans, err = transceiver.NewTransceiver(this.OrchestratorURL, this.EntityID) if err != nil { return err } this.trans.Start() nfq, err := netfilter.NewNFQueue(this.NFQNumber, 256, netfilter.NF_DEFAULT_PACKET_SIZE) if err != nil { return err } defer nfq.Close() nfpChan := nfq.GetPackets() for { nfp := <-nfpChan ip, tcp := this.decodeNFPacket(nfp) // note: tcpwatcher is not thread-safe if this.EnableTCPWatcher && this.tcpWatcher.IsTCPRetrans(ip, tcp) { nfp.SetVerdict(netfilter.NF_DROP) continue } go func() { if err := this.onPacket(nfp, ip, tcp); err != nil { log.Error(err) } }() } // NOTREACHED }