Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
N
netobserv-ebpf-agent
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
hdacloud
netobserv-ebpf-agent
Commits
9e81874d
Unverified
Commit
9e81874d
authored
3 years ago
by
Eran Raichstein
Committed by
GitHub
3 years ago
Browse files
Options
Downloads
Patches
Plain Diff
add flowlogs-dump example (#21)
parent
2527326c
No related branches found
No related tags found
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
README.md
+1
-1
1 addition, 1 deletion
README.md
examples/flowlogs-dump/README.md
+36
-0
36 additions, 0 deletions
examples/flowlogs-dump/README.md
examples/flowlogs-dump/server/flowlogs-dump-collector.go
+81
-0
81 additions, 0 deletions
examples/flowlogs-dump/server/flowlogs-dump-collector.go
with
118 additions
and
1 deletion
README.md
+
1
−
1
View file @
9e81874d
...
@@ -26,7 +26,7 @@ export FLOWS_TARGET_HOST=...
...
@@ -26,7 +26,7 @@ export FLOWS_TARGET_HOST=...
export FLOWS_TARGET_PORT=...
export FLOWS_TARGET_PORT=...
sudo -E bin/netobserv-ebpf-agent
sudo -E bin/netobserv-ebpf-agent
```
```
To deploy locally, use instructions from
[
flowlogs-dump (like tcpdump)
](
./examples/flowlogs-dump/README.md
)
.
To deploy it as a Pod, you can check the
[
deployment example
](
./examples/performance/deployment.yml
)
.
To deploy it as a Pod, you can check the
[
deployment example
](
./examples/performance/deployment.yml
)
.
## Where is the collector?
## Where is the collector?
...
...
This diff is collapsed.
Click to expand it.
examples/flowlogs-dump/README.md
0 → 100644
+
36
−
0
View file @
9e81874d
# flowlogs-dump (like tcpdump)
## How to run
From the root directory of the project:
Build the agent (the flowlogs client that uses ebpf) using:
```
bash
make build
```
Build the flowlogs-dump-collector (the server that receives logs from the agent and dumps to screen) using:
```
bash
go build
-mod
vendor
-o
bin/flowlogs-dump-collector examples/flowlogs-dump/server/flowlogs-dump-collector.go
```
Start the agent using:
```
bash
sudo
FLOWS_TARGET_HOST
=
127.0.0.1
FLOWS_TARGET_PORT
=
9999 ./bin/netobserv-ebpf-agent
```
Start the flowlogs-dump-collector using: (in a secondary shell)
```
bash
./bin/flowlogs-dump-collector
-listen_port
=
9999
```
You should see output such as:
```
bash
starting flowlogs-dump-collector on port 9999
13:31:38.857689 eth0 IP 192.168.50.88:5353
>
224.0.0.251:5353: proto:2048
dir
:0 bytes:384 packets:2 ends: 13:31:38.859561
13:31:38.858447 eth0 IP 0.0.0.0:0
>
0.0.0.0:0: proto:34525
dir
:0 bytes:424 packets:2 ends: 13:31:38.860284
13:31:37.409071 eth0 IP 192.168.50.16:2221
>
192.168.50.88:59239: proto:2048
dir
:1 bytes:371806 packets:403 ends: 13:31:42.342690
13:31:37.408148 eth0 IP 192.168.50.88:59239
>
192.168.50.16:2221: proto:2048
dir
:0 bytes:16926 packets:277 ends: 13:31:42.390777
...
```
This diff is collapsed.
Click to expand it.
examples/flowlogs-dump/server/flowlogs-dump-collector.go
0 → 100644
+
81
−
0
View file @
9e81874d
/*
* Copyright (C) 2022 IBM, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package
main
import
(
"flag"
"log"
"net"
"github.com/netobserv/netobserv-ebpf-agent/pkg/grpc"
"github.com/netobserv/netobserv-ebpf-agent/pkg/pbflow"
)
var
(
port
=
flag
.
Int
(
"listen_port"
,
9999
,
"TCP port to listen for flows"
)
)
var
protocolByNumber
=
map
[
uint32
]
string
{
1
:
"icmp"
,
2
:
"igmp"
,
6
:
"tcp"
,
17
:
"udp"
,
58
:
"ipv6-icmp"
,
}
func
ipIntToNetIP
(
ipAsInt
uint32
)
net
.
IP
{
var
bytes
[
4
]
byte
bytes
[
0
]
=
byte
(
ipAsInt
&
0xFF
)
bytes
[
1
]
=
byte
((
ipAsInt
>>
8
)
&
0xFF
)
bytes
[
2
]
=
byte
((
ipAsInt
>>
16
)
&
0xFF
)
bytes
[
3
]
=
byte
((
ipAsInt
>>
24
)
&
0xFF
)
return
net
.
IPv4
(
bytes
[
3
],
bytes
[
2
],
bytes
[
1
],
bytes
[
0
])
}
// tcpdump flow collector
func
main
()
{
log
.
SetFlags
(
0
)
flag
.
Parse
()
receivedRecords
:=
make
(
chan
*
pbflow
.
Records
,
100
)
log
.
Println
(
"starting flowlogs-dump-collector on port"
,
*
port
)
go
func
()
{
_
,
err
:=
grpc
.
StartCollector
(
*
port
,
receivedRecords
)
if
err
!=
nil
{
panic
(
err
)
}
}()
for
records
:=
range
receivedRecords
{
for
_
,
record
:=
range
records
.
Entries
{
log
.
Printf
(
"%v %s IP %s:%d > %s:%d: protocol:%s dir:%d bytes:%d packets:%d ends: %v
\n
"
,
record
.
TimeFlowStart
.
AsTime
()
.
Local
()
.
Format
(
"15:04:05.000000"
),
record
.
Interface
,
ipIntToNetIP
(
record
.
Network
.
GetSrcAddr
()
.
GetIpv4
())
.
String
(),
record
.
Transport
.
SrcPort
,
ipIntToNetIP
(
record
.
Network
.
GetDstAddr
()
.
GetIpv4
())
.
String
(),
record
.
Transport
.
DstPort
,
protocolByNumber
[
record
.
Transport
.
Protocol
],
record
.
Direction
,
record
.
Bytes
,
record
.
Packets
,
record
.
TimeFlowEnd
.
AsTime
()
.
Local
()
.
Format
(
"15:04:05.000000"
),
)
}
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment