目录
- CONTRIBUTINGInitial commit of 'clerk' code.10年前
- LICENSEInitial commit of 'clerk' code.10年前
- MakefileRoll up recent Google changes to Clerk for upload.8年前
- README.mdRoll up recent Google changes to Clerk for upload.8年前
- asn_map.ccASN mapping for BGP AS reporting.10年前
- asn_map.hASN mapping for BGP AS reporting.10年前
- asn_map_test.ccASN mapping for BGP AS reporting.10年前
- clerk.ccRoll up recent Google changes to Clerk for upload.8年前
- flow.ccSwitch clerk from reporting millis to reporting nanos.10年前
- flow.hASN mapping for BGP AS reporting.10年前
- flow_test.ccASN mapping for BGP AS reporting.10年前
- geolite_asns.pyASN mapping for BGP AS reporting.10年前
- headers.ccRoll up recent Google changes to Clerk for upload.8年前
- headers.hRoll up recent Google changes to Clerk for upload.8年前
- headers_test.ccRoll up recent Google changes to Clerk for upload.8年前
- ipfix.ccRoll up recent Google changes to Clerk for upload.8年前
- ipfix.hASN mapping for BGP AS reporting.10年前
- send.ccRoll up recent Google changes to Clerk for upload.8年前
- send.hRoll up recent Google changes to Clerk for upload.8年前
- send_test.ccRoll up recent Google changes to Clerk for upload.8年前
- stringpiece.hRoll up recent Google changes to Clerk for upload.8年前
- test_main.ccInitial commit of 'clerk' code.10年前
- testimony.ccRoll up recent Google changes to Clerk for upload.8年前
- testimony.hRoll up recent Google changes to Clerk for upload.8年前
- util.ccInitial commit of 'clerk' code.10年前
- util.hRoll up recent Google changes to Clerk for upload.8年前
邀请码
版权所有:中国计算机学会技术支持:开源发展技术委员会
京ICP备13000930号-9
京公网安备 11010802032778号
Clerk
Clerk is a passive netflow/IPFIX generator designed for high-throughput and testimony-based packet sharing.
Architecture
clerkuses https://github.com/google/testimony to get packets across N threads.1 Packet hits NIC 1 Kernel places packet in
AF_PACKETmmap region 1testimonydhands mmap region toclerkpacket thread 1clerkthread looks up and updates flow info * creates a key based on identifiers (src/dst IP/port, protocol, qos, etc) * looks up current stats, creating empty statistics if necessary * updates stats with new bytes/packets/tcp flags/etc. 1 every minute,clerkmain thread sends IPFIX * gathers flows from each of N packet threads * combines flows * generates IPFIX packets based on combined flow from all threads * sends out UDP socketFlow Information
Currently,
clerkuses a fixed template (actually 2, one for IPv4, the other for IPv6):IPV4_SRC_ADDR(4 bytes) orIPV6_SRC_ADDR(16 bytes)IPV4_DST_ADDR(4 bytes) orIPV6_DST_ADDR(16 bytes)L4_SRC_PORT(2 bytes)L4_DST_PORT(2 bytes)PROTOCOL(1 byte)TCP_FLAGS(1 byte)ICMP_TYPE(2 bytes)BGP_SOURCE_AS_NUMBER(4 bytes)BGP_DESTINATION_AS_NUMBER(4 bytes)IN_BYTES(8 bytes)IN_PKTS(8 bytes)FLOW_START_NANOSECONDS(8 bytes)FLOW_END_NANOSECONDS(8 bytes)IP_CLASS_OF_SERVICE(1 byte)FLOW_END_REASON(1 byte)VLAN_ID(2 bytes)It’s probably possible to expand this further in the future, but for now this solves most of our internal needs quite nicely.
Disclaimer
This is not an official Google product.