func NewPcapProbesHandler(tb *probes.TopologyProbeBundle, g *graph.Graph, p *mappings.FlowMappingPipeline, a *analyzer.Client) *PcapProbesHandler {
handler := &PcapProbesHandler{
graph: g,
analyzerClient: a,
flowMappingPipeline: p,
flowTable: flow.NewFlowTable(),
probes: make(map[string]*PcapProbe),
}
return handler
}
func NewServer(addr string, port int, router *mux.Router) (*Server, error) {
backend, err := graph.BackendFromConfig()
if err != nil {
return nil, err
}
g, err := graph.NewGraph(backend)
if err != nil {
return nil, err
}
tserver := topology.NewServer(g, addr, port, router)
tserver.RegisterStaticEndpoints()
tserver.RegisterRpcEndpoints()
alertmgr := graph.NewAlert(g, router)
alertmgr.RegisterRpcEndpoints()
gserver, err := graph.NewServerFromConfig(g, alertmgr, router)
if err != nil {
return nil, err
}
gfe, err := mappings.NewGraphFlowEnhancer(g)
if err != nil {
return nil, err
}
pipeline := mappings.NewFlowMappingPipeline([]mappings.FlowEnhancer{gfe})
flowtable := flow.NewFlowTable()
server := &Server{
Addr: addr,
Port: port,
Router: router,
TopoServer: tserver,
GraphServer: gserver,
FlowMappingPipeline: pipeline,
FlowTable: flowtable,
}
server.RegisterStaticEndpoints()
server.RegisterRpcEndpoints()
cfgFlowtable_expire, err := config.GetConfig().Section("analyzer").Key("flowtable_expire").Int()
if err != nil || cfgFlowtable_expire < 1 {
logging.GetLogger().Error("Config flowTable_expire invalid value ", cfgFlowtable_expire, err.Error())
return nil, err
}
go flowtable.AsyncExpire(server.flowExpire, time.Duration(cfgFlowtable_expire)*time.Minute)
return server, nil
}
func (sfa *SFlowAgent) start() error {
addr := net.UDPAddr{
Port: sfa.Port,
IP: net.ParseIP(sfa.Addr),
}
conn, err := net.ListenUDP("udp", &addr)
if err != nil {
logging.GetLogger().Errorf("Unable to listen on port %d: %s", sfa.Port, err.Error())
return err
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(1 * time.Second))
sfa.wg.Add(1)
defer sfa.wg.Done()
sfa.running.Store(true)
sfa.flowTable = flow.NewFlowTable()
defer sfa.flowTable.UnregisterAll()
cfgFlowtable_expire := config.GetConfig().GetInt("agent.flowtable_expire")
sfa.flowTable.RegisterExpire(sfa.asyncFlowPipeline, time.Duration(cfgFlowtable_expire)*time.Second)
cfgFlowtable_update := config.GetConfig().GetInt("agent.flowtable_update")
sfa.flowTable.RegisterUpdated(sfa.asyncFlowPipeline, time.Duration(cfgFlowtable_update)*time.Second)
for sfa.running.Load() == true {
select {
case now := <-sfa.flowTable.GetExpireTicker():
sfa.flowTable.Expire(now)
case now := <-sfa.flowTable.GetUpdatedTicker():
sfa.flowTable.Updated(now)
case <-sfa.flush:
sfa.flowTable.ExpireNow()
sfa.flushDone <- true
default:
sfa.feedFlowTable(conn)
}
}
return nil
}
func (probe *SFlowProbe) Start() error {
probe.wg.Add(1)
defer probe.wg.Done()
var buf [maxDgramSize]byte
addr := net.UDPAddr{
Port: probe.Port,
IP: net.ParseIP(probe.Addr),
}
conn, err := net.ListenUDP("udp", &addr)
if err != nil {
logging.GetLogger().Error("Unable to listen on port %d: %s", probe.Port, err.Error())
return err
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(1 * time.Second))
// start index/mac cache updater
go probe.cacheUpdater()
flowtable := flow.NewFlowTable()
cfgFlowtable_expire, err := config.GetConfig().Section("agent").Key("flowtable_expire").Int()
if err != nil || cfgFlowtable_expire < 1 {
logging.GetLogger().Error("Config flowTable_expire invalid value ", cfgFlowtable_expire, err.Error())
return err
}
go flowtable.AsyncExpire(probe.flowExpire, time.Duration(cfgFlowtable_expire)*time.Minute)
for probe.running.Load() == true {
_, _, err := conn.ReadFromUDP(buf[:])
if err != nil {
conn.SetDeadline(time.Now().Add(1 * time.Second))
continue
}
p := gopacket.NewPacket(buf[:], layers.LayerTypeSFlow, gopacket.Default)
sflowLayer := p.Layer(layers.LayerTypeSFlow)
sflowPacket, ok := sflowLayer.(*layers.SFlowDatagram)
if !ok {
continue
}
if sflowPacket.SampleCount > 0 {
for _, sample := range sflowPacket.FlowSamples {
flows := flow.FLowsFromSFlowSample(flowtable, &sample, probe.getProbePath(sample.InputInterface))
logging.GetLogger().Debug("%d flows captured", len(flows))
flowtable.Update(flows)
if probe.FlowMappingPipeline != nil {
probe.FlowMappingPipeline.Enhance(flows)
}
if probe.AnalyzerClient != nil {
// FIX(safchain) add flow state cache in order to send only flow changes
// to not flood the analyzer
probe.AnalyzerClient.SendFlows(flows)
}
}
}
}
return nil
}
func NewServer(addr string, port int, router *mux.Router, embedEtcd bool) (*Server, error) {
backend, err := graph.BackendFromConfig()
if err != nil {
return nil, err
}
g, err := graph.NewGraph(backend)
if err != nil {
return nil, err
}
tserver := topology.NewServer("analyzer", g, addr, port, router)
tserver.RegisterStaticEndpoints()
tserver.RegisterRPCEndpoints()
var etcd *storage.EmbeddedEtcd
if embedEtcd {
if etcd, err = storage.NewEmbeddedEtcdFromConfig(); err != nil {
return nil, err
}
}
alertmgr, err := graph.NewAlertFromConfig(g, router)
if err != nil {
return nil, err
}
alertmgr.RegisterRPCEndpoints()
gserver, err := graph.NewServerFromConfig(g, alertmgr, router)
if err != nil {
return nil, err
}
gfe, err := mappings.NewGraphFlowEnhancer(g)
if err != nil {
return nil, err
}
pipeline := mappings.NewFlowMappingPipeline(gfe)
flowtable := flow.NewFlowTable()
server := &Server{
Addr: addr,
Port: port,
Router: router,
TopoServer: tserver,
GraphServer: gserver,
FlowMappingPipeline: pipeline,
FlowTable: flowtable,
EmbeddedEtcd: etcd,
}
server.RegisterRPCEndpoints()
cfgFlowtable_expire := config.GetConfig().GetInt("analyzer.flowtable_expire")
if cfgFlowtable_expire < 1 {
logging.GetLogger().Errorf("Config flowTable_expire invalid value %d : %s", cfgFlowtable_expire, err.Error())
return nil, err
}
go flowtable.AsyncExpire(server.flowExpire, time.Duration(cfgFlowtable_expire)*time.Minute)
return server, nil
}
func (sfa *SFlowAgent) start() error {
sfa.wg.Add(1)
defer sfa.wg.Done()
var buf [maxDgramSize]byte
addr := net.UDPAddr{
Port: sfa.Port,
IP: net.ParseIP(sfa.Addr),
}
conn, err := net.ListenUDP("udp", &addr)
if err != nil {
logging.GetLogger().Errorf("Unable to listen on port %d: %s", sfa.Port, err.Error())
return err
}
defer conn.Close()
conn.SetDeadline(time.Now().Add(1 * time.Second))
flowtable := flow.NewFlowTable()
cfgFlowtable_expire := config.GetConfig().GetInt("agent.flowtable_expire")
go flowtable.AsyncExpire(sfa.flowExpire, time.Duration(cfgFlowtable_expire)*time.Minute)
for sfa.running.Load() == true {
_, _, err := conn.ReadFromUDP(buf[:])
if err != nil {
conn.SetDeadline(time.Now().Add(1 * time.Second))
continue
}
p := gopacket.NewPacket(buf[:], layers.LayerTypeSFlow, gopacket.Default)
sflowLayer := p.Layer(layers.LayerTypeSFlow)
sflowPacket, ok := sflowLayer.(*layers.SFlowDatagram)
if !ok {
continue
}
if sflowPacket.SampleCount > 0 {
for _, sample := range sflowPacket.FlowSamples {
var probePath string
if sfa.ProbePathGetter != nil {
probePath = sfa.ProbePathGetter.GetProbePath(int64(sample.InputInterface))
}
flows := flow.FLowsFromSFlowSample(flowtable, &sample, probePath)
logging.GetLogger().Debugf("%d flows captured at %v", len(flows), probePath)
flowtable.Update(flows)
if sfa.FlowMappingPipeline != nil {
sfa.FlowMappingPipeline.Enhance(flows)
}
if sfa.AnalyzerClient != nil {
// FIX(safchain) add flow state cache in order to send only flow changes
// to not flood the analyzer
sfa.AnalyzerClient.SendFlows(flows)
}
}
}
}
return nil
}
func NewServerFromConfig() (*Server, error) {
embedEtcd := config.GetConfig().GetBool("etcd.embedded")
backend, err := graph.BackendFromConfig()
if err != nil {
return nil, err
}
g, err := graph.NewGraph(backend)
if err != nil {
return nil, err
}
httpServer, err := shttp.NewServerFromConfig("analyzer")
if err != nil {
return nil, err
}
api.RegisterTopologyApi("analyzer", g, httpServer)
var etcdServer *etcd.EmbeddedEtcd
if embedEtcd {
if etcdServer, err = etcd.NewEmbeddedEtcdFromConfig(); err != nil {
return nil, err
}
}
etcdClient, err := etcd.NewEtcdClientFromConfig()
if err != nil {
return nil, err
}
apiServer, err := api.NewApi(httpServer, etcdClient.KeysApi)
if err != nil {
return nil, err
}
alertManager := alert.NewAlertManager(g, apiServer.GetHandler("alert"))
if err != nil {
return nil, err
}
aserver, err := alert.NewServerFromConfig(alertManager, httpServer)
if err != nil {
return nil, err
}
gserver, err := graph.NewServerFromConfig(g, httpServer)
if err != nil {
return nil, err
}
gfe := mappings.NewGraphFlowEnhancer(g)
ofe := mappings.NewOvsFlowEnhancer(g)
pipeline := mappings.NewFlowMappingPipeline(gfe, ofe)
flowtable := flow.NewFlowTable()
server := &Server{
HTTPServer: httpServer,
GraphServer: gserver,
AlertServer: aserver,
FlowMappingPipeline: pipeline,
FlowTable: flowtable,
EmbeddedEtcd: etcdServer,
}
server.SetStorageFromConfig()
api.RegisterFlowApi("analyzer", flowtable, server.Storage, httpServer)
cfgFlowtable_expire := config.GetConfig().GetInt("analyzer.flowtable_expire")
flowtable.RegisterExpire(server.flowExpireUpdate, time.Duration(cfgFlowtable_expire)*time.Second)
cfgFlowtable_update := config.GetConfig().GetInt("analyzer.flowtable_update")
flowtable.RegisterUpdated(server.flowExpireUpdate, time.Duration(cfgFlowtable_update)*time.Second)
return server, nil
}