Skip to content

amirhnajafiz/packet-exporter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

177 Commits
bpf
bpf
 
 
build
build
 
 
internal
internal
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Packet Exporter

This is an exporter implemented by Golang and eBFP to capture packets within your system's interfaces, and export their data as prometheus metrics.

Packet exporter contains two main programs, the first program is an eBPF application that is set to the system kernel in order to export packets data. The second program is a Golang application that uses eBPF libraries to fetch the exported packets and convert their data as prometheus metrics.

BPF

Our eBPF program sets a function as xdp to the kernel which gets packet data from memory and returns a struct as follow:

// packet_info is a struct that I defined in order to extract a packet data
// from memory. this struct will be returned to our eBPF program in Golang.
struct packet_info {
    __u32 src_ip;
    __u32 dest_ip;
    __u16 src_port;
    __u16 dest_port;
    __u8 protocol;
    __u32 ifindex;
    __u32 payload_len;
};

As you can see, it returns source and dest ip and port, packet protocol and interface with the payload's size. For each network event, it captures the packets and converts them to this struct.

Exporter

The exporter has a XDPManager which attachs the following method to all system interfaces.

// create a new reader
reader := bytes.NewReader(record.RawSample)

// bind bytes data to packetmeta
var pkt model.PacketMeta
if err := binary.Read(reader, binary.LittleEndian, &pkt); err != nil {
    log.Printf("failed to decode received data: %v", err)
    continue
}

// publish over this channel
channel <- &pkt

As you can see, it reads packets data and publishs them over a channel to be exproted as prometheus metrics. Finally, the system workers read from this channel and publish metrics on prometheus http server.

Envs

You can set the number of workers as PE_WORKERS, and the metrics port as PE_PORT. After that you can fetch the exporter metrics at localhost:PE_PORT/metrics.

Metrics

Exporter returns two metrics, total_packets per each interface, and total_throughput per each interface and protocol.

Run

You can run the export on your system using docker-compose up -d. If you are running the exporter on your local system, make sure to install Golang, Clang, gcc, and/or libbpfcc-dev, libbpf.

About

Export your system's network packets by eBPF.

Topics

go docker golang prometheus ebpf packet-capture

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages