Code Monkey home page Code Monkey logo

go-netflow's Introduction

go-netflow

go-netflow, capture process in/out traffic, similar to c Nethogs.

使用 golang 实现进程级流量监控

refer

refer logic design link

refer nethogs source link

dep

yum install libpcap
yum install libpcap-devel

cli usage

netflow cli run:

go run cmd/main.go

stdout:

+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
|   PID   | NAME  |                      EXE                       | INODES | SUM IN | SUM OUT | IN RATE | OUT RATE |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2256431 | Wget  | /usr/bin/wget                                  |      1 | 1.0 MB | 0 B     | 339 kB  | 0 B      |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2257200 | Wrk   | /usr/bin/wrk                                   |      5 | 2.0 MB | 16 kB   | 653 kB  | 5.2 kB   |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 3707954 | Java  | /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java |     10 | 457 B  | 648 B   | 152 B   | 216 B    |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2245136 | Wget  | /usr/bin/wget                                  |      1 | 444 kB | 0 B     | 148 kB  | 0 B      |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+
| 2034103 | Nginx | /usr/sbin/nginx                                |     41 | 0 B    | 0 B     | 0 B     | 0 B      |
+---------+-------+------------------------------------------------+--------+--------+---------+---------+----------+

sdk simple usage:

package main

import (
	"encoding/json"
	"fmt"
	"time"

	"github.com/rfyiamcool/go-netflow"
)

func main() {
	nf, err := netflow.New(
		netflow.WithCaptureTimeout(5 * time.Second),
	)
	if err != nil {
		panic(err)
	}

	err = nf.Start()
	if err != nil {
		panic(err)
	}
	defer nf.Stop()

	<-nf.Done()

	var (
		limit     = 5
		recentSec = 5
	)

	rank, err := nf.GetProcessRank(limit, recentSec)
	if err != nil {
		panic(err)
	}

	bs, err := json.MarshalIndent(rank, "", "    ")
	if err != nil {
		panic(err)
	}

	fmt.Println(string(bs))
}

how to use sdk of go-netflow:

set pcap filename

Don't save pcap file by default.

WithStorePcap option is used to save pcap file, use tcpdump -nnr {filename} command to read pcap file.

WithStorePcap(fpath string)

set custom pcap bpf filter.

WithPcapFilter(filter string)

set custom pcap bpf filter.

example:

  • host xiaorui.cc and port 80
  • src host 123.56.223.52 and (dst port 3389 or 22)
WithPcapFilter(filter string)

limit netflow cpu/mem resource.

WithLimitCgroup(cpu float64, mem int)

set time to capturing packet.

WithCaptureTimeout(dur time.Duration)

set time to rescan process and inode data.

WithSyncInterval(dur time.Duration)

set the number of worker to consume pcap queue.

WithWorkerNum(num int)

set custom context.

WithCtx(ctx context.Context)

set custom devices to capture.

WithBindDevices(devs []string)

set pcap queue size. if the queue is full, new packet is thrown away.

WithQueueSize(size int)

types

netflow.Interface

type Interface interface {
	Start() error
	Stop()
	Done() <-chan struct{}
	LoadCounter() int64
	GetProcessRank(int, int) ([]*Process, error)
}

netflow.Process

type Process struct {
	Name         string
	Pid          string
	Exe          string
	State        string
	Inodes       []string
	TrafficStats *trafficStatsEntry
	Ring         []*trafficEntry
}

netflow.trafficStatsEntry

type trafficStatsEntry struct {
	In         int64 `json:"in"`
	Out        int64 `json:"out"`
	InRate     int64 `json:"in_rate"`
	OutRate    int64 `json:"out_rate"`
	InputEWMA  int64 `json:"input_ewma" valid:"-"`
	OutputEWMA int64 `json:"output_ewma" valid:"-"`
}

netflow.trafficEntry

type trafficEntry struct {
	Timestamp int64 `json:"timestamp"`
	In        int64 `json:"in"`
	Out       int64 `json:"out"`
}

go-netflow's People

Contributors

rfyiamcool avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.