Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/amirhnajafiz/packet-exporter
Export your system's network packets by eBPF.
https://github.com/amirhnajafiz/packet-exporter
docker ebpf go golang packet-capture prometheus
Last synced: about 1 month ago
JSON representation
Export your system's network packets by eBPF.
- Host: GitHub
- URL: https://github.com/amirhnajafiz/packet-exporter
- Owner: amirhnajafiz
- Created: 2021-01-03T14:15:31.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-06-28T14:24:24.000Z (6 months ago)
- Last Synced: 2024-07-12T04:59:41.656Z (5 months ago)
- Topics: docker, ebpf, go, golang, packet-capture, prometheus
- Language: Go
- Homepage:
- Size: 242 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Packet Exporter
This is an exporter implemented by __Golang__ and __eBFP__ to capture packets within your system's interfaces, and export their data as `prometheus` metrics.
Packet exporter contains two main programs, the first program is an eBPF application that is set to the system kernel in order to export packets data. The second program is a Golang application that uses eBPF libraries to fetch the exported packets and convert their data as prometheus metrics.
## BPF
Our eBPF program sets a function as xdp to the kernel which gets packet data from memory and returns a struct as follow:
```c
// packet_info is a struct that I defined in order to extract a packet data
// from memory. this struct will be returned to our eBPF program in Golang.
struct packet_info {
__u32 src_ip;
__u32 dest_ip;
__u16 src_port;
__u16 dest_port;
__u8 protocol;
__u32 ifindex;
__u32 payload_len;
};
```As you can see, it returns source and dest ip and port, packet protocol and interface with the payload's size. For each network event, it captures the packets and converts them to this struct.
## Exporter
The exporter has a `XDPManager` which attachs the following method to all system interfaces.
```go
// create a new reader
reader := bytes.NewReader(record.RawSample)// bind bytes data to packetmeta
var pkt model.PacketMeta
if err := binary.Read(reader, binary.LittleEndian, &pkt); err != nil {
log.Printf("failed to decode received data: %v", err)
continue
}// publish over this channel
channel <- &pkt
```As you can see, it reads packets data and publishs them over a channel to be exproted as prometheus metrics. Finally, the system workers read from this channel and publish metrics on prometheus http server.
## Envs
You can set the number of workers as `PE_WORKERS`, and the metrics port as `PE_PORT`. After that you can fetch the exporter metrics at `localhost:PE_PORT/metrics`.
## Metrics
Exporter returns two metrics, `total_packets` per each interface, and `total_throughput` per each interface and protocol.
## Run
You can run the export on your system using `docker-compose up -d`. If you are running the exporter on your local system, make sure to install `Golang`, `Clang`, `gcc`, and/or `libbpfcc-dev`, `libbpf`.